« Cisco and HP Square Off In Server Land | Main | Moving On »

April 27, 2009

Comments

Christofer Hoff

Just a tickler, Chuck...

I left the Cloud Security Alliance (CSA) launch to make my panel discussion with Gunnar and Rich at the Jericho Forum event during RSA.

One of the points I made there in discussing their Cube Model as well as when I was discussing virt/cloud on the panel debate I had with Simon Crosby and Steve Herrod was specifically right to this point where you said:

>> "However, one of the more interesting aspects of
>> securing the private cloud is that each virtual entitity
>> can be seen as having its own "perimeter" in a manner of
>> speaking. That's true for user desktops, application,
>> infrastructure services, etc. Ideally, this perimeter
>> follows the container where ever it goes.

>> I wonder if we'd call this "perimeterized" or
>> "de-perimeterized"?"

My answer is neither. It's "RE-perimeterized."

It's my contention/assertion that the perimeter is NOT disappearing. In fact, it's multiplying, BUT the diameter is collapsing.

That goes right to your point. The perimeter is -- given the VM as the new atomic unit of the emerging NG datacenter -- the VM boundary described by and enforced with policy.

So, it's RE-Perimeterization. We've always done it this way as we follow the Hamster Sine Wave of Pain (see my Frogs preso for that little gem...)

/Hoff

John F.

Hi Chuck,

Timely subject, tantalizing hints, but where's the beef? Don't leave me hanging. Even if you just point me to one of your minions' blogs describing the minutia, that would be great.

Impatiently awaiting your response

John F.

Chuck Hollis

Always great to hear from you, /Hoff !

"Re-perimeterization" -- ok, I get the logic of the word, but somehow it doesn't capture the significance of the concept, at least to my feeble brain.

We're coming from a world of a few, massive monolithic perimeters (e.g. firewalls) and evolving to a world of many thousands of entities, each with their own perimeter, each with an implied "firewall" as it journeys around the infrastructure.

What we need here is a new word or phrase -- "atomic perimeter"? "entity perimeter"?

I dunno. It's late, and I can't think.

-- Chuck

Chuck Hollis

Hi John F.

Given that you're not a trusted customer or partner, I guess you get to find out when everybody else finds out!

I know you understand ...

-- chuck

Christofer Hoff

Right, but we're not getting RID of perimeters, just redefining what establishes them.

Instead of using the firewall as the Maginot line demarcation between "inside" and "outside" as the perimeter, you're simply saying it's the policy that matters.

I believe that when you said:

>> We're coming from a world of a few, massive monolithic
>> perimeters (e.g. firewalls) and evolving to a world of
>> many thousands of entities, each with their own
>> perimeter, each with an implied "firewall" as it
>> journeys around the infrastructure.

...you inadvertently agreed with me, even if you didn't know it ;)

So again, it's not about getting rid of the perimeter (de-perimeterization) but rather redefining what describes it (re-perimeterization.)

That's what I meant when I said they were expanding, but the diameter (of the controls/policies) were collapsing...

Make more sense?

Christofer Hoff

Right, but we're not getting RID of perimeters, just redefining what establishes them.

Instead of using the firewall as the Maginot line demarcation between "inside" and "outside" as the perimeter, you're simply saying it's the policy that matters.

I believe that when you said:

>> We're coming from a world of a few, massive monolithic
>> perimeters (e.g. firewalls) and evolving to a world of
>> many thousands of entities, each with their own
>> perimeter, each with an implied "firewall" as it
>> journeys around the infrastructure.

...you inadvertently agreed with me, even if you didn't know it ;)

So again, it's not about getting rid of the perimeter (de-perimeterization) but rather redefining what describes it (re-perimeterization.)

That's what I meant when I said they were expanding, but the diameter (of the controls/policies) were collapsing...

Make more sense?

Andrew Yeomans

The dimensions in the Jericho Forum cube model are architectural. That's why the fourth dimension of Outsourced / Insourced is treated separately.

My simple definitions of the other axes are:-

Internal / External:- can you get hold of the physical media? The distinction reduces as virtualisation increases, but it's needed as it affects the risk / confidentiality / legal issues / data destruction.

Perimeterised / De-perimeterised:- is the data mingled with that of your collaborators, or is it all yours? (The Cloud Security Alliance have a similar concept of "multi-tenanted".) Phrasing it that way tends to be more productive than debating where the perimeter is.

Open / Proprietary:- Can you easily move your data, applications, interfaces to an alternate provider? Which may be an internal cloud. Or are you locked in to a single vendor? Of course, while cloud computing is still young, there may be problems in finding a second supplier, even if the formats and protocols are defined and "open".

Hope that helps!

Chuck Hollis

Yes, that's better -- thanks!

-- Chuck

The comments to this entry are closed.

Chuck Hollis


  • Chuck Hollis
    SVP, Oracle Converged Infrastructure Systems
    @chuckhollis

    Chuck now works for Oracle, and is now deeply embroiled in IT infrastructure.

    Previously, he was with VMware for 2 years, and EMC for 18 years before that, most of them great.

    He enjoys speaking to customer and industry audiences about a variety of technology topics, and -- of course -- enjoys blogging.

    Chuck lives in Vero Beach, FL with his wife and four dogs when he's not traveling. In his spare time, Chuck is working on his second career as an aging rock musician.

    Warning: do not ever buy him a drink when there is a piano nearby.

    Note: these are my personal views, and aren't reviewed or approved by my employer.
Enter your Email:
Preview | Powered by FeedBlitz

General Housekeeping

  • Frequency of Updates
    I try and write something new 1-2 times per week; less if I'm travelling, more if I'm in the office. Hopefully you'll find the frequency about right!
  • Comments and Feedback
    All courteous comments welcome. TypePad occasionally puts comments into the spam folder, but I'll fish them out. Thanks!