Are you a skeptic in your passion for all things cloudy? Companies buying and selling cloud-based services have had to deal with an attitude shift to "where is my data?" fear and loathing. This angst is understandable, especially when protecting data that can make or break your company's reputation, business transactions, or even worse, data that potentially belongs to your clients.

GSI's complex managed hosting and PCI-DSS compliant hosting clients simply wouldn't/couldn't fathom not knowing where the bits live, and EXACTLY how we were protecting them, feeding them and watching over them every minute of every day. We went for true enterprise virtualization when we built our Matrix virtualization/cloud offering. Tools like VMWare Enterprise, NetApp Storage, Cisco and Force10 Networking, Dell/AMD Servers, etc., have proven themselves over and over again both in our shop and in nearly every IT organization we meet.

If one of our clients wants to know where their data is, we can point it out, both logically and physically. We can explain the security protocols, lockdowns, and testing that is performed to ensure the integrity of their data. We show them our PCI-DSS audit of our Matrix Virtualization platform and enable them to sleep at night knowing that the cloud won't "swallow" their corporate or client data.

We wanted to make sure that our cloud was anything but secret sauce. It's mustard, ketchup and some pickle relish (actually Enterprise Pickle Relish 2.1c).

<analogy alert> I see hosting in the cloud a bit like taking my eight-year-old niece and nephew on a trip to the mall. Most cloud offerings would say, "Go ahead, just drop them off and let them run around our semi-structured environment." Well, besides that fact that there are occasionally a few undesirable people at the mall, I just don't trust that my precious assets will be safe. When I ask for details and get "non-specific" answers on their security, activities, whereabouts and planned activities, I am definitely not going to let them have the run of the place.

However, I have no problem dropping them off at their school, because I know there is a structured security plan, trained professionals that cater to their needs, and at any time, if I need to, I can identify where they are and who they are playing with at recess.

GSI has been offering PCI-DSS compliant virtual machines for a couple of years already. We started by virtualizing environments for individual clients, and in January 2009, we announced our Matrix Virtualization platform, which has been fully validated as part of both our SAS70-Type II and PCI-DSS compliance assessments (yes, we are a PCI-DSS Level 1 Service Provider). PCI in the cloud can be done, and is being done.

Further Reading

GSI's Matrix Virtualization Platform

vSphere 4 New Features and Capabilities

The recent release of vSphere 4 has introduced a large number of new features and concepts. In this post, I'm going to highlight some of the cool new features and concepts that really set VMware ahead in the landscape of server virtualization.

Cloud Computing vs. VMware vCloud

One of my favorite quotes about cloud computing came from Oracle CEO Larry Ellison when he said, "Maybe I'm an idiot, but I have no idea what anyone is talking about. What is it? It's complete gibberish. It's insane. When is this idiocy going to stop?" Anyone who has followed the hype behind cloud computing can understand his confusion. Cloud computing has come to encompass SAAS, DAAS, utility computing, Web 2.0, grid computing, and a myriad of other buzzwords people have lumped into the cloud.
To many, clouds have been made into the panacea of where computing and administration are going. If you are an IT administrator, those promises start to fall flat when hard questions about security, manageability, and responsibility are asked:

• If I'm using a cloud, where is my data?
• I have all these auditors (SAS-70, PCI, etc.) asking to see my data center. Where do I send them?
• Billing per CPU cycle sounds great, but how much is my bill actually going to be?

Enter VMware with the vCloud product offering. vCloud allows you to maintain control of the infrastructure and still get the cloudy benefits of fast deployment, scalability and flexibility. Because the infrastructure is controlled by your organization, the data is as secure as you would like it to be. Auditors can complete on-site checks to ensure your compliance, because it is your infrastructure. True utilization of physical resources can easily be determined so you can forecast hardware purchases. More...