It is that time of year again, when we see all the new toys, tools, ideas, and processes that make up the show called VMworld. This year, quite a few changes in virtualization security will be discussed by VMware and other organizations that work with virtual and cloud environments. One of the key messages will be that everyone needs to stop treating virtualization security as something unique and different. Instead of this type of treatment, we have been seeing the extension of existing tools and techniques into virtual and cloud environments. Virtualization and cloud security is a natural progression of all organizational security.
Some folks who look at things through a security lens still see hypervisors as different, and some put security only within the physical layer, but these views and practices are continuing to erode. Security is security, regardless of location, type of system, or service in use. Security is about your data. To that end, VMworld has quite a few things to offer:
VMworld Show Floor
Visit the following booths:
- VMware NSX and VMware vCNS kiosks
- CloudLink (#846)
- HyTrust (#2134)
- Intigua (#2419)
- Puppet Labs (#2337)
- Splunk (#1909)
- Xceedium (#229)
These companies have shown remarkable insight into the future of identity, analytics, automation, and encryption. Further, they are clearly looking at integration between physical, virtual, and cloud constructs: exactly where security needs to go.
VMworld Sessions
Go to the sessions, the vBrownBags, and hold your own conversations. The following types of sessions should be quite good:
- Sessions on NSX micro-segmentation, integration with third parties, and service insertion
- Sessions from HyTrust (SEC2296, SDDC2633, HBC3012, MGT2385, NET2078, SEC2680)
- Sessions from Xceedium (SEC2421, NET2118)
- Our own Edward L. Haletky (aka @Texiwill) will present vBrownBag lightning talks on security experiences from our own labs (Wednesday and Thursday)
VMworld Hands-on Labs
A number of VMworld’s Hands-on Labs will cover security, including labs on NSX, vCNS, vCHS, Juniper virtual security, and others. The Hands-on Labs are also available after VMworld via labs.hol.vmware.com.
There are also several interesting sessions that cover just the Hands-on Labs: how they were built and how they work. This is definitely one way to build out a cloud.
There is so much to do at VMworld: a conversation will be just around the corner, literally. If you wish to talk virtualization and cloud security, there will be plenty of people there willing to discuss it on the show floor, in the hang space (where the vBrownBags are), and throughout the sessions.
Our advice for you at VMworld is to ask questions, start a conversation, or join one in progress (as long as it doesn’t appear to be private, that is). Also, remember that many of the sessions and Hands-on Labs will be available post-VMworld. If you cannot attend, then follow #VMworld on Twitter and concentrate on the live streaming going on. Security is always mentioned, and this year the conversation will expand past normal pure virtualization security to focus on the concepts around hybrid cloud and multi-hypervisor security—the security that you need when you design or use a software-defined data center.
Is anyone else running Juniper vGW and having to deal with VMSafe becoming deprecated in short order?
Hello Steve,
VMsafe has yet to be deprecated, however, there have been no new vendors making use of VMsafe, instead they have been directed to either use VCNS App APIs or NSX APIs. For compatibility reasons VMsafe will still be around for a bit (even VMware’s tools make use of parts of it). Could this change, perhaps. I am also trying to find out more. Yet, you are correct there are no new VMsafe vendors.
Yes, there are quite a few people using vGW, it extends a Juniper SRX into the virtual environment quite like VCNS App does for VCNS Edge.
Best regards,
Edward L. Haletky
My understanding is that VMware EOL’d it shortly after the release of 5.5.
(http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2058911)
The way I read that, it means if you want to run 5.5, you must check your vGW at the door.
Do you have any other info?
Hello,
Given the wording of ‘it may work’ or ‘may not’ I believe they just said it is EOL. However, given that VMware’s own VCNS App is built upon the same technology and that has not been EOL’d I doubt any code changes have been made to remove the functionality. However, if you have NSX, that is a different story entirely. EOL in this case means out side of support and your vendor has to do the heavy lifting or migrate to controlling VCNS App through its API.
VMware for years has not allowed any new players into the VMsafe program. They rather have the vendors either use service insertion within NSX (new) or use the VCNS App API (older) over VMsafe. So if they EOL VCNS App, then they may remove that functionality otherwise it still has to be there.
But I would agree, if you use vGW or one of the other 7 or so VMsafe tools, it is time to look at alternatives and several exist within each vendor’s portfolios.
Best regards,
Edward L. Haletky