Tips on Securing a Full Virtualization Environment

Ken-Hardin
Slide Show

Seven Data Virtualization Keys

Consider applying seven secrets practiced by your enterprise counterparts to make your own advanced data virtualization projects and architectures successful.

Virtualization remains a hot technology for simplifying IT asset management and for saving money (at least, that's the plan) on energy use and physical facility space. In fact, a presidential memorandum entitled "Disposing of Unneeded Federal Real Estate" cited virtualization as a key technology in stemming the tide of ever-growing government data centers.

 

Of course, putting numerous systems under a single virtual management panel may save you time, but it also creates one big target for hackers who would like to get at those systems. As always, new technologies bring new security challenges.

 

The National Institute of Standards and Technology has prepared an overview article, "Full Virtualization Technologies: Guidelines for Secure Implementation and Management," to help government IT pros roll out virtualized systems in a secure fashion. The seven-page PDF, which includes info that's useful to any tech group, is available free to IT Business Edge members here in the IT Downloads library.

 


First off, it's important to note that the article addresses full virtualization, in which one or more OSes and the applications that they contain are run on top of virtual hardware. Each discrete operating system and its applications run in a separate VM called a "guest operating system." The article goes on to discuss the differences between "bare metal" virtualization, where the controlling hypervisor runs directly on the underlying hardware, and the increasingly common hosted virtualization, where an additional layer of management software lives in the guest operating system.

 

The paper also addresses operational efficiencies and management concerns, as well as offering these nuggets of wisdom on securely managing a full virtualization implementation.

 

Secure all elements of a full virtualization solution and maintain their security. Basically, you need to treat every element of your virtualized environment as though it were running on hardware natively. Patch your virtualized applications and OSes religiously.

 

Ensure that the hypervisor is properly secured. This sounds easy enough, but your concern about this particular management entry point should extend to shutting off unused services such as the clipboard or file-sharing. Remember, anybody who can reboot the host computer where the hypervisor is running might be able to alter some of the security settings for the hypervisor.

 

Restrict and protect administrator access to the virtualization solution. Some virtualization products offer multiple ways to manage hypervisors, and you should be sure to secure each management interface, whether locally or remotely accessible. For remote administration, be sure to employ encryption or some other additional security layer.

 

If you want to dig a little deeper into the security issues facing a fully virtualized environment, be sure to also download the NIST report Guide to Security for Full Virtualization Technologies, also available here in the IT Downloads library. This 35-page PDF goes into much greater detail on installation and management techniques, as well as dolling out interesting tidbits of advice such as disconnecting removable storage use for backup from the hypervisor system.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.