Thursday, January 28, 2010

Virtualized Data Center - but, where is Security?

Cisco, NetApp & VMWare made a announcement on Virtual Data Center.  The paper gives a very high level view of how a virtual data center would look like.  One could possibly replace these company names with something like: Virtual Networking Components, Storage, and Hypervisor.  The only concern I have with this paper is it does not talk about security.  It does make a mention of "Secure multi-tenancy" without explaining what secure really means.  In the world we live in today with most information in electronic format, customers must reject marketing collateral if it does not explicitly address security.  With the advertised provisioning time of 1 minute, imagine the amount of damage that can be done by provisioning this and not realizing the effect of security for 30 minutes.

January 29 - Update
Here is the blueprint architecture guide to Designing Secure Multi-Tenancy into Virtualized Data Centers
While they talk about secure separation, it is illustrated via use of operational methods (use of different types of administrators, etc) and logically using vSwitches.  While these are MUST HAVE s, they are not sufficient.  One would also need a Virtual Firewall (Key Pair Technologies) for enforcing ACLs and for Identity based access, you will also need a wire-speed access control device - Access Control Appliance (Key Pair Technologies)

No comments:

Post a Comment