Comments on: Virtual Appliances – More Risk than Reward? http://pleasediscuss.com/andimann/20091029/virtual-appliances-risk-reward/ Part-time musings of a full-time technologist Wed, 10 Mar 2010 13:53:03 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: Coté's People Over Process » Links for March 8th through March 9th http://pleasediscuss.com/andimann/20091029/virtual-appliances-risk-reward/comment-page-1/#comment-886 Coté's People Over Process » Links for March 8th through March 9th Wed, 10 Mar 2010 13:53:03 +0000 http://pleasediscuss.com/andimann/?p=42#comment-886 [...] Virtual Appliances – More Risk than Reward? [...] [...] Virtual Appliances – More Risk than Reward? [...]

]]> By: Andi http://pleasediscuss.com/andimann/20091029/virtual-appliances-risk-reward/comment-page-1/#comment-12 Andi Thu, 05 Nov 2009 07:27:30 +0000 http://pleasediscuss.com/andimann/?p=42#comment-12 Jacques, I agree on the security issues especially. It really is under-appreciated. Virtual appliances are fundamentally different from physical appliances in the way they present a wider target, and the hypervisor as you say is not impenetrable. Your preference for h/w appliances is not uncommon for these reasons (and more). Thanks for adding some good comments on my blog! Andi. Jacques, I agree on the security issues especially. It really is under-appreciated. Virtual appliances are fundamentally different from physical appliances in the way they present a wider target, and the hypervisor as you say is not impenetrable. Your preference for h/w appliances is not uncommon for these reasons (and more).

Thanks for adding some good comments on my blog!

Andi.

]]> By: Jacques Talbot http://pleasediscuss.com/andimann/20091029/virtual-appliances-risk-reward/comment-page-1/#comment-9 Jacques Talbot Wed, 04 Nov 2009 13:27:35 +0000 http://pleasediscuss.com/andimann/?p=42#comment-9 As William pointed out, you (we actually) should separate architectural and tactical arguments. Tactical arguments can always be attributed to a lack of maturity and can eventually be fixed. However, IMHO, the strongest architectural argument against vAppliances is security proofing. You cannot certify the vApp+Hypervisor combo. In the name of "depth defense", it seems difficult to accept in the cloud that the hypervisor is the sole shield against the enemy, because it can have some weaknesses too. So I would rather user HW appliances to build the basic security boundaries in the cloud. As William pointed out, you (we actually) should separate architectural and tactical arguments.
Tactical arguments can always be attributed to a lack of maturity and can eventually be fixed.

However, IMHO, the strongest architectural argument against vAppliances is security proofing. You cannot certify the vApp+Hypervisor combo. In the name of “depth defense”, it seems difficult to accept in the cloud that the hypervisor is the sole shield against the enemy, because it can have some weaknesses too.
So I would rather user HW appliances to build the basic security boundaries in the cloud.

]]> By: William Vambenepe — Would you like some management with that appliance? http://pleasediscuss.com/andimann/20091029/virtual-appliances-risk-reward/comment-page-1/#comment-5 William Vambenepe — Would you like some management with that appliance? Tue, 03 Nov 2009 06:54:17 +0000 http://pleasediscuss.com/andimann/?p=42#comment-5 [...] Mann recently wrote an interesting post about virtual appliances . He uses the domain name pleasediscuss.com for his blog so I figured I’d do just that. More [...] [...] Mann recently wrote an interesting post about virtual appliances . He uses the domain name pleasediscuss.com for his blog so I figured I’d do just that. More [...]

]]>