Skip Links

Network World

  • Social Web 
  • Email 
  • Close

The Problem with Bolt-On Security for Virtual Servers

By Edward L. Haletky , CIO , 05/09/2008

What's the problem with bolt-on security for virtual servers and virtual environments? Too many people forget that VMware Virtual Infrastructure 3 (VI3) is the entire virtual environment (VE). Granted the core is VMware ESX, VMware ESXi, and can include VMware Server, but it is much more than that. Let's consider the many pieces of your enterprise that must be examined as you secure virtualization.

VI3 includes VMware Clustering, and independent hosts incorporating such items as VMware Dynamic Resource Scheduling (DRS), VMware High Availability (HA), VMotion, and Storage VMotion.

Then there's the storage technology in use in your enterprise, whether it's local storage or remote storage such as iSCSI, NFS over NAS, or SAN physical devices, or the Lefthand Networks Virtual SAN Appliance. Once we discuss storage, we need to discuss how virtual machines access the storage, whether using virtual machine disk files, using raw disk maps to logical units (LUNs) presented to the virtualization host, using iSCSI initiators within the VM, accessing a NAS or SAN directly via the network, or using Fibre Channel N_Port ID Virtualization.

If a network is involved, which is almost always the case, we need to discuss the networks involved and how VMs are accessed. Are the virtual machines accessed via a DMZ? Via production, administrative, or test networks? Are the VMs communicated with using some form of special application, VPN, SSL Tunnel, RDP, Virtual Desktop Infrastructure (VDI), or the remote console over the web of the VMware Virtual Infrastructure Client?

In order to create and manage VMs, we now add into the mix the question of how you manage the entire environment, whether via something that uses the VMware SDK, VIC connected to Virtual Center, or even a single host, VMware Lab Manager, VMware Life Cycle Manager, or via the remains of the full service console.

All of this is just a brief view of what comprises the virtual environment, whether you're using technology from VMware or other vendors. Virtualization security is needed every step of the way. It is possible to bolt-on security after the environment is deployed, but that is just a stop gap solution at best. Security should be considered from the very beginning of a virtual infrastructure deployment.

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Save The Date!
What They Are Saying

14 years ago, I dealt with somebody like Childs. I was the new manager and the veteran techie knew it...- Anonymous

Join the Discussion