The Essentials Series: Virtual Security Concerns & Solutionsby Greg Shields
Implementing virtualization within the enterprise grows easier with each new version of the virtualization products available on the market. But in implementing virtualization itself, the enterprise adds a set of security risks that are not immediately obvious. Residing virtual machines atop a singular hypervisor puts every virtual egg in a single basket. Virtual machines that experience extended periods of outage may not receive the configuration updates they need to keep them safe. Virtual networks may not provide the level of functionality required by enterprise organizations. All these are topics discussed in this series along with suggestions for solutions that work alongside virtualization platforms to combat these security issues.
Article 1:Â Understanding and Improving Hypervisor Security
When computers in an environment are hosted atop a virtualization solutionâ€™s hypervisor, that hypervisor becomes a single point of commonality across the environment.Â While it brings benefits to virtual machine mobility and compatibility, it also becomes a single point of failure when not properly managed.Â This article talks about the security risks associated with the singular hypervisor and ways of protecting against a massive failure associated with a hypervisor-based attack.
Article 2:Â Understanding and Improving Virtual Machine Security
Virtual machines themselves also add risks along with their benefits.Â Their risks come not from their operations, but rather when theyâ€™re not operating.Â Powered off virtual machines are little more than files on a disk, but also potential risks if they are later powered on without the proper security configuration.Â This article discusses the problems of virtual machine security and suggests ways to prevent aged VMs from taking down the network.
Article 3:Â Understanding and Improving Virtual Network Security
The virtual networks that arrive with enterprise-class virtualization products are slick logical representations of actual physical networks.Â But they are not the same thing.Â Apples to apples, a virtual switch does not have the same capabilities as a physical one.Â This article discusses current limitations in virtual switch technology and considerations that must be made by enterprises as they implement complex networking arrangements.Â This article also discusses the networking issues associated with VM migration and inappropriate cross-VM communication.