Virtualization

Overheard - Cloud cartography

Cloud computing is about the commoditization of virtualization. That’s a mouthful, but that’s essentially what cloud computing is. George Reese, as quoted in Learning to let go: A cloud security primer with George Reese

Today’s WhatIs.com Word of the Day is cloud cartography.

Overheard - IT chargeback

“Provisioning a virtual machine (VM) takes considerably less time than provisioning a physical server, for instance, but it can also throw a monkey wrench into how companies are used to charging business departments for services rendered.” Christina Torode, Virtual server management vs. physical servers: What’s the difference?

Today’s WhatIs.com Word of the Day is IT chargeback.

Overheard - virtual switch

“If vMotion moves a workload from one machine to another to balance out load or to recover from failure, that’s great.  But if you have to manually go back and reconfigure the switches, that’s not so good.” Joe Skorupa, as quoted in Virtual network switches add scalability to server virtualization

Today’s WhatIs.com Word of the Day is virtual switch.

Overheard - JeOS and VM sprawl

“If you are feeling the pangs associated with VM sprawl, I strongly suggest a healthy slug of JeOS each morning and once again in the afternoon to clear your system of the painful bloating that is brought on by virtualizing the general purpose OS.” Billy Marshall Is JeOS a Tonic for VM Sprawl?

JeOS is an acronym for “just enough operating system.”  It’s pretty much what it sounds like and it’s handy for building virtual appliances.  You include just the parts of the operating system that are required to support a particular application. The idea is to make the appliance smaller and more stable than it would be if it was running under a full-sized general purpose operating system.  It’s pronounced “juice.”

Overheard - VMware vs. Microsoft

“The video has ignited a longstanding debate within the partner communities of Microsoft and VMware over which company has the better approach to virtualization. In Microsoft’s view, virtualization is a feature of the operating system, while VMware represents an unnecessary — and expensive — extra layer. VMWare counters that Microsoft’s virtualization isn’t sophisticated enough for the needs of enterprises.” Kevin McLaughlin, VMware Apologizes To Microsoft For Hyper-V Bashing

Scott Drummonds, a technical marketing manager at VMware, admitted that he exercised bad judgment in posting the video and said he has removed it from Youtube. “Unfortunately, my intention to stir the pot with eye-poking banter has put my credibility and by association VMware’s credibility in question among some of you. For this I apologize,”

Overheard - server virtualization

In the absence of standards, users and administrators configure virtual machines on spec, often overallocating resources to VMs, which creates waste and inefficiency. This problem is exacerbated in a virtual desktop infrastructure (VDI), in which large volumes of VMs are often created over a short period of time. Jeff Byrne, Curbing virtual server sprawl in growing virtualized environments

Skunkworks - Make it so

“Security consultants believe that the ongoing economic malaise is prompting many businesses to rush skunkworks server virtualization projects into production without thoroughly considering how these deployments might affect their overall security posture.” Heather Clancy, Tech Watch: Security pros want strong policy for virtualization

Today’s WhatIs.com Word of the Day is skunkworks.  A skunkworks is a small team that’s given magical powers (think “all the stuff they need”) to get a task done.   The good thing about a skunkworks is that nobody tells them “you can’t do that” or “we’ve never done it like that before.”  The bad thing about a skunkworks is that because they operate out there on their own, they may accidently break something that’s associated peripherally.

The term got its start at Lockheed.

Cloud economics - budgeting for the cloud

There are two key areas in which companies should consider the economics of cloud computing: (1) how much an organization can save if it consumes cloud computing as an outsourced utility computing service and (2) how much it might save if cloud computing principles successfully reformulate data center strategies. Tom Nolle, Gaining cost savings from the cloud

Today’s WhatIs.com Word of the Day is cloud computing.  In a memo  released last week, the Feds propose cloud computing and  telecommuting as ways to make the federal government leaner.

Cloud-computing and “work-at-a-distance” represent major new Government-wide initiatives, supported by the CIO Council under the auspices of the Federal CIO (OMB’s E-Government Administrator), and funded through the General Services Administration (GSA) as the service-provider.

It’s in this section called “IMPROVING INNOVATION, EFFICIENCy AND EFFECTIVENESS IN FEDERAL IT.”

Terabyte - two terabytes in the news

The National Archives lost a terabyte disk drive filled with sensitive data from the Clinton administration, including Social Security numbers and Secret Service procedures.  Had this data been on a self-encrypting drive, we would not have heard of its loss. Pete Steege, The National Archives lose a terabyte drive filled with sensitive data

Today’s WhatIs.com Word of the Day is terabyte. A terabyte (one trillion bytes) is in the news today for two reasons — a terabyte of data of data from the Clinton administration is missing from the National Archives and Amazon has announced a new cloud service called Import/Export for moving terabytes of data to the cloud.

The interesting thing about missing data from the Clinton administration is that it was on a 2-terabyte hard drive that was left sitting on a shelf for a couple of months. And guess what? The data on it was not encrypted. What the heck???

The Amazon announcement is another WTH.  The Import/Export service is being promoted as a way to move large datasets to and from the cloud (meaning Amazon Simple Storage Service (Amazon S3).)

A terabyte is a lot of data and trying to push it up to Amazon over the Internet takes a lot of bandwidth.  With Amazon Import/Export, you can move the data by off-loading it to a portable storage device and then shipping the device to Amazon.  Amazon has a handy-dandy calculator for estimating the cost of service.  They will charge you $80 for moving the data from the portable device to the storage you’ve purchased at Amazon (along with a $2.49 per data-loading-hour surcharge) and then they’ll ship the device back to you.  It might sound pricey until you consider that uploading a terabyte of data over the Internet with your T1 line is likely to take 82 days.

And oh yeah,  you may want to take a lesson from the National Archives and encrypt that data before you ship it out.

VM escape - using the hypervisor as an attack vector

Granted, no virtual machine escape hacks exist today, but if the IT security experts are right and this type of attack is eventually developed, then virtualized servers in the DMZ are basically sitting ducks. Brien M. Posey, Virtual servers no escape from IT security management concerns

Today’s WhatIs.com Word of the Day is virtual machine escape.  In theory, an attacker could get access to the hypervisor (if it was mis-configured or had some other vulnerability) and use it to control all the other virtual machines on the host.

Bob Plankers explains more in What is VM Escape?:

Since the hypervisor controls the execution of all of the virtual machines, an attacker that can gain access to the hypervisor can then gain control over every other virtual machine running on the host. Because the hypervisor is between the physical hardware and the guest operating system, an attacker will then be able to circumvent security controls in place on the virtual machine.

Can you image the power of a zombie army that included an almost infinite number of virtual machines?  An army that once established, had the power to create new soldiers (VMs) which one click?  Holy moly.  Big money there.