Difference between revisions of "VMware Cloud"

From LIMSWiki
Jump to navigationJump to search
(Created as needed.)
 
 
(4 intermediate revisions by the same user not shown)
Line 17: Line 17:
| locations        =  
| locations        =  
| area_served      = Worldwide
| area_served      = Worldwide
| key_people      = Zane Rowe (CEO)
| key_people      = Raghu Raghuram (CEO)
| industry        = Computing, Cloud computing, Web services
| industry        = Computing, Cloud computing, Web services
| products        = [[Software as a service|SaaS]]
| products        = [[Software as a service|SaaS]]
| services        =  
| services        =  
| revenue          = $3.3 billion (2020, Q4)<ref name="VMwareQ421">{{cite web |url=https://ir.vmware.com/websites/vmware/English/2120/us-press-release.html?airportNewsID=3916c89f-daa8-4a0e-aa1d-ad61eaaaab38 |title=VMware Reports Fourth Quarter and Fiscal Year 2021 Results |publisher=VMware |date=25 February 2021 |accessdate=29 April 2021}}</ref>
| revenue          = $3.71 billion (2023, Q4)<ref name="VMwareQ421">{{cite web |url=https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/earnings/vmw-earnings-release-nongaap-q423.pdf |format=PDF |title=VMware Reports Fourth Quarter and Fiscal Year 2023 Results |publisher=VMware |date=02 March 2023 |accessdate=04 August 2023}}</ref>
| operating_income =  
| operating_income =  
| net_income      =  
| net_income      =  
Line 37: Line 37:
}}
}}


'''VMware Cloud''' is a collection of hybrid and multicloud software solutions offered as a service by VMware that give you the "flexibility to migrate to any cloud, run apps on every major hyperscale cloud, and access hundreds of innovative cloud-native services to drive app modernization."<ref name="VMwareTransform">{{cite web |url=https://www.vmware.com/cloud-solutions.html |title=Transform Your Apps and Cloud Faster with VMware Cloud |publisher=VMware |accessdate=29 April 2021}}</ref> Additionally, the solutions allow you to "choose the optimal cloud for your apps with the option to deploy natively or on proven VMware infrastructure."<ref name="VMwareTransform" /> Solutions include VMware Cloud Foundation, VMware Cloud on AWS, VMware Cloud on Dell EMC, VRealize Cloud Management, and VMware Cloud Universal.<ref name="VMwareTransform" /> The VMware Cloud solutions support the Amazon, Google, IBM, Microsoft, Oracle public clouds, among others.<ref name="VMwareHybrid">{{cite web |url=https://www.vmware.com/cloud-solutions/hybrid-cloud.html |title=Hybrid Cloud Solutions |publisher=VMware |accessdate=29 April 2021}}</ref>
'''VMware Cloud''' is a collection of hybrid and multicloud software solutions offered as a service by VMware that give you the "flexibility to migrate to any cloud, run apps on every major hyperscale cloud, and access hundreds of innovative cloud-native services to drive app modernization."<ref name="VMwareTransform">{{cite web |url=https://www.vmware.com/cloud-solutions.html |title=Transform Your Apps and Cloud Faster with VMware Cloud |publisher=VMware |accessdate=04 August 2023}}</ref> Additionally, the solutions allow you to "choose the optimal cloud for your apps with the option to deploy natively or on proven VMware infrastructure."<ref name="VMwareTransform" /> Solutions include VMware Cloud Foundation, VMware Cloud on AWS, VMware Cloud on Dell EMC, VRealize Cloud Management, and VMware Cloud Universal.<ref name="VMwareTransform" /> The VMware Cloud solutions support the Amazon, Google, IBM, Microsoft, Oracle public clouds, among others.<ref name="VMwareHybrid">{{cite web |url=https://www.vmware.com/cloud-solutions/hybrid-cloud.html |title=Hybrid Cloud Solutions |publisher=VMware |accessdate=04 August 2023}}</ref>


VMware Cloud is also notable for its VMware Cloud Verified program. VMware notes: "VMware Cloud Provider Partners deliver VMware Cloud Infrastructure in services worldwide with the VMware Cloud Verified designation. Gain support for your apps—from existing to cloud-native to SaaS—across private, public, and hybrid clouds using services by partners displaying the VMware Cloud Verified logo."<ref name="VMwareCloudVerified">{{cite web |url=https://www.vmware.com/vmware-cloud-verified.html |title=VMware Cloud Verified |publisher=VMware |accessdate=29 April 2021}}</ref> As of late April 2021, VMware Cloud boasts more than 250 VMware Cloud Verified providers around the world, with some 88 percent of them offering some flavor of [[infrastructure as a service]] (IaaS) offering and 33 percent of them offering some flavor of [[platform as a service]] (PaaS) offering. This includes major public cloud providers such as [[OVHcloud|OVH]]. Interested parties can consult the [https://cloud.vmware.com/providers/search-result search filters] available for these providers to filter by data center location, region, validated service, compliance and certifications, services offered, and vertical markets.
VMware Cloud is also notable for its VMware Cloud Verified program. VMware notes: "VMware Cloud Provider Partners deliver VMware Cloud Infrastructure in services worldwide with the VMware Cloud Verified designation. Gain support for your apps—from existing to cloud-native to SaaS—across private, public, and hybrid clouds using services by partners displaying the VMware Cloud Verified logo."<ref name="VMwareCloudVerified">{{cite web |url=https://www.vmware.com/vmware-cloud-verified.html |title=VMware Cloud Verified |publisher=VMware |accessdate=04 August 2023}}</ref> As of late April 2021, VMware Cloud boasts more than 360 VMware Cloud Verified providers around the world, with some 85 percent of them offering some flavor of [[infrastructure as a service]] (IaaS) offering and 39 percent of them offering some flavor of [[platform as a service]] (PaaS) offering.<ref name="VMWareCSPs">{{cite web |url=https://cloud.vmware.com/providers/search-result |title=Find A VMware Cloud Services Provider |publisher=VMware |accessdate=04 August 2023}}</ref> This includes major public cloud providers such as [[OVHcloud|OVH]]. Interested parties can consult the [https://cloud.vmware.com/providers/search-result search filters] available for these providers to filter by data center location, region, validated service, compliance and certifications, services offered, and vertical markets.




==Provider research==
==Provider research==
This section uses public information to provide some answers to the 18 questions posed in Chapter 5 of the wiki-based guide ''[[LII:Choosing and Implementing a Cloud-based Service for your Laboratory|Choosing and Implementing a Cloud-based Service for your Laboratory]]''. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made. Additionally, as a hybrid cloud provider, some of the questions from Chapter 5 (e.g., "How segregated is our cloud data from another customer's") are not relevant, as they are not providing public cloud services. ''Note that VMware Cloud offers some of its cloud services on the AWS IaaS and is not a public cloud provider itself, with VMware Cloud on AWS replacing its public cloud business in mid-2017.''<ref name="VMwareCloudServSec19">{{cite web |url=https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/cloud-services/vmware-cloud-services-on-aws-security-overview-white-paper.pdf |format=PDF |title=VMware Cloud Services Security Overview |publisher=VMware |date=August 2019 |accessdate=29 April 2021}}</ref><ref name="AcronisWhatIs">{{cite web |url=https://www.acronis.com/en-us/articles/vmware-cloud/ |title=What is VMware Cloud? Benefits for Service Providers |publisher=Acronis |accessdate=29 April 2021}}</ref>
This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide ''[[LII:Choosing and Implementing a Cloud-based Service for Your Laboratory|Choosing and Implementing a Cloud-based Service for Your Laboratory]]''. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made. Additionally, as a hybrid cloud provider, some of the questions from Chapter 5 (e.g., "How segregated is our cloud data from another customer's") are not relevant, as they are not providing public cloud services. ''Note that VMware Cloud offers some of its cloud services on the AWS IaaS and is not a public cloud provider itself, with VMware Cloud on AWS replacing its public cloud business in mid-2017.''<ref name="VMwareCloudServSec19">{{cite web |url=https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/cloud-services/vmware-cloud-services-on-aws-security-overview-white-paper.pdf |archiveurl=https://web.archive.org/web/20200221063600/https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/cloud-services/vmware-cloud-services-on-aws-security-overview-white-paper.pdf |format=PDF |title=VMware Cloud Services Security Overview |publisher=VMware |date=August 2019 |archivedate=21 February 2020 |accessdate=04 August 2023}}</ref><ref name="AcronisWhatIs">{{cite web |url=https://www.acronis.com/en-us/blog/posts/vmware-cloud/ |title=What is VMware Cloud? Benefits for Service Providers |publisher=Acronis |date=20 April 2020 |accessdate=04 August 2023}}</ref>




1. '''What experience do you have working with laboratory customers in our specific industry?'''
1. '''What experience do you have working with laboratory customers in our specific industry?'''


VMware Cloud services have been used or are currently being used by [[Laboratory|laboratories]] such as Centre National de la Recherche Scientifique<ref name="HudsonCNRS19">{{cite web |url=https://blogs.vmware.com/management/2019/01/cnrs-renews-their-it-infrastructure-with-private-cloud.html |title=CNRS renews their IT infrastructure with private cloud |author=Hudson, A. |work=VMware Cloud Management Blog |publisher=VMware |date=11 January 2019 |accessdate=24 April 2021}}</ref>, Charles River Laboratories<ref name="VMwareAnother12">{{cite web |url=https://blogs.vmware.com/cloudprovider/2012/05/another-vmware-cloud-charles-river-laboratories-runs-their-hybrid-cloud-on-vmware.html |title=Another VMware Cloud: Charles River Laboratories Runs Their Hybrid Cloud on VMware |author=VMware Cloud Provider Team |work=VMware Cloud Provider Blog |publisher=VMware |date=08 May 2012 |accessdate=24 April 2021}}</ref>, and ESC Lab Sciences.<ref name="VMwareAnotherESC16">{{cite web |url=https://blogs.vmware.com/cloudprovider/2016/03/another-vmware-cloud-in-action-esc-lab-sciences-turns-to-vmware-for-durable-disaster-recovery.html |title=Another VMware Cloud in Action — ESC Lab Sciences Turns to VMware for Durable Disaster Recovery |author=VMware Cloud Provider Team |work=VMware Cloud Provider Blog |publisher=VMware |date=02 March 2016 |accessdate=24 April 2021}}</ref> A VMware Cloud representative is likely to be able to supply more examples of laboratories that use or have used VMware Cloud.
VMware Cloud services have been used or are currently being used by [[Laboratory|laboratories]] such as Centre National de la Recherche Scientifique<ref name="HudsonCNRS19">{{cite web |url=https://blogs.vmware.com/management/2019/01/cnrs-renews-their-it-infrastructure-with-private-cloud.html |title=CNRS renews their IT infrastructure with private cloud |author=Hudson, A. |work=VMware Cloud Management Blog |publisher=VMware |date=11 January 2019 |accessdate=04 August 2023}}</ref>, Charles River Laboratories<ref name="VMwareAnother12">{{cite web |url=https://blogs.vmware.com/cloudprovider/2012/05/another-vmware-cloud-charles-river-laboratories-runs-their-hybrid-cloud-on-vmware.html |title=Another VMware Cloud: Charles River Laboratories Runs Their Hybrid Cloud on VMware |author=VMware Cloud Provider Team |work=VMware Cloud Provider Blog |publisher=VMware |date=08 May 2012 |accessdate=04 August 2023}}</ref>, and ESC Lab Sciences.<ref name="VMwareAnotherESC16">{{cite web |url=https://blogs.vmware.com/cloudprovider/2016/03/another-vmware-cloud-in-action-esc-lab-sciences-turns-to-vmware-for-durable-disaster-recovery.html |title=Another VMware Cloud in Action — ESC Lab Sciences Turns to VMware for Durable Disaster Recovery |author=VMware Cloud Provider Team |work=VMware Cloud Provider Blog |publisher=VMware |date=02 March 2016 |accessdate=04 August 2023}}</ref> A VMware Cloud representative is likely to be able to supply more examples of laboratories that use or have used VMware Cloud.




2. '''Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?'''
2. '''Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?'''


VMware speaks broadly of the importance of [https://www.vmware.com/topics/glossary/content/hybrid-cloud integration in hybrid cloud] computing, but it doesn't appear to go into lengthy discussion of how its solution facilitates integrating with your systems and business practices. The company does discuss its [https://www.vmware.com/products/cloud-director.html VMware Cloud Director] solution as an integration tool, though outside of features and benefits the company doesn't clearly say what the solution is other than calling it a "cloud service delivery platform." You'll have to discuss how VMware cloud can integrated with your systems and processes with a VMware Cloud representative.
VMware speaks broadly of the importance of [https://www.vmware.com/topics/glossary/content/hybrid-cloud.html integration in hybrid cloud] computing, but it doesn't appear to go into lengthy discussion of how its solution facilitates integrating with your systems and business practices. The company does discuss its [https://www.vmware.com/products/cloud-director.html VMware Cloud Director] solution as an integration tool, though outside of features and benefits the company doesn't clearly say what the solution is other than calling it a "cloud service delivery platform." You'll have to discuss how VMware cloud can integrated with your systems and processes with a VMware Cloud representative.




Line 83: Line 83:
<blockquote>In alignment with the ISO 27001 standard, all VMware personnel are required to complete annual security awareness training. Personnel supporting VMware managed services receive additional role-based security training to perform their job functions in a secure manner. Compliance audits are periodically performed to validate that employees understand and follow the established policies.</blockquote>  
<blockquote>In alignment with the ISO 27001 standard, all VMware personnel are required to complete annual security awareness training. Personnel supporting VMware managed services receive additional role-based security training to perform their job functions in a secure manner. Compliance audits are periodically performed to validate that employees understand and follow the established policies.</blockquote>  


Consult the VMware Cloud for AWS [https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/cloud-services/vmware-cloud-services-on-aws-security-overview-white-paper.pdf security guide] or a representative to learn more.
Consult the VMware Cloud for AWS [https://web.archive.org/web/20200221063600/https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/cloud-services/vmware-cloud-services-on-aws-security-overview-white-paper.pdf security guide] or a representative to learn more.




7. '''Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?'''
7. '''Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?'''


VMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. However, the company notes that "VMware builds security into the foundations of every one of our cloud solutions. This means our offerings align with major compliance certifications to maintain standards that meet industry best-practices."<ref name="VMwareSecurityTrust">{{cite web |url=https://cloud.vmware.com/trust-center/security |title=VMware Cloud Trust Center - Security |publisher=VMware |accessdate=24 April 2021}}</ref>
VMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. However, the company notes that "VMware builds security into the foundations of every one of our cloud solutions. This means our offerings align with major compliance certifications to maintain standards that meet industry best-practices."<ref name="VMwareSecurityTrust">{{cite web |url=https://www.vmware.com/products/trust-center.html#security |title=VMware Cloud Trust Center - Security |publisher=VMware |accessdate=04 August 2023}}</ref>




Line 104: Line 104:
VMware Cloud documents its thoughts and practices on security in several places:
VMware Cloud documents its thoughts and practices on security in several places:


* [https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/cloud-services/vmware-cloud-services-on-aws-security-overview-white-paper.pdf VMware Cloud Services security overview for offerings running on AWS IaaS]
* [https://web.archive.org/web/20200221063600/https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/cloud-services/vmware-cloud-services-on-aws-security-overview-white-paper.pdf VMware Cloud Services security overview for offerings running on AWS IaaS]
* [https://cloud.vmware.com/trust-center/security VMware Cloud security page]
* [https://www.vmware.com/products/trust-center.html#security VMware Cloud security page]
* [https://www.vmware.com/cloud-solutions/multi-cloud-ops/security.html VMware multicloud security page]
* [https://www.vmware.com/solutions/multi-cloud-security.html VMware multicloud security page]




10. '''How do you test your platform's security?'''
10. '''How do you test your platform's security?'''


Broadly speaking, VMware briefly notes that its security development lifecycle (SDL) includes "product security assessments, threat modeling, static and dynamic scans, and penetration testing."<ref name="VMwareSDL">{{cite web |url=https://www.vmware.com/security/sdl.html |title=VMware Security Development Lifecycle |publisher=VMware |accessdate=24 April 2021}}</ref> In regards to VMware Cloud for AWS, VMware discusses the security development lifecycle program it uses, with<ref name="VMwareCloudServSec19" />:
Broadly speaking, VMware briefly notes that its security development lifecycle (SDL) includes "product security assessments, threat modeling, static and dynamic scans, and penetration testing."<ref name="VMwareSDL">{{cite web |url=https://www.vmware.com/security/sdl.html |title=VMware Security Development Lifecycle |publisher=VMware |accessdate=04 August 2023}}</ref> In regards to VMware Cloud for AWS, VMware discusses the security development lifecycle program it uses, with<ref name="VMwareCloudServSec19" />:


* code undergoing "a rigorous review for code security and quality"
* code undergoing "a rigorous review for code security and quality"
Line 120: Line 120:
11. '''What are your policies for security audits, intrusion detection, and intrusion reporting?'''
11. '''What are your policies for security audits, intrusion detection, and intrusion reporting?'''


VMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. The company says little about intrusion detection and reporting outside of its [https://www.vmware.com/products/nsx-distributed-ids-ips.html NSX Distributed IDS/IPS]. In regards to its VMware Cloud for AWS, "VMware has an intrusion detection system and other tools in place that continuously monitor for deviations in production from our baseline configurations and generate notifications."<ref name="VMwareCloudServSec19" /> Their security document adds<ref name="VMwareCloudServSec19" />:
VMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. The company says little about intrusion detection and reporting outside of its [https://www.vmware.com/products/nsx-advanced-threat-prevention.html NSX Distributed IDS/IPS]. In regards to its VMware Cloud for AWS, "VMware has an intrusion detection system and other tools in place that continuously monitor for deviations in production from our baseline configurations and generate notifications."<ref name="VMwareCloudServSec19" /> Their security document adds<ref name="VMwareCloudServSec19" />:


<blockquote>The logging and monitoring framework for VMware Cloud Services allows for the identification of incidents to specific tenants. A SIEM system is in place and merges data sources for granular analysis and alerting, and is used by the VMware Security Operations Center.</blockquote>
<blockquote>The logging and monitoring framework for VMware Cloud Services allows for the identification of incidents to specific tenants. A SIEM system is in place and merges data sources for granular analysis and alerting, and is used by the VMware Security Operations Center.</blockquote>
Line 127: Line 127:
12. '''What data logging information is kept and acted upon in relation to our data?'''
12. '''What data logging information is kept and acted upon in relation to our data?'''


In its terms of service, VMware indicates<ref name="VMwareTermsServ">{{cite web |url=https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/downloads/eula/vmware-cloud-services-universal-tos.pdf |format=PDF |title=Terms of Service |publisher=VMware |date=20 September 2020 |accessdate=24 April 2021}}</ref>:
In its terms of service, VMware indicates<ref name="VMwareTermsServ">{{cite web |url=https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/downloads/eula/vmware-cloud-services-universal-tos.pdf |format=PDF |title=Terms of Service |publisher=VMware |date=20 September 2020 |accessdate=04 August 2023}}</ref>:


<blockquote>We monitor and collect configuration, performance, and usage data relating to your use of the Service Offering: (a) to facilitate delivery of the Service Offering (such as (i) tracking entitlements, (ii) providing support, (iii) monitoring the performance, integrity, and stability of the Service Offering’s infrastructure, and (iv) preventing or addressing service or technical issues); and (b) to improve our products and services, and your experience. You must not interfere with that monitoring. We will not access Your Content except as necessary to provide the Service Offering, or pursuant to Section 1.9 (“Required Disclosures”).</blockquote>
<blockquote>We monitor and collect configuration, performance, and usage data relating to your use of the Service Offering: (a) to facilitate delivery of the Service Offering (such as (i) tracking entitlements, (ii) providing support, (iii) monitoring the performance, integrity, and stability of the Service Offering’s infrastructure, and (iv) preventing or addressing service or technical issues); and (b) to improve our products and services, and your experience. You must not interfere with that monitoring. We will not access Your Content except as necessary to provide the Service Offering, or pursuant to Section 1.9 (“Required Disclosures”).</blockquote>
Line 141: Line 141:
14. '''For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?'''
14. '''For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?'''


VMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. That said, it's worth noting that the VMware Cloud for AWS offering is "completed an independent third-party examination against applicable controls of HIPAA, and a Business Associate Agreement (BAA) is also available."<ref name="MillingtonVMwareHIPAA18">{{cite web |url=https://blogs.vmware.com/industry-solutions/2018/06/26/vmware-cloud-on-aws-supports-hipaa-regulated-apps-and-data-for-healthcare-organizations/ |title=VMware Cloud on AWS Supports HIPAA Regulated Apps and Data for Healthcare Organizations |author=Millington, J. |work=VMware Industry Solutions Blog |publisher=VMware |date=26 June 2018 |accessdate=24 April 2021}}</ref>
VMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. That said, it's worth noting that the VMware Cloud for AWS offering is "completed an independent third-party examination against applicable controls of HIPAA, and a Business Associate Agreement (BAA) is also available."<ref name="MillingtonVMwareHIPAA18">{{cite web |url=https://blogs.vmware.com/industry-solutions/2018/06/26/vmware-cloud-on-aws-supports-hipaa-regulated-apps-and-data-for-healthcare-organizations/ |title=VMware Cloud on AWS Supports HIPAA Regulated Apps and Data for Healthcare Organizations |author=Millington, J. |work=VMware Industry Solutions Blog |publisher=VMware |date=26 June 2018 |accessdate=04 August 2023}}</ref>




Line 151: Line 151:
16. '''What happens to our data should you go out of business or suffer a catastrophic event?'''
16. '''What happens to our data should you go out of business or suffer a catastrophic event?'''


It's not publicly clear how VMware would handle your data should they go out of business; consult with a representative about this topic. As for catastrophic events, VMware Cloud on AWS and VMware Site Recovery provide means for proactive disaster avoidance.<ref name="MorganRapidly20">{{cite web |url=https://cloud.vmware.com/community/2020/03/24/rapidly-respond-business-continuity-challenges-vmware-cloud-aws/ |title=Rapidly respond to business continuity challenges with VMware Cloud on AWS |author=Morgan, M. |work=VMware Cloud Community |publisher=VMware |date=24 March 2020 |accessdate=24 April 2021}}</ref> This is a topic for further discussion with a representative.
It's not publicly clear how VMware would handle your data should they go out of business; consult with a representative about this topic. As for catastrophic events, VMware Cloud on AWS and VMware Site Recovery provide means for proactive disaster avoidance.<ref name="MorganRapidly20">{{cite web |url=https://cloud.vmware.com/community/2020/03/24/rapidly-respond-business-continuity-challenges-vmware-cloud-aws/ |title=Rapidly respond to business continuity challenges with VMware Cloud on AWS |author=Morgan, M. |work=VMware Cloud Community |publisher=VMware |date=24 March 2020 |accessdate=04 August 2023}}</ref> This is a topic for further discussion with a representative.




Line 162: Line 162:


It is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with a VMware Cloud representative.
It is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with a VMware Cloud representative.
==Managed security services==
VMware Cloud doesn't appear to explicitly advertise "managed security services." VMware does, however, offer professional services through its VMware Professional Services offering.<ref name="VMwarePro">{{cite web |url=https://www.vmware.com/professional-services.html |title=Professional Services |publisher=VMware |accessdate=04 August 2023}}</ref> Under its "Intrinsic Security" section, VMware notes several categories of services<ref name="VMwareProSec">{{cite web |url=https://www.vmware.com/professional-services/security.html |title=Intrinsic Security |publisher=VMware |accessdate=04 August 2023}}</ref>:
* '''Advisory services''': security rule and policy review, audits of remediation and threat intelligence, and system optimization
* '''System health check''': analysis of system configuration and components, penetration testing, and configuration validation
* '''Operational services''': gap analysis in business operations and security decision tree development
* '''Migration services''': migration oversight and review of imported security profiles, automations, etc.
* '''Design and deploy''': integration management, threat protection and prevention optimization, risk management, and policy implementation
* '''Network security''': security policy and firewall rule development, antivirus and endpoint protection, micro-segmentation assistance, and security group and profile configuration




Line 167: Line 177:


===Documentation and other media===
===Documentation and other media===
* [https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/cloud-services/vmware-cloud-services-on-aws-security-overview-white-paper.pdf VMware Cloud Services security overview for offerings running on AWS IaaS]
* [https://web.archive.org/web/20200221063600/https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/cloud-services/vmware-cloud-services-on-aws-security-overview-white-paper.pdf VMware Cloud Services security overview for offerings running on AWS IaaS]


===External links===
===External links===
* [https://www.vmware.com/security/sdl.html VMware Cloud development and auditing practices]
* [https://www.vmware.com/security/sdl.html VMware Cloud development and auditing practices]
* [https://cloud.vmware.com/providers/search-result VMware Cloud Verified provider search and filters]
* [https://cloud.vmware.com/providers/search-result VMware Cloud Verified provider search and filters]
* [https://cloud.vmware.com/trust-center VMware Cloud trust center]
* [https://www.vmware.com/products/trust-center.html VMware Cloud trust center]
* [https://www.vmware.com/professional-services.html VMware Professional Services]


==Further reading==
==Further reading==
Line 179: Line 190:
==References==
==References==
{{Reflist|colwidth=30em}}
{{Reflist|colwidth=30em}}
<!---Place all category tags here-->
[[Category:Cloud computing services]]
[[Category:Managed security services]]

Latest revision as of 22:59, 28 February 2024

VMware Cloud
Industry Computing, Cloud computing, Web services
Founder(s) Mendel Rosenblum
Diane Greene
Scott Devine
Ellen Wang
Edouard Bugnion
Headquarters Palo Alto, California, United States
Area served Worldwide
Key people Raghu Raghuram (CEO)
Products SaaS
Revenue $3.71 billion (2023, Q4)[1]
Website cloud.vmware.com


VMware Cloud is a collection of hybrid and multicloud software solutions offered as a service by VMware that give you the "flexibility to migrate to any cloud, run apps on every major hyperscale cloud, and access hundreds of innovative cloud-native services to drive app modernization."[2] Additionally, the solutions allow you to "choose the optimal cloud for your apps with the option to deploy natively or on proven VMware infrastructure."[2] Solutions include VMware Cloud Foundation, VMware Cloud on AWS, VMware Cloud on Dell EMC, VRealize Cloud Management, and VMware Cloud Universal.[2] The VMware Cloud solutions support the Amazon, Google, IBM, Microsoft, Oracle public clouds, among others.[3]

VMware Cloud is also notable for its VMware Cloud Verified program. VMware notes: "VMware Cloud Provider Partners deliver VMware Cloud Infrastructure in services worldwide with the VMware Cloud Verified designation. Gain support for your apps—from existing to cloud-native to SaaS—across private, public, and hybrid clouds using services by partners displaying the VMware Cloud Verified logo."[4] As of late April 2021, VMware Cloud boasts more than 360 VMware Cloud Verified providers around the world, with some 85 percent of them offering some flavor of infrastructure as a service (IaaS) offering and 39 percent of them offering some flavor of platform as a service (PaaS) offering.[5] This includes major public cloud providers such as OVH. Interested parties can consult the search filters available for these providers to filter by data center location, region, validated service, compliance and certifications, services offered, and vertical markets.


Provider research

This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide Choosing and Implementing a Cloud-based Service for Your Laboratory. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made. Additionally, as a hybrid cloud provider, some of the questions from Chapter 5 (e.g., "How segregated is our cloud data from another customer's") are not relevant, as they are not providing public cloud services. Note that VMware Cloud offers some of its cloud services on the AWS IaaS and is not a public cloud provider itself, with VMware Cloud on AWS replacing its public cloud business in mid-2017.[6][7]


1. What experience do you have working with laboratory customers in our specific industry?

VMware Cloud services have been used or are currently being used by laboratories such as Centre National de la Recherche Scientifique[8], Charles River Laboratories[9], and ESC Lab Sciences.[10] A VMware Cloud representative is likely to be able to supply more examples of laboratories that use or have used VMware Cloud.


2. Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?

VMware speaks broadly of the importance of integration in hybrid cloud computing, but it doesn't appear to go into lengthy discussion of how its solution facilitates integrating with your systems and business practices. The company does discuss its VMware Cloud Director solution as an integration tool, though outside of features and benefits the company doesn't clearly say what the solution is other than calling it a "cloud service delivery platform." You'll have to discuss how VMware cloud can integrated with your systems and processes with a VMware Cloud representative.


3. What is the average total historical downtime for the service(s) we're interested in?

Some public information is made available about historic outages and downtime. VMware Cloud has a systems status page with status history (scroll down to the bottom and click on the "Incident History" link). You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. A follow-up on this question with a VMware Cloud representative may reveal more historical downtime history for the services you are interested in.


4. Do we receive comprehensive downtime support in the case of downtime?

VMware Cloud does not make this answer clear. However, the answer is likely tied to what support plan you choose. Confirm with VMware Cloud what downtime support they provide based on the services your organization are interested in.


5. Where are your servers located, and how is data securely transferred to and from those servers?

VMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. That said, it will be useful to understand the underlying technology supplied by VMware in regards to data transmission to public and private cloud instances. VMware says this about data transfer security[6]:

For data that is required to move through public networks, VMware provides customers with the ability to create IPsec and SSL VPN tunnels from their environments that support the most common encryption methods, including 128-byte and 256-byte AES. Data in transit (authentications, administrative access, customer information, etc.) is encrypted with standard encryption mechanisms (i.e., SSH, TLS and Secure RDP). Communication that transports sensitive information (authentications, administrative access, customer information, etc.) is encrypted with standard encryption mechanisms.


6. Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?

VMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. That said, VMware says this about access to customer data specifically in regards to VMware Cloud for AWS[6]:

Access to customer environments where a customer’s data is stored requires an authorized VMware operator to authenticate via two-factor authentication to an access control system to generate a user-specific time-based credential. Generation of these temporary credentials must be tied to a specific incident, and all activity performed by the users is logged. The VMware Security Operations Center uses log capture, security monitoring technologies and intrusion detection tools to monitor VMware personnel accessing customer data and to look for unauthorized access attempts.

As for training and certifications for VMware Cloud for AWS offerings[6]:

In alignment with the ISO 27001 standard, all VMware personnel are required to complete annual security awareness training. Personnel supporting VMware managed services receive additional role-based security training to perform their job functions in a secure manner. Compliance audits are periodically performed to validate that employees understand and follow the established policies.

Consult the VMware Cloud for AWS security guide or a representative to learn more.


7. Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?

VMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. However, the company notes that "VMware builds security into the foundations of every one of our cloud solutions. This means our offerings align with major compliance certifications to maintain standards that meet industry best-practices."[11]


8. How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)

VMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. However, VMware says this about segregation specifically in regards to VMware Cloud for AWS[6]:

Production and non-production environments are logically and physically segregated. Development, quality assurance (QA) and production use separate equipment and environments, and are managed by separate teams.

To learn more, discuss this with a VMware Cloud representative.


9. Do you have documented data security policies?

VMware Cloud documents its thoughts and practices on security in several places:


10. How do you test your platform's security?

Broadly speaking, VMware briefly notes that its security development lifecycle (SDL) includes "product security assessments, threat modeling, static and dynamic scans, and penetration testing."[12] In regards to VMware Cloud for AWS, VMware discusses the security development lifecycle program it uses, with[6]:

  • code undergoing "a rigorous review for code security and quality"
  • the software development lifecycle catching "security issues early in the lifecycle"
  • verification that "all software suppliers adhere to industry standards for security development lifecycle security using its comprehensive vendor risk management process"


11. What are your policies for security audits, intrusion detection, and intrusion reporting?

VMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. The company says little about intrusion detection and reporting outside of its NSX Distributed IDS/IPS. In regards to its VMware Cloud for AWS, "VMware has an intrusion detection system and other tools in place that continuously monitor for deviations in production from our baseline configurations and generate notifications."[6] Their security document adds[6]:

The logging and monitoring framework for VMware Cloud Services allows for the identification of incidents to specific tenants. A SIEM system is in place and merges data sources for granular analysis and alerting, and is used by the VMware Security Operations Center.


12. What data logging information is kept and acted upon in relation to our data?

In its terms of service, VMware indicates[13]:

We monitor and collect configuration, performance, and usage data relating to your use of the Service Offering: (a) to facilitate delivery of the Service Offering (such as (i) tracking entitlements, (ii) providing support, (iii) monitoring the performance, integrity, and stability of the Service Offering’s infrastructure, and (iv) preventing or addressing service or technical issues); and (b) to improve our products and services, and your experience. You must not interfere with that monitoring. We will not access Your Content except as necessary to provide the Service Offering, or pursuant to Section 1.9 (“Required Disclosures”).

For further details, discuss this with a VMware representative.


13. How thorough are those logs and can we audit them on-demand?

Like the prior question, discuss this with a VMware representative.


14. For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?

VMware Cloud in itself is not a public cloud, and as such, this question is not fully relevant. That said, it's worth noting that the VMware Cloud for AWS offering is "completed an independent third-party examination against applicable controls of HIPAA, and a Business Associate Agreement (BAA) is also available."[14]


15. What happens to our data should the contract expire or be terminated?

Per the terms of service, "[d]eletion of any Content remaining in the Service Offering will occur as specified in the applicable Service Description. As between you and us, you are responsible for ensuring that you have necessary copies of all Your Content prior to the effective date of any termination."[13] Presumably you'll be backing up your data and information elsewhere before then. However, discuss with a representative to learn more.


16. What happens to our data should you go out of business or suffer a catastrophic event?

It's not publicly clear how VMware would handle your data should they go out of business; consult with a representative about this topic. As for catastrophic events, VMware Cloud on AWS and VMware Site Recovery provide means for proactive disaster avoidance.[15] This is a topic for further discussion with a representative.


17. Can we use your interface to extract our data when we want, and in what format will it be?

As a hybrid solution, you should be able to extract data at whim to another private of public cloud location. Extracting data for the VMware Cloud for AWS offering may be different. Consult with a VMware Cloud representative.


18. Are your support services native or outsourced/offshored?

It is unclear if support personnel are local to the customer or if support is outsourced to another business and country. Discuss this with a VMware Cloud representative.

Managed security services

VMware Cloud doesn't appear to explicitly advertise "managed security services." VMware does, however, offer professional services through its VMware Professional Services offering.[16] Under its "Intrinsic Security" section, VMware notes several categories of services[17]:

  • Advisory services: security rule and policy review, audits of remediation and threat intelligence, and system optimization
  • System health check: analysis of system configuration and components, penetration testing, and configuration validation
  • Operational services: gap analysis in business operations and security decision tree development
  • Migration services: migration oversight and review of imported security profiles, automations, etc.
  • Design and deploy: integration management, threat protection and prevention optimization, risk management, and policy implementation
  • Network security: security policy and firewall rule development, antivirus and endpoint protection, micro-segmentation assistance, and security group and profile configuration


Additional information

Documentation and other media

External links

Further reading

Rouse, M.; Moore, N. (April 2018). "VMware Cloud on AWS". TechTarget - SearchVMware. Archived from the original on 14 August 2020. https://web.archive.org/web/20200814113334/https://searchvmware.techtarget.com/definition/VMware-Cloud-on-AWS. 


References

  1. "VMware Reports Fourth Quarter and Fiscal Year 2023 Results" (PDF). VMware. 2 March 2023. https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/earnings/vmw-earnings-release-nongaap-q423.pdf. Retrieved 04 August 2023. 
  2. 2.0 2.1 2.2 "Transform Your Apps and Cloud Faster with VMware Cloud". VMware. https://www.vmware.com/cloud-solutions.html. Retrieved 04 August 2023. 
  3. "Hybrid Cloud Solutions". VMware. https://www.vmware.com/cloud-solutions/hybrid-cloud.html. Retrieved 04 August 2023. 
  4. "VMware Cloud Verified". VMware. https://www.vmware.com/vmware-cloud-verified.html. Retrieved 04 August 2023. 
  5. "Find A VMware Cloud Services Provider". VMware. https://cloud.vmware.com/providers/search-result. Retrieved 04 August 2023. 
  6. 6.0 6.1 6.2 6.3 6.4 6.5 6.6 6.7 "VMware Cloud Services Security Overview" (PDF). VMware. August 2019. Archived from the original on 21 February 2020. https://web.archive.org/web/20200221063600/https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/cloud-services/vmware-cloud-services-on-aws-security-overview-white-paper.pdf. Retrieved 04 August 2023. 
  7. "What is VMware Cloud? Benefits for Service Providers". Acronis. 20 April 2020. https://www.acronis.com/en-us/blog/posts/vmware-cloud/. Retrieved 04 August 2023. 
  8. Hudson, A. (11 January 2019). "CNRS renews their IT infrastructure with private cloud". VMware Cloud Management Blog. VMware. https://blogs.vmware.com/management/2019/01/cnrs-renews-their-it-infrastructure-with-private-cloud.html. Retrieved 04 August 2023. 
  9. VMware Cloud Provider Team (8 May 2012). "Another VMware Cloud: Charles River Laboratories Runs Their Hybrid Cloud on VMware". VMware Cloud Provider Blog. VMware. https://blogs.vmware.com/cloudprovider/2012/05/another-vmware-cloud-charles-river-laboratories-runs-their-hybrid-cloud-on-vmware.html. Retrieved 04 August 2023. 
  10. VMware Cloud Provider Team (2 March 2016). "Another VMware Cloud in Action — ESC Lab Sciences Turns to VMware for Durable Disaster Recovery". VMware Cloud Provider Blog. VMware. https://blogs.vmware.com/cloudprovider/2016/03/another-vmware-cloud-in-action-esc-lab-sciences-turns-to-vmware-for-durable-disaster-recovery.html. Retrieved 04 August 2023. 
  11. "VMware Cloud Trust Center - Security". VMware. https://www.vmware.com/products/trust-center.html#security. Retrieved 04 August 2023. 
  12. "VMware Security Development Lifecycle". VMware. https://www.vmware.com/security/sdl.html. Retrieved 04 August 2023. 
  13. 13.0 13.1 "Terms of Service" (PDF). VMware. 20 September 2020. https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/downloads/eula/vmware-cloud-services-universal-tos.pdf. Retrieved 04 August 2023. 
  14. Millington, J. (26 June 2018). "VMware Cloud on AWS Supports HIPAA Regulated Apps and Data for Healthcare Organizations". VMware Industry Solutions Blog. VMware. https://blogs.vmware.com/industry-solutions/2018/06/26/vmware-cloud-on-aws-supports-hipaa-regulated-apps-and-data-for-healthcare-organizations/. Retrieved 04 August 2023. 
  15. Morgan, M. (24 March 2020). "Rapidly respond to business continuity challenges with VMware Cloud on AWS". VMware Cloud Community. VMware. https://cloud.vmware.com/community/2020/03/24/rapidly-respond-business-continuity-challenges-vmware-cloud-aws/. Retrieved 04 August 2023. 
  16. "Professional Services". VMware. https://www.vmware.com/professional-services.html. Retrieved 04 August 2023. 
  17. "Intrinsic Security". VMware. https://www.vmware.com/professional-services/security.html. Retrieved 04 August 2023.