- Bank Web sites full of security holes
- SCO Group: Its future is all used up
- Maligned feature being added to IPv6
- I returned my iPhone 3G after six days!
- VPNs: Six burning questions
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
What's the problem with bolt-on security for virtual servers and virtual environments? Too many people forget that VMware Virtual Infrastructure 3 (VI3) is the entire virtual environment (VE). Granted the core is VMware ESX, VMware ESXi, and can include VMware Server, but it is much more than that. Let's consider the many pieces of your enterprise that must be examined as you secure virtualization.
VI3 includes VMware Clustering, and independent hosts incorporating such items as VMware Dynamic Resource Scheduling (DRS), VMware High Availability (HA), VMotion, and Storage VMotion.
Then there's the storage technology in use in your enterprise, whether it's local storage or remote storage such as iSCSI, NFS over NAS, or SAN physical devices, or the Lefthand Networks Virtual SAN Appliance. Once we discuss storage, we need to discuss how virtual machines access the storage, whether using virtual machine disk files, using raw disk maps to logical units (LUNs) presented to the virtualization host, using iSCSI initiators within the VM, accessing a NAS or SAN directly via the network, or using Fibre Channel N_Port ID Virtualization.
If a network is involved, which is almost always the case, we need to discuss the networks involved and how VMs are accessed. Are the virtual machines accessed via a DMZ? Via production, administrative, or test networks? Are the VMs communicated with using some form of special application, VPN, SSL Tunnel, RDP, Virtual Desktop Infrastructure (VDI), or the remote console over the web of the VMware Virtual Infrastructure Client?
In order to create and manage VMs, we now add into the mix the question of how you manage the entire environment, whether via something that uses the VMware SDK, VIC connected to Virtual Center, or even a single host, VMware Lab Manager, VMware Life Cycle Manager, or via the remains of the full service console.
All of this is just a brief view of what comprises the virtual environment, whether you're using technology from VMware or other vendors. Virtualization security is needed every step of the way. It is possible to bolt-on security after the environment is deployed, but that is just a stop gap solution at best. Security should be considered from the very beginning of a virtual infrastructure deployment.
Rss FeedRss Feed
14 years ago, I dealt with somebody like Childs. I was the new manager and the veteran techie knew it...- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment