Everyday I get questions about Virtualization, Cloud, Compliance and Trust.
The “What is Cloud?” is rarely asked anymore, it seems like we have put that one to rest. But, just in case you need a refresher, here you go:
“Cloud computing is an approach to computing that leverages the efficient pooling of on-demand, self-managed virtual infrastructure, consumed as a service. Sometimes known as utility computing, clouds provide a set of typically virtualized computers which can provide users with the ability to start and stop servers or use compute cycles only when needed, often paying only upon usage.” – VMware
Or you can check with our good friends and NIST for more details:
http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
The “Why?” of Cloud should be obvious by now as well, low cost and a promise of unlimited capacity availability assuming that you are building a Private Hybrid cloud with plans to burst to a public solution. There should be no more performance challenges with the emergence of vCenter Operations Manager. (BTW: The fastest growing product in VMware’s history.)
http://www.vmware.com/products/datacenter-virtualization/vcenter-operations-management/overview.html
The “How?” That is the big question. How do I get this accomplished while protecting my data, IP and move organizational assets with confidence. That is where Trust comes into play.
I was speaking to a QSA friend of mine Friday afternoon and he said something that really hit home for me. “Auditability of products.” To be clear, the subject came up when we were discussing the VMware platform and a certain perceived competitor. “They Who Shall Not Be Named.”
The “How” all starts with a Trusted Platform, period, end of story… (Step Numero Uno)
Reality is VMware has been the leader in Virtualization for quite sometime and is now changing the game in Virtualization and Cloud Management. The perceived competition does not have a leg to stand on with the promise of platforms that are playing catch up.
To move highly regulated workloads to a virtual cloud infrastructure IT TAKES A TRUSTED PLATFORM! Sorry to holla, but it is important to make that point. My QSA buddy said companies should take 6 months to a year auditing a new production platform. To me, that makes a ton of sense, why risk my workloads on pipe dreams and promises? On top of it all, to manage those platforms with antiquated management tools makes even less sense.
For more info and comments from an unbiased party, check this:
At VMware, we have a whole group of folks (Center for Policy & Compliance – CP&C) specifically dedicated to making sure that platform remains secure AND compliant to your business & regulatory needs.
To start organizations off on the process of “How” we have built free tools to help prospects and customers assess their environment starting with the platform then extending to guest.
Check out the Compliance Checkers:
http://blogs.vmware.com/security/2012/04/vmware-cpc-releases-pci-20-free-compliance-checkers.html
BTW: The Checkers are a FREE teaser to the best Virtualization Config, Change & Compliance tool on the planet vCM 5.5 part of the vCenter Operations Manager suite. BTW: It is SCAP certified and one of first to achieve USGCB certification. (Thanks Sonny & White Team)
http://nvd.nist.gov/scapproducts.cfm
Abstraction is our secret sauce at VMware and expect to see continued advances in this area. Software driven data centers are the future and VMware once again is leading the way. Soon you will hear “They Who Shall Not Be Named” understandably trying to jump on the bandwagon. But once again, it will be too late. VMware’s top execs have been talking about our new abstraction layer since back in Feb:
http://www.datacenterdynamics.com/focus/archive/2012/02/vmware-–-why-cloud-works-well-software
Speaking of Abstraction and Trust, we are fully aware that to make this Transparent Transformation to the Cloud it takes an eco system of partners that can easily integrate into a “Trusted Platform” like the VMware CIS family.
Here are some highlights from our recent partner work to build a Trusted Cloud Eco System:
http://blogs.vmware.com/alliances/2012/04/vmware_trendmicro_sec.html
And of course, integrations & partnerships with our sister companies EMC and RSA
http://blogs.vmware.com/alliances/2012/02/vmware_emc_rsa.html
http://www.youtube.com/watch?v=fM6ndYZt_2o&list=UUWAJOJJM6yeRNWyyV5_swVw&index=9&feature=plpp_video
What does all this mean? VMware has a PROVEN Trusted Platform that will enable your migration of tier 1 apps or highly regulated workloads to vSphere and Cloud infrastructures with built in Management & Compliance solutions. When you start thinking and talking “How”, remember step one is the platform.
This week I will be rolling back to my MA stomping grounds to discuss Trusted Cloud with my friends at ICI. If you’re in the area, come hang out with us:
http://us4.campaign-archive2.com/?u=33a540696bedaa4414642085e&id=4e9b5717c6&e=fd67c1fd15
Also, Jump in the discussion on any of our social media channels – blogs, Twitter, Facebook, or community forum:
- on the Security & Compliance Blog or the Virtualization Management Blog
- on Twitter: @georgegerchow and @vmwaremgmt
- on Facebook: IT Management
- at the Management Mastery site
- and at the Management Mastery Forum
As usual, please forgive any of my spelling or grammar errors. I am ELS and still learning. 🙂
Peace Out!
George Gerchow – Director, VMware Center for Policy & Compliance