Tag Archives: security

A Little Known Security Feature in vCenter: Certificate Based Authentication

Although we are all familiar with the username and password based login to the VMware vSphere, it’s also possible to login into vSphere with just certificates. If you are a third party vendor, either IHV (independent hardware vendor) or ISV (independent software vendor), the certificate based login is actually a better and preferred alternative to the one using username and password.

Let me explain why it’s the case, and how it can be done painlessly.

Posted in vSphere API | Also tagged , , | Leave a comment

Nginx with PAM Authentication

As I introduced in last article, Nginx is a lightweight Web and reversed proxy server that is gaining momentum. If you have URLs to be accessed only by authenticated users, you can have many options. In this article, I just introduce a very easy way for the Nginx to leverage the PAM (Pluggable Authentication Module) for user authentication. We will use OS user for authentication (there are many more methods supported by PAM). If you have a valid user with the Linux on which Nginx runs, your request will pass through; otherwise, it would be blocked.

Posted in Applications & Tools | Also tagged , , | 7 Responses

What Roles Does A User Have in vSphere?

If you have read my previous article on vSphere security model, you know how it works. Still, you may wonder what roles a particular user may have, as asked in a recent email from one of my former VMware colleagues.

In an operating system, a user is assigned to a group or multiple groups therefore granted a certain permissions. In vSphere, a role is simply a set of privileges and that is it. It’s natural to think of a role as a group sometimes, but it’s really not.

Posted in vSphere API | Also tagged | 8 Responses

Tech Talk: Secure Multi Tenancy In the Cloud

This is by Boris Strongin, VP Engineering and Co-founder, Hytrust Inc at our first community meetup on May 18. He reviews new security, auditing, and compliance challenges coming with cloud multi-tenancy, and approaches to address them.

Check out these slides for his insights:

Posted in Cloud Computing, News & Events | Also tagged , , | Leave a comment

Tech Talk: Automating Security in Dynamic Virtual Environments

This is the tech talk by Elsa Bignoli, who is now a Software Engineer at Altor Networks (part of Juniper now). Elsa is one of the contributors to our open source vSphere (VI) Java API.

Check out her presentation slides below:

Posted in News & Events, vSphere API | Also tagged , | Leave a comment

Introducing VMware vShield REST API

One of my colleagues asked me about vShield API and pointed me to the vShield API Programming Guide. I have of course heard about the vShield many times, but haven’t tried it out, let alone its API. But that doesn’t mean I cannot read it on demand. In fact, such questions motivate me to learn more beyond vSphere API. So keep your questions coming if you have one.

Here is what I found out after reading the programming guide. I have to admit I haven’t written any code connecting to a vShield test-bed, so I just share some basics of the API. Overall I found it’s similar to the vCloud API that I had worked with before in format and protocol.

Somehow the API does not, but I think should,

Posted in Virtualization | Also tagged , , , | 6 Responses

How to Enable or Disable Copy and Paste to Remote VM Console?

In my previous post, I introduced how to change a virtual machine’s vmx file programmatically and promised to post a full sample in my presentation at VMware Parter Exchange 2011. Now that the conference is over, it’s time to post it.

The sample is based on guideline VMX03 in vSphere security hardening guide: disable copy/paste to remote console. To me, allowing copy and paste to remote console like vSphere Client is a nice feature which can save you a lot of time. When security is a concern, however, you may want to disable it.

I will not discuss when you should disable/enable it because it really depends on your requirements. In most cases, security and convenience contradict with each other. I leave it for you to decide the right balance, but show you how you can check the setting and change it here.

Like most samples I write,

Posted in vSphere API | Also tagged , , | 1 Response

Securing Your Applications with Apache Shiro

Security is a very important aspect of application development. Tonight I learned a new security framework called Apache Shiro, the successor to the JSecurity project.

It’s a great talk given by the founder and lead of the project, Les Hazlewood, who relocated to Bay area not long ago for starting his company katasoft. The presentation ran over for one hour but still got most people seated.

Posted in Software Development | Also tagged | Leave a comment

Building Trusted Datacenters in the Cloud

RSA just had its annual conference at San Francisco this past week. Intel, VMware and RSA demoed how to build up layers of trust in data centers in the conference.

Posted in Cloud Computing, News & Events | Also tagged , | Leave a comment

A New Member Joined vCloud Initiative For Cloud Computing

newScale recently announced it would support VMware vCloud API in a press release.

San Mateo, Calif. February 17, 2010 – newScale®, Inc., pioneers of the self-service IT storefront for the enterprise, today announced it will support the VMware vCloud API, a key component of the VMware vCloud initiative. Enterprises and service providers integrating with the VMware vCloud API can now use the newScale FrontOfficeTM Suite to effectively manage and control self-service requests for cloud resources as well as their physical and virtual environments. 

This announcement underscores newScale’s continuing commitment to supporting multi-vendor, cross-platform data center and cloud infrastructures. The newScale FrontOffice Suite –  a complete set of Service Catalog solutions for managing IT services from cradle to grave –  integrates with VMware vSphereTM 4 and VMware vCenterTM Server. newScale is also a member of the VMware Technology Alliance Partner (TAP) program. By leveraging the VMware vCloud API, newScale demonstrates its ongoing support for a wide range of virtualization and cloud infrastructures, giving newScale customers maximum flexibility, efficiency, and agility in their data center deployments.

Posted in Cloud Computing, News & Events | Also tagged , , , , | Leave a comment

Learning Spring Faces, Security, Testing and Grail

Done with the four day training, finally! It’s pretty exhausting given that I had to get up two hours earlier to match the Central time schedule.

Spring Faces

I talked about JavaScript and AJAX two days ago. They are all good to some extent, but seemingly disconnected from the server. You have to think and manage the Web app as two pieces, bad for the productivity.

JavaServer Faces (JSF) technology was created to solve this problem. It a server-side framework, which provides GUI components, manages their states from the server side, handles events, and etc. You can then develop a web app more like the standalone application in some sense. Because JSF manages the state from the server side, it uses more resources and less performant than it’s JS/AJAX equivalent.

Spring Faces is not a replacement for JSF, but complements in the “Spring” way. It facilitates deeper JSF and Web Flow integration, manages JSF components’ states, and provides more lightweight JSF components. Therefore, you can get leaner web application than using pure JSF.

Debugging

Several tools can be handy for your debugging:

Posted in Software Development | Also tagged , | Leave a comment
  • NEED HELP?


    My company has created products like vSearch ("Super vCenter"), vijavaNG APIs, EAM APIs, ICE tool. We also help clients with virtualization and cloud computing on customized development, training. Should you, or someone you know, need these products and services, please feel free to contact me: steve __AT__ doublecloud.org.

    Me: Steve Jin, VMware vExpert who authored the VMware VI and vSphere SDK by Prentice Hall, and created the de factor open source vSphere Java API while working at VMware engineering. Companies like Cisco, EMC, NetApp, HP, Dell, VMware, are among the users of the API and other tools I developed for their products, internal IT orchestration, and test automation.