Virtualisation: friend or foe? [Day Three: Making virtualisation safe]

In the concluding part of this series, Patrick Gray explains how vendors plan to secure virtual machines.

Srinivas Krishnamurti, VMWare's Director of Developer Products and Market Development, briefed TechTarget ANZ on virtual appliances in Los Angeles during the VMWorld conference in Los Angeles. "It's fundamentally changing the role of the operating system," he says. "The role of the operating system is reduced in half... previously it was doing all the hardware abstraction as well as providing the interfaces up to the application, but now there's a layer in between that's doing half its job."

The main advantage to using virtual appliances, Krishnamurti says, is they are a pre configured application. "If you're a customer, sure you can tweak a couple of things... but the premise is the ISV knows more about what the system should look like, more so than the customer," he says.

He cites the TiVO as an example of a hardware appliances that relies on a trimmed down underlying operating system. "There's some sort of OS layer there to make things work, do you even know what OS it is?" he says. "The fact is that why do you need to know? You don't need to know what OS is running."

If coffee just squirted out of your nose after reading that, you're almost certainly not alone.

"So you don't need to know if your enterprise data centre is running Apache with mod_SSL, PHP and a whole swathe of archaic libraries? You (only) need to know that if you need to manage it," Krishnamurti says.

"The ISV is giving you an application stack that's fully configured that's going to run and they're going to support that whole stack," he says. "Any time they need to patch it they'll ship you a patch for that whole stack. It could include application fixes, it could include something in the OS as well... it's a different way of thinking about it."

To be fair, the virtual appliance marketplace is already offering ISVs some tools they can use to manage patch deployment. rPath, a Linux distribution company, provides ISVs with the tools they need to offer custom patches to virtual appliance customer bases. But the lack of transparency in the OS patching process could still cause a few fluttering hearts among more security conscious CIOs.

Disclosure: Patrick Gray traveled to VMWorld as a guest of VMWare.

< Back to Day Two

Read more on Network security strategy