Posted by: Greg Ness | June 23, 2008

PING REPORT: Virtualization Security

A blog, article and conversation about virtualization and security over the last few days helped me to get my head out of the clouds for at least a few moments.  Here is a brief recap of virtsec news and commentary from the last three days:


Chris Hoff talks about virtualization visualization and how a host of new virtsec solutions will help virtualization pros learn rudimentary security.  Hoff is a Chief Security Architect at Unisys, and he can be incredibly precise and insightful.  I’ll summarize his post by saying that ultimately tools shape perceptions, and new virtsec tools will help virtualization teams learn new things about virtsec.  I’ll take it a step farther and predict the emergence of virtsec managers and directors.


That leads me to Denise Dubie’s recent Network World piece on the importance of proper planning to successful virtualization.  She talks about an HP Universe session with Cameron Haight, a Gartner research VP, who talks about enterprises virtualizing without appropriate plans or procedures in place, and the implications:


“Every time I see a benefit created by virtualization, it also introduced a challenge,” Haight said. “Taking the same approach to managing virtual as we do physical … in the long run is a dangerous proposition.”

– Network World, June 23, 2008

Cameron’s warnings could certainly be applied today to the emergence of virtualization-lite, which I would label as the emergence of hypervisor VLANs in the enterprise data centers, despite the risks and watered down virtualization benefits.  The security teams like virtualization-lite because it works within the confines of their existing security infrastructure and the ops teams like it because they don’t have to become fluent with virtsec issues.  Did I mention that the VMsafe members who are not ready to deliver hypervisor layer visibility and enforcement must also love virtualization-lite?



Last night I spoke with Toon Vanagt, Founder and Publisher of  He was in town for a conference, so we had a few minutes to talk about virtualization, security and cloud computing.  You’ll be able to catch the interview on Archimedius in a few weeks.  I spoke to’s Tarry Singh on camera at VMworld in Cannes a few months ago.


Toon was once an IT consultant in one of the world’s top consulting firms.  He established a few years ago, after pitching VCs on a container-based virtualization platform and being told that no one would buy it.  So he secured the domain and created a fast-growing media site.


We both lamented how early virtualization projects weren’t strategic but rather tactical first steps that weren’t living up to the technology’s full promise.  If virtualization stays on its current enterprise course, I think it will simply accelerate service-oriented architectures, cloud computing and the minimization of classic enterprise IT.  The IT strategists will go to the service providers, where the true innovation will occur while layers of enterprise committees focus on status quo preservation.


Looks like I’m starting the week off where I left last week: contemplating the clouds, the players and the consequences.  In the meantime if I see anything interesting I’ll blog about it.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: