Educause Security Discussion mailing list archives
Re: Virtualization and Security ?
From: "Jeffrey I. Schiller" <jis () MIT EDU>
Date: Tue, 11 Nov 2008 14:09:13 -0500
One of the issues that I haven't heard mentioned in this thread is the security of the SAN that your VM's are likely connected to. If someone can compromise the configuration of the SAN, then they can attach any volume to any VM host and if they can compromise a VM host (or VMware's virtual center) then they can configure any VM to have access to the volume, or even create their own for their amusement). We are in the process of deploying VMware for as many servers as we can. For reliability, we are going to operate VMware hosts in three separate facilities and have the ability to move virtual servers between them. In some cases while they are up and running and in other cases "off line" (with the virtual machine shutdown). We are not planning on dedicating particular VMware hosts to particular levels of security (though others are doing that). We want the flexibility to migrate virtual machines to hosts as needed. Cost issues also preclude different SANs for different security levels. For security we are isolating the management LAN from any other network. However appropriate staff will have access via a VPN box to be able to access the management LAN from anywhere. We have the option of requiring SecurID access for this (but haven't made a final decision on whether or not to go that way yet). These same staff are also on-call, so we will always have someone with the ability to manage the VMware "cloud" available. -Jeff -- ======================================================================= Jeffrey I. Schiller MIT Network Manager Information Services and Technology Massachusetts Institute of Technology 77 Massachusetts Avenue Room W92-190 Cambridge, MA 02139-4307 617.253.0161 - Voice jis () mit edu =======================================================================
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Re: Virtualization and Security ?, (continued)
- Re: Virtualization and Security ? Youngquist, Jason R. (Nov 11)
- Re: Virtualization and Security ? Bradley, Stephen W. Mr. (Nov 11)
- Re: Virtualization and Security ? HALL, NATHANIEL D. (Nov 11)
- Re: Virtualization and Security ? randy marchany (Nov 11)
- Re: Virtualization and Security ? Eric Case (Nov 11)
- Re: Virtualization and Security ? Joel Rosenblatt (Nov 11)
- Re: Virtualization and Security ? St Clair, Jim (Nov 11)
- Re: Virtualization and Security ? Robert Maxwell (Nov 11)
- Re: Virtualization and Security ? Joel Rosenblatt (Nov 11)
- Re: Virtualization and Security ? Mike Lococo (Nov 11)
- Re: Virtualization and Security ? Jeffrey I. Schiller (Nov 11)
- Re: Virtualization and Security ? Cheng, Wang (Nov 11)
- Re: Virtualization and Security ? Clifford Collins (Nov 25)
- Re: Virtualization and Security ? Alex (Nov 25)