VMware vShield is a product developed through the Blue Lane acquisition last year by VMware. This security product sits between the hypervisor and the guest VM and is installed as a virtual appliance which integrates with vCenter. To install vShield with in the virtual environment a user will need to upgrade the virtual environment to vSphere to support the implementation.
Configure vShield zones to protect and monitor your virtual environment in a multitude of ways.
Depending on your view in vCenter will determine how you secure your environment:
Server View: Allows you to set a security zone at the Data Centre, cluster, resource pool, etc
Network and Flow: Allows for securing at the vSwitch, VLAN or protocol level TCP, UDP, port number, etc
In addition vShield also gives you stateful packet protection across vMotion VM’s.
VMware vSphere is the latest release of its popular virtualisation software.
vSphere will only be able to run on 64bit hardware and some of its additional enhancements will only work with a small number of processors like the Nahalem 5500 series. With these considerations in mind upgrading from your existing virtual infrastructure will require some detailed planning to ensure a successful migration to vSphere.
Some of the enhancements that come with the latest version are:
Host Scalability:
64-bit VMkernel
512GB
64 logical CPUs
256 virtual machines per host
Virtual Machine Scalability:
8-way Virtual SMP
256GB RAM
Hardware Version 7
• New virtual devices
• VMDirectPath I/O
• Hot plug support
In addition to the above vSphere will also include:
• SCSI-3 compliant meaning you can install Windows Server 2008 MSCS
• IPv6 is supported
• vNetwork Distributed Switches
————————————————————————-
VMware Security Advisory
Advisory ID: VMSA-2009-0004
Synopsis: ESX Service Console updates for openssl, bind, and
vim
Issue date: 2009-03-31
Updated on: 2009-03-31 (initial release of advisory)
CVE numbers: CVE-2008-5077 CVE-2009-0025 CVE-2008-4101
CVE-2008-3432 CVE-2008-2712 CVE-2007-2953
————————————————————————-
1. Summary
ESX patches for OpenSSL, vim and bind resolve several security
issues.
2. Relevant releases
VMware ESX 3.0.3 without patches ESX303-200903406-SG,
ESX303-200903405-SG,
ESX303-200903403-SG
VMware ESX 3.0.2 without patches ESX-1008409, ESX-1008408,
ESX-1008406
Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08.
Users should plan to upgrade to ESX 3.0.3 and preferably to
the newest release available.
See VMware Security Center for more info http://www.vmware.com/security
Update for VirtualCenter updates the Tomcat package to version 5.5.27 which addresses multiple security issues that existed in the previous
version of Apache Tomcat.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-1232, CVE-2008-1947 and CVE-2008-2370 to these issues.
For more information see this link…
For those of you who haven’t heard of Virtual Computer they are a relatively new startup based on the East Coast in Westford, MA. Their product offering in the form of NxTop claims to simplify your PC lifecycle management.
Wading through the sales and marketing spin reveals that under the hood NxTop is a bare-metal hypervisor built on top of Xendesktop. Which shouldn’t really come as any suprise when you look at their investors, Citrix has invested $15 million dollars in them.
The bare metal hypervisor is depending on your viewpoint a nice feature, gets rid of the bloat that you get with a traditional OS. Then the features and functions that make up NxTop (some of which they claim are unique and in reality are not) give you a solution that uncannily resembles VMware View!
The race is on, it is just a question of who gets there first the tortoise or the hare!
