I am out in the San Francisco area for a number of virtualization security-related events this week. I’ve been frequently blogging on this topic since my first post.
Today, VMware formally launches vSphere 4. The launch is being simulcast here. Hopefully, VMware will provide specific details on three areas of interest that I have. First, I have talked about the importance of our IT platforms being able to defend themselves, including firewalling capabilities. VMware has already publicly talked about vShield and I blogged about it here, but what isn’t clear is which versions of vSphere will include the vShield technology and at what cost? Second, I hope to see that support for hardware-based root of trust measurements of the vSphere platform made it into the shipping release. Third, VMsafe is cool, but what can be used for good can also be used for bad. I want to see tight mandatory access controls on the applications and APIs that enable VMsafe. I’ll let you know my impressions from the vSphere launch in tomorrow’s post.
Also starting today, the RSA conference kicks off. There are at least four sessions on virtualization and security. I’ll share my thoughts about these sessions and the level of interest from the audience as well. When I researched and published my initial recommendations on the security considerations and best practices for securing virtual machines in 2007, there were very few people talking about this issue. It’s great to see virtualization security awareness becoming mainstream – so much that it risks becoming overhyped (nearing the “peak of inflated expectations’” on the Gartner Hype Cycle).
Stay tuned. I’ll share my thoughts and observations each day.