VMmark – VMWare performance and capacity planning

Need to test the potential scalability or performance of your VMWare virtual environment?  Then this tool from VMWare will possibly fit the bill;

http://www.vmware.com/products/vmmark/overview.html

VMmark is a free tool VMWare provides that enables you to assess the performance of a physical host when running a variety of workloads.  These different workloads are referred to as ’tiles’ as is demonstrated by this diagram;

This method can be used for testing the scalability of a single workload, multiples of a single type of workload, or a variety of workloads.  All of which may be the use case you need to understand prior to deployment or changes in requirements.

If you are looking to specify new hardware or understand the harware requirements of upcoming projects there are VMmark results for many server types and configurations already uploaded here;

http://www.vmware.com/a/vmmark/

This is a great reference for understanding real world server performance from actual users and companies other than VMWare.

K

VMWare Crib Sheets

I stumbled across this excellent VMWare blog called vReference that I wanted to share;

http://www.vreference.com/

This is overall an excellent blog written by a guy called Forbes Guthrie who has in depth VMWare knowledge and has even written (in conjunction with others) books on the topic.  This blog covers many VMWare / vSphere related topics from SAN booting to Windows clustering.

Of particular note are the reference cards he creates that are incredibly useful and cover a surprising amount of detail from maximum guest sizes to maximum numbers of hosts in a cluster through many useful command line installation options, storage management, and using vCentre..

vSphere 5 reference card can be found here;

http://www.vreference.com/vsphere-5-card/

vSphere 4.1 reference card can be found here;

http://www.vreference.com/vsphere4-card/

He even still has the 4.0 card for anyone yet to upgrade from this version.  I very much recommend move to a more current version in the near future if you are still on 4.0 as you’ll get many benefits in all areas from performance to BCP/DR to scalability and management!  4.0 card can be found here;

http://www.vreference.com/public/vReference-vSphere4card2.2.pdf

K

 

Project suggestions..

So I am currently working on what my MSc project should cover.  As the overall title of the MSc is Distributed Systems and Networks the project should likely incorporate some sort of networked / distributed system.  Given my continued interest in IT Security and the fact one of my favourite modules was actually titled ‘Distributed Systems Security’ I’d also like to incorporate a strong security focus into the project as well.
As I am also working on some cloud security related work for the Cloud Security Alliance I am thinking something ‘cloud’ related would be good as this would bring together aspects of security, obviously distributed systems along with being a very current topic.
The purpose of this post is to garner ideas and suggestions for project content and/or possible titles as I am struggling a little to decide the best and most interesting / useful option.  Likely especially relevant to the guys I am working with on CSA projects, but obviously open to anyone – what areas would you like to see further research in, where could my MSc project and value and insight?
Please feel free to post here or email me with any ideas and suggestions. Many of you have my email, however if you need it; it’s on my LinkedIn profile.  I’ll keep this blog updated with my topic decision and also link to the project once it is complete.
Thanks for your interest – looks like this is going to be an interesting and busy year!
K

Some 2012 projects / plans

Following on from my brief overview of progress during 2011 I thought I would share some of the projects I’ll be undertaking during 2012.  This will give anuone reading this blog an idea of some of the likely content that will appear during this year on top of general thoughts and some book reviews.

1. Complete my masters, which assuming I have passed my most recent module means choosing and completing my project.  Based on the university schedule the bulk of this will be completed between April and September.  Now to decide on a topic!

2. Lead (co-chair) the Cloud Security Alliance – Security as a Service working group through the delivery of the planned implementation guides covering each of the categories detailed in the white paper we published in 2011.

3. Become a lot more familiar with the Xen hypervisor, in addition to the VMWare products in order to better assess virtualisation options for both desktops and servers.  This is for a combination of reasons around expanding my knowledge and better understanding the options around Xen (open source and Citrix variants) and VMWare and the various virtual desktop solutions.  Also with people like Amazon and Rackspace using Xen it must be worth a closer look..

4. Having recently done some study around secure coding I’ve been prompted that I should probably brush up my scripting skills, so I plan to put a little time into Perl this year.

…  Likely a few other things will be added around architecture, potentially some further study / research, databases and security, but these have yet to be finalised and I need to be realistic about what I’ll achieve this year.  I’d rather do less well than try to do too much and not be satisfied with the results!

Expect to see blog posts on the above topics throughout this year, feel free to email or comment if there are any specific areas you would like detailed blog posts on.

K

2011 review

As is often the tradition I thought I would start the year with a couple of posts covering an overview of some key points from the last year, and some planned projects for this year.

As I am sure you have guessed this post will be a brief review of 2011 from a study / career / research perspective.

2011 was a pretty busy year with cloud security research, masters work and finally realising my previous role was no longer offering much/any challenge; culminating in moving to a new role at the end of the year / start of 2012.

From a study perspective I completed two more MSc modules;

– Wireless mobile and ad-hoc networking

– Secure systems programming

Assuming I pass the secure systems programming module (final piece of coursework was completed 9/1/12) there is ‘just’ the project left to complete in order to finish my masters.

Also on a Study front I achieved a couple of certifications;

– ISSAP (Information Systems Security Architecture Professional).  This is a secure architecture addition to the CISSP (Certified Information Systems Security Professional).

– British Computer Society Enterprise and Solutions Architecture certificate.

So all in all a successful and reasonably productive year from a study / certification perspective, especially if I have managed to pass the secure coding module!

From a career perspective I has been looking around within my previous company for a little while but decided that I was stagnating in my previous role so it was time to look outside in order to move on.  The good news is I was successful, being offered a considerably improved role as a Senior Systems Architect with Canada Life that I started 3/1/12.  I’ll update on how this is going and any non propriety technologies / projects I am working on in upcoming posts.

From a research / general learning perspective 2011 was the year of the cloud.  As anyone who has read this blog knows I have been very involved in work defining Security as a Service (SecaaS) with the Cloud Security Alliance, chairing the research group on this topic.  This has resulted in a paper being published and SecaaS being added as a new domain to the CSA guidance.

I’ll follow this post with one detailing some of my plans and projects for 2012.

K

 

Linchpin: Are You Indispensable? by Seth Godin

The premise of this book is that to be as successful as you can and to be as safe as possible if / when your organisation chooses to ‘downsize’ or ‘outsource’ you need to become indispensable.  You need to become a Linchpin.

In the context of this book a linchpin in organisational terms is similar to an actual linchpin; a key component that prevents the organisation (wheel) from coming apart.  In fact in the sense Seth uses the term a linchpin goes a step further and actually drives the success of an organisation.

There are (for me anyway) two main messages from the book –

– People who are ‘linchpins’ love their work and put their best into it – this is his reference to turning your work into art.  So find a role / job / organisation where you can be challenged and love the work you do.

– Overcome your fears; How many times have you seen a way of solving a problem others missed and not mentioned it? How many times have you had an idea in a meeting and kept quiet?  Overcoming your fears and contributing your best will make you more fulfilled and of course more indispensable!

The new world of work described in books like this and Daniel Pink’s “A Whole New Mind: Why Right-Brainers Will Rule the Future” that is based on intellect and ideas is / will be a great place to work.  Here’s hoping we all find or create these places of work!

Overall I found this an interesting and useful book, the only downside is that it can come across as a bit too preachy / self help-ish, this is perhaps worse for us more reserved British types than our American counterparts.

Recommended.

K

Cloud Security Alliance; Security Guidance v3 released

The Cloud Security Alliance (CSA) has released the long awaited version 3 of the ‘Security Guidance for Critical Areas of Focus in Cloud Computing’.  This is the first update to the guidance since version 2.1 was released in 2009 and is a major overhaul bringing the guidance up to date in the new and fast moving world that is ‘cloud’ computing.

In addition to updating all of the existing domains of the guidance, there has been the addition of Domain 14 – Security as a Service (SecaaS), this is the domain I have contributed extensively to and has it’s basis in the white paper I co-chaired the publication or a few months ago.

As an overview version 3 comprises of the following domains in the context of cloud security;

Section I. Cloud Architecture

–          Domain 1: Cloud Computing Architectural Framework

Section II. Governing in the Cloud

–          Domain 2: Governance and Enterprise Risk Management

–          Domain 3: Legal Issues: Contracts and Electronic Discovery

–          Domain 4: Compliance and Audit Management

–          Domain 5: Information Management and Data Security

–          Domain 6: Interoperability and Portability

Section III. Operating in the Cloud

–          Domain 7: Traditional Security, Business Continuity, and Disaster Recovery

–          Domain 8: Data Centre Operations

–          Domain 9: Incident Response

–          Domain 10: Application Security

–          Domain 11: Encryption and Key Management

–          Domain 12: Identity, Entitlement, and Access Management

–          Domain 13: Virtualization

–          Domain 14: Security as a Service

The guidance can be freely downloaded from the CSA website here;

https://cloudsecurityalliance.org/research/initiatives/security-guidance/

It is relatively long, but covers a lot of what you need to know about cloud security and things you need to consider if you are planning to move your data to a ‘cloud’ type service.

K