At VMworld Europe 2009, VMware today announced VMware vShield Zones, a new security virtual appliance for the virtual datacenter operating system that will enable strict compliance with security policies and industry regulations for user data. Previously, compliance required diverting network traffic to external physical appliances, resulting in disconnected ‘islands’ of infrastructure. With VMware vShield Zones, customers will be able to create logical zones in the virtual datacenter that span all of the shared physical resources, with each zone representing a distinct level of trust and confidentiality. This will allow businesses to comply with corporate security policies and regulations on data privacy while still running applications efficiently on shared computing resource pools.
Traditional security products, such as firewall appliances, often require that all network activity pass through a handful of fixed physical locations in order to be monitored. Virtualized applications, in contrast, can be migrated between physical hosts for higher resource efficiency and improved uptime. Until now, companies virtualizing security-sensitive applications faced the choice of either leveraging virtualization capabilities such as live migration for optimal load balancing and availability, or enforcing strict security compliance. To solve that dilemma, most customers ended up dividing their virtual environments into smaller, less efficient clusters for areas such as their Internet-facing demilitarized zones (DMZ’s) or consumer credit data processing systems subject to Payment Card Industry regulations. VMware vShield Zones will enable customers to create security zones within enterprises or in multi-tenant cloud infrastructures, where security policies are enforced even as virtual machines dynamically migrate between hardware devices. Deployed as a virtual appliance and integrated with VMware vCenter™ Server, VMware vShield Zones helps make it easy to centrally manage and enforce compliance with security policies across large pools of servers and virtual machines. Built-in auditing capabilities make compliance straightforward and verifiable.
“VMware virtualization solutions have enabled companies to pool their computing resources and deliver IT as a dynamic, shared service,” said Raghu Raghuram, vice president, server business unit, VMware. “VMware vShield Zones enhances this architecture by enabling customers to segment and isolate their application traffic in a shared environment, thereby delivering new security benefits and making VMware Infrastructure a safe place to run business critical applications.”
Savvis recently rolled out a new virtual datacenter hosting and private cloud computing solution providing enterprises with an opportunity to cut costs without having to sacrifice security or performance.
“Maintaining multi-tenant isolation and network segmentation for hundreds of customers simultaneously is critical to the Savvis Cloud Compute solution,” said Ken Owens, technical vice president for security and virtualization at Savvis. “Providing a manageable way to internally partition the virtual datacenter allows us to deliver the most efficient and cost-effective infrastructure for our users to meet their security and compliance objectives.”
VMware vShield Zones will broaden the VMware portfolio of application services with network zoning and segmentation capabilities for the VDC-OS. Application services include services for security, availability, and scalability that are critical to internal and external clouds. In parallel, VMware is continuing to partner with security vendors who have been developing a wide range of complementary security offerings with VMsafe technology. Partner solutions offer a range of enhancements that can include defense-in-depth protection layers such as intrusion prevention, additional logging and notification options, and integration with physical firewalls and security appliances.
More than 50 vendor partners use VMware’s VMsafe technology to develop unique solutions that are virtualization-aware and that leverage new security capabilities such as hypervisor introspection. Altor Networks, Check Point Technologies, IBM Internet Security Systems, McAfee, Symantec, and Trend Micro are charter VMsafe partners who have already demonstrated prototypes of best-of-breed solutions integrated with the APIs. Additional partners such as Cisco Systems, Juniper Networks, RSA, Reflex Systems, Third Brigade and Sourcefire have more recently joined the VMsafe program.
Attendees at this week’s VMworld Europe 2009 can perform a test drive of VMware vShield Zones in the Hands-On Lab area as well as view demos of security partner solutions, such as a hands-on preview of Altor Networks’ VMsafe-integrated Altor VF Firewall, in the Labs and Solutions Exchange areas.
Pricing and packaging of VMware vShield Zones will be announced later in 2009. Customers can visit http://www.vmware.com/vshield to learn more about the product and register to download a beta release scheduled for spring of 2009.
For those of you going to VMworld Europe 2009, spare some time to visit the Veeam Software booth at VMworld Europe this year. Veeam is a leader in the virtual systems management market and I'm sure there will be some interesting solutions on display. Their booth will be #56, so be sure to drop by.
About Veeam Software:
Veeam Software, a VMware Technology Alliance Premier partner, helps organizations safeguard their investment in virtual infrastructure by providing innovative systems management software designed to reduce costs, increase productivity and mitigate risk.
Veeam offers a full suite of VMware management tools, including Veeam Backup, the 2-in-1 backup and replication solution; Veeam Reporter, to document virtual environments for capacity planning and chargeback; Veeam Configurator, to manage “configuration drift;” and Veeam Monitor, for performance monitoring and alerting across multiple VirtualCenters.
With its acquisition of nworks, Veeam expanded its product line to include connectors that incorporate VMware events, status and performance data into Microsoft System Center Operations Manager and HP Software Operations Manager. This product set includes the Smart Plug-in for VMware - an HP Certified SPI; and the Management Pack for VMware - for Microsoft System Center Operations Manager. These innovative connectors solve the need of large organizations to smoothly integrate VMware into their enterprise-wide systems monitoring architecture.
It's been a while now that I've been wanting to start a Virtualization Wiki Project. There's so much information available on virtualization and I think it would be great if it can all be in one simple location, LOL! There are numbers of virtualization vendors about now with many different products to choose from. We can't all be experts on every single virtualization platform. There's just not enough time in a day to learn and know everything.
This is why I've decided to finally go ahead and start an Open Virtualization Wiki, a site where anyone can write information on virtualization, not just on VMware but on any virtualization technology known to man kind! I've just started the site up on my web server a couple of weeks ago, but didn't really have the time to fill it with loads of information yet. Originally, I wanted to wait until there was enough information posted on the wiki before I changed the DNS settings to point to my server, but I've decided to make it live now anyway. The wiki is based on MediaWiki, the engine originally writen for Wikipedia.
Feel free to have a look at the wiki and please update it as you like. It needs your help!
You can find the wiki at http://www.vi-pedia.com. If you're unable to access the site, give it some time, we need to wait for DNS to update around the world.
I thought that it would be a good idea to post an update on my progress of the book/whitepaper/guide that I am writing on building a low cost VI lab. Life has been very busy in the past couple of weeks. I have therefore not been able to post a lot of articles to this site. I normally make a note of interesting things I find and then blog on them the same day. Lately I've been so busy (and on holiday last week I must add) that when I finally decide to blog on them, it's old news and not worth blogging over again. Most things are covered by Scott Lowe, Mike Laverick, Jason Boche and other top bloggers anyway.
For now I've decided to concentrate on the low cost lab book. Writing the book is taking longer that what I first anticipated because I'm doing a lot more testing than what I first thought would be necessary. But this is a good thing, as it's against my beliefs to state anything technical as facts if not tested. I don't like theories, I like facts. To also make sure that everything in the book is as true and accurate as possible, I will be passing it to a couple of peers for a peer review before it's released for download, so please bear with me.
Originally I only wanted to write a proper blog post on "Building a low cost VI lab", but I soon realised that it would be too much to fit in a single blog post, so I thought I could write a document on it. Now it's turned into a little book, rather than just a document. Most of the easy stuff is done, including hardware options and ESX installation and configuration options for non-HCL hardware and basic network configuration tasks. I've also completed most of the storage and shared storage sections of the book, but I've now turned my attention to fine-tuning iSCSI. I will then focus on advanced network configurations, like setting up secure hosting with DMZ configurations using cheap non-managed switches.
I have also decided to include service console commands for every change made within the VI Client. Also, as the whole point of the book is to illustrate a "low cost lab", I will cover configurations for both ESX 3.5 as well as ESXi 3.5 installable.
I'm just fighting the urge to start on the ESX 4 version, but I think it's best to finish this one for ESX 3.5 first. I don't really want to say "THIS BOOK WILL BE AVAILABLE ON SO AND SO DATE", but I don't like making promises that I can't keep. I do however thing the end of Feb should be a good time for the peers to have their review of the book. And yes, you will be able to download a free, full version of the book.
Thank you for your patience, I'll keep you posted.
I know it's got nothing to do with virtualization, but I felft like posting it anyway. The South of England is covered in snow this morning. We are about to leave on holiday for the week, but I now realise that it's going to be an interesting drive! Here's a picture from just outside my house in Hertfordshire:
I've come across an insanely brilliant blog post on iSCSI. One of the best technical blogs I've seen in a long time. Actually one of the best technical blogs I've ever seen! I took some time out and sat down with a mug of coffee to read the post in detail. I found this blog post every interesting and in good time as I've actually started on the iSCSI shared storage section of my book on "Building a Low cost VI Environment" just yesterday.
Ok, I do have to say that a lot of the stuff in the blog post is "too heavy" for my new book as the aim for my book is to build a low cost lab VI environment, not an enterprise VI environment. However I do think that a lot of what they have in the blog post can be used to optimize even a low cost lab environment. I've been using Openfiiler for a while now and I will certainly be looking at improving my home VI environment's iSCSI implementation. In my new book, the shared storage section is based iSCSI provided by Openfiler 2.3. I will definitely look into improving the iSCSI section of the book by looking into some things like "jumbo frames" mentioned in the blog post!
Thanks to Chad Sakac (EMC), Andy Banta (VMware), Vaughn Stewart (NetApp), Eric Schott (Dell/EqualLogic), and Adam Carter (HP/Lefthand) and David Black (EMC) for this great post.