Re: Virtualization and Security ?

[randy marchany <marchany () VT EDU>]

One thing to remember about virtualization is that ALL of your virtual
machines now depend on the security of the host machine. This makes
system maintenance (patches, new tools, etc.) on the HOST system more
difficult because of scheduling issues with the services provided by
the VM systems running on the host.  So, you need to carefully
consider WHAT services are to be run on a host so that you can do
maintenance on the host system on a regular schedule.

Since the host system now becomes the target, its security is paramount.

-Randy Marchany
VA Tech IT Security Office

On Tue, Nov 11, 2008 at 7:37 AM, Rappaport,Jason <jbr32 () drexel edu> wrote:
> Anand - all of our core infrastructure is virtualized (web servers, database
> servers, license servers, etc). We went with VmWare and attended several
> Vmware User Group meetings before we went full steam with this project.
> VmWare does have a free version of its product VmWare server that is nearly
> identical to VI3 (at least the current version is); with the exception of
> performance.
>
> In regards to security, we have locked down and restricted all access to our
> virtualization server to on campus access only.  The virtual machines that
> sit on top of VI3 are all secured using traditional methodologies (firewall,
> anti virus, anti spyware, etc.).
>
> Each virtual machine does daily backups to a NAS device that is replicated
> nightly.
>
> In the event of a DR scenario, we have a backup virtualization server
> (VmWare Server) that we can bring online and restore form the latest
> backups.  We actually had to do this once when we patched VI3 and it
> corrupted the boot partition.  I had the backup virtualization server
> started within minutes and it took me 90 minutes to restore from the latest
> backups on all VMs; the support contract is well worth it.
>
> I am actually working on a project to phase our VmWare server and go with
> Vmware ESXi, which is Vmware's free product that runs on bare metal; Vmware
> Server runs on top of Linux or Windows.
>
> I hope that helps.
>
> Thanks, Jay
>
>
> __________________________________
> Jay Rappaport
> jasonrap () drexel edu
> 215.895.1680 office
> 215.895.6447 fax
> Systems Administrator
> Design & Imaging Studios
> Antoinette Westphal College of Media Arts and Design
> Drexel University
> http://drexel.edu/westphal
>
>
> ________________________________
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand Malwade
> Sent: Monday, November 10, 2008 5:12 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Virtualization and Security ?
>
>
> Folks,
>
> We are looking into Data Center Consolidation and plan to virtualize most of
> our servers. Now Virtualization can yield sigificant operational advantages,
> but  also introduces among others network, security complexity and
> management challenges.
>
> My question to the forum is
>
> a) Is anyone fully virtualized ?  If so was a Vendor hired to perform this
> function and are there any lessons learnt  that i should be aware of with
> the deployment?
>
> b) Has anyone run into significant Security and Risk Issues.
>
>
> Thanks,
> Anand
>
>
> Anand Malwade
> Information Security Officer,
> Seton Hall University,
> Tel: 973 275 2209
> malwadan () shu edu