Yesterday afternoon I was out with few friends enjoying a nice sunny day away from my computers. After having a few beers at a great pub, my mind was far away from work and I began to live in real life again. My eyes began to readjust and their veiny red lines began to recede. The carpel tunnel of my hands began to wear off. A fresh blush of color began to bleed into my cheeks. In short, I no longer looked like I was a vampire waiting to strike. All was well… that was, until THEY walked in to the pub looking for a fight.
The four douche bags sat next to us and they began saying things that really got to me. No, they weren’t talking smack about my Yankees. No, they weren’t bantering under their breath about my hot girlfriend. They were talking about security Hyper-V and VMware… and they wore their lack of knowledge on their sleeves (which, I might add led up to some seriously popped collars).
At first I thought my friend was trying to punk me. I looked around for cameras or Ashton – No sign of either. So, these dudes started talking about deploying some solution and how they have to provide the highest level of security and all this nonsense. I remained quiet and managed to mind my own business as they had their chat until the topic hit VMware. My blood began to boil when one of them (the Security Know-It-All Dude – or just The Dude, as I like to call him) started to talk about VMware security flaws. The Dude even mentioned something about a vulnerability with VMotion and how it’s not very secure and all that crap. As the Dude (the main douche bag) mentioned this, I could see myself teaching my next class with a missing tooth, bloodied lip, and black eye a-la Fight Club. Believe me, the Dude would look much worse. I fought my instincts not to get into their discussion (or jump out of my barstool), but I was two Guinness down and incapable of staying quiet about what was going on. So, I jumped in on the conversation in order to school these douche bags about VMware and true security. No fisticuffs. I would just run good old fashion geek circles around the Dude and his pals. What I told him was the truth:
VMware has made a great deal of changes in the architecture of their platform in a load of different areas. Those advancements have been happening since the Virtual Infrastructure 3 and even more so with vSphere 4. I want to take this moment and inform everyone that follows Punching Clouds about a few major security changes that I informed the douche bags about in regards to the re-architecture of the new ESX/ESXi 4.0:
- The Service Console is now based on the 64-bit version of the Linux 2.6 kernel.
- The VMkernel now runs and owns the device drivers
- The Service Console (what Microsoft calls Parent Partition or Management Operating System for Hyper-V in the Windows Server 2008 version) is enhanced with Address Space Layout Randomization (ASLR), a method which is used to load software in memory in a way that attackers can’t really predict where the software is going to be store in memory when they try to hijack it with attacks.
- Support for Trusted Platform Module (TPM) chips as another way to control the authenticity of drivers signatures. and to make it even better, they’ve removed
- All development environments and libraries like GCC, and anything that can be used to compile code and run it against it has been removed.
The Security Super Douche tried to counter with something about about footprint size and all, and I asked him if he’d been living under a rock because he seemed to have missed the news about ESXi. To address his tirade on VMotion and its security vulnerability, I pointed out that any security issues were resolved and in any case, the VMotion network should always be isolated whenever possible as VMware recommends. I combined that left punch with a quick right, when I told him about how you can now encrypt the VMotion traffic for added security (The actual configuration is shown in the screenshot below. vCenter Server 4.0 provides the interface where you can configure that)
Then I knocked his ass out by firing out some info about vShield Zones, VMsafe and all the good stuff that quelled their security concerns real quick. So, they bowed down to me. Fatality. They turned tail and quickly realized the superior nature of VMware security. Ok, ok – it didn’t turn out quite like that. But I did get two rounds of beers out of those dudes, which to me was a sign that they had started to believe that VMware security was no joke… or at least they had started to see that if they messed with its players, they were messing with the wrong team.
I returned to my barstool. The beer tasted a little sweeter. The sun felt a little warmer. Life was good.
To all you nonbelievers and naysayers, as my boy The notorious B.I.G said: So if you don’t know, now you know!
Alright folks, here is another class from VMware Education. vSphere Manage for Performance. The much anticipated, and needed class that will teach attendees how to manage, and monitor performance in the vSphere environments. This class is categorized as an advanced class as there is a certain level of knowledge, and expertise expected from all attendees. The completion, and or equal knowledge of the topic covered in the courses listed below are require as well as a fair amount of administration experience of ESX/ESXi and vCenter Servers.
