Saturday, February 18, 2012

Virtual Security; Defense in-depth

The VMware vShield product line has come of age introducing a new acronym into our vernacular "Virtual Security". It is now possible to provide a level of security around our servers and data that would be both difficult and costly without virtualization. An accepted principle in the field of security is defense in-depth. It is based on the premise that many layers of security at different locations is better than a heavily secured perimeter.

vShield has expanded into four products; Edge, App, Endpoint and Data. The difference between them is at what level in the virtual infrastructure they provide protection. vShield Edge puts a security appliance or shim between the vSphere host and the vSwitch to harden the perimeter of the virtualization environment. vShield App applies security between the virtual NIC of the vm and the vSwitching securing traffic to and from the VMs. vShield EndPoint in combination with 3rd party support reduces the attack vector or exposure of the VMs to viruses and malware. EndPoint does this is a way that reduces the overhead of scanning in a way that complements the unique characteristics of virtualization. vShield Data ensures the integrity of our critical data. It will scan our data to ensure it meets one of a number of compliance templates included in the product. It will report on any file that fails the compliance scan. Together they provide a comprehensive solution that we generally term virtual security.

In order to take advantage of virtual security we will need to broaden our virtualization expertise to incorporate security and our security teams. While vShield has made it easy to apply, you still need to ensure that the capabilities are understood and policy is developed. A defined strategy will ensure you understand how the vShield product rules can be customized to meet the requirements of your business.

- Posted using BlogPress from my iPad

Wednesday, February 15, 2012

Multi-Tenancy; Is your infrastructure Ready?

It is clear that this year will see significant change in the IT industry as internal IT shops move to the service provider model. Key to this will be virtualization, which provides a flexible platform for the allocation of compute resources. This layer will evolve to include automation and multi-tenancy.

From our base concept of a virtual datacenter we will add a provider datacenter and an organizational datacenter. The provider will deliver management and a global view of all compute resources available either on premise or off and the organizational datacenter will provide autonomous management of a partition of these available resources. These are the basic building blocks of vCloud Director. vCloud Director on its own however is not the complete solution as it is dependent on the underlying physical server and storage architecture.

To move forward we need to look carefully at our physical layer and ensure it is multi-tenant capable. Potentially this may be a real source of cost in moving to the provider model. A large percentage of storage architecture has been designed for either random or sequential read\write activity but not both.

When you mix work loads you quickly reach the limits of what the storage solution can do. There are a number of storage solutions that have cut their teeth building solutions for hosting providers. These are vendors that understand the challenge of large mix work load environments at a tremendous scale. To get to multi-tenancy in the virtualization layer we will need to consider if the foundation on which it is built can deliver the performance required.

Their will be a process transformation in order to ensure the value of these investments can be delivered efficiently. This will require a commitment to the automation of a large portion of IT processes. Automation accelerates the delivery of services from the providers of IT to the consumers of IT.

This can equate to a fair bit of work as to automate you must first understand the process from start to finish. Even in large organizations with well defined processes this can be challenging because once defined the processes will need to evolve. The trick is to ensure the checks and balances are carried forward while streamlining the Time To Output (TTO) of the process.

It is necessary to overcome these challenges in order to keep in-sync with the evolution of end user demands, the maturity of technology and the journey to the Cloud. It is going to be a busy year for IT.

- Posted using BlogPress from my iPad

Monday, February 13, 2012

Virtualization Automation; the view point to the Cloud

Over the last few years very few customers have integrated some of the more advanced features of virtual infrastructure. For example, products such a VMware vShield have been available for sometime and are included in vSphere bundles but few have integrated them completely. This is either because the benefit is not clear or because their has been no real driver to add additional layers of complexity to internal virtual server environments. This has created a bit of a problem for VMware in moving customers to adopt additional products.

Much has changed however with the advent of Cloud services that offer externally hosted infrastructure or Infrastructure as a Service (IaaS). If you look carefully at these solutions, they offer several features that are not available from a user perspective in traditional virtual infrastructure:

Self-service: When you subscribe to IaaS sites you are presented a portal from which you can deploy various different templates without the need to contact an IT department.

Automation: The process from start to finish is designed to secure payment and provide services in the quickest time possible to ensure the provider can start billing and the user start deploying.

Advanced Networking: Most providers allow some control over networking configurations to allow you to present or not present the vms or the application services within them.

Many customers are starting to look at these features from hosting providers and understand how they might integrate them in internal environments. There is strong interest in products such as VMware vCloud Director, which has moved from version 1 to 1.5. In combination with vCloud Director, Service Manager (which allows you to deliver ITIL process automation) is being integrated into Director environments. The last product that allows customers to deploy a Cloud like service internally is vCenter Chargeback Manager. Even for customers who are unlikely to 'chargeback' they find it beneficial to be able to 'show back' the cost to avoid an overallocation of capacity in their virtualization environments.

It is this combination of solutions that allows customers to build on on-premise service oriented architecture that demonstrates advanced virtualization automation. Even if the customer intends to look at 3rd party Infrastructure as a Service, deploying an on premise virtualization automation environment will inform IT teams, ensuring better decisions are made. Whether it is to understand what new features are needed in existing virtualization environments or to better understand the options, deploying these products on premise is a good idea.

A view point ensures you are developing a position from which to form a strategy. The deployment of vCloud Director, Service Manager and Chargeback manager internally can deliver a better understanding of the change required to enable your journey to the Cloud. It also ensures you have a tangible reference for the combination of services required to get there.

- Posted using BlogPress from my iPad