Mike D's Virtualization Blog - Latest Comments

Re: VMware is Building Clouds?

Mike DiPetrillo — Wed, 04 May 2011 20:00:39 -0000

Well, I guess everyone is entitled to their rants. I'm sorry you're having such a poor experience with a combination of your purchasing department and VMware licensing. Apparently the product is still of value since you're complaining about features you don't have licenses for but obviously need. If you'd like to contact me off-line I can make our team supporting you aware that we need to be more proactive on the correct bundling of product features to make sure you don't get stuck in the middle of another project.

Re: VMware is Building Clouds?

jabberwolf — Wed, 04 May 2011 19:57:26 -0000

Vmware is a nice product.
Too bad they rape you for every feature you discover you need in the middle of a project that they left out of the initial purchase.
And they will continue to rape customers per core rather than per server as their comptitors are offering.

There has been a move away from Vmware because of this, at least for some new projects.

As for EMC, seriously??
Thanks for mentioning yet another vendor that's gouging customers.

So an alternate universe is better than a failing one.
I guess that's why they call it: an alternative.

Re: Automate Your UCS Environment

Ronen Kenig — Sun, 03 Apr 2011 07:22:46 -0000

vCO is indeed a great orchestration solution.
Radware also developed a cool plug-in for vCO, named vDirect, to provision, control and automate its virtual ADC instances on various form factors. Check out more here: http://www.radware.com/Solu...

Ronen Kenig,
Product Marketing Manager @ Radware

Re: Automate Your UCS Environment

dvorkinista — Sat, 02 Apr 2011 22:44:53 -0000

As a guy who architected ucs's management stack, I give you thumbs up! Excellent stuff!

Re: An inside look at the VMware Cloud team

Massimo — Wed, 16 Feb 2011 04:11:51 -0000

"A++++++++++++" ?

Wow Mike thanks... this is better than a pay rise... (did I really say that?) ;)

Massimo.

Re: Promises, Promises

Abel James — Tue, 01 Feb 2011 15:00:30 -0000

OpenCloudAccess isn't 'real' unless you've been invited - contrary to simon's post and the promise to release q4 - it is not avail to customers or partners without an 'invite' from citrix. Believe me - i tried to get for eval and I'm a paying customers - after much frustration and customer noservice i got the 'by invite only' response

Re: Promises, Promises

Mike DiPetrillo — Tue, 01 Feb 2011 09:43:14 -0000

Well you're right in that VMware's OpenCloud Bridge isn't real - there is no such product in the portfolio. As for OpenCloud Access I think Project Horizon should take care of that nicely. Now we just need Microsoft to work on improving all of their cloud based licensing for desktops and applications alike. That would benefit everyone in the industry.

Re: Promises, Promises

Mike DiPetrillo — Tue, 01 Feb 2011 09:35:25 -0000

Thanks for the comment, Colin. I do mention that Citrix isn't the only one to blame here, "But seriously, stop with the cloud washing. Yes, Citrix isn’t the only one to blame here." Cloud washing is happening all over the place just as virtualization washing happened before. It's the new cool thing that gets you a sales meeting so people call anything cloud these days. I even saw a cloud enabled washing machine the other day - no joke. Gotta love marketing folks.

Re: Promises, Promises

qnetter — Tue, 01 Feb 2011 09:28:59 -0000

No, actually, they're going to come back out on whatever the enterprise has installed -- XenServer, Hyper-V, or even VMware.

And, by the way, you're missing about four zeroes.

As for OpenCloud Bridge and OpenCloud Access, they are one thing that VMware's equivalent offerings aren't: real.

Re: Promises, Promises

Colin Steele — Tue, 01 Feb 2011 09:28:23 -0000

Just because XenServer has a much smaller install base, that doesn't make it any more proprietary than VMware. VMware is just as guilty of misusing the word "open" when it comes to the cloud. Same thing with cloud-washing: Sure, it hasn't extended to the product names yet, but VMware still uses cloud messaging a lot when pitching products that are primarily for virtualization.

Re: Promises, Promises

Jeri Miller — Tue, 01 Feb 2011 09:19:48 -0000

Citrix needs to stay where they belong, on the desktop. They should wait there quietly for VMware to dominate them there as well.

Re: New Year Resolution and a Year in Review

amanhecer — Mon, 31 Jan 2011 18:08:07 -0000

Any comment on future integration plans of the latest acquisition, NeoAccel? Is it going to be in vShield Edge? Or vCloud Director Portal (with SSO SSL VPN access to your cloud)? I would love to see it in use between an Orgs vSphere Client with the vCloud Plugin securing connections to the public cloud API for bursting....Any thoughts ?

Re: vForum in Bogota, Columbia

Andres Martinez — Sun, 31 Oct 2010 21:26:02 -0000

Mike, it is a real honor to have you in Bogota, emerging markets are quite interesting and cloud dynamics not always apply in the 3rd world. We need a lot of help spreading VMware's cloud vision.
You are going to be our guest along with Santiago in a great dinner on Tuesday, I hope you are not vegetarian, beer is quite good here :)

Andres Martinez
Virtesa CEO

Re: Crossing the Finish Line

rodos — Wed, 01 Sep 2010 13:44:53 -0000

Mike congrats to you an all your team. I an attest to the fact that they are all amazing at what they do. If you have the skills, go apply for one of those jobs!

Rodos

Re: Do You Trust Your Admin?

Op$y — Sat, 26 Jun 2010 19:16:23 -0000

Pretty interesting read.And more interesting comments.I come from an E-payment industry,and you would agree with me that the integrity and confidentiality of CardHolder data is very important (Cannot be over-emphasized actually).Now from the comments i have read below i am more less going to say the same thing.In the Payment industry or to be more specific Key Generation this is refered to as Split Knowledge;that is when key components are being generated to form a Master Encryption Key you have about 2 or 3 clear components which are in turn generated by three different individuals.This helps mitigate or annihilate one indiviual having complete knowledge of the Master Key/Password and being able to compromise user data.You could have different individuals e.g From Network,Audit&Risk,etc. share passwords.Like Rob said it then becoms cumbersome to solely compromise data.
I also liked the idea of knowing who is handling or responsible for my data at every point in time in the cloud.

Re: My Talk at the Charlotte VMUG on Cloud

Op$y — Sat, 26 Jun 2010 18:18:18 -0000

I found this video very very enlightening.Mike i think you are a greater speaker,nice sense of humour as well.I'm kinda just getting started on the cloud thing,so the first like 30mins of this video was cool.After which some of the things you talked about was fuzzy,i figure because of my lack of comprehensive knowledge.Going through a few of your blogs and i'm mighty glad i found this site.Thanks once again,keep blogging!!

Re: Do You Trust Your Admin?

TB303 — Tue, 15 Jun 2010 10:24:45 -0000

I should probably have added something about logging, log monitoring, multi-factor authentication, least priviledge, etc.. but my CISSP has lapsed long ago. :)

Re: Do You Trust Your Admin?

TB303 — Tue, 15 Jun 2010 09:45:34 -0000

What you're explaining is a vulnerability in the process taken advantage of by people using the technology. (people, process, technology) Nothing new there. You can never be 100% secure as long as there are inherently dishonest people in the world. You can make it extremely difficult. Ie. like launching nukes and having two people who don't know each other turn the key and press the button (after proper authentication).. but there is still a change that things are compromised. All you can really do is reduce the risk of these events occurring. Ie. Risk is the "cube" of Threat x Vulnerability x Asset, where the Asset holds value. You either kills the asset and remove the risk, or reduce the vulnerabilities and threats associated with owning them. Eg, implement countermeasures etc.. what you end up with is residual risk, which you need to decide to be either acceptable or not. The only thing you can do with the residual is insure against certain potential events from occurring. In summary; "is the juice worth the squeeze?". How you implement this at the top is usually through appropriate process. At some point up the stack the technology countermeasures run out of puff. This hasn't stopped several high profile CEOs going to jail recently.... clearly something that is not perfect and probably never will be completely.

Re: Do You Trust Your Admin?

Mike DiPetrillo — Sun, 13 Jun 2010 08:06:13 -0000

Thanks for the excellent comments, Rob.

Re: Do You Trust Your Admin?

Rob Randell — Sat, 12 Jun 2010 13:14:16 -0000

Hey Mike,

My take on this is that unfortunately there is no such thing as foolproof or tamperproof. But fool-resistant or tamper resistant. That said, it is important to have outside oversight over systems. Remote syslog for example sends logs to a remote log server that should not be controlled by the system admin from where the logs are coming from. They should be controlled by the security team, audit team, or some other team possibly even outside of IT.

In the cloud there needs to be the ability for the user (individual or company) to audit what an admin does with their data, systems, etc... That is the only way I can see critical assets moved to the cloud.

Separation of duties comes into play here as well. It is important that any type activity that can weaken or even breach the security of a system should require multiple admins to accomplish. The example of this that I always see is the example of VMs in multiple trust zones. A VM admin shouldn't have the ability to move their VM to a different network of a different trust zone. They should need to go to a network admin that has the rights to do this.

Of course there is always the top level admin, but the use of an outside tool to audit their activity can help to make this as tamper-resistant as possible. The old security saying goes "trust but verify". You can trust your admins, but you still need to be able to verify what they are doing. Also, the owners of the admin tool should not have the ability to actually do anything in the systems they are responsible to audit.

I've also seen cases where the top level administrators password is shared (one admin knows half of the password and the other knows the other half) by two people. This again requires collusion by multiple people to login to the top level administrator account. The more people involved the more chance of someone not cooperating or slipping up and giving themselves away.

There is a lot of ways to take this discussion, but like anything else with regards to security, you have to weigh the risk, the cost, and the usability.

Rob

Re: Do You Trust Your Admin?

Mike DiPetrillo — Fri, 11 Jun 2010 10:28:46 -0000

That is a good idea - sort of a direct to user feedback of exactly what's going on with their data and where it is at all times. I'm sitting here using Dropbox right now and every time one of my co-workers updates something in the Dropbox I get a notification on my screen. Could be a really good thing. But is it foolproof and tamper proof? Goes back to someone actually owns and maintains that system that is doing the notification.

Re: Do You Trust Your Admin?

Giuseppe — Fri, 11 Jun 2010 10:13:57 -0000

Really interesting problem and really very difficult. It's the ancient problem of "quis custodiet custodes".
I'm not a security guy, so I can be absolutely wrong.
I think that something that in some way audit security team can be useful, with
perhaps some kind of feedback to end user on whom is accessing his data can be a start.
I know that I dont'have a clear idea, just thinking about something that tell to security guy "Hey, you can't do everything you want without somebody knows" and something that tell the end user "If we touch your data, you will be advised".

Re: VMware and Novell Team Up for SUSE Support

Anon — Wed, 09 Jun 2010 13:43:39 -0000

Novell SUSE Linux is "more mainstream" than CentOS? Not likely.

Re: License Mobility in the Cloud

Mike DiPetrillo — Sat, 05 Jun 2010 01:02:05 -0000

@joe,

I hope a lot of other people pick up on this and really force ISV's hands on this front. All ISVs are at fault on this one (including mine). There are quite a few who are trying to change. Microsoft's recent announcement with Amazon shows that. IBM has also done a really good job of changing their licensing policies. I'm sure you'll see others that come forward soon. We just need all the help from customers that we can get otherwise none of the ISVs will have the incentive to go through the rather painful process of adjusting licensing policies.

Re: Skills Needed for Building Clouds

Mike DiPetrillo — Fri, 04 Jun 2010 20:09:36 -0000

That's a really good question on what resources to go look at. I would start with the usual certifications - CCNP, Whatever your vendor storage cert, and VMware VCP. Throw in someone doing a security track through the CISSP certification and you'll be really well off. About the only thing I'd stay away from is someone really heavy in ITIL. I don't have anything against ITIL at all. It's just my first step to building a cloud - forget everything you know about enterprise architecture. More on that in a later post though.