Just entered my mailbox, there is a new rev of the vSphere 5.1 hardening guide which was spoken about on the last Virtualization Security Podcast. This version of the hardening guide creates a much needed new feature: Profiles.
TVP Strategy Archives
SDDC Data Protection
One aspect of SDDC that does not get a lot of attention is Data Protection, instead we are concentrating on SDN and automation. Yet, this leads me to Data Protection. There is a clear marriage between Data Protection and SDDC that needs to be added to any architecture. As with all things, we start with the architecture. Our SDDC architecture should also include data protection, but what data are we really protecting? Within SDDC there are three forms of data: tenant, configuration, and automation. Without one or the other, we may not be able to reload our SDDC during a disaster. What is required to get these three types of data, what really are these types of data? and how can we add data protection into SDDC cleanly?
Public Cloud Reality: Do we Stay or Do We Go?
Soon the backup power will be available for our new datacenter and the redesign to make use of VMware vCloud Suite is nearing completion. Soon, our full private cloud will be ready for our existing workloads. These workloads however now run within a XenServer based public cloud. So the question is, do we stay in …
Continue reading “Public Cloud Reality: Do we Stay or Do We Go?”
Cloud Conversations: Tweetchat and Serendipity
The 3/7 Virtualization Security Podcast featured Andi Mann, VP of Strategic Solutions at CA Technologies, and RSA Conference. The conversation was lively and I invited Andi Mann due to a previous day tweet chat about cloud security. Lately I have had several serendipitous conversations on cloud security from TweetChat, to in face discussions with @Qthrul, and meeting @MrsYisWhy in person. Each conversation has been about Cloud or Virtualization security in some form. Let me delve into them a bit more.
IT as a Service: Not Just for a Cloud
I was going to write about how building a cloud is similar to moving, but the more I think about it, the more I think people are confusing an automated virtual environment with a cloud: IT as a Service is not just about cloud. Having automation does not imply your virtual environment is a cloud or visa versa. Granted, using IT as a Service is important for a cloud if you look at the NIST definition of a cloud, but it is not necessary for a cloud. Perhaps IT as a Service is just a stepping stone towards a cloud, perhaps it should start as a data center play?
Public Cloud Reality: Reinforced at CSA Summit
I have written about the Public Cloud Reality and the need to bring your own security, monitoring, support. This was reinforced by Dave Asprey of Trend Micro at the last Cloud Security Alliance Summit held at this years RSA Conference. The gist of Dave Asprey’s talk was that YOU are responsible for the security of your data, not the cloud service provider.