Search Results for: virtualization security

Tripwire ConfigCheck Now VMware ESX 3.0 Compatible

July 21, 2008 by Robin Wauters Leave a Comment

Remember Tripwire ConfigCheck, the nifty free utility that rapidly assesses the security of VMware ESX hypervisor configurations compared to the VMware Infrastructure 3 Security Hardening guidelines? Well, Tripwire today announced the availability of Tripwire ConfigCheck for VMware ESX 3.0.

“The massive popularity of Tripwire ConfigCheck speaks loudly to the market need for solutions that address the knowledge and skills gap in managing virtual infrastructure. With this latest release, we leverage the best practices of VMware’s hardening security guidelines for 3.5 and 3.0.x environments increasing the overall value of the utility,” said Mark Gaydos, Tripwire VP of Marketing.

In addition to offering immediate insight into unintentional vulnerabilities in virtual environments, Tripwire also provides a remediation guide containing the necessary steps to return both VMware ESX 3.0 and 3.5 hosts to a known, secure state.

Rich Wolski on Eucalyptus: Open Source Cloud Computing (Video Interview – 2/2)

July 18, 2008 by Toon Vanagt Leave a Comment

In this second part of our video interview with Rich Wolski (see the first part here), recorded at the O’Reilly Velocity conference, we learn how Eucalyptus came around the Amazon subscription method, where credit cards are the key to authentication. Offering ‘free and open’ clouds in university environments was achieved by introducing a system administrator in between the user account request and the issuing of certificates. Upon user request, the Eucalyptus user subscription interface generates an e-mail to an administrator, who will then perform a ‘manual’ verification. This can be a phone call or a physical meeting.

Eucalyptus Director Rich Wolski on open source cloud computing, Xen and Amazon’s EC2 (part 2/2) from Toon Vanagt on Vimeo.

Users did not like Rocks (leading open source cloud management tool), but the community (in smaller community/ deployment supports) preferred to do this manually. So Eucalyptus 1.1 provides Guidance, a script to build from scratch by hand.

A ‘build with one button’ remains the goal for future versions.

The full Eucalyptus image is only 55 Mb (without Linux image) and includes the necessary packages in order to make sure all of the revision-levels are fully compatible. Eucalyptus comes as Free BSD Open-Source license with a small disclaimer that the University of Santa Barbara explicitly wants to avoid any intellectual property infringements and will take necessary steps if needed.

Virtualization is supported by Xen 3.1 for security sake (3.0 works too, but is discouraged).

Lessons learned in building clouds from open source are quite rare. Here are a few from Rich:

Unlike commercial environments (where one controls the configuration, hardware purchase and networking), the architectural decisions are very different in open source environment, where one does not know the installation. One of the current challenges is to build a system depending on the control you have over your specific installation, you could successfully remove more of the portability from the system as you needs fit.

A second lesson is that people do things by hand and this is an opportunity for automation. Nobody is deploying Linux manually, instead sys admin use distributions. Shouldn’t there be a similar cloud distribution product out there? The people at Puppet were eager to help on providing such scripts for cloud deployments. According to Rich, this illustrates how O’Reilly should be credited for creating a good atmosphere at the Velocity 08 conference where a lot of cross-fertilization happened.

Rich ends the interview by throwing a fundamental question at the cloud community. He classifies current cloud initiatives on a scale based on the ‘closeness’ of the application layer to the cloud API. At the one end of this spectrum, he puts Google Apps (with Python oriented function calls) and at the other end Amazon EC2 (a set of very simple web service interfaces to the underlying virtualization technology) and all other cloud offerings float in between. This impacts what you can do with virtualization. Google AppEngine becomes your compiler on their end of the scale.

Rich wonders if this tighter link to the Google AppEngine will become a liability or an asset in the future when it comes to virtualization capabilities?

We invite you to provide your answers in the comments below!

Leostream Puts Jack Hembrough In Charge Of Sales and Marketing

July 16, 2008 by Robin Wauters Leave a Comment

Leostream, the young hosted desktop connection broker that recently announced it had raised $3 million in Series A funding, today announced it has appointed Jack Hembrough to the position of Executive Vice President of Sales and Marketing. Hembrough has spent over 20 years in the hardware and software business, creating successful start-ups and running profitable businesses.

Hembrough comes to Leostream from Application Security, a venture-backed software security company, where he served from its inception as President, CEO, and later as Chairman of the Board, growing the company to over $20 million in annual sales.

Prior to joining Application Security, Hembrough was Senior Vice President, Worldwide Sales for Authentica, and as the fourteenth employee at Raptor systems, Hembrough was part of a highly successful IPO, subsequently leading Raptor’s expansion as Vice President and General Manager of the European operation, based in Amsterdam.

Additionally, he has held senior executive positions in sales and management at Information Resource Engineering (now SafeNet), and Motorola Corporation.

[Source: MarketWatch]

Citrix Aims To Make Creation of Hypervisor-Independent Application Workloads Easier with Project Kensho

July 15, 2008 by Robin Wauters 2 Comments

Citrix today announced “Project Kensho,” which will deliver Open Virtual Machine Format (OVF) tools that allow independent software vendors (ISVs) and enterprise IT managers to easily create hypervisor-independent, portable enterprise application workloads. These tools will allow application workloads to be imported and run across Citrix XenServer, Windows Server 2008 Hyper-V and VMware ESX environments.

Citrix boasts this implementation will solve a multitude of interoperability issues between virtualization platforms while allowing automated provisioning and management of applications, rather than just virtual machines. Users will be able to easily install and use any OVF packaged application workload regardless of which virtualization platform they use – whether it be XenServer, Hyper-V, or ESX.

“XenServer delivers the benefits of fast, free, ubiquitous and compatible virtualization, whether from Citrix, Microsoft or VMware,” said Simon Crosby, CTO of the Virtualization and Management Division, Citrix Systems. “Project Kensho highlights the Citrix commitment to interoperability for virtualization, while maximizing price/performance and richness of features at the virtual infrastructure level.”

The OVF specification was originally co-authored by Citrix and VMware, with contributions from Dell, HP, IBM and Microsoft. The companies then jointly submitted the draft to the DMTF standardization process.

Project Kensho will support the vision of the Citrix Delivery Center product family, helping customers transform static datacenters into dynamic “delivery centers” for the best performance, security, cost savings and business agility. The tools developed through Project Kensho will be integrated into Citrix Workflow Studio based orchestrations, for example, to provide an automated, environment for managing the import and export of applications from any major virtualization platform.

A technical preview of Project Kensho tools is expected to be available for free download in September 2008.

Gene Fay Leaves EMC, Joins VKernel As Top Sales Guy

July 8, 2008 by Robin Wauters Leave a Comment

After Diane Greene leaving VMware, in comes the story of Gene Fay joining VKernel (check our earlier coverage) as Vice President of Sales. Fay was vice president of worldwide sales and global alliances for the security information and event management (SIEM) business unit of RSA, the Security Division of EMC. He joined EMC after the company acquired Network Intelligence where he was vice president of business development.

Gene seems to be happy with the decision he made:

“I have watched the virtualization space explode over the last five years,” said Gene Fay, “With our innovative virtual appliances for systems management, a very hot market, and a great team, VKernel offers a fantastic opportunity to work with customers who are rapidly virtualizing their data centers and partners that are helping them through the process.”

[Source: PRNewswire]

Invisible Things Lab: Hypervisors Mucho Hackable

July 8, 2008 by Robin Wauters Leave a Comment

Security researchers from Invisible Things Lab claim will be demonstrating how easy it is to hack hypervisors at the next Black Hat conference in Las Vegas in August. More specifically, they’ll be discussing the (in)security of the Xen hypervisor, such as how to plant rootkits, how to bypass various hypervisor anti-subverting techniques, as well as how “Bluepills” (ah, that rang a bell) can be used in bare-metal hypervisor compromises. They plan on releasing proof-of-concept code.

From the Invisible Things blog:

The three presentations have been designed in such a way that they complement each other and create one bigger entirety, thus they can be referred as “Xen 0wning Trilogy” for brevity.

The three presentations that are mentioned, are the following:

Should be interesting!

On a sidenote, this caveat in the Invisible Things Lab blog post is an interesting statement on its own:

It’s worth noting that we chose Xen as the target not because we think it’s insecure and worthless. On the contrary, we believe Xen is the most secure bare-metal hypervisor out there (especially with all the goodies in the upcoming Xen 3.3). Still we believe that it needs some improvements when it comes to security. We hope that our presentations will help making Xen (and similar hypervisors) more secure.

Do you agree?

[Source: Information Week]