VMware has announced support in their vCenter Configuration Manager (vCM) for the new vSphere 5.0 hardening guidelines

[VMware Center for Policy & Compliance (CP&C)] is pleased to announce the most anticipated content release to date in vCM, the VMware vSphere 5.0 hardening guidelines! As critical component of the vC Ops suite, vCM is the FIRST product in the market today to have the official GA version of the vSphere 5.0 Hardening Guidelines.

The five new rule groups are related to some exciting new possibilities in automation. It now is easier than ever to test vSphere configurations, monitor for changes, and compare them to policy. VMworld will be a great time to see how it works and where things are going next.

A slide deck has been circulating called “Life before and after vCloud Director” that claims to “reveal” that a vCloud environment could be designed to reduce redundancy. Chris Colotti makes some excellent points in a short and clear rebuttal:

A vShield appliance is only needed if you choose to NAT route the Organization networks or the vApp networks. These are not required, but are used if the design considerations call for it. Yes it can fail, anything can fail, so that statement is pretty broad. However, it is a VM protected most likely by VMware HA as are so many other production Virtual Machines today. There is also multiple blog posts about how VMware Fault Tolerance can be used to protect the vShield Manager as well as the deployed vShield Appliances themselves.

The appliance is the firewall, router, DHCP, and Load balancer for Selected Networks and Organizations, but not for the “vCD System”. You can always use direct connected networks and external firewalls, as well as load balancers and VPN devices. Again, vShield is NOT a requirement it is simply a tool to assist in the design of a multi-tenant vCloud Director deployment. We have also had folks deploy other Virtual Machines in the cloud itself to handle some of these functions including virtual load balancers.

The slide deck probably is based on an article from last year called “VMware vShield Manager design raises availability concerns“.

It is worth noting that VMware’s publicly stated best practice, per KB: 2011480, is to use fault tolerance with vShield.

The Israel Defense Forces website has just posted the following vague announcement:

IDF Operations Department recently defined the essence of IDF cyber warfare, putting together instructions that define the military’s operational methods in cyber space and clarify its goals in facing potential enemies. IDF Website exclusively reveals these instructions for the first time.

According to the document, cyber space is to be handled similarly to other battlefields on ground, at sea, in the air and in space. The IDF has been engaged in cyber activity consistently and relentlessly, gathering intelligence and defending its own cyber space. Additionally if necessary the cyber space will be used to execute attacks and intelligence operations.

There are many, diverse, operational cyber warfare goals, including thwarting and disrupting enemy projects that attempt to limit operational freedom of both the IDF and the State of Israel, as well as incorporating cyber warfare activity in completing objectives at all fronts and in every kind of conflict.

I could go on with the quote but I’m sure you get the idea about this “definition”. It seems to say anything is possible, options are open, as necessary, for all fronts, with various goals…

Their point seems not to be very precise in their announcement of a definition but rather to acknowledge in general that they are monitoring and to formally announce that they reserve the right to attack. The Arabic and Hebrew versions of the page seem to say almost exactly the same thing.