The topic of hypervisor security has garnered a lot of interest as organizations struggle to deal with virtual server sprawl. It's become very easy to push a few buttons and deploy dozens of new virtual servers, each one of which can be an point of entry into the organization. Worse, hypervisors themselves can be attacked if not properly secured.
What steps, if any, are you taking in your organization to address the issue of security in your virtual environment?
I think the first step in securing Virtualized environments is to put in place a good VM management policy to avoid VM sprawl. A good policy/procedure is one that is revised on regular basis between IT people and Data/service owners.
I recall one important element of the VM policy document that stated that users (data owners) requesting new VMs had to specify the expected lifetime of the VM. When this expires the IT staff was instructed to verify with the user and get confirmation from his/her immediate superior to justify another time slot, otherwise the VM is backed up and terminated.
Every environment has its own restrictions but a good practice is to set up a policy based on the resources available and business priorities.
Good points all. Taming virtual machine sprawl is even more important now that VMware has instituted new licensing policies that actively punish customers for overallocating RAM whether it's due to creating an unnecessary VM or creating a VM with too much RAM.
new licensing policies that actively punish customers for overallocating RAM
I don't know on what basis VMware decided to go for this new licensing model but it seems that they want to make more money out of VM sprawl and the users’ negligence or inability to control it! Without knowing much details of the new licensing model, I would comment against it as I think it’s inappropriate to have a vendor determining a baseline for memory usage and then charge users against that baseline. I might agree with this model if VMware reduces considerably the initial licensing costs!
Exactly! All VMware really did with this was eliminate core count as a licensing limitation and replace it with a more volatile RAM count. There is no value add for the customer... just more out of pocket.
We need to have a different mentality when it comes to security on a virtualized environment.
For example, in the traditional model, we put 802.1X on the desktop so that user can provide their credential in order to access the network.
If using host based VDI and dumb terminal, 802.1X is not as useful.
The parameter and access point has changed and we need to look into where in the network that we need to put security check points to guard the data center.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [General Virtualization Topics] >> Server Virtualization >> Hypervisor security 
Hypervisor security - 
RE: Hypervisor security - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread