Need a ‘Cloaked’ Private, Hybrid or Public Cloud?

Where Cloud visibility and control meets security. HyTrust Acquires HighCloud Security!

Last year I had a very nice conversation with Eric Chiu about everything in the datacenter moving into software and the risky things around that move, today HyTrust Inc., the Cloud Security Automation Company,  announced that it has acquired HighCloud Security, a leader in cloud encryption and key management software. By combining HyTrust’s powerful administrative visibility and control with HighCloud’s strengths in encryption and key management, the acquisition offers customers of both companies an unprecedented level of flexibility in addressing security, compliance and data privacy requirements in all cloud environments—private, public and hybrid.

BuckleUpHyTrust.png

The combined offering from HyTrust and HighCloud enables ‘cloaked’ private, hybrid and public clouds and helps address three of the primary security concerns in cloud environments. These are:
• The broad level of access available to privileged users with malicious intent (or those who acquire their credentials)
• Breaches and other data center disasters caused not by criminal intent but through human error or misconfiguration
• Challenges involved in maintaining the security and privacy of the data itself

While these issues don’t always get the attention they deserve, security executives are certainly aware of the concerns that stem from in-house misuse. A recent report1 from Forrester Research notes that insiders rather than extraneous criminal elements were the top source of breaches in the past 12 months, and 36% of them were caused not by malfeasance but by inadvertent misuse of data by employees.

In this environment, HyTrust and HighCloud Security offer unique and complementary strengths to the market.

Eric Chiu, president and founder of HyTrust, said: “HyTrust represents the control point for cloud management, providing automated policy-based security for private cloud environments that can enable both trusted hybrid clouds and ‘cloaked’ public clouds. HighCloud encryption, meanwhile, can be deployed in private, hybrid and public clouds, ensuring data security and privacy as organizations migrate between these environments.”

Cloud computing, and the security concerns that go with it, remain a top priority for most organizations. According to technology analyst firm Gartner Inc., nearly half of large enterprises have deployed a private cloud service and three-fourths expect to have hybrid cloud deployments by 2015.2 A full 80% of organizations intend to use cloud services in some form within the next year, while 60% plan to increase their investment in the next two to five years.3

Chiu continued: “The service also enables a unique level of ‘walk-way’ freedom by making it possible to securely change cloud providers or decommission from the cloud without having to worry about data being left behind. This also makes it easier for corporations to achieve compliance with regulations such as HIPAA and PCI.”

While the technologies can already be used together, the HighCloud solution will in the future be integrated into HyTrust to more tightly bind administrative controls with data security in cloud environments, making encryption and key management invisible to the end user. HighCloud’s engineering team will join HyTrust, continuing to provide support and maintenance to existing customers, and moving forward with the development of HighCloud’s technology roadmap.

“HighCloud and HyTrust have had many ties over the years and solve complementary problems for customers,” said Bill Hackenberger, co-founder, president and CEO of HighCloud Security. “Together, HyTrust and HighCloud give enterprises unprecedented ability to address security, compliance and data privacy requirements for all cloud environments, private, hybrid and public.”

With this move, HyTrust adds HighCloud Security’s strong data encryption and key management to its administrative visibility and control, enabling end-to-end security for cloud environments.
Together, the combined solution will offer significant benefits to enterprises and cloud service providers, including:
• Easier compliance with HIPAA, PCI and other privacy regulations
• Controlling and alerting against actions by rogue administrators, or those who gain their credentials
• Preventing catastrophic datacenter failures caused by administrative error
• Protection against data theft or accidental exposure in the public, private or hybrid cloud
• Enabling secure migration to, from and between different cloud environments

While we all move more and more to the Software Defined Data Center it is good to have controls in place like the two man rule and have software who shields sensitive data in the hybrid or even public cloud. I support the HyTrust vision of enabling automated, policy-based security for the cloud to prevent breaches and data center disasters. Data Centers can now completely be provisioned but also destroyed with the click of a mouse button!!

If you wanna know more about HyTrust and their vision and why they acquired HighCloud Security there is a live webinar on November 20th at 2pm Eastern / 11am Pacific

 

 

 

 

Look at the Horizon! VMware’s Horizon Suite is finally here

vmware_horizon_suite logoFor years VMware has been busy creating a range of Horizon-like products. At VMworld 2009 there was already a preview of what the folks in Palo Alto were working on.
Since then a lot has changed, AppBlast was shown, Octopus came (and went again).

30 minutes ago VMware finally launched their new range of end user computing products called the VMware Horizon Suite.

So, what does Horizon consist of? Well, actually Horizon is the new name for the collection of ALL End User Computing (EUC) products VMware has to offer, some of which you already know and love, like VMware View and ThinApp. But now the new cool products are finally here!

So, what is VMware Horizon Suite? It consists of these products:

Horizon Suite

VMware Horizon View

View box

VMware View is now as part of the new Horizon Suite and it got a new name VMware Horizon View 5.2. It is just a minor .2 release but VMware put a lot of effort in this new View version and added

significant number of features to improve View performance, scalability and user experience.

  • Improved storage efficiency with SEsparse Disks
    Horizon View 5.2 uses a new vSphere capability that implements a new disk format for virtual machines on VMFS that allows for reduction in size and utilization allocated blocks more efficiently by filling it with real data. Unused space is reclaimed and View Composer desktops stay small.
  • Unified Client with View Desktops in Horizon
    When co-installed with Horizon Suite the View Desktop pools are connected into Horizon Suite after they are provisioned. The Horizon Suite provides a single point of access for end users to their desktops, data and applications. Horizon Suite supports SSO brokering user to the available desktops based on entitlement policy.
  • Clientless HTML5 Access to View Desktops & Apps
    Access to View desktops and applications via Horizon is possible from any modern device using a remote protocol delivered through any HTML5 capable web-browser.This is the technology previously code-named AppBlast. It will direct users to existing View desktops leveraging Horizon View Security Server for network routing when available. This is a true install-free access to virtual Desktops.
  • Hardware Accelerated 3D Graphics
    Horizon View 5.2 uses a new vSphere capability that enables shared access to physical GPU hardware for 3D and high performance graphical workloads. Virtual desktops still see abstracted VMware SVGA device for maximum compatibility & portability, but use Accelerated 3D Graphics , enabling truly high performance graphics in a cot effective manner with multiple VMs sharing a single GPU resource. The solution is fully compatible with hosts lacking physical GPUs (for vMotion, DRS, etc).
  • Improved Video Chat with MSFT Lync Support
    Horizon View 5.2 provides Microsoft Lync 2013 client support, including full support for UC VoIP and Video on both RDP and PCoIP. This new feature enable a tighter integration between Microsoft Lync and Office applications with full collaboration capabilities. Some of the features are compresses USB webcam traffic upstream for reduced bandwidth usage,leverages UDP based channel for improved WAN performance, enabling improved performance of USB media devices.
  • Windows 8 Desktop Support
    Horizon View 5.2 now fully supports Windows 8 virtual desktops as guest OS. It also comes aligned with the Windows 8 Client Support.
  • PCoIP New Features
    • Support for MITM (Man-In-The-Middle) network devices
    • PCoIP GPO settings take effect immediately when changed (host side only).
    • Relative Mouse enablement (supported by latest Windows View client)
    • Multi Touch enablement (supported by latest Windows View client)
  •  PCoIP Security Improvements.
    • Port scanners that scan PCoIP Security Gateway now pass successfully.
    • OpenSLL upgraded to a more secure version.
    • Weak SSL ciphers removed.
  •  PCoIP Performance Improvements
    • Image caching supported on Teradici APEX card and Tera2 Zero Clients
    • Improved image cache management and compression
    • Bandwidth reductions in both the LAN and WAN environment
    • Support for vertical offset caching
    • Improved responsiveness and fluidity during scrolling
  • Horizon Based ThinApp Entitlement for View
    Horizon View 5.2 provides a tight linkage of View ThinApp Entitlement to the Horizon Workspace and includes a migration tool to help admins to import the current pool-based entitlements to the Horizon Workspace user/group entitlements. This approach unifies application entitlement across all end user devices & virtual desktops.
  • Large Pools with more than 8 hosts
    The 8 host cluster limit for Linked Clone pools using VMFS has been removed. The new limit is 32 hosts per cluster across the board for all pool types, Linked Clone or not. The added feature may completely change how VMware View deployments are designed and deployed for many customer.
  • Support for 10,000 virtual desktops per vCenter Server
    Horizon View now supports 10,000 virtual desktops per View pod with a single vCenter Server instance. In previous versions VMware had only validated 2,000 virtual desktops per vCenter Server.
  • Multi-VLAN support
    Multiple Network Label Assignment is being introduced with Horizon View 5.2. This is a powerful feature that allow administrators to utilize a single base image and assign it to multiple different VLANS or PortGroups. This first release comes only with PowerShell support; no Admin UI integration.
  • Provisioning, Rebalance, Recompose performance increase
    • More than 2X improvement on end to end provisioning time
    • Significant improvement on pool re-balance time
    • Availability of Rolling Refit Maintain allowing for a configurable minimum number of READY desktops during refit operations that support both automatic and semi-automatic linked clone pools

VMware Horizon Mirage

Mirage is VMware’s way to manage the physical world. These are the features that come with Mirage:

Simplified Desktop Management

Layered PC Image Management

Manage your PC image as a set of logical layers owned by either IT or the end-user. Update IT managed layers while maintaining end-user files and personalization. Then, if a PC is simply malfunctioning, IT can restore the system layers on an end point to fix an issue without overwriting user layers. Or, quickly migrate a user from an old PC to a new PC without losing any of their user data, profile, or user-installed applications during a hardware refresh cycle.

vmw-dgrm-mirage-backup-recovery-lg

Desktop Recovery

Full PC snapshots and synchronizations of any IT or end-user initiated changes to the datacenter ensure quick desktop recovery. Minimize end-user downtime when an end user’s PC has been lost, stolen or damaged and quickly restore the end-user system to a new device.

Application Layering *NEW in 4.0*

Easily deploy applications or VMware ThinApp packages to any collection of end users by leveraging Horizon Mirage’s app layering technology.

Scalability with Low Infrastructure Footprint

Designed to support up to 1,500 end users per Mirage Server and can easily scale up to 20,000 end-users per server cluster.

Branch Office Optimization

Enable any Mirage Client endpoint into a Branch Reflector to optimize branch office management. Mirage Branch Reflector allows you to download any updates once from the Mirage Server and allow peer to peer updates to other Mirage Clients in the branch office. Advanced algorithms ensure that only required data is ever sent between the Mirage Server and Mirage Clients in a remote location or office.

Empowering End User Productivity Across Boundaries

Optimized and Adaptive Experience

The VMware Horizon Mirage client monitors the resources being used on an end user’s PC to make sure that the backup and synchronization processes never interferes with their productivity. Horizon Mirage will automatically throttle CPU, RAM and network usage up and down as needed to guarantee a seamless end user experience.

Personalized Performance

Allow end-users to leverage the local computing resources of their desktops and laptops and maintain offline productivity. VMware Horizon Mirage managed images can install natively onto the Windows PCs, or as virtual desktops on Mac or Linux desktops and laptops with Fusion Pro. Image layering gives end-users the flexibility to personalize and customize their systems.

Self-Service File Access & Recovery

The Mirage File Portal allows end users to access any file on their endpoint from any web browser. An end user can also restore any file or any directory on their own with just a few clicks on their PC.

VMware Horizon Workspace

Horizon Workspace is designed to bring everyone and everything together. It is designed to accomodate people with iPhones, Android phones, Windows laptops, Mac laptops and even Linux users, to sync data, access applications and desktopsand In itself, Workspace consists of three main modules:

  • Data Synchronization (formaly known as Project Octopus)
  • Web applications and Thinapp Packages (formaly known as Project AppBlast)
  • View desktop access from mobile devices

vmw-scrn-horz-ste-dashboard

Combined with a single sign-on engine, Workspace offers a single webbased portal. From here your users can shared files, web based applications like Google Docs, SalesForce or Gmail, access your thinapped programs and connect to their View based desktop. The portal supports users with Windows, IOS, Android, Mac OS X and Linux. The next paragraphs describe the features of Workspace.

Simplified Workspace Management

Combine applications and data into a single aggregated workspace

  • Manage files, devices, applications and data through a single management console
  • Add, update and delete users via active directory. Manage internal and external users
  • Entitle and provision web applications through single sign on (SSO). Entitle and manage ThinApps
  • Quickly deploy new applications with data-as-a-service to stay competitive and build future growth opportunities
  • Offer user self-service application provisioning through an application catalogue

Complete Security and Control

Enterprise-grade security to meet industry compliance and security requirements

  • Fully on-premise solution gives total control to IT (security, SLAs, backups, upgrades, etc.)
  • Individual and group-based management to set policies and govern usage over files and data accessed and shared by and between end users — Prevents a security breach or compliance violation
  • Policies for data quota, allowed file types, max size, domains, expiration, external, version, hierarchical storage management
  • Ensure compliance with privacy regulatory and governmental policies
  • Inspect and audit file access, sharing and all other aspects of the service

Empower Employees with Bring Your Own Device (BYOD)

Seamless access to enterprise applications and data, anywhere, anytime

  • Everywhere data access – in the office, at home or on the road
  • Full collaboration (folder/file sharing with anyone, external user access, versions, comments)
  • Improve end user productivity by providing end users with secure access to applications and files on any device from anywhere: iOS, Windows, Android, Mac, and all major browsers (including high-fidelity preview capability)
  • Reduce end-user downtime and service interruptions
  • Access to files each time users login (stateless desktop)

VMware Horizon – Suite

So, how does this fold into a suite? Take a look at this table:

Horizon Suite Products Overview

Now, there’s a point to pay attention to. VMware Horizon View is still licensed on a concurrend user basis. Mirage, Workspace and the whole suite, however, are per NAMED user.

More info can be found at VMware’s website.

VMware View 5.2 specs courtesy of Andre Leibovici of MyVirtualCloud.net

Oracle acquires Xsigo Systems

After software-defined-computing and software-defined-storage, the next big hit is software-defined-networking to complete the software-defined-datacenter. And the hunt is on!

Last week VMware announced the acquisition of Nicira and yesterday Oracle announced they bought Xsigo, one of the leading providers of network virtualization technology.

Why?
Oracle wants to extend their virtualization capabilities with this software-defined-networking technology for cloud environments. With the addition of Xsigo’s network virtualization technology to the Oracle portfolio, Oracle is hoping to complete their set of virtualization capabilities for cloud environments. Xsigo’s software-defined networking technology should simplify Oracle’s cloud infrastructure and operations by allowing customers to dynamically and flexibly connect any server to any network and storage, resulting in increased asset utilization and application performance while reducing cost.

For people who have visited VMworld, VMUG or any other VMware event in the last 3-4 years, must know Xsigo. The company’s products have been deployed at hundreds of enterprise customers including British Telecom, eBay, Softbank and Verizon.

MigrationWiz: E-mail migration to the cloud

MigrationWizFor a recent customers I have been working on migrating e-mail from several completely separated e- mail infrastructures to one Office 365 environment. To achieve this the customer has chosen to use a product called MigrationWiz.

This product is offered as a web based service/cloud solution.

With MigrationWiz you setup a connection to both a source and destination. After setting up the connection(s) you can start the migration. MigrationWiz will download the data from a mailbox at the source to it’s own infrastructure and then upload it to the designated target mailbox. The picture below illustrates the process.

(more…)

Hyper-V removed from OpenStack

The new version of OpenStack, which will be released in Q2 of 2012, does not support Microsoft Hyper-V anymore. The developers have had enough with the buggy code.

One of the developers of OpenStack has written a patch with which the Hyper-V code and support will be removed from the cloud platform. The patch has already been approved and constitutes a part ofthe next version of OpenStack, codename Essex, which is expected to be released in Q2.

At the end of 2010 Microsoft announced that they would deliver code which would enable the use of Hyper-V in a cloud solution based on the open-source cloud platform, OpenStack. Microsoft never finished and maintained this, causing the code to be full of errors. After people in the OpenStack-forum suggested to remove the Hyper-V code, Microsoft quickly released a statement saying “Microsoft is committed to working with the community to resolve the current issues with Hyper-V and OpenStack“. However, the OpenStack developers decided not to wait until Microsoft finally fixed their code and decided to remove Hyper-V support with the new release.

OpenStack, Founded by Rackspace Hosting and NASA, is a global collaboration of developers and cloud computing technologists producing the ubiquitous open source cloud computing platform for public and private clouds. The project aims to deliver solutions for all types of clouds by being simple to implement, massively scalable, and feature rich. The technology consists of a series of interrelated projects delivering various components for a cloud infrastructure solution.