Episode 4

From AstroArch

Virtualization Security Round Table Podcast Episode 4 show notes

  • VMware vShield Zones
  • PCI & HIPAA Compliance

Back to main podcast site

Go to Talkshoe to download or listen to the podcast. Soon to be available also on iTunes.

Our guest panelist was Rob Randell. Thank you for joining us Rob.

This podcast occurred during VMworld Europe 2009 and our guest was Rob Randell so we asked him about the VMware announcement of VMware vShield Zones. So here are some details.

  • It is a version of Bluelane vShield
  • It does not have Virtual Patching or IPS functionality as VMware does not want to be a content provider.
  • It does have the firewall functionality and aids in the visibility of data flow on the vSwitch.
  • First iteration is NOT VMsafe enabled
  • Not officially supported on ESX(i) v3.5 and earlier but should run as it is not VMsafe aware.
  • This is really network firewall from VMware

There were questions on where this was headed, and eventually it will be VMsafe aware. Could this replace other virtual firewalls? Perhaps? But that is not the intent.

We then asked how this helps with Compliance, and the answer was that it will help with visibility of flow and isolation of VMs within the virtual switch. Then we launched into a discussion of PCI Compliance...

PCI Compliance within Virtualization boils down to one aspect... 1 Application per Server... If taken to the extreme forbids virtualization however there is no real definition of the term Server so the definition depends upon the auditor and each auditor could have a separate definition.

Being Compliant also does not mean you are Secure and being Secure does not mean you are Compliant. Compliance deals mainly with some basics of server security but mostly with your defined Roles and Procedures within your organization and how well they are defined, monitored, and enforced. Virtualization security does not change this much.

We then moved onto HIPAA compliance and privacy laws for various countries. The discussion on HIPAA ranged from Data at Rest to Data in Motion issues, which we discussed in Episode 3. We also stated that privacy laws for a company pertain to the laws of the town, county, state/providence, country, and finally international laws. Thank-fully only the attorneys need deal with this on a regular basis.

We did touch briefly on the impact of VMware View on Compliance, but nothing was really decided. These questions depend on where the data is stored, how the data moves, and the final place it is viewed. An example, was a VDI implementation proposal where the data would be stored in China, viewed in Indian and contain patient data from the United States. This was thankfully rejected.

Panelist BIOs

  • Rob Randell is a Senior Security and Compliance Specialist at VMware with over 14 years experience in IT and over 10 years in Security. Rob's current role is to advise VMware customers on security related aspects of virtualization as well as speak at different security and virtualization events around the country and on the web. Rob came to VMware as part of the Determina acquisition where Rob was a Senior Systems Engineer where he was responsible for working with customers on the technical aspects of Determina's next generation memory protection technology. Prior to Determina, Rob was a Senior SE at Webroot and prior to that Vericept which was the original player in the DLP space.
  • Michael Berman is the CTO of Catbird, with over 20 years experience in system engineering, architecture, design and implementation of secure computing. Michael's experience includes implementation of C2 UNIX; Fortune 100 enterprise security; and expert support in the prosecution of computer crimes. He is a member of the Electronic Crimes Task Force and High-Tech Crime Investigation Association and a Certified Information Security Systems Professional (CISSP). Michael is a frequent speaker on the topic of virtualization and security.
  • Chris Hoff is Unisys Corporation’s Systems & Technology division chief security architect. Hoff has over 15 years of experience in high-profile global roles in network and information security architecture, engineering, operations and management. Prior to Unisys, he served as Crossbeam Systems' chief security strategist, was the CISO for a $25 billion financial services company and was founder/CTO of a national security consultancy and led the security engineering team of one of the first global managed network security service providers. Hoff is a prolific blogger and sought after speaker at leading security conferences.
  • Iben Rodriguez is an Infrastructure Consulting Professional with over 20 years experience working in complex IT environments. Iben has an extensive knowledge of VMware-specific environments having spent 2 years working for VMware in various roles. Iben has led and delivered very complex projects for Fortune 500 companies, including Switzerland based pharmaceutical companies, one of the world's largest online auction companies and a large city government in southern California. Iben is considered one of the foremost industry experts in VMware-based security and infrastructure design.
  • Edward L. Haletky is the author of VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers. Haletky owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development. Haletky is also a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions, prolific blogger, and is working on new books on Virtualization.

Back to main podcast site

Podcast audio improvements by Tim Pierson of DataSentry, Inc.

Retrieved from "http://www.astroarch.com/wiki/index.php/Episode_4"