Sort of, it seems:

Today, RSA integrates with VMware in an couple of what I would call "useful but not earth-shattering" points – you can integrate envision authentication with Virtual Center and it also integrates with VDM 2.1 and VMware View Manager for hardened authentication.

 

But, with VMware as mission-critical as it is, security focus is getting strong.    At our recent Quarterly Technology Review, there were LOTS of really cool ideas where to go next, and ideas I would consider earth-shattering, but are so fuzzy at this point, there’s no point in going on about it.   Let us do some more work, and then I’ll talk about it again.

This is from VirtualGeek, full post here.

The Hacker 2 Hacker Conference Brazil this year featured a paper called “Hypervisor Framework”. An interesting read for those more interested in the nitty gritty of how all this “Virtualization” stuff works

So Tarry Singh posted today on the VMware security advisiories. While that’s been covered here, and elsewhere, I did find a few of his points interesting:

Ask yourself the following:

* Do you know that such malicious attacks are not taking place in your environment?
* Do you know if there is some sort of control in your environments?
* How many of you have successfully deployed a CCP that makes your ESX compliant or at least anywhere close to being SOX/PCI DSS 1.x standards? You must be able to control, authorize and demonstrate on your sense of control on these environments, can you do it?
* Are you doing any sort of assessments in your environments, especially Virtual Infrastructures be it Oracle VM, VMware ESX, Citrix Xen, Xen or whatever?
* Are some or any of your virtual platforms registered within your centralized directory, any LDAP v3 variants such as ADS etc?

Can you answer these for your environment? Just because it’s virtual doesn’t mean you should forget about security.

One of these is archived, the other scheduled to go off on Dec. 16th.  Both require registration, and are worthwhile, despite the obligatory sales pitches.

http://research.pcpro.co.uk/detail/RES/1224768378_490.html
This one has already happened, and is available on demand.

http://www.netiq.com/events/display.asp?cid=20081114152024NVKN&src=smm
This is the Dec16th event.

Straight from the VMware Security announcement mailing list:

http://www.vmware.com/security/advisories/VMSA-2008-0018.html

VMware Hosted products and patches for ESX and ESXi resolve multiple security issues. A flaw in the CPU hardware emulation may allow for a privilege escalation on virtual machine guest operating systems. In addition a directory traversal issue is resolved.

Read that over again… A flaw in the HOST can lead to a priviledge escalitions in the GUEST. While scary, there is a patch for this. One should also be looking at using Update Manager to download and deploy patches, or at least joining the security announcement list. The form for that is off to the right of the page.

Technorati : esx, esx3.5, esxi, security, virtualization, virtualization security, vmware

Del.icio.us : esx, esx3.5, esxi, security, virtualization, virtualization security, vmware

Zooomr : esx, esx3.5, esxi, security, virtualization, virtualization security, vmware

Flickr : esx, esx3.5, esxi, security, virtualization, virtualization security, vmware