Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

Securing virtualized data centers

How cross-platform virtual security can accelerate server virtualization benefits
By Ryan Malone , Network World , 08/27/2008
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
  • Share/Email
  • Tweet This
  • Comment
  • Print

While server virtualization increases operational efficiencies and management flexibility, and reduces total cost of ownership, it can also increase security risks.

According to Gartner, 60% of virtual machines (VM) will be less secure than their physical counterparts through 2009. The security challenges include:

* IP address dependency: In a virtualized environment, IP addresses often change as VMs are created, retired or migrated from one physical host to another, causing problems in traditional protection mechanisms.

* Virtual  machine sprawl: VMs are easily created from previously existing images, often introducing a large number of VMs that are not properly maintained or are based on images with known vulnerabilities. Successful attacks on vulnerable VMs can serve as a launch pad to attack other virtual machines.

* Inability to monitor intrahost traffic: Server virtualization introduces the concept of a “soft switch” to allow VMs to communicate with each other inside a single host. Special tools are required to monitor and protect these communications, and options are limited.

* Silo approach to security policy: Unfortunately, many security vendors take a silo approach to security, recommending different solutions with different management requirements for each. Neil MacDonald, an analyst at Gartner, in a recent interview with Network World said, “Most security problems in the virtual world will be introduced through misadministration, mismanagement or just plain old mistakes. The fact that we use different tools in the physical world than the virtual world compounds that problem.”

Given the challenges that must be addressed to realize the benefits of server virtualization, a new approach is needed, a cross-platform solution that can secure both virtual and physical environments. Cross-platform virtual security tools can help organizations impose dynamic security policies across data centers and eliminate the trade-off between the benefits of virtualization and maintenance of strong security.

Management consoles for cross-platform virtual security tools should be able to be deployed anywhere on the network and should offer delegated authority to maximize flexibility. They typically write detailed log data to syslog and Windows events log, and that eases the job of integrating the tools with existing management controls.

Eliminating the IP address dependency of security policy, cross-platform virtual security ensures policies are enforced regardless of the location or platform of the machine. Security administrators can eliminate operating expenses associated with rules changes. In fact, policy is enforced and persistent in a variety of situations, including:

* When physical servers and endpoints are moved to different locations on the network.

* Physical servers and endpoints are converted to VMs.

* VMs -- live or cold -- migrate from one physical host to another.

Cross-platform virtual security places physical machines and VMs into logical security zones and protects against VM sprawl by ensuring rogue VMs are not members and cannot communicate with security zones of which they are not a member. In fact, they don’t even see them. By strictly controlling access to each zone, the attack surface area for compromised VMs is greatly reduced.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Partner Content

Gartner 2009 Magic Quadrant for Job Scheduling

Gartner has positioned BMC CONTROL-M in the Leaders Quadrant of their "2009 Magic Quadrant for Job Scheduling." The report assesses the ability to execute and completeness of vision of key vendors in the marketplace. Read a full copy today, courtesy of BMC Software.

Download whitepaper

Dell's SMART Approach to Workload Automation

Read a compelling case study by EMA, Inc. to learn how Dell uses BMC CONTROL-M to cut cost and increase productivity with workload automation.

Download whitepaper

Workload Automation Cost Savings 2 Minute Video

A major computer manufacturer uses BMC CONTROL-M and just four people to schedule and run over 85,000 jobs every month. By switching to BMC CONTROL-M, they more than quadrupled the workload without adding a single staff member.  See how in this 2-minute video overview.

Go to video

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed