Skip Links

When the compliance officer comes calling … hide the VMotion

VMotion's inability to comply with regulations causes Compliance Officers heartburn.

By Ryan Trost on Thu, 08/20/09 - 8:31am.

So for the time being let's set aside some of those pesky security consideration - hypervisor attacks, VM sprawl, etc and focus on VMotion.  VMotion is used to move VMs from one ESX Server to another ESX Server while still maintaining uptime (basically the end user has absolutely no idea their backend VM is re-locating to another ESX server).  The primary reasoning for this is ESX maintenance.  As of right now, all VMotion traffic MUST BE UNENCRYPTED.  Of course from a technical standpoint securing VMotion consists of creating its own VLAN and locked it down.  Pretty secure when done correctly.  But the big question still exists: will auditors and compliance officers less knowledgeable about VLAN security or virtualization throw up 'red flags' once they discover VMotion is cleartext? 

The answer is not simple.  In my experience, auditors and compliance officers don't know enough about virtualization to really put it under a microscope.  Simply put, they don't even know VMotion exists.  Unfortunately, by and large, a majority of evaluators haven't been trained to sufficiently deal with virtualization in the field.  (Now of course, some auditors/compliance officers are better than others which truth be told I'd rather deal with someone that knows what they are doing instead of someone I have to end up 'training'.) 

As the director of security and privacy for my company, I simply can't risk it and require my vmAdmins to find a different solution to transplant servers with sensitive information (in my case, PHI and PII).  Unfortunately the current solution to migrate VMs off the ESX severs negates the high availability constant uptime component...as the VM will need to be taken offline and manually added to inventory on one of the other ESX servers.  SLA anyone?  Painful I know!  

But because of the new HIPAA push (ARRA/HITECH) many of my processes are being scrutinized and I can't take the chance.  As most Security-minded people know, you can't rely on sweeping the possible infraction under the carpet and "not getting caught."  It's just a matter of time before the issue surfaces and if you are deemed negligent, your credibility will be damaged and chances are high you will undergo an enormous amount of additional scrutiny. So I'm choosing not to use Vmotion at this time.

A VMWare contact of mine said that securing VMotion using SSL encryption is fast approaching. That feature can't come fast enough for me.