InstantForum.NET v2.9.0SQLServerCentralhttp://www.sqlservercentral.com/Forums/notifications@sqlservercentral.comFri, 24 May 2013 04:57:17 GMT20http://www.sqlservercentral.com/Forums/Topic1163086-263-1.aspx[quote][b]chris.compton-977504 (8/22/2011)[/b][hr]First: I really enjoy your editorials and I read as much and as often as I can. I’m a developer, but I unofficially serve as my group’s DBA – like many people we have DBAs who handle backups, and not much else.Second: About your writing in the first paragraph this morning. Great topic, great idea. Overall [b]you write better than I do, don’t let little mistakes[/b] give a bad impression. Sometimes it sounds ESL – which I’m sure is due to transcription errors.[/quote]Thanks for the note. The review/proof of the work sometimes gets shortchanged at times. Corrections have been made.Mon, 22 Aug 2011 09:21:10 GMTSteve Jones - SSC Editorhttp://www.sqlservercentral.com/Forums/Topic1163086-263-1.aspxThere are actually some exploits that can access the virtual machine's memory or disk if they have access to the physical hardware. vMotion, or similar technologies that allow a virtual machine to move to a different physical one means that you have to be careful.The publication of the exploits, and scripts, mean that you don't necessarily have to be a genius to take advantage of these items.Mon, 22 Aug 2011 09:20:26 GMTSteve Jones - SSC Editorhttp://www.sqlservercentral.com/Forums/Topic1163086-263-1.aspxI'm not a virtualization or security expert, but I'm a little confused over why this was/is an issue. If someone has access to the vCenter app, sure they can open the console of a VM running in the environment, but without the Windows login credentials they wouldn't be able to get very far into the system.And even if they had Windows credentials, they could still be locked out of SQL Server itself.I'm not saying someone with that level of access couldn't do harm. They could shut down the VM or do irreparable damage to the file system. But, I don't see how could get to the data, especially if the backups are encrypted too.Mon, 22 Aug 2011 08:16:40 GMTRandy Rabinhttp://www.sqlservercentral.com/Forums/Topic1163086-263-1.aspxFirst: I really enjoy your editorials and I read as much and as often as I can. I’m a developer, but I unofficially serve as my group’s DBA – like many people we have DBAs who handle backups, and not much else.Second: About your writing in the first paragraph this morning. Great topic, great idea. Overall [b]you write better than I do, don’t let little mistakes[/b] give a bad impression. Sometimes it sounds ESL – which I’m sure is due to transcription errors.First paragraph from your email at 12:49 AM Eastern:"I have a few friends that are working [b]*1[/b] virtualize almost their entire computer infrastructures. They work in large and small companies, but there is a constant push to avoid the bare metal installation of any operating system onto physical hardware, making every Windows or Unix machine a virtual machine on top of a hypervisor. I was surprised to hear that companies were being [b]to *2[/b] aggressive, but the cost benefits can be huge, and when virtualization is done in a smart way, performance doesn't suffer."I assume that:*1 = "to"and *2 should have been "so" instead of "to" (or perhaps "too")Thanks again for the great content and keep up the great work!Mon, 22 Aug 2011 07:28:41 GMTChris.C-977504http://www.sqlservercentral.com/Forums/Topic1163086-263-1.aspxComments posted to this topic are about the item [B]<A HREF="/articles/Editorial/75620/">Virtual Security</A>[/B]Sun, 21 Aug 2011 21:05:02 GMTSteve Jones - SSC Editor