vCloud Director 1.5 New Features Overview

Part of the big announcements prior to VMworld this year was the announcement of vCloud Director 1.5. If you haven’t heard of vCloud director it was popularly known in the past as VMware Lab Manager (RIP).  With version 1 under its belt VMware is releasing version 1.5 and added a few new features. Below are a few of the most important (in my humble opinion) that will have the greatest impact for people already on vCloud Director.

First, and I am really excited about this, is the addition of Fast Provisioning. This feature uses linked clones so you can provision VMs from a template rather a full copy. This will allow for provisioning of a VM in seconds vs. who knows how long and will help cut your storage cost significantly. NetApp does something similar if you haven’t seen their product, I would check it out as well.

Fast Provisioning is great for the following:

  • Cloning production and pre-production workloads
  • Demo and trial environments
  • Test and Dev
  • Support Desk
  • And much much more

Second, they increased the enhancements of the vCloud API. This helps fit vCloud into existing environments with baked IT management tools. With added messaging it will be able to provide notifications to your various systems; backup, monitoring, CMDB, IPAM, and network tools for example. There is also some new SDK’s coming and better use of query service.


Third, they added a significant increase in support for their Microsoft SQL Database. You can actually build a vCloud Director environment using a Microsoft SQL database for all of the configuration data, which will help if you are highly invested in a Microsoft SQL database. Now you can get rid of that Oracle License you been hanging on to.

Lastly, I wanted to touch on the expansion of vShield support and will be integrating with IPSec VPN and added Firewall capabilities. More details to come on this, but know that when setting up secure cloud environments that there will be secure ways to connect external-internal cloud through a secure interface. Think DR and onsite cloud sites synching.

More to come, but excited to see this product line evolve.

vShield 5: New Security Features Coming Soon


VMware vShield 5 was announced around the same time as vSphere 5 but for some reason it sort of flew under the radar. Some would say it had something to due to the licensing drama, but who really knows. What I do know is that 1) securing VM’s is an evolving problem that has been limited to hardware enforcement  and 2) VMware is starting to invest significant more resources towards their vShield suite since its launch in August 2010.

If your remember vShield includes vShield App, vShield Edge, and vShield Endpoint and if you curious what was included in more detail with that launch you can find more here from my previous post. In short it was a good start but not a full solution.

 So What’s New:

vShield App now includes Data Security designated for compliance confidence, think data scanning. This hypervisor-based application aware-firewall will create and enforce dynamic application boundries, aka trust zones based on policies vs. physical boundaries of yesteryear. This should help cut down on the hardware costs!

There is now a collaboration with RSA (Another EMC company, no surprise here) that is designed to “optimize the security for virtual and cloud environments.”  “This security protocol will enable enterprises to discover and classify sensitive data residing within the virtual machines.” So if someone is sending Social Security cards, credit cards, or personal information it can within the VM detect this leak. Plus it is host based and agent-less.

Also, based on pre-defined templates, 80 or so, you will now be able to select policies that affect your business, not sure yet if you can modify these presets or not. These policies scan the VM forsensitive data and report back the findings. You can even set a policy if it finds this data it will isolate this VM keeping the sensitive information in its trust zone. Performance shouldn’t be impacted much since it will be using a virtual appliance. The thing to note is that it will report and isolate, see below.

 Doe this solve our Data Loss Prevention (DLP) Problem?

Not so fast. They still have a long way to go. Remember detect, report and isolate not detect, report and block.  To be clear this is a just a detection tool with minor policy enforcement. It will be more clear come demo time at VMworld, but it is missing some key components to be a full DLP solution. For example it doesn’t detect data leaks in transit, won’t prohibit moving data to the cloud, and doesn’t go in-depth enough to protect ultra sensitive data.  It is a good start, and there will be a future release with API’s to integrate to other DLP software.


The VMware vShield 5 is expected to be available in Q3 2011 and individual products will be licensed per VM (noticing a trend?) starting at $50 per VM retail. The vShield products can also be purchased together as a vShield bundle for $300 per VM.

More Information:


vShield Suite Introduction

Securing your virtual environment can at times be a very complex process.This is especially true with cloud environments or multiple tenant environments. Also, there is a good chance that there will be some security concerns about high consolidation rates. There are several good 3rd party options from the primary security vendors (Symantec,McAfee, Sophos, etc…) as well as some up and coming startups (Catbird). As well, VMware offers a suite of products, vShield Family, to help manage your virtual environment. This suite includes the following:

  • vShield App: Applications protections against network-based threats. Basically this monitors all traffic between your vm’s will applying a policy that limits what can be transferred based on policy’s. Think established DMZ not talking to Medical records.
  • vShield Edge: Perimeter based network security. Firewall, Network Address Translation (NAT), Dynamic Host Configuration Protocol (DHCP), Site-to-Site VPN, Web Load Balancing, Port Group Isolation, Policy Management, Logging, and Auditing.  Could replace hardware applainces such as f5.
  • vShield Endpoint: Offloading of AV processing. Can only be used with vSphere 4.1.
  • vShield Zones: Hypervisor-Level Firewall protection between virtual machines.
  • vShield Manager: Management Interface for all of the vShield suite and 3rd party security services.


vShield App and vShield Edge are both $4,688.00 MSRP for a 25 Virtual machine pack with 1 year of support. While vSphere Endpoint is $1563.00 for a 25 virtual machine back.

For more information click here.