I am out in the San Francisco area for a number of virtualization security-related events this week. I’ve been frequently blogging on this topic since my first post.
Today, VMware formally launches vSphere 4. The launch is being simulcast here. Hopefully, VMware will provide specific details on three areas of interest that I have. First, I have talked about the importance of our IT platforms being able to defend themselves, including firewalling capabilities. VMware has already publicly talked about vShield and I blogged about it here, but what isn’t clear is which versions of vSphere will include the vShield technology and at what cost? Second, I hope to see that support for hardware-based root of trust measurements of the vSphere platform made it into the shipping release. Third, VMsafe is cool, but what can be used for good can also be used for bad. I want to see tight mandatory access controls on the applications and APIs that enable VMsafe. I’ll let you know my impressions from the vSphere launch in tomorrow’s post.
Also starting today, the RSA conference kicks off. There are at least four sessions on virtualization and security. I’ll share my thoughts about these sessions and the level of interest from the audience as well. When I researched and published my initial recommendations on the security considerations and best practices for securing virtual machines in 2007, there were very few people talking about this issue. It’s great to see virtualization security awareness becoming mainstream – so much that it risks becoming overhyped (nearing the “peak of inflated expectations’” on the Gartner Hype Cycle).
Stay tuned. I’ll share my thoughts and observations each day.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.