Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)

We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

Code Management in the Cloud

Code Management in the CloudAs a follow-up to our initial Dev in the Cloud series installment on continuous integration, today we’ll explore Code Management (CM) and the cloud’s impact on this core tenant of agile development. After briefly explaining CM fundamentals and relationship with agile development, we’ll identify the primary benefits and concerns associated with migrating CM to the cloud. We’ll also highlight the marketplace for the growing number of cloud CM products including recommendations for those evaluating cloud CM. Continue reading Code Management in the Cloud

Your VMworld 2012 Virtualization Management Sponsors and Exhibitors Short List

VMworld2012150x27VMworld 2012 is upon us and one of our tasks is to figure out which vendor’s booths to go see. With over 230 booths to choose from this is a daunting task. If you are interested in finding creative new solutions to your management, monitoring, deployment, security, data protection, and desktop management problems, this list will help you.

Virtualization Management Categories Defined

Here are the definitions of the eight virtualization management categories profiled below:

  • Application Performance Management (APM) – APM is about the end-to-end and hop-by-hop (across application tiers) measurement of response time and the diagnostics required to pinpoint degradations in response time (or flat out failed transactions) in the applications themselves or in the supporting infrastructure. APM tools come in two varieties. Developer focused tools help developers (or DevOps teams) support custom developed applications in production by quickly identifying and diagnosing application code problems in production. Operations focused tools  support every application in the environment (custom developed and purchased), and focus their diagnostics more on infrastructure issues that are impacting application performance.
  • Operations Management – Operations Management is a broad category of products that are used to support the day-to-day performance, capacity and configuration management tasks that face virtualization administrators. While all of these products support vSphere, some support other hypervisors as well.
  • Infrastructure Performance Management – IPM is APM for the infrastructure. It is all about the end-to-end and hop-by-hop latency of the infrastructure in support of the workloads running on the infrastructure. The thesis of this category is that in a virtual environment you cannot infer the performance of the infrastructure from resource utilization metrics, you have to measure it directly and continuously.
  • Automated Server and Image Management – This category has come into its own this year. The focus is upon allowing you to automatically manage what runs on your servers (physical, virtual or cloud), update them at scale, and keep them consistent. Think of this category as BladeLogic Version 2.0.
  • Cloud Management – Cloud Management is about building clouds on your vSphere infrastructure, and extending those clouds to other hypervisors, as well as to public cloud infrastructures.
  • Virtualization Security – Virtualization Security is about protecting the infrastructure, the systems software, the middleware, the applications, and all data from unauthorized use or attacks.
  • Virtualization Backup and Data Protection – Backup and Data Protection ensure that your data is always available for you (and no on else), irrespective of what failures or disasters have occurred in or to your IT environment.
  • Desktop Virtualization – Desktop Virtualization is about using virtualization as a catalyst to combine the benefits of user flexibility and centralized management.

Your VMworld 2012 Short List

Vendor Product Category What Makes Them Special New at VMworld 2012 Booth #
Application Performance Management
Aternity Frontline Performance Intelligence Platform Application Performance Management Provides a unified view of end user experience management across physical, virtual, and mobile environments Management of View end user experience through the correlation of PC-over-IP® (PCoIP®) latency with the actual business transaction response times and the VM image’s health. 329
ExtraHop Networks Application Delivery Assurance
Application Performance Management Performance Management of every application in the environment across virtual and physical tiers with no agents User application performance geo-mapping, solution bundles, and flex grids for virtualization management. Subscription pricing for virtual appliances. 2335
New Relic RPM Application Performance Management SaaS delivered APM for Java, .NET, Ruby, PHP and Python applications 529
VMware vFabric APM Application Performance Management Support for every application through a virtual appliance on a mirror port, and support for deep dive Java diagnostics via a Java agent
 Operations Management
Astute Networks ViSX Operations Management Simple to deploy network attached Flash Storage optimized for VMware and deployable by the VMWare Adminstrator ViSX G4 High-Performance VM Storage Appliance 435
Cirba Cirba Operations Management Sophisticated predictive analytics for controlling capacity, resource allocations and placements. 623
CloudPhysics CloudPhysics Operations Management The CloudPhysics platform helps you make the best decisions in the face of continual change. We make the invisible visible – revealing otherwise hidden structures and relationships in your datacenter. Launch of the CloudPhysics service. Fusion-io 2201
Hotlink SuperVISOR Operations Management Extends VMware vCenter to fully manage Hyper-V, KVM, XenServer, CouldStack and Amazon EC2 – no additional console required. Management of EC2 and CloudStack from VMware vCenter 2422
Intigua  Intigua Operations Management Virtualizes your Management Agents so that their impact is minimized and so that they are easily managed at scale 428
ManageEngine  IT360 Operations Management Agentless monitoring for applications and servers along with single pane of glass view across physical, virtual and cloud IT infrastructure. Privileged password management for VMware vSphere, capacity planning reports and automated resource optimization for virtualization software. 2340
PHD Virtual  Virtual Monitor Operations Management End to end virtual infrastructure monitoring for vSphere and XenServer & XenDesktop environments. 314
Reflex Systems Virtualization Management Center Operations Management Real-time, streaming data analysis including customizable analytics, charts and graphs that give enterprises extremely granular visibility and pure data fidelity for managing virtual infrastructure.  Reflex and ExtraHop partner to drive IT automation in virtualized datacenters and cloud infrastructure by delivering integrated infrastructure and application context to performance management. 517
Splunk Splunk App for VMware Operations Management Unlock the value of vSphere data and get granular performance management and analysis, as well as security reporting and monitoring, complete operational visibility and capacity analytics. The new Splunk App for VMware  1909
VKernel vOps Manager Operations Management Provides control over virtual environments and cloud deployments with analytics, advice and automation Performance impact modeling for environment changes, Automated environment change implementation, VM issue diagnosis screen for all problems affecting a VM, VMware vCloud Director integration 607
VMTurbo Operations Manager Operations Management Ability to guarantee resource allocations based upon workload priorities

Integrated configuration management with OpenStack


VMware vCenter Operations Operations Management Automated operations management solution with self-learning analytics, application awareness and integrated performance, capacity and configuration management for virtual and cloud infrastructure. Full transaction tracing and Closed loop integration from provisioning to monitoring to auto scaling (In Beta)  CAP1
Zenoss Service Dynamics Operations Management A single product that delivers end-to-end service assurance for real-world, hybrid IT that spans physical, virtual and cloud-based infrastructure.


 Infrastructure Performance Management
Gigamon GigaVUE Fabric Manager Infrastructure Performance Management Gigamon empowers infrastructure architects, managers and operators with visibility into the physical and virtual networks without affecting the performance or stability of the production environment. GigaVUE-FM provides the platform to manage distributed GigaVUE-VM virtual fabric nodes on virtual and physical infrastructures. 1716
Virtual Instruments VirtualWisdom  Infrastructure Performance Management
Real time, Deterministic and Comprehensive Health and Latency Metrics from the VM to the LUN  
Xangati Xangati Management Dashboard (XMD) Suite Infrastructure Performance Management Live and continuous tracking of infrastructure performance health (server+hypervisor, storage and network). Problems identified within first hour of install. StormTracker: Industry’s first solution to track and anticipate transient, performance storms that fly under the radar of conventional monitoring solutions.  2413
 IT Automation
Puppet Labs Puppet Automated Server and Image Management IT automation software that gives system administrators the power to easily automate repetitive tasks, quickly deploy critical applications, and proactively manage infrastructure changes, on-premise or in the cloud. The Puppet integration service for VMware vFabric Application Director provides customers with the productivity and agility benefits of software-defined infrastructure.  2323
Opscode Chef Automated Server and Image Management Chef is an open-source systems integration framework built specifically for automating the cloud. Integration of Opscode Chef with VMware vCloud Director as well as vCloud integrations with Terremark and Bluelock, enabling users to deploy and automate vCloud infrastructure in private/public clouds.  2431
rPath  Cloud Engine Automated Server and Image Management Automate the assembly, provisioning and change of OS platforms, middleware platforms and entire application stacks to deploy, not in weeks, but in minutes Unveiling of ECAF model removes chaos from cloud transformation & plugs IT pros into power of cloud with positive business results. Pragmatic approach embeds need for standardization & guides journey.  2441
 Cloud Management
Cloupia Unified Infrastructure Controller Cloud Management A multi-hypervisor and multi-cloud provisioning and management solution that provides physical and virtual infrastructure control, management and monitoring Unified Converged Infrastructure Orchestration Solutions – FlexPod & VSPEX 100
DynamicOps Cloud Suite Cloud Management Management of private, hybrid, and public clouds across multiple hypervisors and virtual/physical infrastructures Just got acquired by VMware 512
Embotics V-Commander Cloud Management Private Cloud In a Box – Deployed in Less than One Hour IT as a Service functionality: Request multiple virtual or physical assets from a single entry in the service catalog. 616
ManageIQ  EVM Suite Cloud Management Enterprise cloud management solutions that enable IT services to be easily provisioned and managed across physical, virtual, private and public cloud infrastructures.  Major new release announcement with support for hybrid clouds including leading public clouds like Amazon and Rackspace. 506
Virtustream XStream Cloud Management A cloud for business critical, performance critical and mission critical applications like SAP xStream software GA for enterprises, service providers and governments: private, public and hybrid cloud management for existing hardware/virtualization with security and legacy application SLAs NetApp Booth 1402
Virtualization Security
 AFORE Solutions CloudLink Virtualization Security AFORE’s CloudLink® provides encryption for active Cloud Storage and Virtual Hosted Applications. CloudLink® protects mission critical data while managing security compliance and service performance. AFORE’s announces: CloudLink® 2.0 – Secure Virtual Storage Appliance; CloudLink CX Encryption of End-User Data in VDI and Virtual Hosted Apps; CloudLink Achieved Secured by RSA® Partner Certification 2428
HyTrust HyTrust Virtualization Security HyTrust empowers organizations to virtualize more by delivering enterprise-class controls for access, accountability, and visibility to their existing virtualization infrastructure. 2129
Trend Micro Deep Security &
Secure Cloud 
Virtualization Security Trend Micro Incorporated, creates a world safe for exchanging digital information with Internet content security and threat management solutions. 1123
Symantec Critical System Protection
Virtualization Security Critical System Protection w/vSphere integration. CSP adds an multi-layer security to critical systems such as VMware vCenter as well as enforcement of security hardening of vSphere.  Deep Security 9 offers better protection, performance & ROI for virtual servers & desktops & with our new Trend Ready program you can confidently pick a Deep Security compatible cloud service provider. 909
Backup and Data Protection
Quantum  vmPro Virtualization Backup Quantum addresses data protection and big data management, providing specialized storage solutions for physical, virtual and cloud environments to maximize the value of data. 2017
Veeam Veeam Backup & Replication Virtualization Backup VM admins like Veeam because it’s fast, reliable and easy to use. Eliminates headaches of traditional backup, including agents, backup job failures and multiple backups. 100% virtualization-focused. Restore VMs from SAN snapshots. Fast: < 2 min. Flexible: Individual VMs, guest files or Microsoft Exchange items. Free: worry-free, agent-free and literally free (included in upcoming 6.5 release). 1709
Zerto Virtual Replication Virtualization Backup Zerto, VMworld Best of Show 2011 winner, provides the only hypervisor-based business continuity/disaster recovery solution for business-critical application protection in virtual & cloud environments. Zerto Virtual Replication 2.0 is Live – featuring multi-site replication and secure multi-tenancy. Plus, over 35 Cloud Providers begin offering cloud Disaster Recovery services powered by Zerto. 624
Desktop Virtualization
Appsense  User Virtualization Platform Desktop Virtualization AppSense reduces IT complexity and enables enterprise consumerization with independent management of the user experience across all mobile devices and desktops. 301
Citrix XenApp, XenDesktop, & XenClient Enterprise Desktop Virtualization With cloud, collaboration, networking and virtualization technologies, Citrix powers mobile workstyles and cloud services, making complex enterprise IT simpler and accessible for 260,000 organizations 735
Desktone Desktone Cloud Desktop Virtualization Desktone delivers the industry’s only multi-tenant desktop virtualization platform for service providers to offer Desktops as a Service (DaaS). Dell/Wyse, NaviSite, Quest Systems & NetApp will be demoing DaaS built on the Desktone platform. In addition, Desktone will discuss support for VMware View 5 user experience features including PCoIP. 2330
Liquidware Labs Stratusphere FIT, IXD, UX & ProfileUnity Desktop Virtualization Liquidware Labs™ offers an integrated set of solutions to support the complete desktop transformation lifecycle for migration to next-generation “anytime, anywhere, any device” desktops. ProfileUnity with FlexApp combines virtualized deployment of department and user applications with full-featured user virtualization for ultra-manageable desktops with best TCO. 2536


We wish you safe travels to and from VMworld 2012 and a great show. The one certainty is that the virtualization and cloud landscapes will be different after VMware and all of the vendors in the ecosystem make their announcements next week. VMware’s new Software Defined Data Center strategy is going to usher in a set of changes as profound as those precipitated by virtualization itself – and that entire journey lies in front of us.

News: Splunk Releases Splunk App for VMware – More than just Logs

SplunkAppsToday, Splunk has announced the general availability of the Splunk App for VMware. Splunk and Cloudshare have also announced that they will be presenting a session at VMworld, “How a Cloud Computing Provider Reached the Holy Grail of Visibility” which will take place Wednesday, Aug. 29 from 4 – 5 p.m. (PT).  This session will highlight one of the key new features of the new Spunk App for VMware – the ability to collect cross tier and cross silo data, and demonstrates an important shift in Splunk’s strategy.

The Old Splunk – Log Analysis

Splunk made its name by popularizing and making easily accessible analysis of logs from a variety of sources. By indexing those logs on the basis of their time stamp and other identifiable information, it was possible to turn these logs into rich sources of analysis for system and application behavior. Splunk built out this log analysis strategy by building collectors for an astonishing variety of log sources (see the diagram below).

Hundreds of Splunk Apps offering solutions to easily harness machine data across your IT stack (click on image to zoom in)

The New Splunk App for VMware – Physical and Virtual Operations Management

The Spunk App for VMware is significant not only in that it collects log data from vSphere. It is significant in several other respects as well:

  • The Spunk App for VMware does not collect its data in 5 minute intervals from the vCenter API’s as do many other Operations Management products in the VMware environment. The Spunk App for VMware collects its data directly from each vSphere host on 20 second intervals. This means that the Spunk App for VMware gets the exact same raw data that vCenter gets, and the exact interval that vCenter gets it. The only other vendor that operate at this level of data granularity and frequency is Reflex Systems.
  • The Splunk App for VMware collects more than just the log data from the vSphere hosts. It collects all of the normal resource utilization data that vCenter collects (and passes along to vCenter Operations) as well.
VM Architecture
Harnessing VMware data for troubleshooting, analytics and virtualization intelligence using Splunk App for VMware (click image to zoom)

Since the Spunk App for VMware is simply an addition to the existing set of data collectors for Splunk, it is useful to look at the picture in its totality. If we combine the data the Splunk can get from the physical infrastructure (and from non-virtualized physical systems) with the data from the virtualization layer (vSphere), and from many applications layer products as well (WebSphere), Splunk is now arguably in the position of having one of the richest depositories of operational data around.

This fact was probably not lost on VMware, who has seen this coming for a long time, and who reacted last week by acquiring the product assets and team for Log Insight from Pattern Insight. This means that we should probably expect log data from Log Insight to become a feature of a future release of vCenter Operations.

The New Bar in Operations Management

These actions by both Splunk and VMware raise the bar in operations management. The diversity of data collected is increasing rapidly. The frequency with which it is being collected in increasing rapidly. Splunk will hang its hat on being able to use its analytics to automate the interpretation of this stream of diverse data for its customers. VMware will likely rely upon the self-learning analytics in vCenter Operations to do the same. The ecosystem will be forced to partner up or acquire adjacent capabilities to compete in what is rapidly becoming an Operations Management Suite game.


The new Splunk App for VMware adds a significant new capability to the Splunk offerings, opens a new Operations Management frontier for Splunk and creates a new standard for functionality in the Operations Management space.

Defense in Depth: Intelligence Gathering

CloudComputingIntelligence gathering is an oft overlooked aspect of system and data defense in depth. On the 7/12 Virtualization Security podcast we discussed new and old sources of such intelligence. We were joined by Urvish Vashi, VP of marketing, Alert Logic. Alert Logic has updated their report on cloud based security attacks. Add to this the yearly Verizon Breach and other reports, and we start to have a good handle on intelligence of past and possibly future attacks. Continue reading Defense in Depth: Intelligence Gathering

Software Defined Security: Is it Achievable?

VirtualizationSecurityCloud based security is about securing the data, yet compliance requirements are often about securing the environment, such as PCI’s requirement for web application firewalls, which protect web servers and perhaps applications and imply protection of data.  But they do not directly protect data. How can a Software Defined Data Center implement a form of Software Defined Security automatically to meet not only compliance requirements, but security around a particular mote of data? Continue reading Software Defined Security: Is it Achievable?

VMware’s Heterogeneous Virtualization Management Strategy

VirtualizationManagementIconFor quite a number of years, VMware has made it very clear that it views virtualization not only as a technology that provides significant benefits to data centers, but also a technology that disrupts the existing virtualization management solutions, and opens an opportunity for new management solutions to be offered and adopted by enterprises. VMware has also made it clear that it intends to capitalize upon this opportunity by fielding a family of strong products in the Virtualization Management area. Continue reading VMware’s Heterogeneous Virtualization Management Strategy