The Problem with Bolt-On Security for Virtual Environments

By Edward L. Haletky
Wed, May 07, 2008
. What's this?

CIO — What's the problem with bolt-on security for virtual servers and virtual environments? Too many people forget that VMware Virtual Infrastructure 3 (VI3) is the entire virtual environment (VE). Granted the core is VMware ESX, VMware ESXi, and can include VMware Server, but it is much more than that. Let's consider the many pieces of your enterprise that must be examined as you secure virtualization.

VI3 includes VMware Clustering, and independent hosts incorporating such items as VMware Dynamic Resource Scheduling (DRS), VMware High Availability (HA), VMotion, and Storage VMotion.

Then there's the storage technology in use in your enterprise, whether it's local storage or remote storage such as iSCSI, NFS over NAS, or SAN physical devices, or the Lefthand Networks Virtual SAN Appliance. Once we discuss storage, we need to discuss how virtual machines access the storage, whether using virtual machine disk files, using raw disk maps to logical units (LUNs) presented to the virtualization host, using iSCSI initiators within the VM, accessing a NAS or SAN directly via the network, or using Fibre Channel N_Port ID Virtualization.

If a network is involved, which is almost always the case, we need to discuss the networks involved and how VMs are accessed. Are the virtual machines accessed via a DMZ? Via production, administrative, or test networks? Are the VMs communicated with using some form of special application, VPN, SSL Tunnel, RDP, Virtual Desktop Infrastructure (VDI), or the remote console over the web of the VMware Virtual Infrastructure Client?

In order to create and manage VMs, we now add into the mix the question of how you manage the entire environment, whether via something that uses the VMware SDK, VIC connected to Virtual Center, or even a single host, VMware Lab Manager, VMware Life Cycle Manager, or via the remains of the full service console.

All of this is just a brief view of what comprises the virtual environment, whether you're using technology from VMware or other vendors. Virtualization security is needed every step of the way. It is possible to bolt-on security after the environment is deployed, but that is just a stop gap solution at best. Security should be considered from the very beginning of a virtual infrastructure deployment.

Remember, virtual security applies not only to the virtual environment but also to what touches or interfaces with the environment, including firewalls, routers, gateways, intrusion detection and prevention systems (IDS/IPS), storage and switch fabrics. Included in switch fabrics are VLANs and NPIV.

Continue Reading

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
White Papers »
Virtualizing the Client - The HP Way
HP VirtualSystem delivers best-in-class virtualization, with integrated software, services, infrastructure, and management - all delivered as one proven solution.

Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
Using HP's Converged Storage to Develop/Enhance Business Resiliency in VMware Environments
In this report, Enterprise Strategy Group reviews how HP's portfolio of hardware, software, and services can provide the foundational support for VMware environments. When it comes to business continuity, HP Converged Storage streamlines virtualization initiatives, accelerating realization of the business benefits that contribute to IT's ability to maintain high service levels and customer satisfaction.

Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
How Blade Centers Impact Data Center Management and Agility
This paper examines enterprise adoption of blade servers in the US, UK and China; the benefits of blade server use; and the connection between enterprise data center management and agility goals and blade server use. It reveals that blade servers are highly associated with core infrastructure consolidation and optimization efforts and offer high value to users as a virtualization platform and means of reducing OpEx.

Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
Nemertes Research PilotHouse Awards: Server for Virtualization
The Nemertes Research PilotHouse Awards provide insight on the performance of technology vendors, according to feedback from IT decision makers who use their products or services. See which vendors were recognized for their servers built for virtualization.

Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
IDG Tech Dossier: Converged Storage ~ A Next Gen Virtualized Architecture
Organizations need a strategy for rearchitecting storage so that it enables, rather than constricts, the delivery of IT services. According to HP, it's all about Converged Storage, which breaks through the barriers, reducing complexity so that IT can expand storage on a "pay as you grow" basis. It involves the creation a pool of storage based on modular building blocks that can be moved and reconfigured on the fly to support a range of needs. In fact, HP's approach to Converged Storage incorporates several core capabilities - read this tech dossier to learn more.

Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
IDG Tech Dossier: Converged Storage ~ Utility Storage: The Ideal Platform for Virtual and Cloud Computing
Server virtualization has transformed corporate IT -- companies have enjoyed major cost savings and have gained flexibility and efficiency. But this has also led to a proliferation of virtual machines and servers that threaten to overwhelm data movement and storage technologies. In this IDG Tech Dossier, learn how utility storage makes for massive consolidation, flexibility and scalability, so IT departments can reduce storage infrastructure and lower costs while improving their ability to respond to fast-changing needs of business units.

Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
Webcasts »
Virtualizing More While Improving Your Risk Posture - Industry Leaders Offer Definitive Choice to Cloud Security
Second in a three-part series discussing the "4 Must Haves" in virtualization security designed to help large organizations understand the challenges of securing virtualized environments while positioning themselves to take advantage of future IT and business opportunities.

Gain insights into next generation, virtualization-optimized solutions to help you drive:

+ Faster time-to-value from your security initiatives
+ Provide corporate with visibility and enable a state of continuous compliance
+ Reduce risk via automated configuration and policy-based access and enforcement engine
Today's NAS: A Solution Beyond Old Limits
Date: Tuesday, July 17, 2012 2:00 PM EDT

Traditional NAS systems don't scale beyond fixed limits. Proliferation of NAS systems leads to management challenges. Many organizations also use traditional block-based SAN solutions for transactional systems like databases and email. Having separate block and file storage also adds to management challenges.
Introduction to Virtualization
Have you been thinking about what it would take to start using virtualization? Or do you know the basics and want to find out more? No problem. This webcast is designed for anyone with little to no knowledge of virtualization technology. Attend this webcast to learn:

-A basic overview of the business value of the technology and some key capabilities that make virtualization so valuable to IT and the businesses you serve.
-The basics for creating virtual machines and the key choices that can be made along the route to deployment.
Capacity Management As You Know It Is Dead: How to Optimize Infrastructure Planning and Gain Control in Large-Scale Virtual & Cloud
Capacity management may not be dead yet, but with the adoption of private clouds it's barely recognizable. Join Andrew Hillier as he outlines best practices for gaining control over dynamic capacity supply and workload demand in large scale virtual and cloud infrastructure. Hear how leading Fortune 500 organizations increased agility, reduced risk and costs by optimizing infrastructure planning and management processes.
Virtualizing Disaster Recovery and Business Continuity
Disaster recovery is a form of insurance to protect your IT assets when a disaster strikes. Learn how to protect your business in this insightful webinar.
A Winning Combination for Success: Consolidation & Virtualization
These days, distributed enterprises must ensure application performance while keeping costs down. But what is the best way to accomplish this? And how can you simplify IT management and reduce complexity while delivering essential local services?
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

Virtualizing the Client - The HP Way

Using HP's Converged Storage to Develop/Enhance Business Resiliency in VMware Environments

How Blade Centers Impact Data Center Management and Agility

Nemertes Research PilotHouse Awards: Server for Virtualization

IDG Tech Dossier: Converged Storage ~ A Next Gen Virtualized Architecture

IDG Tech Dossier: Converged Storage ~ Utility Storage: The Ideal Platform for Virtual and Cloud Computing

Dell 3-2-1 Reference Configurations: High-availability virtualization with Dell PowerEdge R515 servers

Dispelling the Vapor Around Cloud Computing

10 Reasons to Modernize the Desktop

Best Practice Guide "Taking a Proactive Approach to Patch Management"

Dell 12 G Case Study with VMware

Breaking Down Virtualization Barriers

Riverbed Services Platform Feature Brief

The CIO's Guide to Optimizing Virtual Desktops

Why AppSense for VDI: How User Virtualization performs and adds value

The SMB Top Choice for Virtualization

IT Consolidation with HP and VMware for the Midmarket

How SMBs Get on Board with Virtualization

What Is VMware vCenter Site Recovery Manager?

SMBs Launch into Cloud Computing and Virtualization
Sponsored Links

Learn how Accenture helps clients become high-performing businesses

Choose New and slash the number of devices you manage

Customized information views & Twitter events at New Fulcrum Point

Splunk translates machine data into "aha" moments for IT and the business.

ManageEngine Desktop Central - Automate and Audit Your Desktop Management! Learn More...

Cloud Readiness Starts with Intel® Technology

Visit the Virtually There Learning Page to learn how to use virtualization to your competitive advantage.

High performance. Delivered. Click to see Accenture's client successes

CYBERMARYLAND | Learn Why Maryland is the Epicenter for Cybersecurity

Get Ethernet speeds from 1 Mbps to 10 Gbps - Comcast Business Class

Cognizant. Leading in Business, Application & Technology Services

Collaboration: driving better business outcomes

Managed Hosting Buyer's Guide - Benefits to key considerations

Click to see how Accenture has delivered high performance to clients

Learn how Accenture helps clients become high-performing businesses.

Choose New and manage one device instead of 170

Choose New for 8x the firewall and NAT performance

Check out a smart way of mobilizing your business with enterprise-ready Samsung Mobile.

Redefine your data center with HP servers.

Enhance your business with Windstream IT Solutions. Speak to someone local.

BlackBerry® Mobile Fusion. Different mobile devices. One platform.

Akamai Kona Security. Web security so you can innovate fearlessly

Click to see how Accenture has delivered high performance to clients

Free: Hunter Muller's "The Transformational CIO."

Join us for an upcoming Microsoft 365 live online demo event.

Discover your easiest path to unified communications

Virtualizing Your Infrastructure Just Got Easier

Gain cutting-edge insights at MIT in 2-5 day executive programs.

See how Accenture helps clients perform at the highest levels

Connect with global CIOs now at Enterprise CIO Forum

Resource Center
buy a link »
Ads by TechWords