Eric Siebert

Information security breaches are in the news a lot these days, but for many companies security doesn’t get the attention it deserves, until something bad happens. Let’s face it, implementing better security in a data center is a pain in the ass and inconveniences everyone from administrators to end users. Better security doesn’t make anyone’s job easier and as a result everyone tends to be resistant to it. But the reality is that unless you want to end up in the newspaper headlines you have to do it, and not just make a half-ass effort at it, you need to do it right and you also need to stay vigilant at it. Security isn’t something you do once and you’re done, it’s an ongoing job that requires discipline, time and effort to do.

Implementing virtualization makes security a more difficult job, not only do you have to secure the physical side of your data center but you also have to secure the virtual side. In a traditional non-virtualized environment implementing security was much simpler, adding virtualization to the mix makes it much more difficult and complicated as there are many more attack vectors that you need to protect. You would probably notice someone carrying a physical server out of your data center, but in a virtual environment whole servers can leave your data center in someones pocket, without them even entering your data center.

I did an article a while back for Tech Target, “How To Steal a VM in 3 Easy Steps” that described a simple scenario on how someone could make copy a VM and carry it home with them on a flash drive. From there they could easily power it on in their own environment and access the OS,  applications and data on it. To prevent this you need to start by following security best practices for virtualization and make sure you understand where the weak points are in your virtual environment and secure them properly.

The ESXi hypervisor has good built-in security but it’s easy to change settings to make administration easier that results in weakening it and opening up attack points into your virtual environment. VMware has just updated their Security of the vSphere Hypervisor white paper which provides a good overview of the security things that you need to know in vSphere, definitely give this a read. There are also a number of very good 3rd party virtualization security products from vendors like Catbird and HyTrust that can help provide an additional layer of security and monitoring to improve the security of your virtual environment. Also check out some of the security resources below:

• Security of the VMware vSphere Hypervisor – Good high-level overview of how ESXi security architecture and controls address common concerns in the security community regarding virtualization
• VMware Security Hardening Guides – Step by step guides specific to each vSphere version that provide prescriptive guidance for customers on how to deploy and operate VMware products in a secure manner
• vSphere 5.5 Security – Official documentation from VMware for vSphere 5.5 that covers securing all areas of a vSphere environment
• Security Compliance in a Virtual World – RSA Security Brief with contributing authors from VMware (Stephen Herrod/Charu Chaubal) that covers the challenges of security compliance in virtual environments
• Virtualization Security and Best Practices – PowerPoint presentation from Rob Randall at VMware, it’s a bit old but the concepts still apply today
• PCI DSS Virtualization Guidelines – Provides supplemental security guidance on the use of virtualization technologies in cardholder data environments
• VMware Solution Guide for Payment Card Industry (PCI) – VMware specific security guidelines to address PCI Compliance standards
• Verizon Enterprise 2013 Data Breach Report – Great report that shows where and how most corporate data breaches occur and what types of victims are typically targeted
• Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground – Great book into the mindset and methods of cyber-criminals

I limit the number of sponsors that advertise on vSphere-land and have one advertising slot currently open. Most of my sponsors are long term repeat sponsors so I don’t often have open slots but I currently have one due to one of my long time sponsors ending blog sponsorship’s after they were acquired. Their loss is your gain, I have one slot open if any companies are interested in sponsoring the vSphere-land family of websites. For more information and rates please see this page and contact me at esiebert7625 at yahoo.com.

In case you hadn’t heard, VMware has become the soup nazi at their annual Partner Exchange (PEX) conference telling both Veeam and Nutanix and probably more I’m sure, thanks but no thanks, we don’t want you at our partner conference. While it’s understandable that VMware would not want vendor’s like Microsoft, Oracle & Citrix at their conference, they’ve started excluding more vendors that have any type of conflict of interest with VMware products.

VMware walks a fine line these days as they compete with just about any vendor that makes software products for the data center and they also compete with most hardware vendors as well. When it comes to hardware VMware prefers you to buy dumb hardware and let their software layer handle the intelligence of the hardware. The reality of it is, VMware really competes with almost every hardware and software and even cloud vendor out there, some more so than others but the way it is, it’s VMware versus all comers for world domination in the data center.

This wasn’t always the case, a long time ago in a data center far far away, server virtualization was in its infancy and VMware was a little known company that was selling a disruptive technology that would go against the grain of the traditional data center. Back then VMware sold very few products, basically a hypervisor (ESX) and a server to manage it (VirtualCenter). As server virtualization took off and started to become more popular a huge 3rd party ecosystem grew as vendors sprung up to fulfill the needs caused by this new and unconventional shift in the data center.

There were needs in almost every area including security, backup & recovery, management, automation, monitoring and much more. These 3rd party products complemented VMware’s hypervisor and made it stronger and just like Apple and their dominance with 3rd party apps, was a combination that was hard to beat. Then as virtualization took off VMware started branching out, making acquisitions to expand their line-up to fill in the gaps that 3rd party products used to fulfill for them.

If you look at the sponsor list for PEX this year and take out the big five that VMware can’t afford to exclude, the rest looks almost like a line-up for a minor league baseball team. It’s a shame that VMware would start shutting the door as they have many great loyal partners that have helped carry them over the years. I know PEX is a different type of conference and you have both partners and re-sellers there but if VMware is tightening down on who can be at PEX, are they going to start doing the same thing at VMworld?

It’s a shame that Veeam won’t be at PEX this year, they are one of the companies that rode the coat tails of virtualization and have become a huge success as a result. While it’s VMware’s conference and they have every right to pick and choose who can be there, it’s definitely a sign that VMware has gotten to the point that they really don’t need to rely on their partners as much as they have in the past.

It’s time to do the annual top blog voting, last year we had over 1,300 votes that shaped the top 50 list that is published on my vLaunchPad. Just like last year in addition to the traditional top 50 voting I’m opening it up to allow voting in specific categories as well to help distinguish certain types of blogs. To do this I have created a survey to allow you to nominate your blog or website for one of the categories that I have defined if your blog fits one or more of the categories, if it does not then don’t nominate it as all blogs on the vLaunchpad will automatically be included in the general top blog voting.

This survey is not the general voting poll for the top VMware/virtualization blogs, this survey is only to nominate your blog for certain categories if it fits. Once the nominations are collected I will open the polls for voting for the top blogs where voters will be able to rate their top 10 blogs and also vote in each of the categories.

You should only nominate your own blog/website, these nominations will be used to populate the category choices when voting opens. If your blog doesn’t fit one of these categories then do not nominate it, all blogs on the vLaunchpad will automatically be included in the general top blog voting. If your blog is not currently listed on the vLaunchPad use this form to let me know. The categories that can be voted on are:

• Best Storage Blog (Must have good percentage of posts be Storage related)
• Best Networking Blog (Must have good percentage of  be Networking related)
• Best Cloud Blog (Must have good percentage of  posts be Cloud related)
• Best VDI/End-user Computing Blog (Must have good percentage of  posts be VDI/EUC related)
• Best Scripting Blogger (Must have good percentage of  posts be Scripting related)
• Best News & Information Website (No blogs)
• Best podcast (Audio or video podcasts)
• Best official VMware Blog (Blogs part of VMware’s website)
  
• Best Videos used in a Blog (Must have produced a good percentage of videos)
  
• Best New Blog (Blog started in 2013)
  
• Best Independent Blogger (Can’t work for VMware or a hardware/software vendor)
  

So head on over to the survey and nominate your blog or website, the survey will be open until 2/12. Once it closes I will use the nominations to build the survey for the top blog voting which will begin shortly afterwards.

Before we kick off the next round of top blog voting I thought I’d post a retrospect on how the top blog voting started and also comparing the voting results over the years.

2008 – The beginning

Many years ago I used to do a lot of top 10 lists on specific topics such as “The Top 10 things you must read about Storage for vSphere” that would list the best documents and blog posts to read on the internet that are related to that topic. One day I decided to do one on some of the best VMware related blogs on the internet, back then blogging was nowhere near as popular as it is today and the number of blogs devoted to VMware & virtualization was in the dozens instead of in the hundreds as it is today. I put together my first top 10 list on VMware blogs back in 2008, here’s what the original one looked like on my old vmware-land.com website:

2009 – The first public voting

In 2009 I decided to open it up to have others decide who the top VMware bloggers were by having a public voting form where they could choose their favorite bloggers. Again back then their were nowhere near the blogs that there are today so I only published the top 10 results. We had a total of around 350 people voting for the first year.

2010 – Blogging starts to get popular

In 2010 the voting became a lot bigger as blogging was starting to become more popular. On the ballot that year were 66 blogs so I expanded the top 10 to the top 25 so more blogs could be recognized. The number of people voting for the blogs doubled with over 700 votes cast. Instead of just publishing the results of the voting I put together a presentation to announce the winners.

2011 – The top 25 blogger countdown with Casey Kasem

In 2011 more and more blogs showed up to raise the total on the ballot to 115. This time we had almost 900 votes cast and to do something different and a bit more fun than just posting the results we announced them on a video podcast (vChat episode) with Simon and David and also John Troyer as a special guest. I also wanted to be able to give something back to the blogger community so as an added bonus I was able to get Stephen Herrod to record a special video to recognize the blogger community and their contributions to VMware.

2012 – Putting bloggers into categories

In 2012 the blogs continued to pile up with jumping to 187 and the number of people voting climbed as well with almost 1200 votes. As the top 25 doesn’t change all that much from year to year I wanted to do more to help recognize some of the bloggers that might get lost in the numbers. For the first time I started having specific voting categories for areas like storage bloggers, independent bloggers, podcasts and more. This helped refine the results beyond the simple voting positions to highlight bloggers in different areas. Also due to the sheer number of bloggers I also started publishing the top 50 blogs on the vLaunchpad instead of the top 25. Once again we recorded a vChat episode with John Troyer to announce the results.

2013 – Holy crap there are a lot of blogs

In 2013 the number of blogs increased to 243, that’s an amazing number, where else have you ever seen that amount of blogs dedicated to a specific technology or product. It really validates both the passion for the technology and the community that VMware has built around themselves thanks to people like John Troyer. This year the number of people voting continued to climb to around 1300. Once again I included categories in the voting results and we also announced the results on a vChat episode.

2014 – You’re going to need a bigger boat

For the upcoming voting we once again have a lot more blogs, I added at least 50 new ones recently to the vLaunchpad which should push the number of blogs to vote for close to 300. With the big increase in blogs I may have to increase my top blogger list on the vLaunchpad from the top 50 to the top 100. We’ll be starting up soon in a few weeks so stay tuned.

• 2013 Top Blogger results – 243 blogs, 1300 votes
• 2012 Top Blogger results – 187 blogs, 1200 votes
• 2011 Top Blogger results – 115 blogs, 860 votes
• 2010 Top Blogger results (full results) – 66 blogs, 700 votes
• 2009 Top Blogger results – 350 votes
• 2008 Top 10 Blogs that VMware administrators must read

Another year, another Christmas, another top blog voting coming soon. One of the best Christmas commercials of all time is the Corona Beer commercial, so simplistic but also so effective. Who wouldn’t want to be in that quiet & tranquil scene: on the beach, at night, beer in hand with a palm tree lit up with holiday lights.

I’ve just updated the vLaunchpad with over 50 new blogs and will soon being doing the nomination poll for specific categories in the top blog voting. So stay tuned!