Thanks for coming back! While here, you may want our Free Whitepaper.
Okay, that is simply a prediction, and no I am not even remotely good at predictions, but this one I feel pretty secure about saying out loud.
What we learned this year is that although we gain many benefits when we virtualize our environment, we also often have more questions than answers, especially when it comes to securing our virtual servers.
Recently we posted about this very subject, and gave some great information about security, but recently we ran across an article that Dave Rosenberg wrote for CNET. In this article not only is there a great interview, but some really great practical information for all IT management and staff. Dave interviewed Amir Ben-Efraim, who gave a few examples of things to look out for when deploying a virtualized environment. (Note: This information is focused on VMware solutions, as they are the most prevalent in today’s data centers, and Altor recently became VMsafe-certified.)
Virtual networks have many unique features and functionality, compared to a physical server environment, and they thus require a security solution that is architected specifically for protecting inter-VM traffic without detracting from virtualization’s value, Ben-Efraim said.
* VMs have Internet Protocol and MAC addresses (for each virtual-network adapter), but those change when a VM moves or goes to a different physical host. Any security policy that has been explicitly defined to protect a VM must be adhered to the VM by its, in the case of VMware, Universally Unique Identifier (UUID), rather than the MAC address; otherwise the security “breaks” during VM migration.
* VMs can move from ESX host to ESX host, in order to take advantage of capacity and memory that will optimize performance. Traffic flowing through this VM should not be impeded. So if, for instance, a virtual firewall is statefully handling a session into and out of a VM, the session should continue, as should the application of the security inspection, without disruption. Security policies can carry over as well, provided that they are not tied to a specific address.
* Rather than having IT personnel prepare and connect a physical server, they can simply clone an existing VM, and have it up and running in minutes. The new VM will simply inherit the settings of the parent. However, the inheritance needs to include the security policies and applications in existence for a VM of that type.
When implementing virtualized networks, system architects need to take security into account from start to finish. A solution that’s not secure compromises not just one server, but potentially hundreds of virtualized instances.
If you haven’t read the article by Dave Rosenberg in full, you really should. Dave broke down the information and presented it in a concise manner.
The Tek-Tools Profiler Suite provides end-to-end visibility into both physical and virtualized infrastructure, all from a single pane-of-glass view. This visibility enables users to reclaim wasted and under-utilized resources that they have lost track of. Profiler allows users to optimize their investment in technology by saving time and money, as well as by streamlining network operations.
Follow us @Tek_Tools.
{ 1 trackback }
{ 0 comments… add one now }