VMware's Dave Wright presents a session Wednesday afternoon at WebhostingDay 2010.
The WHIR is reporting live from Germany at WebhostingDay 2010. Stay tuned to our news, features, blogs and WHIR tv for more updates from the event.
(WEB HOST INDUSTRY REVIEW) — VMware’s Dave Wright began his presentation with a sort of historical overview of server technology, starting with the mainframe environment, describing some of the shifts along the way in the nature of the way people accessed data and, then, with particular emphasis on the security of the solutions.
His history came to rest on the “cloud,” as a present day technology, and a bulleted list that emphasized ease of use, simplified management, scale on demand, flexibility, security and high efficiency.
He quotes VMware’s CEO Paul Maritz as saying that cloud is not a destination, but a way of doing computing. And goes on to illustrate VMware’s view of the cloud by highlighting a lot of key points, including efficiency through utilization and automation, agility with control and freedom of choice (the last of with referred specifically to open and interoperable technologies and the ability to leverage existing technologies).
As an IT concept, says Wright, the cloud is somewhat unique in that it benefits both the IT operator, and the user. Users, for instance, benefit from the simplicity, pay-for-use nature, agility and feelings of user-centric control associated with cloud systems. The IT side benefits from the efficiency, elasticity, responsiveness (and visibility into and control over costs) and control of the cloud.
He describes the “private cloud” and “public cloud” concepts, in terms of the differences between an enterprise’s internal cloud deployments the sorts of cloud services a company might acquire from a service provider. And he illustrates VMware’s interesting focus on the “hybrid cloud,” an element of the company’s technology, and its focus on bridging the two, that enables a cloud environment built from pieces of internal cloud deployments and outsourced cloud services to work together.
While private clouds tend to be built on VMware technology, the public cloud computing solutions out there (he uses Amazon as the example) tend to be built on proprietary technology. The incidental product of that for service providers, though not something he addresses directly at the time, is that providing a VMware-built public cloud provides an opportunity to deliver hosted solutions to customers that want to keep working with internally-deployed cloud systems built on VMware.
But Wright goes on up the VMware stack to discuss its Redwood common service model for infrastructure clouds, and the SpringSource cloud programming model – describing VMware’s role in each of the “as a service” level of hosting – and finally the company’s SaaS solutions, including the somewhat recently acquired Zimbra email solution.
The general overview of the cloud computing environment and VMware’s role, however, served to introduce the main issue, which is the challenge of delivering security in the cloud.
Wright says the key point is that security is not a “feature” (a sentiment meant to illustrate that security is not an optional function of a cloud computing environment). VMware’s VCloud technology is engineered for security with threat model analysis. It is validated by external review against a variety of threat models.
Security also requires a fundamental understanding of how the virtual network works. With the help of a graphic I’m going to unfortunately going to be able to describe fully, Wright says VMware’s security layer sits on the bare metal layer, between the machine and the virtual data center (which includes the virtual machines, for various purposes), and can insert the edge and other zones as most appropriate in within the network. He says the VMsafe security API enable the creation of a zone of security requirements around a virtual machine, or set of virtual machines, that makes it impossible to move those virtual machines into an environment that doesn’t meet their security requirements. This enables compliance within the cloud-based network, he says.
In the area of user security within a multi-tenant environment, VMware has created a pretty elaborate system of organizational access rules and user access rights that led to a list of built-in permissions for cloud computing environments.
I’m not going to lie to you. I had some trouble keeping up with the specifics of what VMware has had to change about its own systems in the move from designing for internal virtualization and the public cloud. And there were a few changes (relating specifically to network security and the database) that didn’t make it into this article. You could probably find out more from VMware’s website, if you were so inclined.
Wright says the overall outcome of the changes at VMware are a “pragmatic path to cloud computing,” – it’s one designed with service providers in mind, and one you could conceivably follow.
