The challenge is to hack through a mythical small health care company’s simulated corporate network environment to access the 10,000 or so patient medical records.
LightCyber is playing it close to the chest with the details, but Shruti Bhat, director of product marketing for Ravello Systems, the company that is providing the cloud platform for the hack game, tells me some basic assumptions can be made about what participants will see when they click to begin. It is the replica of a small healthcare provider’s data center environment, so at minimum they can probably count on a multi-node configuration with a database, app servers and a load balancer.
The participants can also count on this: The game won’t be running on hardware in a data center (a typical set up for this kind of exercise); the simulation probably didn’t take several months to set up (which, again, is typical); and set up costs most likely were not $100,000 to $500,000 (ditto).
Not that the participants will know, or maybe even care, about how the environment is provided or how much it cost to provide it.
LightCyber, though, does care — as well as other companies that would like to offer something similar to their users or prospective clients, but have been daunted by the work and costs involved.
Too much money, time to do it the old-fashioned way
Peter Nguyen, director of technical marketing at LightCyber, made a point of referring to the months of work and investment in hardware it would have otherwise had to make to offer this challenge, in the company statement when the challenge was announced.
Nguyen didn’t mention costs but according to industry talk, setting up a complex simulation environment — we are talking 100 nodes or more — via traditional methods can be as much as $500,000.
For most companies, that is a lot of money and resources for a 12-hour game. It is a lot, for that matter, for most reasons why a company would want to set up a virtual data center environment equipped with actual appliances and network traffic. It may want a virtual test bed for a new product that may or may not make it past the beta stage. Customized demos for prospective clients sounds nice too. So does employee cyber preparation and training for attacks. They’re all viable business uses, but do their return-on-investment pencil in anywhere close to $500,000?
Public cloud virtualization
Ravello’s virtual cloud offering, in case you haven’t guessed where I am going with this, cracks this particular budget nut by recreating a company’s data center application in the cloud. The public cloud, that is.
In other words, Ravello is able to create an exact copy of a user’s data center application (specifically, a VMware or KVM-based multi-VM application with complex networking) and deploy it in the public cloud, specifically, in this case on AWS or Google Cloud. The company says it has a comparable offering for Azure in private beta and will be rolling that out in short order.
Ravello offers this as a software-as-a-service with minimal deployment time.
Running nested virtualization in the cloud
How? For starters, the company says it has figured out how to run nested virtualization in the cloud. It then combines that with software-defined networking.
Nested virtualization as a concept has been around for almost as long as virtualization.
It refers to the idea of running a hypervisor inside a virtual machine — that is, “nesting” the hypervisor within another hypervisor.
What the industry wasn’t been able to do though — and it desperately wanted to — was normalize the very different operating environments of these public clouds with the data center using nested virtualization.
That is what Ravello figured out how to do.
“We can take that hypervisor and run it in the cloud,” Bhat says.
It is Ravello’s secret sauce needless to say, duly secured by patents and trademarks. The team spent two years in stealth R&D mode after it quietly launched in 2011, working on this problem. In 2013, it made its cloud platform generally available.
One reason it got there first is that hypervisor experience can be hard to find. Ravello’s founding team, though, came up in the technology — Bhat’s bio includes virtualization junkie — and came together to address this and related issues.
Cyber-security-range as a service
In the two years since it began offering the platform, customers have come up with an interesting range of uses for it, Bhat said.
Some have created elaborate cyber training ranges — similar to firearm training or practice facilities here on earth — so their own employees can practice for the inevitable day of when the company’s IT perimeter is cyber attacked. They could practice before of course, but now they can practice in an exact replica of their data center.
There are quite a few requests for this after the Target store breach, Bhat said.
Other companies use the platform to create customized, elaborate demos for prospective clients or to give a sales team more rigorous product training.
Product testing, not surprisingly, is huge with Ravello’s users who use the platform to design and test products on various networking scenarios.
And now LightCyber is using Ravello for its simulation game next month.
Spreading the word
Most of the corporate users of the Ravello platform are not inclined to talk about the sensitive and confidential projects they are running on the platform.
But simulated contests like LightCyber’s certainly don’t fall in that category. They are fun, bestow hacker bona fides on the winner and, not-so-incidentally, create market awareness for the company that ran it.
Out of all of the uses so far of Ravello’s cloud platform, this strikes one (well, me at least) as the most likely to create awareness that the public cloud is now open for data center virtualization.
This article was written by Erika Morphy from Computerworld and was legally licensed through the NewsCred publisher network.