Once upon a time, every vendor published a paper about SOX, and some made very convoluted connections to how they could “do SOX.” Sometimes, it seemed like the only thing the vendor had to offer that had anything to do with SOX was the white paper. Is the same thing happening with virtualization?
I’ve run across quite a few vendors who say they “do virtualization” when all it means is that their product will run in a VM. Does that mean their products are aware that they are running in a VM? Nope. It’s what I call “dumb virtualization support” or (more politely) “unaware virtualization support.”
When you’re looking for vendors to support your virtualization strategy, why not look for “smart virtualization support” or (again, politely) “virtualization aware” tools? This is particularly important for virtualization security, where there may be nuances that a “dumb” tool just won’t address.
“OK,” you say, “But how can I tell the difference?” You need to ask some questions. And I found a good starting list of questions to ask your virtualization vendor, created by Pete Lindstrom on The Burton Group’s Security and Risk Management Blog.
Check ’em out, and add your own – it will help you get up the curve fast. And, more importantly, ask the questions and see who gives good answers. This will help you find out which of your vendors are in the game.