Virtualization and Cloud Advisor

Expert analysis and advice on server virtualization technologies, deployments and management.

RSS
All Posts | RSS

Our blogger: Bernard Golden is CEO of consulting firm HyperStratus, which specializes in virtualization, cloud computing and related issues. He is also the author of "Virtualization for Dummies," the best-selling book on virtualization to date.

Wed, August 06, 2008

VMware's Free ESXi Will Cost You if it's Not Secured Properly

By Edward L. Haletky

Keywords: VMware ESXi, free VMware, virtual servers, virtual server appliance

CONNECTIONS
VMware
Now that ESXi has been released for free, it is even more important to concentrate on how to secure this version of ESX. Lowering the cost will undoubtedly increase the number of users in small- and mid-sized companies, and in the enterprise as well.

Despite a design that calls for it to be pre-installed or embedded, I have blogged before that ESXi shouldn't be treated only as an appliance, especially as regards security. Additional hardening steps are required to make it reasonably secure.

There are very good guides out there now to harden the GNU/Linux service console specifically the Defense Information Systems Agency's Secure Technology Installation Guide (DISA/STIG) and CIS Security Benchmark which both reference the UNIX and Linux guides respectively as a basis for ESX.

The guides concentrate on a subset of the entire virtual environment which includes ESX, and the VMs, but is not limited to them.

However, the descriptions of what the guides actually cover are imprecise enough that one reader may think they cover only ESX and others will think they cover everything about VM security. But that is another discussion.

The 'Console' for ESXi is an implementation of the Posix variant of Unix within a Busybox framework, and it has many features that you will find in the full blown GNU/Linux service console, including Pluggable Authentication Modules, usernames and passwords, and daemons like Secure Shell (SSH). While enabling SSH within ESXi is not recommended by me nor supported by VMware, I imagine it is enabled on a majority of installs.

This implies now that the hardening guidelines for SSH should be now used, as well as anything related directly to PAM modules, users, and passwords.

But since with SSH enabled users can login to the system, we now need to be concerned about file permissions, and inadvertent information leakage about virtual machines, and the system itself.

While ESXi is sold as an appliance and has some hardening guidelines from VMware, the Busybox 'Console' should also be hardened as well using standard GNU/Linux hardening guidelines specifically adjusted for ESXi.

Virtualization expert Edward L. Haletky is the author of "VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers," Pearson Education (2008.) He recently left Hewlett-Packard, where he worked in the Virtualization, Linux, and High-Performance Technical Computing teams. Haletky owns AstroArch Consulting, providing virtualization, security, and network consulting and development. Haletky is also a champion and moderator for the VMware discussion forums, providing answers to security and configuration questions.
Loading...
Virtualization Vendor Matrix

Find out what vendors offer the products you need.

View the Vendor Matrix »
Virtualization ABCs

Get up to speed on virtualization.

Learn More »
Virtualization MarketSpace
White Papers
Learn how to address key cloud computing challenges
Learn how your organization can face the challenges of: lack of interoperability, security, compliance and application compatibility. Learn more »
VMware: Clearing the fog, a look into the Clouds
Read about VMware's compelling vision & set of products that can help clarify all of the confusion surrounding Cloud Computing. Learn more »
Cloud Computing: A fundamentally new way to deploy IT services
Learn how the VMware vCloud initiative enables you to move to the cloud how you want, when you want, and as much as you want. Learn more »
Calculate Your Specific Potential Virtualization Savings
Discover how organizations are reducing operational costs, and improving efficiency and availability. Learn more »
Forecast: Cloud Computing Looms Big on the Horizon
Read this Executive Guide to learn more about what IT leaders are saying about "Cloud Computing". This is one time when it makes good, practical business sense to have your head in the clouds. Learn more »
 
SPONSORED LINKS
 

Developing A Dynamic, Real-Time IT Infrastructure

Mid-Sized Company CIO Community: infoBOOM!

Read about virtualization and consolidation effort best practices

Building the Virtualized Enterprise with VMware Infrastructure

8 Key Ingredients to Building an Internal Cloud

White Paper: The Building Blocks for Cloud Computing

Taking the Service Desk to the Next Level

Why Data Loss is Increasing--and What You Can Do About It

Data Loss Prevention: A Better Way to Approach Security

Learn how to managing client systems in the enterprise.

Enterprise PBX Buyer's Guide

Secondary Market Primer: Your Network at Half Price

Top-line Performance that's Bottom-line Efficient

Accenture: Outsourcing for uncertain times. Click to learn more.

Learn about the VMware vSphere (TM) & Intel (R) Xeon (R) Processor 5500 Series

Data Center Optimization: Three Key Strategies

Oracle WebLogic Server Technical Demo

Data Grids and Service-Oriented Architecture

Achieving the Impossible: Unlimited Application Scalability

A Middleware Foundation for Application Grid

Tips for successful virtualization management.

Smart Decisions: The Role of Key Performance Indicators

Gartner Shares Predictions for 2009

Introducing the new HP ProLiant G6 server family

Accenture: Outsourcing for Competitive Advantage. More...

Cloud Computing: Read about VMware's compelling vision & set of products

White Paper: 8 Key Ingredients to Building an Internal Cloud

Learn how a virtualized enterprise can help your company reduce costs

Why Isn't Server Virtualization Saving Us More?

Bottom-Line Benefits of Virtualization

A CIO Executive Guide: Cloud Computing Looms Big on the Horizon

Seven Ways ITIL Can Help You in an Economic Downturn

Maximizing the Business Value of the PC Infrastructure

Communications and Collaboration Needs at Business Organizations

Using Open Source to Deploy Web Applications

Enterprise PBX Comparison Guide

Getting Value from Outdated Networking Equipment

Accenture IT Consulting: Logical meets technological. More . . .

Stop Application Fraud at the Source with Device Reputation

Top 10 Business and IT Drivers for the Wealth Management Sector

Oracle's Application Grid Technical Demo

Next-Generation Application Servers and Infrastructure

Application Infrastructure at Enterprise Organizations

Achieving Business Agility with Application Grid

Learn about The Information Technology Infrastructure Library.

Achieving Pervasive Performance Management

Automating the Generation and Secure Distribution of Excel Reports

Get Google Enterprise Search for your business information.

Accenture IT Consulting: Enabling high performance. More...

Top Five CIO Challenges

 
 
RESOURCE CENTER
 
buy a link »
Ads by TechWords