I am pleased to be kicking off this Ask the Data Center Security Expert series at Cisco. This series is aimed at security professionals, partners, data center teams, and IT business decision makers and will address key security issues around virtualization, cloud and anticipated issues associated with trends such as the Software Defined Data Center. The series will take the form of blogs, videos, NetSec chats, and webinar panels. I have an array of expertise lined up ranging from key reseller and technology ecosystem partners, industry leaders and luminaries and internal Cisco experts. Stay tuned for the first in this series coming to you next week out of Singapore.

To get started, a little about me -- I was very excited to commence a data center and security solutions marketing role at Cisco 3 weeks ago.  I have over 12 years experience developing holistic security solutions and have been focused on data center and cloud for the last 3 years.  I currently chair the Cloud Security Alliance Cloud Controls (CCM), an industry effort dedicated to harmonizing regulatory controls for decreased compliance complexity and also have been bridging efforts with other industry associations such as the Open Data Center Alliance. Read More »

Tags: data center, data centes, hypervisor, private cloud, Public Cloud, security, virtualizarion, virtualization

The science behind Virtual Machine Monitors, or VMM, aka Hypervisors, was demystified almost half a century ago, in a famous ACM publication, “Formal Requirements for Virtualizable Third Generation Architectures”.

In my life, I had the honor of working on some of the most bleeding edge virtualization technologies of their day.  My first was IBM’s VM, VSAM and a host of other v-words.  My last was at XenSource (now Citrix) and Cisco, on what I still think is the most complete hypervisor of our age, true to its theoretical foundation in the Math paper I just mentioned.

Though Xen is arguably the most widely used hypervisor in the Cloud or sum of all servers in the world today, I actually think its most interesting accomplishment lies in what its founders just announced this week.  Therefore, I want to extend my congratulations to my good friends Simon Crosby and Ian Pratt for the admirable work at Bromium with vSentry.

I think it is remarkable for two reasons.  It addresses the missing part of what hypervisors are useful, which is security; for those of you that actually read Popek & Goldberg’s paper, you would note that VMM’s are very good at intercepting not just privileged but also sensitive instructions, and very few people out there, until now have focused on the latter, the security piece.  But there is one more reason, in fact the key point of this paper, the necessary and sufficient conditions for a system to be able to have a VMM or hypervisor, and I am hoping the Xen guys who have done so well articulating that for real (not fictional or hyped) hypervisors, can also help sort our the hype from fiction in what is ambiguously called nowadays a “network hypervisor”.

Could this approach be what is actually missing, to sort out truth from hype in what we call SDN today?  Is this the new age of hypervisors?  Or is this just another useful application of an un-hyped hypervisor?

Tags: Cisco, hypervisor, network, network hypervisor, open source, SDN, security, virtualization, vmm, Xen

I have had many customers and partners ask me about Cisco Cloudverse in the past 2 weeks.  One of the top questions I get asked is whether we support other hypervisors besides VMware.  Lew Tucker in his interview in Information week covered it well:  http://www.informationweek.com/news/cloud-computing/infrastructure/232300123 .  Cisco Intelligent Automation for Cloud works well with many hypervisors and we have seen many successful clouds built on vCenter, HyperV, and Linux KVM.  We find many customers look at multiple hypervisors to prevent vendor lock-in and all the issues associated with that.  The world of many clouds is indeed a complex place as organizations building a private cloud have to decide on:

• Hypervisor(s)
• Server Vendor(s)
• Network Vendor(s)
• Storage Vendor(s)
• Whether to use a converged infrastructure model or not
• Cloud Automation software, (will the virtualization vendor’s software be enough for a pragmatic cloud?)
• IaaS, PaaS or SaaS, or all of these models
• Integrations into pre-existing IT operations management tools
• What to expose in the Front Office (Service Catalog and Self Service Portal)
• Details of the Back office (automation workflows, policies, models)
• Whether to have any hybrid cloud models deployed.

I have seen Cisco Partners play a strategic role in helping their customers make sense of this complex playing field.  They key item is to first understand what type of cloud an organization wants to deploy and what the Front Office should look like.  Oftentimes I find organizations have a lot of opinions and pre-existing work on the technical provisioning, but have not thought much about what to present to end users / consumers of the cloud.  Focusing on what the Cloud Portal would present to the ultimate consumers is really where the transformation to cloud needs to start.  We tend to get wrapped around the axle with all the details of the infrastructure provisioning and leave little time to the end user experience.  That is a really a career limiting move when it comes to your organization adopting cloud.

Our Cisco Intelligent Automation for Cloud solution, a key element of Cisco Unified Management, is a new paradigm for Cloud Automation and Management, derived from the leverage of newScale, Tidal, and Linesider acquisitions.  It is both a policy and orchestration centric solution than can solve pragmatic cloud deployment needs, versus simply adopting one model (such as vCloud Director).   The following figure details the considerations of policy and console based solutions versus catalog and orchestration centric solutions:

Virtually all of the customer conversations I have highlight the fact that customers want both Physical and Virtual provisioning and cloud automation.  This is where Cisco Unified Management  which includes the Cisco UCS Manager for Physical Server “virtualization” and Cisco Network Services Management for Physical and Virtual Network Services “virtualization”.  These two technologies, alongside the Cisco Cloud Portal and the Cisco Process Orchestrator are key for creating both a physical and virtual cloud.  This is what the most pragmatic of customers are looking for when transform to cloud.  It is indeed a universe of clouds and Cisco can help.

Tags: Cisco CloudVerse, Cisco Intelligent Automation for Cloud, Cisco Network Services Manager, Cisco UCSM, hypervisor, orchestration, private cloud, Public Cloud, VMware