YOUR FEEDBACK
Immo Huneke wrote: A well written article, an ingenious solution to a real problem often encountere...
Cloud Computing Conference
March 30 - April 1, New York
Register Today and SAVE !..

SYS-CON.TV

2008 East
DIAMOND SPONSOR:
Data Direct
Frontiers in Data Access: The Coming Wave in Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
Intel
Virtualization – Path to Predictive Enterprise
Green Hills
IT Security in a Hostile World
JBoss / freedom oss
Practical SOA Approach
GOLD SPONSORS:
Software AG
The Art & Science of SOA: How Governance Enables Adoption
PlateSpin
Effective Planning for Virtual Infrastructure Growth
Fujitsu
Automated Business Process Discovery & Virtualization Service
Ceedo
Workspace Virtualization
Click For 2007 West
Event Webcasts

2008 East
PLATINUM SPONSORS:
Appcelerator
Think Fast: Accelerate AJAX Development with Appcelerator
GOLD SPONSORS:
DreamFace Interactive
The Ultimate Framework for Creating Personalized Web 2.0 Mashups
ICEsoft
AJAX and Social Computing for the Enterprise
Kaazing
Enterprise Comet: Real–Time, Real–Time, or Real–Time Web 2.0?
Nexaweb
Now Playing: Desktop Apps in the Browser!
Sun
jMaki as an AJAX Mashup Framework
POWER PANELS:
The Business Value
of RIAs
What Lies Beyond AJAX?
KEYNOTES:
Douglas Crockford
Can We Fix the Web?
Anthony Franco
2008: The Year of the RIA
Click For 2007 Event Webcasts
TOP THREE LINKS YOU MUST CLICK ON


Security Implications of Virtualization Platforms in the Virtual Data Center
Implementing a successful virtual infrastructure migration

According to Forrester Research, 42% of all enterprise server resources will be virtualized by 2009. [1] Referred to by many names - server virtualization, OS virtualization, kernel virtualization - virtual machine (VM) platforms, such as VMware ESX and Microsoft Hyper-V, are typically the first forms of virtualization introduced to the data center. These technologies are becoming both less expensive and more accessible, making them attractive candidates to be the first virtual "guinea pigs" in the data center. Factors such as consolidation, cost savings, dynamic provisioning, and fluid migration are driving most IT shops to experiment with some form of a virtual platform, driving the adoption of virtual systems in the data center. The advent of large-scale infrastructure systems has moved virtual platforms into the full, public-facing application infrastructure in the data center.

Virtual platform providers have been addressing internal security concerns with their own platforms for some time, as have external groups such as the Center for Internet Security with their VM security benchmarking projects. The goal of these projects is to address the security of the platforms - that is, the base-level running environments for virtual machines. Security criteria included such tasks as blocking external access for remote logins or making sure only authorized administrators could reconfigure the software switch. From an IT perspective, this is similar to locking down Microsoft Windows 2003 web servers; all of the security is applied at the platform level, whether it is a virtual platform like ESX or a physical one like Windows 2003 Server running on bare metal.

Virtual platforms add an additional layer of security requirements, however. The same security threats that exist against Windows 2003 or a particular distribution of Linux will also exist once that OS has been migrated to a VM. The migration to virtual machines in the data center requires a re-architecting of the security plan and structure, leading to potential issues involving Incidence Response, virtual debugging of virtual operating systems and virtual software switches, and DMZ reorientation and design - all of which need to be factors in the security plan for the migration to VMs.

To address the security concerns brought on by introducing virtualization to the data center, a rather large technology sector has emerged: virtualization security, or virtsec. One of the challenges facing IT is "What is VirtSec and how can I implement it?"

Virtualization security can be broken down into three categories:

  1. Security risks added to the data center when new virtualization technologies are introduced, such as the security risks of running multiple VMs on a single hypervisor
  2. Security of virtual machine images and guest operating systems
  3. Virtual instances of physical security devices, such as going from a physical firewall and IPS to a virtual image running the same services

The virtsec market is quickly addressing security issues associated with guest VMs such as patch management and inspecting network traffic between VMs on the same host and software switch, and implementing security technologies directly in VM guests. In fact, one of the largest drivers behind virtualization security implementation is the availability of antivirus and firewall VMs that run on the virtual platform infrastructure. The risk associated with the virtual platforms themselves, however, is still fairly unknown, as there aren't a tremendous number of solutions available for internal hypervisors and platform security today. While tactically the least exploitable part of the virtual data center, hypervisors are strategically the most lucrative attack vector in the VDC as they provide a single point of attack to gain access to multiple, if not all, virtual systems in the data center.

About Alan Murphy
Alan Murphy is technical marketing manager, Management and Virtualization, at F5 Networks.

LATEST AJAXWORLD RIA STORIES
Let’s face it - 2008 was a real slog. Even the most wide-eyed optimist would agree that this was one year whose end was long overdue. Of course, ringing in the New Year doesn’t somehow wash away what has become a fairly deep recession, but it does symbolize the fresh start th...
BonzoBox, a social homepage, has revealed its product to the public. The website has previously operated under a hidden beta only available to selected developers. BonzoBox is an interactive Web tool that allows people to build their own customized "BonzoBox" home page with live ...
Indigo Eight Software's release of AjaxPDF 2.5 lets thousands of DotNetNuke 4.x users view PDF documents in-line. Once installed, choose the PDF document to display, apply any of the optional security settings and the PDF document appears in-line within the Dot Net Nuke site. Thi...
Synology has announced the availability of its Disk Station Manager 2.1 beta which further utilizes AJAX technology, adds new mail server capability with 1-click installation Mail Station add-on, enhances the Synology Surveillance Station, storage management, user management, and...
rPath and WANdisco today announced that WANdisco has selected the rPath rBuilder and rPath Lifecycle Management Platform to build and maintain its Subversion MultiSite solution as a manageable set of application images for delivery in virtualized and cloud-based environments. rPa...
SUBSCRIBE TO THE WORLD'S MOST POWERFUL NEWSLETTERS
SUBSCRIBE TO OUR RSS FEEDS & GET YOUR SYS-CON NEWS LIVE!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021

Click Here

SYS-CON FEATURED WHITEPAPERS

ADS BY GOOGLE