Home > Blogs > Rethink IT > Monthly Archives: August 2010

Monthly Archives: August 2010

VMware vShield Secures IT as a Service

I’m Venu Aravaduman, Sr. Director of product marketing for our security, storage and business-critical applications solutions. Today, at VMworld, we announced the availability of VMware vShield Edge, vShield App and vvShield Endpoint ! This marks a watershed moment for customers on the path toward IT as a Service.  The VMware vShield family of products is designed to remove barriers to IT as a Service by delivering adaptive, cost effective and simple-to-manage security services.

Why is VMware focusing on security?

Traditional IT security tends to be rigid, brittle, expensive, and was not developed to be aware of virtualization and dynamic IT environments. As customers move towards building private clouds, traditional security models become very limiting. Today, it takes long lead times and a lot of pain to change ANYTHING around security policies and implementation. So, we asked ourselves: shouldn’t security be able to adapt instantaneously to changing business and infrastructure needs? This is precisely why VMware has a significant investment in enabling the next generation of IT security! And, guess what? Independent surveys of our customers show that they rank VMware very highly as someone capable of enabling and delivering this next generation of security solutions!

 Image001

We are introducing 3 products to the market at VMworld 2010 – these are

· vShield Edge  Provides comprehensive network security and services for the edge of virtual datacenters

· vShield App  – Protects applications in the virtual datacenter from network-based threats

· vShield Endpoint – Enables offloading of antivirus and anti-malware processing to security-hardened virtual machines delivered by VMware partners, strengthens security for virtual machines and their hosts while improving performance by orders of magnitude for endpoint protection.

 

We are also updating and upgrading out vShield Zones technology —  a feature of vSphere 4.1. The upgrade version now includes a more robust vNIC-level firewall, and this has complete control over inter-VM network traffic – a really important enhancement. vShield App builds on top of this capability.  To read more about these products , visit http://www.vmware.com/products/vshield/

 

So, what’s the latest on VMsafe?

As you know, a couple of years ago we introduced the VMsafe program and set of APIs as the enablement for our first generation of introspection based solutions. There are currently 6 VMsafe partners, offering 7 solutions for more information on VMsafe visit http://www.vmware.com/technical-resources/security/vmsafe.html. VMware is fully committed to supporting these solutions for our mutual customers. To summarize,  we are building on the VMsafe foundation, and making this better for our partners and our customers!

 

Based on customer and partner feedback, VMware is now introducing our second generation of introspection based solutions; the first instantiation of this technology is in vShield Endpoint. This next-generation introspection platform brings additional benefits over the VMsafe investments, specifically

1)   Broader integration of management frameworks with our partners

2)   Better abstraction of lower level APIs, more ease of integration for partner solutions

3)   More scalable partner based integration efforts, easier certification

We are building on the VMsafe foundation, and making this better for our partners and our customers. For example, Trend Micro is showcasing the first such solution to market in their Deep Security product, focusing on offloaded AV/anti-malware. We are also working closely with additional strategic partners such as RSA, Symantec, McAfee to enable solutions for offloaded AV and additional classes of endpoint solutions such as Data Leak Prevention, File Integrity Monitoring etc. Our longer-term direction is to drive this next-generation introspection capability to serve broad classes of solutions for endpoint and host protection solutions.

We have worked very closely with Cisco to ensure that our vShield solutions integrate well with Cisco UCS based deployments, as well as full support for the Nexus 1000 v. We are working closely with Intel to ensure that we can leverage Intel’s Trusted Execution Technology for attestation and compliance of cloud based platforms.

With our strategic  industry partners, VMware is committed to delivering the infrastructure and security tools necessary to deliver IT as a Service to our customers. Please continue to watch for additional security updates from VMware. 

 

VMware vCloud Director officially available

As the Product Marketing Manager for VMware vCloud Director,
I am very excited to announce that as of Monday, August 30, VMware vCloud
Director is generally available (GA) to the public. 

This is a groundbreaking product.  The technology under the covers is unabashedly
complex, yet the user experience is fantastically simple.  And this is reflective of the very magic underlying
the product – the creation of complete logical separation between the consumption
of IT services and the delivery and management of the infrastructure that
supports them.  IT can give users
self-service access to their own isolated “virtual datacenters,” new units of
consumption in the cloud that represent pools of compute, storage, and
networking resources.   Users deploy into these pools using
standardized infrastructure service catalogs through a Flash-based web UI.  On the back-end, IT can manage and architect
the datacenter in the most efficient way, without unnecessarily siloed
infrastructure. 

In this way, VMware vCloud Director is the
first product that truly enables cloud computing in existing datacenters.  While public clouds have a number of great
benefits – most notably instant access to on-demand capacity – most of our
customers need a solution that provides these same benefits with the security,
control, and long-term cost efficiency of their existing datacenter.  And let’s not forget existing applications,
hardware investments, people and skills. 
For most customers, the most pragmatic path to cloud computing is a
dual-pronged approach that includes evolving existing datacenters into private
clouds and using public cloud resources where necessary.  In fact, we believe most customers will find
that a hybrid environment using both public and private clouds is the best
fit. 

And when it comes to hybrid clouds – only VMware provides a
clear and pragmatic path.  It’s not
enough to say that you have a private cloud and a public cloud – managing this
sort of “mixed” cloud might actually be more complex than before.  Instead, VMware's vCloud Director provides a common, consistent platform for both internal private clouds as well as external public clouds.  In our hybrid cloud vision, customers have
the ability to migrate workloads between clouds and interact with all clouds through the same set of
programmatic interfaces and management tools. 
By VMware vCloud Director leveraging open standards such the VMware vCloudTM API
and the Open
Virtualization Format (.ovf)
, and being used by a massive network of over 1,700
VMware vCloud service provider partners, we enabled customers to
easily extend their datacenter capacity and manage public cloud capacity as
easily as their own private cloud.   And
this week, we also launched VMware
vCloud Datacenter Services
, our solution to ensure customers have access to
trusted, secure, and compatible public clouds that are ready for the hybrid
cloud.

Over the past few months, I’ve worked with some of our most
ambitious customers, building full private clouds on pre-release versions of
vCloud Director, vCenter Chargeback, vShield Edge, vSphere Enterprise Plus, and
vCenter Server.  All of the pilots were
successes, and the customers found a number of great uses for the product:

  • Enabling the sales force to set up demos of complex
    software products to customers on the fly
  • Consolidating datacenters and vCenter silos onto
    a shared infrastructure
  • Providing developers and researchers a virtual
    sandbox for their applications
  • Segregating and offloading data onto secure
    public clouds
  • Simplifying compliance by standardizing on
    pre-approved infrastructure and application templates
  • Enabling the easy transfer of workloads within
    an enterprises two datacenters
  • Transforming a business
    model away from selling software on managed servers to providing convenient
    access to centrally hosted resources

Stay tuned on ReThink IT for more discussions on how VMware
is leading the way with cloud computing to take the complexity out of IT.  My colleague, Murthy, has been exploring many
of these issues around cloud computing and, with his literary acumen, can
explain even the most complex technology concept to a pre-schooler.  I encourage you to join the conversation here
and on the VMware
Communities site for VMware vCloud Director
.

And by the way, check out the article
in the Wall Street Journal featuring VMware vCloud Director.

Greg 

The Enterprise Hybrid Cloud, Delivered

We’re excited about announcing vCloud Datacenter Services at VMworld 2010 because they're the first examples of a globally consistent enterprise-class hybrid clouds. Let me explain what that means and why it’s important.

In a nutshell, vCloud Datacenter Services — offered globally by leading service providers — marry the dynamic, on-demand nature of public cloud services with the compatibility, security and control that enterprise computing requires. A hybrid cloud is defined as two or more clouds that offer data and application portability.

We did a great deal of research with our customers – talking to those who were considering external clouds into their computing environment. We learned a lot from these conversations and I’ll be writing about them in a series of future posts.

Agility

There was a consistency to what we heard: enterprises of all sizes that loved the promise of the dynamic, on-demand nature of public clouds  – the ability to get computing capacity quickly, with no up-front investment and few restrictions in the types of operating systems and software that could be deployed.

Some of you were finding it a bit uncomfortable, in fact, because there was now an external yardstick for the price of on-demand, commodity computing and storage capacity — which drove focus and learning around the benefits that cloud computing might bring to your organizations. This led to another critical insight: access to on-demand computing as a commodity was not enough by itself.

Portability and compatibility

Why? The first challenge is both economic and technical: we learned that a lot of pilot cloud projects were brand new applications, largely because it was technically difficult to take an existing application and make it work in an external cloud. Existing systems are what an organization depends upon, and in economic terms they represent sunk cost. So the extra cost of re-writing or porting an existing system to work in a shiny new cloud environment is often a non-starter.

At the same time, you were very conscious that the majority of IT dollars go into keeping the lights on for existing systems – so the cloud’s ability to reduce some of those costs or avoid new ones (e.g. a datacenter build out) was attractive.

As a result, a key feature of all vCloud Datacenter services is VMware-certified compatibility and portability: you can take existing virtualized applications and move them to the a public cloud provider of their choice with little or no rework.

Much as I wish there was no rework at all, some systems have assumptions about the operating environment baked into them – such as IP address ranges  – which means there is some work to remove those assumptions. But, with systems that don’t have that kind of restriction – and there are lots of those – there is no need to wait for an internal cloud deployment. You can start getting cloud computing benefits right away using the virtualization technology you’re already familiar with: VMware.

Security

Another important area that we heard about time and again was security. Consequently, security is a key part of vCloud Datacenter services. There are three parts to this: the security of the cloud infrastructure itself, the applications running in the cloud, and the access and authentication rights for cloud users within your organization.

You told us it wasn’t enough that the infrastructure and apps are protected; security teams and auditors need to be able to verify and document it too. To deliver on that, vCloud Datacenter service infrastructure has to meet a strict set of physical and logical security controls, with all logs available for inspection by third party auditors. We developed a control set derived from ISO 27001 and consistent with SAS70 Type II for that purpose, which our service provider partners implement.

We also took advantage of the new vShield Edge and vCloud Director “follow the app” virtual security, which provides a full stateful firewall (again, the logs are available for audit), virtual Layer 2 networking, and full Layer 2 network isolation. As a result, security policy and implementation automatically follow the app, regardless of where it lands physically. (There will be more on this in another blog post.)You also get full role-based access control, authenticated against your own enterprise directory so that you have the kind of access and authorization security you’re used to.

In short, we think the enterprise cloud is about three things: agility for computing services, portability of  existing virtualized applications, and security – not just the protection you expect, but also the transparency required to pass audit.

I’ll be writing more about our experiences working with customers who are building enterprise cloud environments in future blog posts.  In the meantime you’ll find more details on vmware.com

Virtualization and Cloud Management at VMworld 2010

Hello, this is Martin Klaus again from the vCenter Product Marketing team.  VMworld San Francisco is less than one week away and it’s bound to be an awesome event for virtualization and cloud management. We have more than 20 management sessions, and the buzz around management is heating up — as Dan Kusnetzky pointed out in his blog. As a track owner for the Private Cloud Management track I get to work with all the presenters of these sessions, and from what I’ve seen I can tell you that each and every session delivers thought provoking, high-quality content. There are too many diverse sessions to summarize in a few sentences, but here are some highlights that you cannot afford to miss:

Management Vision and Strategy Super Session

  • SS1040 – VMware Vision for a New Generation for IT Management (Tuesday, Aug 31, 5:00pm)
    Ramin Sayar, Vice President of Products, Enterprise Management will discuss VMware’s vision for virtualization and cloud management. This is ­_the_ session to attend if you would like to understand how VMware’s approach provides purpose-built and policy-driven automation for dynamic environments to reduce management complexity and accelerate your journey to the cloud.

Management and Private Cloud Customer Panels and Presentations

  • MA9789 – Virtualization Management Customer Panel (Wednesday, Sept , 12:00pm)
    Yours truly will be hosting managers and architects from three leading IT organizations who will share best practices and results from tools and processes they have implemented to achieve 800:1 VM per admin ratios, faster service delivery turnaround times, and 30:1 consolidation ratios for production systems generating an additional $750K in savings on Microsoft license fees.
  • MA8338 – Hear From Several VMware Customers Who Have Successfully Built and Deployed a Private Cloud (Wednesday, Sept 1, 1:30pm)
    My colleague, Greg Bybee, will be hosting a panel of customers who have successfully implemented early access releases of upcoming technology releases to dramatically simplify the implementation of a private cloud architecture.

Analyst’s Perspective

  • MA8092 — Cloud Futures: The Infrastructure Authority (Tuesday, Aug 31, 5:00pm)
    Gartner’s Research VP Chris Wolf explores the emerging role of an “Infrastructure Authority” to be in charge of the growing need to meet security, regulatory and organizational policy constraints of private cloud infrastructure.

Technical Deep-dive Sessions

  • MA7140 – vCloud Architecture Design Strategies and Design Considerations (Tue, Aug 31, 11:00am)
  • MA8317 – vCenter Chargeback (Monday, Aug 30, 10:30am)
  • MA8330 – 10 Best Free Tools for vSphere Management (Mon, Aug 30, 10:30am)
  • MA8940 – Self-Service and Workflow Automation for the Private Cloud (Mon, Aug 30, 3:00pm)
  • MA8181 – vCenter CapacityIQ (Tuesday, Aug 31, 11:00am)
  • MA8649 – vCenter Configuration Manager (Tuesday, Aug 31, 1:30pm)

Again, this is only a short list with some of the management-related sessions at VMworld.  Be sure to check out the complete content catalog on www.vmworld.com.

Hope to see you in San Francisco next week!

Rethinking Management in a Virtualized World

Hello, my name is Rob Smoot. I’m Director of Product Marketing for VMware’s vCenter management products.
In my nearly 6 years at VMware it has been exciting to watch how
virtualization has started transforming IT.  Fortunately for customers
(and for us… I admit I like being at a company that is growing!), this
transformation is still in its early phases. This revolution started by
helping customers to eliminate excess hardware capacity and capex
spending. I believe our next wave of innovation will reduce the
overwhelming complexity and operational cost of managing IT. In fact,
this is essential for the industry and for customers to deliver on the
notion of cloud computing or IT as a Service.

If you subscribe to
a future like VMware envisions where IT acts more like a service
provider and builds private clouds for internal customers, it’s worth
examining how other large public cloud service providers like Amazon
manage their environments. Perhaps better stated, how they manage
to scale their provisioning and operations to satisfy highly variable
demand in a predictable way as customers serve themselves. To start,
they offer only a few options. They don’t custom build to each incoming
request, which is the norm for most IT shops who are struggling to keep
up with the overwhelming demands of the business. Next, management
functionality is built into the system and highly automated to limit
dependence on human intervention. IT cannot afford an army of skilled
staff waiting on other end of a self-service portal to provision and
manage each environment. Finally, cloud environments are built with
highly standardized components and a lot of resiliency. When low level
components in the digital supply chain break, redundancy is built in,
broken parts are removed, and IT services keep running. In short, a
self-service approach and IT’s journey to become more like a service
provider requires a new level of automation and policy-based
control that is not possible with physical infrastructure and
traditional management approaches.

Internal IT can and must
replicate these aspects of the service provider model to simplify the
overwhelming complexity of management for the cloud era.  Easier said
than done, I know. Fortunately, the starting point and foundation for
this model is fully virtualized resources that can be manipulated, well…
like software! Most customers are on this path today. Virtualization
alone improves management in areas such as instant provisioning, but it
also introduces new challenges such as keeping pace with dynamic
infrastructure which doesn’t fit traditional management processes
designed for static environments. It becomes critical that management
technologies understand and take advantage of virtual environments, not
only to survive during the transition from physical to virtual but to
thrive with a new and different approach to management where it is more a
part of the system itself.

In future posts I’ll delve deeper
into how management changes in a fully virtualized or cloud environment.
I’ll also give you an inside view into how we are thinking differently
about management as we strive to solve today’s challenges and prepare
customers for a different approach to management in the cloud era.