Virtualization Advisor

Expert analysis and advice on server virtualization technologies, deployments and management.

RSS
All Posts | RSS

Our bloggers: Kevin Fogarty is a veteran technology journalist and analyst who has previously worked for Computerworld, Baseline, eWeek, and Illuminata. Virtualization expert Edward L. Haletky is the author of "VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers", Pearson Education (2008) and runs his own firm, AstroArch Consulting. Laurianne McLaughlin serves as technology editor for CIO, focusing on virtualization as a primary area of coverage.

Wed, May 07, 2008

The Problem with Bolt-On Security for Virtual Environments

By Edward L. Haletky

Keywords: Virtualization, VMware, virtual security, virtual server security, Virtual Infrastructure 3, virtual environment, VE

What's the problem with bolt-on security for virtual servers and virtual environments? Too many people forget that VMware Virtual Infrastructure 3 (VI3) is the entire virtual environment (VE). Granted the core is VMware ESX, VMware ESXi, and can include VMware Server, but it is much more than that. Let's consider the many pieces of your enterprise that must be examined as you secure virtualization.

VI3 includes VMware Clustering, and independent hosts incorporating such items as VMware Dynamic Resource Scheduling (DRS), VMware High Availability (HA), VMotion, and Storage VMotion.

Then there's the storage technology in use in your enterprise, whether it's local storage or remote storage such as iSCSI, NFS over NAS, or SAN physical devices, or the Lefthand Networks Virtual SAN Appliance. Once we discuss storage, we need to discuss how virtual machines access the storage, whether using virtual machine disk files, using raw disk maps to logical units (LUNs) presented to the virtualization host, using iSCSI initiators within the VM, accessing a NAS or SAN directly via the network, or using Fibre Channel N_Port ID Virtualization.

If a network is involved, which is almost always the case, we need to discuss the networks involved and how VMs are accessed. Are the virtual machines accessed via a DMZ? Via production, administrative, or test networks? Are the VMs communicated with using some form of special application, VPN, SSL Tunnel, RDP, Virtual Desktop Infrastructure (VDI), or the remote console over the web of the VMware Virtual Infrastructure Client?

In order to create and manage VMs, we now add into the mix the question of how you manage the entire environment, whether via something that uses the VMware SDK, VIC connected to Virtual Center, or even a single host, VMware Lab Manager, VMware Life Cycle Manager, or via the remains of the full service console.

All of this is just a brief view of what comprises the virtual environment, whether you're using technology from VMware or other vendors. Virtualization security is needed every step of the way. It is possible to bolt-on security after the environment is deployed, but that is just a stop gap solution at best. Security should be considered from the very beginning of a virtual infrastructure deployment.

Remember, virtual security applies not only to the virtual environment but also to what touches or interfaces with the environment, including firewalls, routers, gateways, intrusion detection and prevention systems (IDS/IPS), storage and switch fabrics. Included in switch fabrics are VLANs and NPIV.

Loading...
Virtualization Vendor Matrix

Find out what vendors offer the products you need.

View the Vendor Matrix »
Virtualization ABCs

Get up to speed on virtualization.

Learn More »
Virtualization MarketSpace
MarketSpace White Papers
HP and VMware: Virtualization to consolidate server resources for maximum efficiency
Virtualization enables proven cost savings and efficiencies. Now you can tap that power by consolidating multiple applications and heterogeneous operating systems on a single server... Learn more »
Gartner Paper: U.S. Data Centers
According to Gartner, the majority of existing US datacenters have not been designed to handle future energy demands. Strategic decisions, including the implementation of virtualization, must be made quickly... Learn more »
Gartner Paper: How IT Management Can "Green" the Data Center
Datacenters consume large amounts of energy, so it is imperative that IT management establishes energy efficiency goals and an integrated approach to energy-saving initiatives... Learn more »
 
SPONSORED LINKS
 

Consolidation: Just the Starting Point for Virtualization

Getting in Compliance with Government Data Regulations

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

The Benefits of Data Deduplication for Data Protection in the Enterprise

File Integrity Monitoring: Secure Your Virtual & Physical IT Environments

How the Mac is Becoming an IT Standard in the Enterprise

Storage Efficiency: The Key to Green Storage Operation

Oracle Database 11g: Real Application Testing & Manageability

Reap the Benefits of Unified Communications

Efficient by design: Watch this flash demo of the Quad-Core AMD Opteron Processor

HP and Oracle deploy unbreakable computing infrastructure at Replacements, Ltd.

Optimizing Infrastructure Control

Effective Security with a Continuous Approach to ISO 27001 Compliance

Best Practices for Providing Secure and Cost-Effective Remote Access

How Does Your IT Help Desk Measure Up?

White Paper: Businesses Thrive by Unifying Business Communications

Sheriff's Office Uses PocketCop to Access Police Databases from BlackBerry® Smartphones

The BlackBerry Solution Adds Significant Benefit to Toshiba

Network Immunity Manager Video

Spam-proof your business with Google's hosted security solutions

Global Crossing is the most viable alternative for voice, video and data

Plan better, manage better

Dell Latitude: Battery life up to 19 hours. Learn more

Video: 21st Century Networking for a 12th Century Castle

Speed, agility, flexibility - The HP BladeSystem c-Class

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Destination: Intelligent Data Center Automation

Build up or Tear down? See how UC makes sense with Nortel. Calculate your UC ROI

Protecting Data in a Highly Networked World

Maximizing Site Visitor Trust Using Extended Validation SSL

Standalone Server vs. Open Source Toolkits

Getting Off on the Right Foot: Avoiding Common Master Data Management False Starts

The Challenge of Network Access Control -- Is a Managed Service the Answer?

Renowned Engineering Institution Chooses AMD Processor-Based Servers

New research validates telepresence solutions.

Configuration Assessment: Choosing the Right Solution

They Can't Steal What You Don't Have: Smart Security Choices for Mobile Workers

How to Calculate the ROI of Remote Support

31 Best Practices for the Service Desk

Unified Communications Software: The Death of VoIP?

Heinz Uses a Wireless, Automated, Auditing process on BlackBerry® devices

Write an RFP for Master Data Management: 10 Common Mistakes to Avoid

HP Puts Its Disaster-tolerant Capabilities to the Test

Compuware.com - See how we make IT rock around the world

CA delivers deeper insight into your assets, resources, projects & services so you can make more informed IT decisions

Discover PMI's credentials and career path tools

SOA Educational Library at the TIBCO SOA Resource Center

TDWI Report shows strong validation for investing in predictive analytics

Learn about the software-based VoIP solution from Microsoft

 
 
RESOURCE CENTER