Security is a subject that has historically been overlooked by companies/vendors when it comes to deployment of new systems. Generally, an easy and quick way out is preferred, especially when there are time-pressures to deliver a project or solution. That situation is exacerbated due to the fact that techies don’t generally give security much thought when playing in their labs as it’s a “resource overhead” and “gets in the way”. Consequently, expertise in this area are a bit thin on the ground and a mindset has developed to bypass security, if one can get away with it.
Things are changing, though. Companies are now looking at robust security as part of their drive to compliance. In addition to that, we all know how cloud technologies have been gathering momentum recently and hybrid/public clouds are hot topics these days. In such deployments, security is paramount and the required solutions cannot be deployed without proper protection in place. Having the right skills to be able to deliver solutions that are secured properly and can pass the compliance tests, will be key to success for any architect/engineer going forward.
VMware’s cloud products also mandate security from the ground up and today, I am reviewing a book that aims to focus that subject: VMware vCloud Security by Packt Publishing. The book is written by Prasenjit Sarkar (@stretchcloud) and is one of the first books in the market that focusses on VMware vCloud Security. It is a concise 114 page book, with four chapters that talk about VMware vCloud Security concepts in general but more specifically, the one product that provides it all: VMware vCloud Networking and Security.
The book starts with a brief discussion on VMware vCloud Director architecture and how the different components talk to each other. Following that, it goes straight into installation and initial configuration of vCloud Director. After all, the book is about vCloud security! A point to note here is that this book and the processes within are based on vCloud Director 5.1. That said, I believe the skills and concepts learnt in this book are easily transferable to later versions of VMware vCloud and other products.
Second chapter starts with a discussion on layered security and how vCNS covers all aspects of it. It then focusses specifically on the App Firewall component of vCNS, its architecture and how the components communicate with each other. Like the previous chapter, it also goes into installation and configuration of the App Firewall. That is followed by a discussion on how layer 2 and 3 rules are created and what to keep in mind regarding precedence. In the end, it shows how to use flow monitoring and how it can be used to identify what traffic exists between virtual machines.
Endpoint security is also quite important and we all know that “traditional” methods don’t work very well in a virtualised environment. VMware vCNS provides the base infrastructure to allows VMware or third-party products to interface with the target machines at the hypervisor level, without having the need to install computationally-heavy agents. Again, the vShield Endpoint architecture is discussed here, before going into the install process. It also talks about how to verify the installation once complete.
The last chapter is about another important topic and one which is a requirement for pretty much every deployment of a reasonable size: Data Security and Compliance. You must have heard of PCI or HIPAA and VMware provides the answer to those questions via the “Data Security” component of vCNS. If you’ve been following the theme so far, you’ll know that the chapter first discusses the architecture of this component, followed by the installation process. It also then describes how to set different policies, how to control the scope of what gets scanned and finally, how the different statistics and reports can be extracted from the system.
This book is exactly right for someone who wants to get started with vCNS and understand how the different components work together to deliver an all-encompassing solution for securing VMware deployments. The processes assume a pre-existing vSphere environment but if you do, there are step-by-step instructions for the installation of vCloud Director and vCNS, aided by a generous amount of screenshots to guide you through the process.
It’s hard to cover everything there is to be learnt about vCNS and cloud security in this small book but it’s a great start and highly recommended for a weekend play/learn session in the lab.