Questions for Analyzing Virtualization-Cloud Products
There are many security issues to consider when selecting virtualization cloud products for your organization. Gregory Machler suggest questions to ask when you're examining your choices
Tue, February 22, 2011
CSO — There are a variety of popular virtualization-cloud-infrastructure products that enable the virtualization of multiple applications on one server. With so many to consider, and so many questions to ask, let's start with this: What type of infrastructure virtualization product do you look for when you have security in mind?
You want one that has clean virtual machine integration (Infrastructure as a Service) with host intrusion detection software, anti-virus protection and malware protection. Each virtual machine supports the latest protection measures that are normally addressed within servers (Platform as a Service). What security measures should be deployed within the server that runs the supports the multiple virtual machines within its kernel or operating system? This server should execute HIDS (Host Intrusion Detection System), anti-virus protection, and server monitoring software to monitor its uptime and health.
What security-related network features do you want? It would be beneficial to have a network virtualization management layer that integrates within the infrastructure management layer. This network management layer addresses three areas. First, the virtual machines need to support web application load balancing over multiple virtual machines to support high bandwidth web traffic. Secondly, like the quality of service (QoS) functions that exist when requesting bandwidth over the internet backbone, it is beneficial to have allocations of bandwidth for each application running on a virtual machine. Applications split up the network bandwidth dedicated to a given server. Thirdly, the bandwidth rules must be tethered to specific virtual machines even when the virtual machines migrate from one server to another. This bandwidth migration is one portion of the puzzle that is necessary for seamless disaster recovery.
What about storage security concerns? First it would be beneficial to have a storage virtualization management layer that integrates with the infrastructure management layer. This management layer addresses three areas. The first one is the mapping of storage capacity to a specific virtual machine. If a virtual machine nears storage capacity limits, it can allocate more capacity by linking one allocation of cloud storage to the next allocation of cloud storage (like a linked list in software) so that storage can grow as the application needs it.
Secondly, the storage virtualization layer sets the policy for a given applications storage replication, both remote (over 200 miles) and/or local distances. This is a critical component of disaster recovery. Thirdly, the storage virtualization layer defines the policy that gives direction to the virtual machine, helping it reconnect to the allocated cloud storage chain, when migrating to another server locally or to a server in another city.