Server Virtualization
Few years back in mid 2005, i came across VMWare's server virtualization.
Most prevalent product i use everyday was VMWare player, to run my test operating system for devtest purposes.
Then i witness my IT department buying the ESXi servers from VMWare to run internal virtual servers. The software's i used were the vCenter Server , and mostly vSphere Client.
Recently , in 2012 i use much of VMWare Workstation ( replacement product for VMWare Player).
I also see more Operating Systems running in virtual environments like VirtualBox from Oracle.
And more server virtualization from MS-Hyper-V, Cirtix-Xen so on...
Network Virtualization
As i had mentioned earlier about my work on controlling VMWare Distributed Switch using SDK and wrapper SDK using vijava(http://vijava.sourceforge.net/).
My CCNA and CCNP learning day's were all the catalyst 5000 and catalyst 3850 switches, i had to carry to my lab to wire and share with my classmate for lab excercise.
The very same from CISCO in their own style of iOS now Nexus-Operating System. The nexus new software managed cisco switches can run on VMWare vCenter Infrastructure.
Nexus 7000 the largest in the planet, then the 5000, then the 1000v the mini switch which is virtual.
Interesting detail to the nexus is there is a emulator for cisco nexus switch called Titanium,
http://tejasjain1991.blogspot.com/2013/06/cisco-nexus-titanium.html
https://docs.google.com/file/d/0B8hUGU8trXU6S2o2dU9CWDRiQTA/edit?usp=sharing
My experiment on this to work on NX-OS was to download the VMDK (the VMWare VM Instance of nexus image) and run off my VMWare Player on Windows 7 32 bit OS.
Cool and it works, no strain.
Will keep posted how things go as i use.
SAN Virtualization
Check out Nutaunix , i see this guys are pretty smart and working on SAN virtualization, hoping this is a virtual equivalent of storage area network arrays like brocade.
I come across more and more of virtualization SDNs these days
Nicira : Network virtualization based on standford university research projects, aquired by VMWare for huge sum of cash.
PlumGRID a complete software solution to control multi-vendor equipment data center.
inseieme a cisco nexus extension to super network virtualization
I am working more on open source projects opendaylight.org is good source to get a gist of current SDN politics :)
Security Virtualization
Wow this is getting niche, security space in virtualization
Courtesy
- Cisco’s Virtual Security Gateway and ASA 1000V
Cisco’s virtual security architecture is comprised of the Virtual Security Gateway and the ASA
(Adaptive Security Appliance) 1000V Cloud Firewall. Both products integrate with the
Cisco
Nexus 1000v distributed virtual switch and can run as virtual appliances on an ESX or on the
Cisco Nexus 1010 Virtual Services Appliance, making Cisco’s product an option only for Cisco shops.
However, the Nexus 1000V supports multiple hypervisors (VMware and soon Microsoft Hyper-V), a
benefit for those IT organizations that are running a multi-hypervisor data center.
The Virtual Security Gateway (VSG) is a zone-based firewall designed to protect inter-VM
communications within a particular tenant. It provides access control between VMs. VSG integrates
with ASA 1000V, which is Cisco’s cloud version of its physical security infrastructure firewall,
the
Cisco
Adaptive Security Appliance (ASA). The Cisco ASA 1000V Cloud Firewall secures the tenant edge.
- HP TippingPoint Secure Virtualization Framework
HP addresses virtual network security with its
Secure
Virtualization Framework, which consists of the HP Virtual Controller (vController), Virtual
Firewall (VFW), Virtual Management Center (VMC) and the HP TippingPoint N Series IPS. The Virtual
Firewall creates trust zones and performs segmentation across VMs, clusters and application groups.
The vController and VFW sit within each hypervisor and apply security policies to traffic going
between VMs. Together they dictate which VMs can speak to each other. The vController also sends
traffic to the intrusion prevention system (IPS). The TippingPoint N Series IPS inspects traffic
and either sends it back to the virtual cluster or drops it, based on policies set within the
VMC.
Juniper Networks’ vGW is a firewall that sits within the hypervisor and performs security
processing within the kernel. It is compatible only with VMware. It is integrated with VMware’s
vCenter and managed through a management console, Security Design for vGW. In addition to stateful
firewall functionality, vGW includes compliance, antivirus and monitoring and reporting
functionalities.. It is based on technology from Altor Networks, a
virtual
network security specialist that Juniper acquired in late 2010.
The VMware vShield product line includes vShield App, vShield Edge and vShield Endpoint. VShield
Edge is a network and security gateway that protects the virtual data center perimeter. VShield App
provides segmentation of inter-VM communications. It is designed to lock down applications to only
those ports and services required to make them work. VShield Endpoint offloads antivirus
functionality to a dedicated virtual appliance, thereby removing the antivirus agent footprint in
VMs. The three software products can be deployed independently or together in a VMware
infrastructure.
Vyatta Network OS, the company’s virtual router software, includes traditional network security
functionality -- such as stateful firewall, IPsec and SSL-based VPNs, network intrusion prevention,
Web filtering and dynamic routing -- as pre-packaged virtual machines. The software runs on the
hypervisor and is compatible with VMware, Xen, XenServer and Red Hat KVM. Vyatta Network OS can be
managed via the command line, Vyatta’s Web-based GUI or a third-party management system.
The HyTrust Appliance is a virtual appliance that is deployed within the VMware infrastructure.
The software intercepts administrative requests in the VMware management plane and
permits
or denies the requests based on defined policy. HyTrust authenticates and verifies users’
identities to prevent unauthorized access to the virtual infrastructure. However, HyTrust also
provides network layer protection by helping to enforce network-level policies. For example, if a
network admin attempts to connect a VM to the wrong network segment, the HyTrust Appliance will
prevent that request. HyTrust can be used with VMware vShield.
Catbird vSecurity is comprised of a virtual appliance that is deployed inside each virtual host
and a Catbird Control Center that serves as the management console. There are four elements within
the virtual appliance. VCompliance monitors and enforces compliance. Hypervisor Shield monitors the
server and the network to protect the hypervisor against unauthorized access, incorrect
configurations and bridging with the public network. VMshield protects the VMs themselves. If a
VM’s configurations are not in accordance with policy, then it is quarantined from the rest of the
network until it can be remediated. Finally, TrustZones enforces the security policies for
individual machines, regardless of their location. TrustZones can be used to segment the network.
Catbird vSecurity is available for VMware and XenServer environments.
No comments:
Post a Comment