April 15, 2011

The Hounds or Greyhounds Technology Decision

I just returned from one of the most important virtualization technology forums in Spain. The format was innovative and the feedback very positive. Virtualization is a mature technology in the data center and nobody is afraid to speak about certain topics that three years ago were taboo, like security.

Ours was one of the most followed sessions. I ran out of vCards and received a lot of comments like “finally somebody solved the networking issue…” Actually, our Data Center Manager (DCM) demo was out of order for some time due to connectivity issues at the show, and the attendees waited almost one hour to see the complete demo. In fact, there were ten people in a corner going through the features of DCM while everybody else was having lunch.

We spoke a lot about security in virtualization. What made our speech different was that I never used the term “future” during it. In the first class I attended several security infrastructure providers used the term “future release” (some of them several times) while we showed DCM live configuring and managing Network-VM interaction.

This made me recall the predictions Gartner made in 2007:

“A combination of immature security tools for virtualized environments and the failure of companies to set and carry out appropriate policies to protect virtual machines (VMs) means that these virtual servers will be less secure than physical machines through 2009.

  1. Virtualization software–such as hypervisors–represents a new layer of privileged software that will be attacked and must be protected.
  2. The loss of separation of duties for administrative tasks, which can lead to a breakdown of defense in-depth.
  3. Patching, signature updates, and protection from tampering for offline VM and VM “appliance” images.
  4. Patching and secure confirmation management of VM appliances where the underlying OS and configuration are not accessible.
  5. Limited visibility into the host OS and virtual network to find vulnerabilities and assess correct configuration.
  6. Restricted view into inter-VM traffic for inspection by intrusion prevention systems (IPSs).
  7. Mobile VMs will require security policy and settings to migrate with them.
  8. Immature and incomplete security and management tools.”

Gartner Symposium/ITxpo 2007: Emerging Trends, San Francisco from April 22nd to April 26th, 2007.

Five of those are directly linked to weak VM to network integration. While virtualization is unaware of hardware, the network configuration of a VM is still full of physical terms like ge.3.1. This is the root cause of at least five of the items listed by Gartner in 2007. Our DCM solution was developed to solve these types of issues.

After our session I realized that Gartner was not so wrong after all, and their predictions still hold true in 2011. At least in Spain. What is the scenario in your country?

It is interesting that we are discussing future architectures in the data center, TRILL, Shortest Path Bridging (SPB), Data Center Bridging (DCB), etc., while the security and automation of network configurations in virtual environments arenot yet closed, and this is preventing the market from taking full advantage of the business benefits of virtualization. Show me a business benefit from TRILL, and I’ll show you a few benefits of virtualization you are not using because of wrong network configurations.

There is an old fable in Spain about a couple of rabbits discussing if the dogs that are chasing them are hounds or greyhounds. While they debated, they were caught and wound up on the plate of the hunter. Sometimes technology discussions remind me of those rabbits, talking about the color of the next wave while the sword of Damocles is about to fall upon us.

About The Contributor:
Salvador FerrerDirector of Solutions Architecture

Salvador Ferrer has been with Extreme Networks for over five years is the Director of Solutions Architecture. Ferrer has more than 15 years of leadership experience in the networking market at companies such as Nortel and Bull.

See My Other Posts