Server virtualization is not just a specific data protection solution proposed by server and storage vendors. Now, network security equipment vendors have successively launched virtualization-related products. We will tell you all the precautions for security protection.
Server virtualization is a way for IT infrastructure to share and share resources, and is also an important element of the future data center. However, a slight carelessness in the entire environment migration process will cause harm. Today, we will tell you what you should pay attention to in the security protection of virtualization.
Fully check the security practices of virtual machines
Server virtualization is an important element in the future generation of enterprise data centers. Due to the rapid development of hardware efficiency, it is possible to execute multiple operating systems and provide services on one server. However, during the entire environment migration process, many security problems will also arise, and a slight carelessness will cause harm and affect daily operations.
Many people think that "virtualization is an extension of the application in the physical environment. To protect the security of virtual machines, you only need to use the existing practices for Management ......」, This is correct in some ways, but there are still many differences between the two. If these differences are not met in a timely manner, security problems may arise.
Network Architecture changes due to Virtualization
Network Architecture is the biggest change in the Process of server virtualization, and is also the key to the most likely security problems. Before the migration to virtualization, enterprises can establish multiple isolation zones on the firewall devices at the front end, and apply appropriate access rules for servers with different functions for management, if a server is unfortunately attacked in the future, the harm is usually limited to a single DMZ zone, and it is not easy to affect all running servers.
After virtualization, all virtual machines are likely to connect to the same virtual switch (such as VMware ESX/ESXi and Microsoft Hyper-V) in a centralized manner ), you can also use a bridge (such as VMware Server/Workstation or Microsoft Virtual Server/PC) between the "Virtual-entity" network card to communicate with the external network. In this architecture, the firewall-enabled protection will disappear. When a virtual machine encounters a problem, security threats can be distributed to other virtual machines through the network.
The simplest way to solve these problems is to install anti-virus software and other anti-virus software on each virtual machine. However, some management concerns may arise. For example, the compatibility between applications and anti-virus software may also occur in the virtual machine environment.
In addition, the operational efficiency of the virtual machine after anti-virus software is installed is also worth the attention of enterprises. In the past, the use of anti-virus software on a physical host would not be too large for dozens of MB of memory, however, in a virtualized environment, the accumulation of multiple virtual machines may occupy considerable hardware resources. Therefore, we need to seek other solutions, in order to control the security of the virtual platform.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
