Home > Blogs > Federal Center of Excellence (CoE) Blog > Monthly Archives: April 2013

Monthly Archives: April 2013

vCAC and it’s Security Capabilities

[originally posted on www.commondenial.com]

I believe that vCAC is one of the ways of putting the “yes” back into innovation versus the “no” that always seems to come out of security people. Innovation is thwarted because we feel like systems are out of our control and when they are, we don’t know what they are doing. We have to ask the network team to give us insight. Now, with vCAC we get the security back because we (the security people) can establish governance and control and sometimes this can bring security.

Governance in itself provides control but by including the ability to require approval, having separation of duties, limiting actions on individual and multi-machine systems, you gain even more control. You have the ability to implement your corporate and IT policies within vCAC and that is superior. The pain with security in the IT realm… yes, in IT, not in the security department is that they don’t want us in there. They feel like we are smothering them. With vCAC, we can take some of that pain away. We now have the ability to work together to develop the right systems to be utilized.

Just one… one of the many examples are the security attributes added to the machines. These actions can be defined on an individual basis. The screen shot below identifies some of the operations available that can be run on the virtual blueprint. As you can see it gives a lot of options and takes away a lot of options.

Now some may think that those options are just plain security and I get that. Truly I do, but this isn’t RBAC, these are operations you can take against the virtual machine. This goes deeper, making the virtual machine(s) the “identity”. You can’t avoid the governance and the control. You can’t ignore the fact that I can provide a limited or great amount of systems, that I have “blessed”, to specific groups of people and allow them to request it themselves. If they want to make the CPU, memory, and/or storage changes, I can provide that. If I want the requests to be approved, I can provide that. If I want to reclaim those machines, I can do that. I feel from a security viewpoint, vCAC can do so much more than people give it credit for. This is how we start bridging the gap between IT and security, this is how we bring them together.

Follow me on twitter @banksek

Free vCloud Networking and Security Training

[originally posted on commondenial.com]

I wanted to make sure that everyone was aware of the one hour free training that VMware is providing on vCloud Networking and Security. It is a great opportunity to check out and understand the product.

Overview of class : The vCloud Networking and Security Fundamentals course covers VMware’s vision of a Software Defined Datacenter (SDDC) and explains key features of vCloud Networking and Security Suite. This course also examines various methods for implementing vCloud Networking and Security.

Objective of class :

  • Communicate VMware’s vision of a SDDC
  • Explain workload networking and security requirements
  • Describe vCloud Networking and Security components
  • Examine vCloud Networking and Security implementations

Outline of class :

vCloud Networking and Security Vision describes the challenges that vCloud Networking and Security addresses, its key concepts, and the customer benefits.

vCloud Networking and Security Overview explains workload networking and security requirements, describes vCloud Networking and Security components, and explains vCloud Networking and Security purchasing options

vCloud Networking and Security Customer Use Cases examines how customers implemented vCloud Networking and Security into their environments.

ENROLL : http://mylearn.vmware.com/mgrReg/courses.cfm?ui=www_edu&a=det&id_course=173000