yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
Cloud Expo & Virtualization 2009 East
Smarter Business Solutions Through Dynamic Infrastructure
Smarter Insights: How the CIO Becomes a Hero Again
Windows Azure
Why VDI?
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun's Incubation Platform: Helping Startups Serve the Enterprise
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Physical Is Not So Physical in a Virtualized Environment
Things to consider when virtualizing core infrastructure

I recently asked a CIO of a large Fortune 100 company how hard would it be for a person to pull the plug on a backbone switch in his datacenter. His answer was "Very difficult. We have lots of controls in place to ensure that level of access is protected." I then probed further and asked what type of controls he was referring to - card key access, locks on the racks, video cameras? He nodded at each one. I pulled up the virtual infrastructure management client on my computer and demonstrated how easy it is to power off the distributed virtual switch that he was planning to run across his datacenter - essentially, I right-mouse-clicked on the virtual machine (VM) and selected "Power Off." I then asked, simply, "How many people within your organization have access to virtual infrastructure?" He didn't know. This scenario is more common that you might think.

Virtualization is rapidly transforming the datacenter. Organizations are virtualizing servers, networking, and storage systems to create a new, much more dynamic cloud infrastructure. Virtual appliances, introduced by the major hypervisor vendors over the course of the last few years, have become the new form-factor for delivering business services. In the beginning, application vendors offered their solutions as pre-built virtual appliances, primarily to make installation easier; today, we see core infrastructure components - switches, firewalls, and management solutions - delivered as virtual appliances. The trend is accelerating.

The story of the Fortune 100 CIO highlights the issue that physical is not so physical in a virtualized environment. Virtual appliances are simply virtual machines, and for a person with virtual infrastructure access, physical controls do little to prevent harmful actions - like powering off a critical virtual appliance, whether by accident or on purpose. Essentially, the physical controls that prevent tampering with core infrastructure components are easily bypassed when it comes to virtualization since everything can be managed over the network. This has implications with regard to security as well as compliance.

Industry and regulatory initiatives such as PCI DSS and HIPAA require adequate controls be in place to protect private data, such as payment card or patient health information (PHI). Many times, these controls include network security components such as firewalls and intrusion detection systems. When critical controls are virtualized, how do you ensure compliance if they can be manipulated or powered off through the virtualization management layer?

Follow these four guidelines when considering virtual appliances for core infrastructure to avoid being vulnerable:

  1. Determine the policies necessary for virtualized infrastructure components in your environment.
  2. Ensure strict access control and policy enforcement for management of virtual appliances.
  3. Confirm with your assessors what safeguards must be in place around virtualized controls as relates to compliance.
  4. Make sure you have all management operations logged in granular detail for security forensics and compliance.
About Eric Chiu
Eric Chiu is CEO and founder of HyTrust, an early stage startup focused on secure virtualization management and compliance. He has in-depth knowledge about what’s needed to achieve the same level of operational readiness in virtual, as in physical I.T. infrastructures. Previously Eric served in executive roles at Cemaphore, MailFrontier, mySimon, and was a venture capitalist at Brentwood/Redpoint, Pinnacle, and M&A at Robertson, Stephens and Company.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of cont...
DXWorldEXPO LLC announced today that Kevin Jackson joined the faculty of CloudEXPO's "10-Year Anniversary Event" which will take place on November 11-13, 2018 in New York City. Kevin L. Jackson is a globally recognized cloud computing expert and Founder/Author of the award win...
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the l...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relatio...
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)!

Advertise on this site! Contact advertising(at)! 201 802-3021

SYS-CON Featured Whitepapers