Virtualization Advisor

Expert analysis and advice on server virtualization technologies, deployments and management.

RSS
All Posts | RSS

Our bloggers: Kevin Fogarty is a veteran technology journalist and analyst who has previously worked for Computerworld, Baseline, eWeek, and Illuminata. Virtualization expert Edward L. Haletky is the author of "VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers", Pearson Education (2008) and runs his own firm, AstroArch Consulting. Laurianne McLaughlin serves as technology editor for CIO, focusing on virtualization as a primary area of coverage.

Mon, July 21, 2008

VMware Appliance is Convenient, But Don't Assume It's Secure

By Edward L. Haletky

Keywords: Virtual server appliance, VMware, ESXi

CONNECTIONS
Microsoft
VMware
Despite its leadership in the virtual server market, VMware has been aware of and preparing for the threat of competition from Microsoft's Hyper-V hypervisor for long enough to roll out not only strategies, but actual products.

One of these is ESXi, a cut-down form of the VMware ESX server designed to be embedded on servers and sold as a pre-installed and virtual-machine-ready. Dell, HP, and IBM all sell hardware with ESXi embedded.

That makes the installation more convenient. But unfortunately it doesn't do much about the security of the appliance.

ESXi is part of the larger virtual infrastructure and should be secured just like any other component. Security guidelines from the federal Defense Information Security Agency and VMware's own Hardening Guidelines start the discussion on this, but it is not sufficient. Securing ESXi includes securing all things that touch it.

This implies securing storage, management tools, networks, operations, virtual machines and everything else connected to the virtual infrastructure. Everything that is part of the virtual infrastructure touches on the virtualization server.

Is ESXi more secure than VMware ESX? Yes and no.

They both boot the same way, or nearly so. The difference is that instead of booting a management appliance virtual machine that contains GNU/Linux, ESXi boots a management appliance virtual machine that contains a Posix environment called Busybox.

ESXi cannot be treated as an appliance. Any exploit found should be addressed by VMware and by any vendor implementing ESXi. Just as there are exploits for every other operating system, there are ones for ESXi and for Busybox.

Like VMware ESX, security patches for VMware ESXi should also come direct from VMware. All you can do is remediate some aspects by implementing better total Virtual Infrastructure Security.

ESXi contains the same VMware daemons that VMware ESX contains including webAccess—which is subject to a fairly well known SSL MiTM attack; vulnerability to that attack exists within ESXi as well as in ESX. Use of webAccess should therefor be restricted to an administrative network.

There are more and more third-party tools becoming available to manage both ESX and ESXi. These also need to be coded properly to use the VMware SDK, which is over VMware webAccess.

In this way VMware ESXi is no different than VMware ESX. Security of ESXi depends on the security of the virtual infrastructure, not the other way around. Use of ESXi might be more convenient in some cases, but be sure not to assume having vendors pre-install it on their hardware means the appliance is secure.

Loading...
Virtualization Vendor Matrix

Find out what vendors offer the products you need.

View the Vendor Matrix »
Virtualization ABCs

Get up to speed on virtualization.

Learn More »
Virtualization MarketSpace
MarketSpace White Papers
HP and VMware: Virtualization to consolidate server resources for maximum efficiency
 Virtualization enables proven cost savings and efficiencies. Now you can tap that power by consolidating multiple applications and heterogeneous operating systems on a single server... Learn more »
Gartner Research: U.S. Data Centers
 According to Gartner, the majority of existing US datacenters have not been designed to handle future energy demands. Strategic decisions, including the implementation of virtualization, must be made quickly... Learn more »
Gartner Research: How IT Management Can "Green" the Data Center
 Datacenters consume large amounts of energy, so it is imperative that IT management establishes energy efficiency goals and an integrated approach to energy-saving initiatives... Learn more »
 
SPONSORED LINKS
 

Stories of real businesses that Virtualized their IT environments

Consolidation: Just the Starting Point for Virtualization

The ECM Paradox: Extending Local Flexibility to Strengthen Central Control

Customer Insight Yields Sales, Marketing Gains

7 Requirements of Data Loss Prevention

Learn About the Features of the Google Universal Search Solution.

Mission Impossible: Building the Right Project Metrics

Project Portfolio Management - Boost the Value of IT

Telepresence - A Realistic Solution Connecting a Global Workforce

Integrating ActiveRoles With IBM Tivoli Identity Manager 5.0

Quest Authentication and IBM Tivoli Identity Management

Simplify your data center with Juniper Networks. View the webcast

Top 10 Ways to Protect Against Web Threats

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

The Benefits of Data Deduplication for Data Protection in the Enterprise

Reap the Benefits of Unified Communications

Renowned Engineering Institution Chooses AMD Processor-Based Servers

New research validates telepresence solutions.

Heinz Uses a Wireless, Automated, Auditing process on BlackBerry® devices

Network Immunity Manager Video

CIO Starter Kit includes useful resources created by top CIOs. Free Download>>

Manage servers from a single interface-HP Insight Dynamics-VSE

Rolling the dice with your security? Take the Self-Assessment Test now

Keep proven data center technology. Evolve with Brocade

Motorola AirDefense can identify and exterminate your rogue APs. Learn more

Virtualization: Simplify. Automate. Lower Costs.

IT Service Management: Metrics That Matter

Make Hidden Trends, Inter-Relationships and Influences Visible.

Improve delivery of product information to customers.

Prudential Financial Protects its Brand with Symantec

Put Enterprise Communications on Autopilot

Portfolio Management for Effective IT Governance

Unify and Conquer: The Benefits of Unified Communications.

Data Center Asset Planning - Regaining Control of the Data Center

Quest Authentication Services: Simplify Identity Management

Turn Information into a Competitive Advantage

HP Webcast: Transforming the Data Center

How End-User Monitoring Can Help You Improve Customer Satisfaction

Destination: Intelligent Data Center Automation

Protecting Data in a Highly Networked World

Efficient by design: Watch this flash demo of the Quad-Core AMD Opteron Processor

HP and Oracle deploy unbreakable computing infrastructure at Replacements, Ltd.

Sheriff's Office Uses PocketCop to Access Police Databases from BlackBerry® Smartphones

The BlackBerry Solution Adds Significant Benefit to Toshiba

HP Puts Its Disaster-tolerant Capabilities to the Test

Download the free CIO Starter Kit to access useful resources created by top CIOs

AMD. The Future is Fusion

The Future is Fusion. Only from AMD. Learn more

Industry Analyst Report: Top Hosted Exchange Vendors in 2008

Log onto Hitachi True Stories, films inspired by the next great achievement

 
 
RESOURCE CENTER
 
buy a link »
Ads by TechWords