Home > Blogs > VMware TAM Blog

Documenting Your IT Security Posture

Jason GaudreauBy Jason Gaudreau

The VMware Security Hardening Guides contain recommended processes for deploying and operating VMware products in a secure manner given a specified risk profile. You may not need, or may not be able, to follow each step in the security Hardening Guides because of the balance of operational efficiency, cost, risk tolerance and security requirements. The security hardening practices are recommended by VMware, but equally important is having a security controls document that incorporates VMware best practice recommendations combined with your specific security policies. It can be an invaluable tool during an audit.

Security has a wide scope that touches every aspect of the datacenter; an important part of security is recognizing the tolerance of risk. To do that, you need to understand the value of the assets you are trying to protect and the cost of protecting that asset. What is the likelihood of the asset being damaged or compromised? And what does it cost the company if that asset is compromised? A risk analysis provides a cost/benefit understanding of the cost to safeguard an item compared with the expected cost of loss. The security policy should be proportionate to the value of the asset, which may range from innocuous data processing up through mission-critical business process dealing with highly sensitive information. Each of these examples represents a different risk profile, which translates to different security requirements and thus different recommendations in the Hardening Guides.

Security Controls Image

Securing systems are not a low-cost endeavor. Even in terms of operations expenses, locking down systems can make internal operations teams less efficient when updating systems because of strict security controls. In many cases, a security policy will not be implemented unless the cost of the loss exceeds the security policy itself. In the end, you are the one who is best suited to make the decisions on the security posture of your IT assets.

You can learn all the details and begin planning your security controls document by reading the Security Controls Guide

 

 


Jason Gaudreau is a Senior Technical Account Manager, VMware Professional Services. To read more from Jason, be sure to visit his blog here.

Capacity Management Using vRealize Operations

Jason GaudreauBy Jason Gaudreau

In the physical world, we tend to overprovision because experience tells us when you have enough resources, there shouldn’t be problems. If you apply this mindset to a virtualized environment, you’ll negate the benefits of server consolidation.

What are some of the key goals of operations management?

  • Delivering high-quality infrastructure, services and applications
  • Operate IT assets as efficiently and cost-effective as possibly
  • Implement and adhere to IT policies, standards and regulatory requirements

Using a tool like vRealize Operations can assure that you are getting the most out of your technology investments by providing proactive insight into the operations of your data center. It provides greater visibility into your virtual infrastructure fabric, which decreases the amount of downtime for your business-critical applications.

Moreover, an important part of operations capacity management is helping IT leadership understand the trade-off between business demand and cost. For instance, being able to predict the impact of adding 10 more virtual machines into our Gold Cluster may result in having to purchase additional server resources or a server host. Coupled with a charge-back model and support service-level agreements (SLAs), business leaders can then decide if the new application or project should go into the Gold Cluster or a lower tier. In fact, with this kind of insight, they may decide the project should be on hold until the next budget cycle to avoid problems.

vRealize Operations can provide valuable insight into capacity planning and trending into your data center environment, and help ensure you have the required resources to meet business demand. You can learn all the details by reading the vRealize Operations 5.8 Guide.

 


Jason Gaudreau is a Senior Technical Account Manager, VMware Professional Services. To read more from Jason, be sure to visit his blog here.

Optimize Resources by Right-Sizing Your Virtual Machines

Jason GaudreauBy Jason Gaudreau

Virtualizing helps data centers provide rapid deployment and increased business continuity, and provides a tremendous amount of capital savings with the reduction of hardware. However, with the substantial benefits and ease of deployment comes virtualization sprawl and resource proliferation. “Right-sizing” is the process of reclaiming underutilized resource components, such as compute and memory resources. In conjunction, there should be a process in place to validate that a guest virtual machine is still required by the business—this is typically considered a re-certification.

Virtual machine right-sizing helps you gain the most out of your technology investment in VMware vSphere, so it’s important to learn the fundamentals of optimizing infrastructure resources being utilized by guest virtual machines. Right-sizingVM Right-Sizing Best Practice Guide can increase or decrease guest resources to either increase performance of applications that are starving for memory and/or vCPU, or decreasing wasted resource capacity to increase host efficiency and density.

A regular right-sizing lifecycle on a quarterly or semi-annual basis can ensure maximum performance of your workloads and the efficient use of your underlying hardware. But, in order to make certain you don’t impact the business, you are going to want a structured process to understand the application workload. You can learn all the details and begin planning your right-sizing project by reading the VM Right-Sizing Best Practice Guide.

 

 

 

 

 

 

 


Jason Gaudreau is a Senior Technical Account Manager, VMware Professional Services. To read more from Jason, be sure to visit his blog here.