Security lead in VMware offerings
8 November 2018 | 0
“We need to think about security in a fundamentally different way,” said Pat Gelsinger, CEO, VMware, at VMworld Europe 2018.
“We need less security products and much more security.”
“Today, we build infrastructure not knowing the applications [that] will run on it, then deploy apps into that environment that are changing constantly, and we are patching on security products,” he said.
Gelsinger referred to this model as “chasing bad” and said it is not fit for purpose.
“We are flipping that model from bolted on and chasing bad to intrinsic security,” he said.
“We are building into our products basic security mechanisms, being built into every component — on the user wide with Workspace ONE, on the network side with NSX, in storage with encryption, and on the compute side with AppDefense. We are not chasing threats but radically reducing the attack surface. We are enabling a new model of security.”
Gelsinger announced that having launched AppDefense last year, using the virtual machine (VM) to learn applications’ behaviour and guarantee operation against it, the capability is now part of the premier offering of vSphere, vSphere Platinum.
In its virtual networking security suite NSX, AppDefense is also integrated, allowing adaptive micro-segmentation for additional defence against data los should a breach occur. This strategy, said Gelsinger, aligns security policy with the application, automates micro-segmentation and locks compute and network operation.
The system learns ‘god behaviour’ through the application of artificial intelligence (AI) and machine learning (ML), verifying every binary, then verifying behaviours to ensure ‘good’, he said.
These measures, said Gelsinger, ensure the ability to be able to protect environments across on-premises and through hybrid cloud.
A key element of hybrid cloud and enterprise use of it will be containers, and Kubernetes in particular. VMware sees itself as a key facilitator of enterprise Kubernetes use.
“VMware is the dial tone for Kubernetes,” said Gelsinger.
As well as NSX integration for its Pivotal Kubernetes Service (PKS), VMware is further extending its capabilities with the announcement of its acquisition of Heptio.
“Kubernetes is emerging as an open framework for multi-cloud infrastructure that enables enterprise organisations to run modern applications,” said Paul Fazzone, senior vice president and general manager, Cloud Native Apps Business Unit, VMware. “Heptio products and services will reinforce and extend VMware’s efforts with PKS to establish Kubernetes as the de facto standard for infrastructure across clouds upon closing.”
The company said that Heptio will be able to open new channels to further engage the open source community and harden upstream Kubernetes, as well as support the cloud native needs of the largest enterprises in the world.
“We will be tapping into VMware’s cloud native resources and proven ability to execute, amplifying our impact,” said Craig McLuckie, CEO and co-founder of Heptio. “VMware’s interest in Heptio is a recognition that there is so much innovation happening in open source. We are jointly committed to contribute even more to the community — resources, ideas and support.”
Cloud Foundation 3.5
The company also announced an extension of its hybrid cloud offerings aimed at providing greater flexibility and reliability in deployment. Cloud Foundation 3.5 will provide greater deployment options, with new Kubernetes support, drawing on the other innovations from the infrastructure and management portfolio, said VMware. The Cloud Foundation, it said, offers the fastest way to build an integrated hybrid cloud “by delivering a comprehensive set of software-defined services for compute, storage, networking, security, and cloud management to run enterprise applications in hybrid cloud environments”.
The company said it will validate the release of Cloud Foundation with Dell EMC vSAN Ready Nodes on Dell EMC PowerEdge MX, the kinetic infrastructure designed for the software-defined data centre (SDDC), with increased integration expected over time. It says Cloud Foundation as a “proven, complete hyperconverged software solution” offers ecosystem support for all VMware vSAN ReadyNodes.
There will also be support for composable features which will be delivered through integration between VMware SDDC Manager and HPE Synergy Composer which is powered by HPE OneView. Users can now dynamically compose physical resources using the VMware Cloud Foundation user interface, it said, to meet the needs of applications running on Workload Domains, thus increasing overall operational efficiency and automation.
Cloud Foundation 3.5 will include support for recent product releases, including vSphere 6.7 Update 1, featuring simple and efficient management at scale, built-in security for applications, infrastructure, data and access as well as increased support for AI and ML workloads, among other capabilities.
Integration with NSX-T 2.3 enables support for container environments, as well as a simplified workflow and a new search interface allowing administrators to search for objects and events within the NSX-T system and perform operations quickly. The new release will also feature vRealize Automation 7.5, with broadened developer use case support through PKS integration for Kubernetes cluster management. vRealize Operations 7.0 will enable users to adopt a ‘self-driving’ approach to monitoring and managing data centres and cloud environments.
On the user productivity front, the intrinsic security principle is being applied to the productivity platform Workspace ONE through improvements in securing any application on any device using, with data loss prevention (DLP) policies, encryption, and access management.
Enhancements to the Workspace ONE Intelligence service provide insights that improve visibility from the device to the network and allow IT to automate remediation. VMware has introduced Workspace ONE Intelligence Identity Analytics, which leverages data from VMware Identity Manager, provides identify analytics that help IT actively mitigate risks. In addition to Workspace ONE’s intrinsic security capabilities, users can leverage investments in specialised security solutions as part of the Workspace ONE Trust Network, said the company. By connecting with third-party solutions through Workspace ONE Intelligence, organisations can get a full view of devices and users, along with the threats that are targeting them.
VMware unveiled a solution developed in collaboration with Trust Network partner Carbon Black. Currently in preview, it integrates Carbon Black, Workspace ONE Intelligence and AppDefense, to extend threat intelligence into the data centre, improve security posture, and automate the remediation of advanced threats.
Also announced was the ability for Workspace ONE users to take advantage of Okta Identity Cloud. A partnership between Okta and VMware ties device trust to user identity via rich conditional access and provides employees with a central, more secure hub to access all apps, services, and devices.
VMware also announced its intention to provide a blockchain infrastructure stack for enterprise.
This was described as a decentralised trust infrastructure that is hybrid, scalable and managed as a service, known as Project Concord. Currently in beta, it is developer friendly and provides robust Day 2 operations for blockchain.
Gelsinger emphasised that this was not a blockchain service for enterprise, but an infrastructure stack providing for the needs of enterprise in developing blockchain capabilities.