Watch on YouTube
Watch on Vimeo
When you think about cloud infrastructure security there are three main goals you are trying to achieve. First, you want to be secure quickly and stay that way. Second, you want to drive trust in your infrastructure. Third, you want to be resilient, easily. Broadcom’s Bob Plankers will take you through the latest security innovations in VMware Cloud Foundation 9.0 for providing next-level security, trust and resilience, empowering IT operations amidst regulatory complexities and geopolitical uncertainty.
The presentation focused on security and trust in VCF 9.0, emphasizing a “security first” approach, prioritizing ongoing security practices over infrequent compliance audits. A key theme was enabling customers to be secure faster, recognizing that security is a means to delivering services and running workloads. Plankers highlighted the importance of resilience, referencing features like vMotion and the EU’s Digital Operational Resilience Act, addressing both tactical and strategic scenarios such as failed application upgrades and disaster recovery.
The core differentiator of VCF 9.0 is inherent trust in the stack, moving towards less trust and more continuous verification. This includes verifying the platform’s security state, data sovereignty, and controlled access. The discussion covered lifecycle patching enhancements with Lifecycle Manager, aiming to simplify updates and manage multi-vendor cluster images. Features like live patching, custom EVC profiles, and improved GPU usage were also discussed as facilitating easier maintenance and patching, reducing friction.
The presentation went into deep dive on enhancements inside the hypervisor for security, including code signing, secure boot, and sandboxing. Confidential computing with AMD SEV-ES and Intel SGX technologies was explored, along with the introduction of a user-level monitor to de-privilege VM escapes. Workload security improvements encompass secure boot, hardened virtual USB, TPM 2.0 updates, and forensic snapshots. Cryptographic enhancements included TLS 1.3 by default, cipher suite selection, and key wrapping. Centralized password management, unified security operations, and standardized APIs for role-based access control further enhance security and automation.
Personnel: Bob Plankers
Thank you for being part of the Tech Field Day community! Our mailing list is a great way to stay up to date on our events and technical content, and we appreciate your signup.
We promise that we’ll never spam you, send ads, or sell your information. This list will only be used to communicate with our community about our events and content. And we’ll limit it to no more than one message per week.
Although we only need your email address, it would be nice if you provided a little more information to help us get to know you better!
