Subscribe
About

Virtual environments need protection too

System administrators need to treat virtual environments with the same care they do any other systems.
By Karel Rode, security consultant at Performanta Consulting.
Johannesburg, 14 May 2008

In my day-to-day travel to and from the office, I often expect virtual reality to step in and transform my boring and often outright dangerous trip into something more surreal and interesting.

Sadly, this will not be the case for another few years, but the networking teams and even some of the 'old timers' with big iron mainframes are revitalising computing nonetheless.

Taking one 'honking big box' and running many servers within a virtual environment have been available to us for some time now with VMware, MS Virtual PC, Parallels (for Mac) and some lesser know Linux options maturing. The more serious players have taken to running virtual Linux sessions of the OS390 with spectacular results.

Sadly, Ed Skoudis and Tom Liston from Intelguardians have found ways to crash systems with virtual machines on them and have even been able to run their own code on the host OS. Though done in a very controlled manner and with little exposure, it does beg the question of when will we see such exploits in the wild?

So then the sexy bit will be escaping the VM. Our focus for now though should be on protecting the virtual environments in a same way as we do our real systems. Experience tells me that some sys-admins do not do as good a job of treating the virtual machines with the same level of care as they do to the real hosts. Therefore, patch levels and administrative privileges must not be treated differently just because we run VMs.

Moreover, the virtual machine technology of choice may require one or more updates just like the system OS, and should therefore be treated just like any other business application when it comes to risk mitigation and management.

Going green

Our focus for now should be on protecting the virtual environments in a same way as we do our real systems.

Karel Rode is solutions strategist at CA.

When starting to run multiple instances of virtual machines, companies may introduce a hypervisor or virtual machine monitor. These systems are also vulnerable just like any other machine and OS, and as it will have privileged access to all or most VMs, they need to take special care of it.

There are many benefits to virtualisation though. The more obvious are reduction of hardware costs or increased utilisation of current hardware. The green IT discussion will also come up as we now reduce power consumption as well as cooling requirements and an overall reduction in floor space.

Virtual technologies and management solutions also now provide for failover and high availability with capacity management option to boot. As a result, externalised storage options becomes a given in large deployments, introducing additional complexities into the equation.

Lastly, just because it is a virtual machine does not imply that it will be more secure than the host OS, nor will it be less secure than the virtual machine's OS, so companies must maintain their better and best practices even within the virtualised space.

Virtualisation grows

According to a BMI-TechKnowledge report looking at IT predictions for 2008, virtualisation is reshaping the infrastructure landscape, as an estimated 19% of physical server deployments during the year will be virtual machine hosts. This will have a negative impact on server processor consumption, squeezing prices and disputing clusters.

Yet, this process will bring a positive impact on storage and infrastructure management software. 2008 will see a strong impact of virtualisation on enterprise IT and the way that IT interacts with business.

In addition, the report said the IT skills shortage will start to bite the industry with strategy increasingly dictating the nature of IT spend moving forward.

Overall IT spending is expected to grow by 5.4% in 2008 to R59 billion, said BMI-T.

* Karel Rode is solutions strategist at CA.

Share