When it comes to security and cloud, it’s no surprise that it’s a headache. Traditional security tools focused on network and physical device connections as a way to track the flow of information and see the inner workings of the infrastructure.
So what happens when you take the physical devices out of the equation? What happens then? Continue reading
Yes, before you start to wonder what ever happened with Tinder Stratus, I’ve been enjoying some well-deserved downtime. I’m going to be cutting down the blog to write as much as I can, but as cloud starts to ramp up in Canada, I am going to be working on a few other side projects. It’s been awhile since I’ve posted, and since it’s Tuesday, I am happy to get back into the swing of things with a quick update from a security company that I first came across years ago, and are still creating some great solutions, especially now for the virtualization space.
Tripwire’s ConfigCheck is a great (and free!) utility that helps organizations get a quick picture of how secure their VMware ESX 3.0/3.5 hypervisor is by measuring it against the VMware Infrastructure 3 Security Hardening guidelines. While there are some other tools that do similar types of verification, I like that Tripwire not only identifies the vulnerabilities, but since it was designed from the ground up with VMware, it provides the steps towards full remediation of the vulnerabililities.
But why is something like this so critical? Well, as organizations struggle to identify security deficiencies within their virtual environments, tools like this make it a lot easier by giving a standard baseline for which to start. While it’s not a replacement for having experienced security folks, it’s a great solution for midmarket or other organizations who don’t have such luxury.
Aside from discovering vulnerabilities, ConfigCheck helps organizations deploy virtualization in a manner that is safe and secure, increase the security posture of the entire organization, reduce configuration drift and easily implement security and compliance best practices. It’s a cheat sheet if you will, to help identify and manage vulnerabilities in your virtual environment.
I was tasked the other day with trying to estimate the number of potential clients for a service I am working on. It’s a tough question because the market is still in the first stages of adoption. As for why more companies haven’t started to adopt cloud, it really comes down to one key thing: It’s not something you just do, it’s a huge challenge and takes longer than organizations plan for. Frankly my dear, it’s a pain in the ass. Continue reading
As part of its ongoing move towards becoming a major player in the cloud market, Dell recently slipped out an announcement with a surprising partner, Desktone. Desktone, most known for their desktop as a service (DaaS) platform which runs with both Citrix and VMware virtual machines is the newest offering available under the Dell Simplified DaaS service. For organizations looking for a solid VDI model, this might be just the trick. Continue reading
Yesterday I came across some great news via Twitter which will have the OpenStack followers happy. Coincidentally, it ties in beautifully with yesterday’s discussion on types of cloud architectures, and ofcourse being Technology Tuesday the vendor love this week falls to the new partnership between VMware and Piston. Between the two of them, there is some exciting news on the open source cloud front. Continue reading
Once again it is Technology Tuesday, and I am happy to finally get around to profile a really cool product called FeatherNet. If you haven’t heard of it, and especially if you are an infrastructure specialist, you will absolutely love this technology. You see, FeatherNet allows IT folks to do key tasks through their smartphone, including managing their cloud infrastructure.
Let’s imagine a situation where your key IT infrastructure guy is out of the office and all of a sudden something happens in your environment. Normally this would send off lots of red flags until he/she gets access to their laptop, connect to the network and reboot/configure/fix. What do you do in the meantime?
AdminBridge came up with the idea of FeatherNet to help allow IT professionals to perform the most frequent system admin tasks including Active Directory, MS Exchange, Vmware and Hyper-V through their smartphone. This means no matter where you are (the @Feather_Net Twitter feed is full of “I’m at Starbucks and just rebooted a VM” testimonials) you can access your environment and perform common tasks. Additionally, Managed IT service providers can use their logging capability and export them into common systems such as billing systems, even across multiple client networks and installations of the FeatherNet server.
And ofcourse, it wouldn’t be a great solution without security controls. FeatherNet leverages SSL encryption and all access is governed by Active Directory. This means that network administrators need to specify access for any user wishing to access the application.
So what kinds of things can you do with FeatherNet? From an MS Exchange perspective you can perform many management tasks related to mailboxes and distribution lists and manage users including passwords through Active Directory. With their VMware functionality, you can power on/off and manage VMs, Hosts, Guests and even take snapshots. This is great for the IT person who may have many responsibilities, especially in smaller organizations where they are constantly running around performing various duties.
It’s nice to see companies like AdminBridge taking advantage of cloud to offer cool products like FeatherNet, especially as it comes with a very enticing cloud price. Oh, and did I mention you can download a free 30-day trial? It’s worth playing around with, although I warn you, when you get used to managing your environment from the local coffee shop, it could be hard to break the habit.
Recently the debate between opensource clouds like OpenStack and traditional clouds like Amazon or VMware has been heating up. Mostly due to more organizations starting to dip their toes into the cloud pool, but also as a response to the perceived flexibility that the opensource model is said to provide. But is open source a viable option for organizations, or does it make sense to go with an established cloud platform? Continue reading
One of the more recent topics around cloud and security to garner media attention is around the risks associated with inadequate patching policies as they relate to virtual machines. I know most people are thinking “Endpoint? Really? Isn’t that a simple thing to take care of in any environment?”, but the reality is that there are still nuances that are part of virtual and cloud environments that add a layer of complexity that a lot of IT professionals might not think of simply because they haven’t had to think in such terms yet. In particular, the notion of endpoint tagging as it relates to virtual snapshots or moving VMs is one of those instances. Continue reading
When you talk about cloud, a lot of the emphasis on business transformation happens at the customer level. The funny thing is that the first group of players in the cloud market, the technology and service providers, are the ones who are going to feel the need to re-evaluate their businesses first. It will also help determine which of these providers will make it through the early adoption of cloud and continue to be a player in the established cloud market, and who will either end up as an acquisition by one of these organizations or will simply decide to focus on other business lines.
For those who decide to stay in the cloud game, they will need to re-evaluate what role they plan to play in helping organizations adopt cloud technologies and services. Personally, I see the cloud dividing technology providers into two major groups: enablers and providers. Here’s why. Continue reading
At this year’s RSA conference, Trend Micro announced their new Deep Security 8 antivirus solution. What is revolutionary with this product is that it is the first agentless solution, and designed with virtual environments in mind. So why is this such exciting news for the cloud & virtualization world? Continue reading