Virtualization.com

News and insights from the vibrant world of virtualization and cloud computing

virtualization

Citrix XenApp 5.0 Delayed For Months?

by 1 Comment

Independent technology analyst & author Brian Madden is speculating a multiple-month delay for Citrix XenApp 5.0, not hearing anything about it at Citrix’ annual Synergy event. He writes:

“The current Presentation Server 4.5 product does NOT work on Windows Server 2008, so if you want to use Citrix + Server 2008, you need XenApp 5. Citrix told us again and again in 2007 that the “Delaware” edition of Presentation Server would be released 90 days after Microsoft releases Windows Server 2008.

Windows Server 2008 came out on February 28. That means we should see XenApp 5 in the end of May. Today is May 21, which means that technically Citrix has another week to release XenApp 5, but it’s unlikely this will happen since they haven’t mentioned it at Synergy. In fact the rumor floating around is that XenApp 5 won’t actually make it out for another few months.”

When asking Citrix employees, Brian received two different responses: one claiming Windows Server 2008 is not yet widely adopted for Terminal Server applications, making a release of a new XenApp version unnecessary, and one claiming that the mentioned period was more a ‘target’ than a real ‘commitment’.

Be that as it may, Brian is right to add that neither of these excuses explain why excactly XenApp 5 is taking so long. He goes on trying to provide an explanation for the likely delay, which we suggest you go read on his blog.

VirtualLogix Conforms to Open Mobile Terminal Platform Security

by Leave a Comment

VirtualLogix announced its continued commitment to the Open Mobile Terminal Platform (OMTP) by submitting a Product Profile Statement in conformance with the organization’s new mobile hardware security recommendations designed to help protect against threats such as malware and fraud attacks. The OMTP is an operator-sponsored forum that gathers and drives mobile terminal requirements.

VirtualLogix

According to the press release, VirtualLogix VLX for Mobile Handsets is among the first products to conform to the “Advanced Trusted Environment” security recommendations through the OMTP Product Profile Statement.

In its “Advanced Trusted Environment” paper, OMTP focuses on the full set of hardware security requirements that will enable new mobile services to be run in a protected and secure environment. In addition to its Recommendations Papers, OMTP offers its Product Profile process, an online tool that enables network operators, device manufacturers and platform and technology providers to quickly compare and contrast technology offerings that can deliver compliance against the OMTP Recommendations. By conforming to the new “Advanced Trusted Environment” requirements VirtualLogix is helping set the baseline for hardware security in mobile devices for the next five to ten years.

[Source: EDA Geek]

Alternative Technology Adds McAfee Security Solutions and Services

by Leave a Comment

Alternative Technology, an Arrow Electronics company and specialty distributor of thin-client/server-based computing, edge infrastructure, virtualization, and security solutions, has announced it will distribute the full line of McAfee security software, appliances and managed security services for small to medium businesses and enterprises. Those offerings include: system/endpoint security, network security, data protection, and risk and compliance management.

Alternative Technology

Alternative Technology will offer McAfee’s complete line of security solutions which can protect consumers, small business, and all types of enterprises. McAfee Total Protection Suites offer security solutions for servers, networks, desktops and mobile devices.

McAfee solutions offered by Alternative Technology include the recently announced 10Gbs Network Security Platform and high-performance McAfee Content Security Blade Server. McAfee offers scalability for security and compliance management for networks, data and endpoints across large-scale physical and virtual environments as well as small-scale and mid-size networks.

“McAfee security solutions are a significant addition to our line card and will be well received by our North American channel partners,” said Tom Zorn, senior vice president, Alternative Technology. “They complement our other products and service offerings. In particular, McAfee’s recently announced Email and Web Security Virtual Appliance, in beta, built from the ground up for the VMware platform, McAfee’s new virtual infrastructure security assessment service, and their plans to embed VMware’s VMsafe security technology into future McAfee security solution offerings, tie in very well with our rapidly growing VMware business.”

Complementing Alternative Technology’s professional methodology for security assessment, remediation and management, is the McAfee Foundstone Professional Services offering. The Foundstone Virtual Infrastructure Security Assessment is the first security service dedicated to virtualization. McAfee security solutions will also be added to Alternative Technology’s PCI Compliance Solutions Program.

PlateSpin Reaffirms Commitment For Extended Citrix XenServer Support

by Leave a Comment

PlateSpin, since recently a Novell company, today reaffirmed its commitment to support Citrix XenServer across the PlateSpin product line. PlateSpin considers XenServer support to be a key element of its multiplatform strategy, which aims to offer enterprises a unified suite of solutions for managing heterogeneous data center environments and making physical and virtual infrastructures work as one.

Platespin

“As a Citrix Technology Partner, PlateSpin is committed to working with Citrix to offer customers simple, efficient and interoperable solutions to virtualize servers and better manage their XenServer environments,” said Stephen Pollack, CEO of PlateSpin ULC. “PlateSpin Workload Portability and profiling technology helps Citrix customers make the most of their XenServer investments by accelerating and simplifying the integration of XenServer into their mixed data center environments where multiple hypervisor technologies coexist.”

With broad support for today’s distributed, multi-platform environments, PlateSpin PowerRecon provides an enterprise-scale workload profiling, planning and optimization solution that improves the speed and quality of virtualization initiatives and eases the burden of managing virtual environments.

[Source: VMblog]

Who Owns Virtualization Security? The Hoff/Crosby Debate

by 5 Comments

We’ve decided to cross-publish a blog post by Gregory Ness, VP of Marketing for Blue Lane Technologies, because we think it delivers a good insight in the whole Hoff/Crosby debate about virtualization security (virtsec, if you will).

Gregory NessLast year when I blogged about the impact of virtsec on the world of static security I focused on how virtualization could degrade the effectiveness of security solutions. Since then we’ve seen a surge of vendor marketing around virtualization security (virtsec), from a growing corral of one trick pony start-ups with various Barney announcements (“I love you, you love me…”) to the likes of the world’s leading security companies joining VMware’s unprecedented, visionary VMsafe initiative.

Last month I blogged about data center security’s key requirements, which included virtsec. My point was that virtsec will require more intelligence and agility than perimeter network security, because it will need to be deployed within the hypervisor layer and will consume hypervisor resources. Simply moving deep packet regular expression inspection engines into the hypervisor layer could add big hypervisor footprints and/or unacceptable levels of latency. These problems aren’t new; they’ve been hidden by faster and faster dedicated hardware at the network perimeter.

That’s why I found a recent virtsec blog exchange between Hoff and Crosby so disconcerting. Two brilliant guys with two very different perspectives are arguing about the ownership and accountability of virtualization security. Chris Hoff is a security guru with a sizable following who has been among the most vocal on the virtsec challenge. Security blogger Rothman calls Hoff Captain Virtual because he has been on a tear when it comes to the blog debate around virtsec.

Simon Crosby is leading the virtualization charge for Xen/Citrix and he insists that virtualization platform vendors should stay focused on securing their platform versus the new infrastructure they’re enabling. Like Chris, Simon is one very smart guy with a deep technology background in virtualization. And from Simon’s perspective he doesn’t sound unreasonable.

The virtualization security debate thus far has had so many issues swept underneath it by various parties that it resembles a lumpy rug. Simon and Chris are exposing some of the lumps as they humor each other with comments about smoking cigars from the wrong end and the following (from Hoff):

“Focusing only on your little patch of grass is short-sighted and it won’t work. Just like it hasn’t worked in the past. It’s a disaster waiting to happen, and you’re enabling it”. – Hoff

The problem isn’t that these two very smart guys disagree; it’s rather that this disagreement promises to play itself out on a micro-level in enterprises around the world, as I commented last year in “VM Security- The Keys to the Virtualization Kingdom.” And no one stands to win, except those hoping for a slow adoption.

Perhaps Rothman is right to suggest that security will stay tactical and reactionary when it comes to virtsec, because that has been the recent history of netsec on many fronts. Yet if virtsec isn’t done right it could jeopardize the very flexibility and efficiency that virtualization enables. Strategic virtsec is an enabler of growth; tactical virtsec is a rocky road.
Rothman’s scenario seems to anticipate the rocky road: the slow and grinding deployment of hypervisors in production stretched out for years, as tactical decisions and budgets respond to new risks and events driven by cycles of hacks, reactionary regulatory responses and internal operations and security discussions. Feels a lot like the status quo today, doesn’t it? I hope he’s wrong.

The colorful and spirited debate between Hoff and Crosby is very symbolic of the issues we’ve discussed here since my initial virtsec blog in Feb 2007.

Unfortunately I think this debate risks becoming a metaphor for production data center virtualization; it feels to me like two different worlds colliding in a potentially myopic haze of finger-pointing and original sin debates. That scenario will not help Citrix/Xen virtualize production environments, and I think that is why Hoff’s points bear such weight. And I’m not sure that Crosby gets this given his thoughtful and understandable Mother of All Misunderstandings response to Hoff.

I think the mother of all misunderstandings is about to play itself out as “a funny thing happened on the way to the datacenter” scenario. When Caesar crossed the Rubicon he knew his security profile would change, but he still underestimated the Senate. If Citrix doesn’t show leadership (ala VMware and VMsafe, etc.) and instead talks about security as “other people’s problems” its growth in the data center could experience a thousand cuts Caesar style as internal conflicts and strife within customers (between the Hoff’s and Crosby’s) could demonize the incredible and undeniable power of virtualization to enhance data center security.

The virtualization and security vendors can either lead on this issue as an opportunity to enhance security today or merely create awareness around the new risks and dynamics and talk about far-off solutions that may one day work when the market matures. One strategy will lead to the faster deployment of hypervisors in production; the other will fulfill Rothman’s prediction.

Virtualization is a massive opportunity to escape the cycle of attack followed by tactical/regulatory response and establish a new order, with security pros getting powerful, flexible new capabilities to protect systems. That will require leadership and new thinking and a full appreciation by those who don’t want to relive the past. Security may turn out to be strategic to virtualization in ways that it couldn’t be strategic to the network. The hypervisor layer is perhaps the most substantial strategic security opportunity in many years. Let’s hope we leverage it to its fullest.

Novell And Red Hat Upgrade Linux Enterprise Distros, Improve Virtualization Support

by Leave a Comment

Novell and Red Hat announced upgrades of their Linux-based enterprise distros, featuring improved virtualization and hardware support. In addition, Novell SUSE Linux Enterprise Server (SLES) 10 SP2 adds a new subscription management tool, while Red Hat Enterprise Linux (RHEL) 5.2 adds new security, clustering, desktop, and networking features.

Virtualization is the big story here. Red Hat has upgraded RHEL’s core virtualization hypervisor, Xen, to version 3.1.2, and has improved its support for NUMA (Non-Uniform Memory Access) architectures.

RHEL now supports virtualization of very large systems, says Red Hat, including systems with up to 64 CPUs and 512GB of memory. New CPU frequency scaling support is said to reduce power consumption for virtualized processes. RHEL also gains new clustering capabilities, including improved application failover support, which when combined with the virtualization enhancements, should lead to greater server farm stability.

Virtualization also seems to lead the way with Novell SLES 10 Service Pack 2 enhancements, which support Xen 3.2 (compared to RHEL 5.2’s Xen 3.1.2 support). Novell claims that with Xen 3.2, the new SLES is “the only Xen-based virtualization solution with full support from Microsoft for Windows Server 2008 and Windows Server 2003 guests, and live migration of those guests across physical machines.” Novell and Microsoft went in on an interoperability lab last fall.

Meanwhile, the company has been dropping hints about SLES 11, which is due in the first half of 2009. Novell hopes to make SLES 11 available as an appliance that will be supported by a new toolset designed to quickly build specialized images. Novell is planning versions optimized for specific ISV stacks, as well as a new embedded version to allow independent hardware vendors to embed virtualization and operating systems directly into the hardware. Other touted SLES 11 enhancements relate to “mission-critical data center technologies, Unix migration, virtualization, interoperability, green computing, and desktop Linux,” says Novell.

Both distros are available from today, according to both companies.

[Source: Linux Watch]