I have spoken and written quite a bit on the delegate user problem facing cloud and virtual environments. It is a growing problem, as we delegate actions from logged-in users to service accounts to implement changes on our systems. Any system, for example, that proxies administrative requests suffers from the delegate user problem. In essence, …
TVP Tag Archives
Data-Aware Services: Oh, the Places We Could Go!
I have written many times about the need for application-centric data protection and data-centric security. But what these both require is that our data protection, security, management, and networking are data-aware. We use applications, but we thrive on data. The more data we have, the more chance we can make use of it, which has …
Continue reading “Data-Aware Services: Oh, the Places We Could Go!”
Centralized RBAC Missing from Virtualization Management Tools
As a delegate for Tech Field Day 6 in Boston, I was introduced to several virtualization and performance management tools from vKernel, NetApp, Solarwinds, Embotics, and a company still in stealth mode. With all these tools and products I noticed that each were not integrated into the roles and permissions of the underlying hypervisor management servers such as VMware vCenter, Citrix XenConsole, or Microsoft System Center. This lack of integration implies that a user with one set of authorizations just needs to switch tools to gain a greater or even lesser set of authorizations. This is not a good security posture and in fact could devolve any security to non-existent.
EMC VNXe Spurs Thinking Outside the Box
Chad Sakac mentions on his blog that VNXe “uses a completely homegrown EMC innovation (C4LX and CSX) to virtualize, encapsulate whole kernels and other multiple high performance storage services into a tight, integrated package.” Well this has gotten me to thinking about other uses of VNXe. If EMC could manage to “refactor” or encapsulate a few more technologies, I think we have the makings of a killer virtualization security appliance. Why would a storage appliance spur on thinking about virtualization security?
Forensics: Guidance for Virtual Environments
During the last Virtualization Security Podcast, our guest had to postpone so we discussed to several interesting topics all related to Digital Forensics and how encryption would best work within the virtual environment. Our very own Michael Berman, in a previous life was a forensic investigator and had some great insights into the problem of digital forensic within the virtual environment.
Virtualization Forensics: How different is it?
Since coming out with VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment, I have continued to consider aspects of Digital Forensics and how current methodologies would be impacted by the cloud. My use case for this is 40,000 VMs with 512 Servers and roughly 1000 tenants. What I would consider a medium size fully functioning cloud built upon virtualization technology where the environment is agile. The cloud would furthermore contain roughly 64TBs of disk across multiple storage technologies and 48TBs of memory. Now if you do not think this exists today, you were not at VMworld 2009, where such a monster was the datacenter for the entire show and existed just as you came down the escalators to the keynote session.