Virtualization.com

News and insights from the vibrant world of virtualization and cloud computing

Greg Ness

Guest Post: Infrastructure 2.0 – The San Jose Fairmont on January 15

by Leave a Comment

This is a cross-post of this blog written by Gregory Ness, former VP of Marketing for Blue Lane Technologies who is currently working for InfoBlox.

In September the discussion started about the concept of Infrastructure 2.0 (or Dynamic Infrastructure) as a response to the rising demands of larger and more complex networks colliding with new IT initiatives including virtualization and cloud computing.  I think it caught many by surprise.

A few weeks later a blog entitled The CIO Shell Game made the point that automating systems and endpoints and not the network was merely shifting manual labor demands while increasing network availability and security risks.  This theme continued in The Network Industry Needs a New Vision with a focus on the network industry’s overzealous industry focus on speeds and feeds that had ultimately risked making the network irrelevant to computing in the future.

Companies like Cisco, Juniper, F5 Networks, Foundry and Extreme need to invest in automating the rampant manual labor rendering networks static and brittle in the face of more dynamic systems and endpoints.  If they do, the cloud computing vision could have a silver lining for those who understand the potential of dynamic infrastructure.

Unleashing dynamic infrastructure will also unleash more powerful business cases for investments in virtualization and cloud computing, which would also impact the fortunes of VMware, Citrix, Microsoft, Google, Amazon and an emerging community of cloud computing startups.  I think the word is getting out rapidly.

January 15 is the Launch of the Dynamic Infrastructure Vision

Since then we’ve seen blogs at Cisco and F5’s DevCentral blog join the conversation and recognize how important the network is to these new initiatives.  I think, however, the ultimate sign of the arrival of the network as “the foundation for IT automation” meme is a live streaming event being held at the San Jose Fairmont Hotel on January 15.

Infoblox and Cisco are billing dynamic infrastructure as the biggest thing in networking since TCP/IP, because it transforms the brittle, static and manually managed network into an automated network that enables connectivity intelligence between applications, endpoints and networks.  That connectivity intelligence establishes feedback loops, the precursor to an explosion of intelligence in the network, applications and endpoints.

Connectivity intelligence could also take the VMotion genie out of the bottle and drive new levels of scale and security and drive the business case for virtualization skyward.  Whichever virtualization platform vendor delivers on the promise of enhanced security with VMotion will win.

Recently a second Cisco speaker has agreed to speak at the breakfast event, alongside Cisco Senior Director Douglas Gourlay and Infoblox CTO and Founder Stuart Bailey and moderator (Infoblox) VP Marketing Richard Kagan.

In May the Dynamic Infrastructure panel at the Future In Review (FIRE) conference in San Diego will also include a VP from F5 Networks among others.

I think these two events will set the stage for a much-needed, broader discussion about the collision between static networks and dynamic systems and endpoints; as well as the drive to automate greater portions of the network in response to increasing velocities of change enabled by increased system and endpoint automation.

You can follow my comments in real time at www.twitter.com/archimedius. You can also read more about dynamic infrastructure in the latest issue of bloxNews (which contains several third party perspectives) and the new Infrastructure 2.0 blog launched last week.

My disclaimer is at: http://gregness.wordpress.com/about/.  I am a Senior Director at Infoblox.

Guest Post: VMware’s Biggest Threat Isn’t Microsoft

by 1 Comment

This is a cross-post of a blog article written by Gregory Ness, former VP of Marketing for Blue Lane Technologies who is currently working for InfoBlox.

The tech industry loves great battles between rivals, and it is often tempting to frame challenges within the context of specific competitive battles. Many see the entrance of Microsoft or even Citrix into virtualization as VMware’s biggest threat. I beg to differ.

VMware’s biggest threat is virtualization-lite, or the confinement of the virtualization business case to within hypervisor VLANS. VMware needs to get enterprises to the bigger picture, the full realization of the benefits of virtualization in the data center, including VMotion. If it cannot, then its sheer share of the data center market will be many times smaller than otherwise, with or without Microsoft or Citrix.

Getting beyond virtualization-lite should be VMware’s number one goal. That would involve unprecedented work with related IT eco-system elements. VMsafe was a great step forward, but it didn’t deliver dynamic security solutions capable of protecting moving VMs.

Another area directly impacted and often overlooked is the network itself. That is, can a static network infrastructure manage, protect, maintain and/or deliver dynamic systems and endpoints? If it cannot, then that is a problem for VMware and an opportunity for the network solutions players.

That is why I think the biggest VMware requirement for success is dynamic infrastructure, or Infrastructure 2.0.

There are substantial virtualization and cloud computing initiatives that will also depend upon dynamic infrastructure. We’ve talked about this issue at Archimedius from both the standpoint of virtualization security and cloud computing. Yet I’m discovering that the issue is much bigger than that. Some enterprises get this and are moving to more dynamic infrastructure; yet others are trying to figure it out.

I think this issue is bigger for IT and networking than a weak global economy. It promises to produce an explosion of breakthroughs in network, endpoint and application intelligence.

Guest Post: Clouds, Networks and Recessions

by Leave a Comment

This is a cross-post of a blog article written by Gregory Ness, former VP of Marketing for Blue Lane Technologies who is currently working for InfoBlox.

Over the last three decades we’ve watched a meteoric rise in processing power and intelligence in network endpoints and systems drive an incredible series of network innovations; and those innovations have led to the creation of multi-billion dollar network hardware markets.  As we watch the global economy shiver and shake we now see signs of the next technology boom: Infrastructure2.0.

Infrastructure1.0- The Multi-billion Dollar Static Network

From the expansion of TCP/IP in the 80s/90s, the emergence of network security in the mid/late 90s to the evolution of performance and traffic optimization in the late 90s/early 00s we’ve watched the net effects of ever-changing software and system demands colliding with static infrastructure.  The result has been a renaissance of sorts in the network hardware industry, as enterprises installed successive foundations of specialized gear dedicated to the secure and efficient transport of an ever increasing population of packets, protocols and services.  That was and is Infrastructure1.0.

Infrastructure1.0 made companies like Cisco, Juniper/NetScreen, F5 Networks and more recently Riverbed very successful.  It established and maintained the connectivity between ever increasing global populations of increasingly powerful network-attached devices.  Its impact on productivity and commerce are proportionate to the advent of oceanic shipping, paved roads and railroads, electricity and air travel.  It has shifted wealth and accelerated activities on a level that perhaps has no historical precedent.

I talked about the similar potential economic impacts of cloud computing in June, comparing its future role to the shipment of spices across Asia and the Middle East before the rise of oceanic shipping.  One of the key enables of cloud computing is virtualization.  And our early experiences with data center virtualization have taught us plenty about the potential impact of clouds on static infrastructure.  Some of these impacts will be felt on the network and others within the cloudplexes.

The market caps of Cisco, Juniper, F5, Riverbed and others will be impacted by how well they can adapt to the new dynamic demands challenging the static network.

Virtualization: The Beginning of the End of Static Infrastructure

The biggest threat to the world of multi-billion dollar Infrasructure1.0 players is neither the threat of a protracted global recession nor the emergence of a robust population of hackers threatening increasingly lucrative endpoints.  The biggest threat to the static world of Infrastructure1.0 is the promise of even higher factors of change and complexity on the way as systems and endpoints continue to evolve.

More fluid and powerful systems and endpoints will require either more network intelligence or even higher enterprise spending on network management.

This became especially apparent when VMware, Microsoft, Citrix and others in virtualization announced their plans to move their offerings into production data centers and endpoints.  At that point the static infrastructure world was put on notice that their habitat of static endpoints was on its way into the history books.  I blogged about this, (sort of ) at Always On in February 2007 when making a point about the difficulties inherent with static network security keeping up with mobile VMs.

The sudden emergence of virtualization security marked the beginning of an even greater realization that the static infrastructure built over three decades was unprepared for supporting dynamic systems.  The worlds of systems and networks were colliding again and driving new demands that would enable new solution categories.

The new chasm between static infrastructure and software now disconnected from hardware, is much broader than virtsec, and will ultimately drive the emergence of a more dynamic and resilient network, empowered by continued application layer innovations and the integration of static infrastructure with enhanced management and connectivity intelligence.

As Google, Microsoft, Amazon and others push the envelope with massive virtualization-enabled cloudplexes revitalizing small town economies -and whomever else rides the clouds– they will continue to pressure the world of Infrastructure1.0.  More sophisticated systems will require more intelligent networks.  That simple premise is the biggest threat today to network infrastructure players.

The market capitalizations of Cisco, Juniper, F5 and Riverbed will ultimately be tied to their ability to service more dynamic endpoints, from mobile PCs to virtualized data centers and cloudplexes.  Thus far, the jury is still out about the nature and implications of various partnership announcements between 1.0 players and virtualization players.

As enterprises scale their networks to new heights they are already seeing the evidence of the stresses and strains between static infrastructure and more dynamic endpoint requirements.  A recent Computerworld Research Report on core network services already shows larger networks paying a higher price (per IP address) for management.  Back in grad school we called that a diseconomy of scale; today in the networked world I think it would be one of the four horsemen of infrastructure1.0 obsolescence.  Those who cannot adapt will lose.

Virtsec as Metaphor for the New Age

Earlier this year VMware announced VMsafe at VMworld in Cannes.  Yet at the recent VMworld conference mere months later the virtsec buzz was noticeably absent.  The inability of the VMsafe partners to deliver on the promise of virtualization security was a major buzz killer and I think it may be yet another harbinger of things to come for all network infrastructure players.  This issue is infinitely larger than virtsec.

I suspect that the VMsafe gap between expectations and reality drove production virtualization into small hypervisor VLAN pockets, limiting the payoff of production virtualization and I think impacting VMware’s data center growth expectations.  That gap was based on the technical limitations of Infrastructure1.0, more than any other factor.  It also didn’t help the 1.0 players grow their markets by addressing these new demands.  The result was as slowdown in production virtualization, a huge potential catalyst for IT, with new economies of scale and potential.

The appliances that have been deployed across the last thirty years simply were not architected to look inside servers (for other servers) or dynamically keep up with fluid meshes of hypervisors powering servers on and off on demand and moving them around with mouse clicks.

Enterprises already incurring diseconomies of scale today will face sheer terror when trying to manage and secure the dynamic environments of tomorrow.  Rising management costs will further compromise the economics of static network infrastructure.

The virtsec dilemma was clearly a case of static netsec meeting dynamic software capable of moving across security zones or changing states.  There are more dilemmas on the way.  Take the following chart and simply add cloud and virtualization in the upper right and kink the demands line up even higher:

If you take a step back and look at the last thirty years you’ll see a series of big bang effects from TCP/IP and application demand collisions.  As we look forward five years into a haze of economic uncertainty, maybe it’s a proper time to take heed that the new demands of movement and change posed by virtualization and cloud computing need to be addressed sooner rather than later.

If these demands are not addressed, more enterprise networks will face diseconomies of scale as TCP/IP proliferates.  They’ll experience additional availability and security challenges and will emerge when the haze clears at a competitive disadvantage after years of overpaying for fundamental things like IP address management (or IPAM).  Most enterprises today are still managing IP addresses with manual updates and spreadsheets and paying the price, according to Computerworld research.  How will that support increasing rates of change?

The Emergence of Connectivity Intelligence

As I mentioned one of the biggest challenges of virtsec was the inability of network appliances to see VMs and keep track of them as they move around inside a virtualized blade server environment (racks and stacks of powerful commodity servers deployed in a fluid pool that can add or remove servers/VMs on short notice and therefore operate with less power than the conventional data center with each server running a unique application or OS and therefore having to be powered 24/7).

The static infrastructure was not architected to keep up with these new levels of change and complexity without a new layer of connectivity intelligence, delivering dynamic information between endpoint instances and everything from Ethernet switches and firewalls to application front ends.  Empowered with dynamic feedback, the existing deployed infrastructure can evolve into an even more responsive, resilient and flexible network and deliver new economies of scale.

A dynamic infrastructure would empower a new level of synergy between new endpoint and system initiatives (consolidation, compliance, mobility, virtualization, cloud) and open new markets for existing and emerging infrastructure players.  Cisco, Juniper, F5 Networks, Riverbed and others who benefited from the evolving collisions between TCP/IP and applications could then benefit from the rise of virtualization and enterprise and service provider versions of cloud, versus watching it from the sidelines.

The Rise of Core Net Service Automation

That connectivity intelligence requirement will make core network service automation (DNS, DHCP, and IPAM, for example) strategic to infrastructure2.0.  Most of these services are today manually managed.  That means that network and system are connected and adjusted manually.  More changes will mean more costs and more downtime and less budget for static infrastructure.

These networks need dynamic reachability (addressing and naming) and visibility (status and location) capabilities.  In essence, I’m advocating the evolution of a central nervous system for the network capable of delivering commands and feedback between endpoints, systems and infrastructure; at the core it would be a kind of digital positioning system (DPS) that would enable access, policy, enforcement and flexibility without the need for ongoing and tedious manual intervention.

In between recent emails with Rick Kagan and Stuart Bailey (both also at Infoblox) Stuart recommended Morville’s “Ambient Findability”.  I soon found out why.  The following is from the online Amazon review:

“The book’s central thesis is that information literacy, information architecture, and usability are all critical components of this new world order. Hand in hand with that is the contention that only by planning and designing the best possible software, devices, and Internet, will we be able to maintain this connectivity in the future.”

In a recessionary scenario these labor-intensive strains will get worse as budgets and resources are trimmed.  Rising TCO for infrastructure will impact the success of the infrastructure players as well as VMware, Microsoft and others, as virtsec friction has already impacted VMware.  The virtualization players will be forced to build or acquire application layer and connectivity intelligence as a means of survival.  They may not wait for the static team to convert to a more fluid vision.

That is why the fates of the static infrastructure players (and IT) will be increasingly tied to their ability to make their solutions more intelligent, dynamic and resilient.  Without added intelligence today’s network players will benefit less and less from ongoing innovations that show no sign of slowing; the impacts of a recession would be made even more severe.

VMware Buys Blue Lane (Updated)

by 3 Comments

VMware went shopping and came back home with Cupertino-based Blue Lane Technologies. Despite the lack of press releases, this transaction was confirmed by Mary Ann Gallo, VMware’s head of Global Public Relations. Unfortunately she could not disclose the financial details.

Update: according to Brenon Daly from The 451 Group, the price was around $15 million, and Blue Lane was in search for a buyer since last Summer because of lack of sufficient capital. He also mentions Blue Lane raised “some $18.4m in two rounds of funding”, but our information keeps it at $13.4m.

The acquired company provides solutions that secure virtual and physical data centers. Its solution secures servers and VMs by controlled code execution in the network and taking appropriate countermeasures against traffic aimed at known software vulnerabilities (without signatures).

Blue Lane was quite silent after releasing VirtualShield 4.2 last April. We interviewed Greg Ness, former VP of Marketing with Blue Lane (and avid blogger) and Thierry Evangelista, Technical Director Europe for the company at VMworld Europe earlier this year.

This acquisition confirms VMware’s commitment to virtualization security or VirtSec in short.

Blue Lane was founded in 2002 and has raised $13.4 million to date in two financing rounds from Benchmark Capital, DAG Ventures and Matrix Partners. According to Greg Ness, who left the company last July to join Infoblox, Blue Lane has around 40 employees.

Below, you can find 3 embedded videos encompassing a long interview we did with Ness last June when he was still with the company.


Interview BlueLane Greg Ness 1/3 from Toon Vanagt on Vimeo.


Interview BlueLane Greg Ness part 2/3 from Toon Vanagt on Vimeo.


Interview BlueLane Greg Ness 3/3 from Toon Vanagt on Vimeo.

Thanks to Virtualization.info for the news.

Blue Lane Technologies

Who Owns Virtualization Security? The Hoff/Crosby Debate

by 5 Comments

We’ve decided to cross-publish a blog post by Gregory Ness, VP of Marketing for Blue Lane Technologies, because we think it delivers a good insight in the whole Hoff/Crosby debate about virtualization security (virtsec, if you will).

Gregory NessLast year when I blogged about the impact of virtsec on the world of static security I focused on how virtualization could degrade the effectiveness of security solutions. Since then we’ve seen a surge of vendor marketing around virtualization security (virtsec), from a growing corral of one trick pony start-ups with various Barney announcements (“I love you, you love me…”) to the likes of the world’s leading security companies joining VMware’s unprecedented, visionary VMsafe initiative.

Last month I blogged about data center security’s key requirements, which included virtsec. My point was that virtsec will require more intelligence and agility than perimeter network security, because it will need to be deployed within the hypervisor layer and will consume hypervisor resources. Simply moving deep packet regular expression inspection engines into the hypervisor layer could add big hypervisor footprints and/or unacceptable levels of latency. These problems aren’t new; they’ve been hidden by faster and faster dedicated hardware at the network perimeter.

That’s why I found a recent virtsec blog exchange between Hoff and Crosby so disconcerting. Two brilliant guys with two very different perspectives are arguing about the ownership and accountability of virtualization security. Chris Hoff is a security guru with a sizable following who has been among the most vocal on the virtsec challenge. Security blogger Rothman calls Hoff Captain Virtual because he has been on a tear when it comes to the blog debate around virtsec.

Simon Crosby is leading the virtualization charge for Xen/Citrix and he insists that virtualization platform vendors should stay focused on securing their platform versus the new infrastructure they’re enabling. Like Chris, Simon is one very smart guy with a deep technology background in virtualization. And from Simon’s perspective he doesn’t sound unreasonable.

The virtualization security debate thus far has had so many issues swept underneath it by various parties that it resembles a lumpy rug. Simon and Chris are exposing some of the lumps as they humor each other with comments about smoking cigars from the wrong end and the following (from Hoff):

“Focusing only on your little patch of grass is short-sighted and it won’t work. Just like it hasn’t worked in the past. It’s a disaster waiting to happen, and you’re enabling it”. – Hoff

The problem isn’t that these two very smart guys disagree; it’s rather that this disagreement promises to play itself out on a micro-level in enterprises around the world, as I commented last year in “VM Security- The Keys to the Virtualization Kingdom.” And no one stands to win, except those hoping for a slow adoption.

Perhaps Rothman is right to suggest that security will stay tactical and reactionary when it comes to virtsec, because that has been the recent history of netsec on many fronts. Yet if virtsec isn’t done right it could jeopardize the very flexibility and efficiency that virtualization enables. Strategic virtsec is an enabler of growth; tactical virtsec is a rocky road.
Rothman’s scenario seems to anticipate the rocky road: the slow and grinding deployment of hypervisors in production stretched out for years, as tactical decisions and budgets respond to new risks and events driven by cycles of hacks, reactionary regulatory responses and internal operations and security discussions. Feels a lot like the status quo today, doesn’t it? I hope he’s wrong.

The colorful and spirited debate between Hoff and Crosby is very symbolic of the issues we’ve discussed here since my initial virtsec blog in Feb 2007.

Unfortunately I think this debate risks becoming a metaphor for production data center virtualization; it feels to me like two different worlds colliding in a potentially myopic haze of finger-pointing and original sin debates. That scenario will not help Citrix/Xen virtualize production environments, and I think that is why Hoff’s points bear such weight. And I’m not sure that Crosby gets this given his thoughtful and understandable Mother of All Misunderstandings response to Hoff.

I think the mother of all misunderstandings is about to play itself out as “a funny thing happened on the way to the datacenter” scenario. When Caesar crossed the Rubicon he knew his security profile would change, but he still underestimated the Senate. If Citrix doesn’t show leadership (ala VMware and VMsafe, etc.) and instead talks about security as “other people’s problems” its growth in the data center could experience a thousand cuts Caesar style as internal conflicts and strife within customers (between the Hoff’s and Crosby’s) could demonize the incredible and undeniable power of virtualization to enhance data center security.

The virtualization and security vendors can either lead on this issue as an opportunity to enhance security today or merely create awareness around the new risks and dynamics and talk about far-off solutions that may one day work when the market matures. One strategy will lead to the faster deployment of hypervisors in production; the other will fulfill Rothman’s prediction.

Virtualization is a massive opportunity to escape the cycle of attack followed by tactical/regulatory response and establish a new order, with security pros getting powerful, flexible new capabilities to protect systems. That will require leadership and new thinking and a full appreciation by those who don’t want to relive the past. Security may turn out to be strategic to virtualization in ways that it couldn’t be strategic to the network. The hypervisor layer is perhaps the most substantial strategic security opportunity in many years. Let’s hope we leverage it to its fullest.

Video: Interview Greg Ness, VP Marketing with Blue Lane Technologies (VMworld Europe 2008)

by 6 Comments

The interview below is part of our Virtualization Video Series, a recurring theme we want to implement on Virtualization.com featuring interviews with key players from the industry, event reports, etc.

This interview was recorded at VMWorld Europe 2008 in Cannes, France, and features Greg Ness, VP Marketing with Blue Lane Technologies.

DivX HD 1280×720 3.5mbit/s: Play (pop-up)
WMV HD 1280×720 3.5mbit/s: Play (pop-up)

Flash versions: Blip (embedded below), Myspace, Putfile, Revver, Sevenload, Vimeo, Youtube

Interviewer: Tarry Singh
Video blogger: Charbax