How do I detect virtual machine sprawl in a private cloud?

The private cloud is generally considered the safest cloud computing model because it is run by the company's own direct control of cloud computing security. However, as with many theories or product prototypes, the complexity of the actual problems in the real world is often unpredictable, that is to say, new things bring benefits, but also to us the challenge of new security proposition.

The biggest challenge is to reduce barriers, create and change production virtual mirrors. Let's imagine how the private cloud environment evolves over time: Employees create "one-time" mirrors to meet critical dates or warranty assistance requirements, leading to the emergence of virtual machine sprawl, which can be a threat to security because of the indefinite existence of such a semi-archived virtual mirror. Fast mirroring reuse can also lead to improper use of mirrors, such as using development mirroring as a baseline for production applications.

Now, these questions are commonplace; in the world of traditional physical data centers, server sprawl and configuration problems are ubiquitous. The difference is that the relevant restrictions in the private cloud are gone. In traditional data centers, the demand for hardware is limited or has been controlled, while in public cloud computing, the need to interact with the outside of the enterprise (or to pay for mirroring) also slows the associated expansion rate. In a private cloud, the only limiting factor that works is storage and processing power, which is a near-unlimited cap.

The prevention of these problems usually calls for the self-discipline of enterprises. However, detection and prevention are equally important for security companies that have a deep understanding of the phrase "no precaution is 100% effective". Let's look at how these businesses control the spread of virtual machines by detecting improper configurations or "malicious" mirrors and improper use of mirrors.

Find a malicious mirror

In any virtualized deployment, mirrors are springing up quickly, but are generally in a controlled and legitimate state. The goal of an enterprise is not only to identify changes, but to identify those changes by defining what reasonable changes should be and using it as a comparative standard.

Now, it's easy to get a list of mirrors--every manager on the market defaults to this feature. And the hardest part of it is "knowing what the reasonable changes are." Because of the need to define what is standard, the detailed catalog features of the common management program will become extremely challenging. You need to know more than existing mirrors; to find a malicious mirror, you need to know what the existing mirrors should look like, and you need to understand how these mirrors are configured.

There are some strategies that apply to this type of application, but the most effective is the combination of discovery capabilities and tools to perform asset management and inventory tracking. If you already have tools for implementing similar functions (the change stems from your migration from traditional data centers), it is best to use these tools, such as existing inventory/discovery software such as IBM Tivoli and SolarWinds Orion.

However, since the general reason for the deployment of cloud computing is to save costs, there is no guarantee that you will be able to successfully complete the procurement tasks of those business tools, so it is necessary to select a number of free alternative tools. Spiceworks is free, easy to use, and has the ability to discover networks (built-in) and virtual mirrors (implemented by tools). Note that the discovery network is only finding available, responsive hosts, so you may also need to use two sets of discovery tools.

Open source software fusioninventory is also free (but it takes effort to configure and use), which includes SNMP, NetBIOS, and IP search capabilities (that is, looking for "live" mirrors), while also providing data for virtual machines through proxies and extensions. Configuring Fusioninventory will be a challenging task, but it provides a pre-configured virtual device that will help with onsite configuration and operation (although it is not recommended as a production deployment).

Find improper use

It is important to look for malicious mirrors and improperly configured mirrors, but what happens when the appropriate configuration of a mirror for a particular type, such as "QA WebLogic server," is used for all purposes rather than for the intended purpose, such as "Production payment Application"?

From the historical experience, this problem is difficult to solve. Many people are concerned about the evolution of the management software domain-such as VMware's VShield APP5, which ensures that searching for malicious data is easier to manage, but because a is costing a lot of money, B is a "future state" for most of us, The responsibility is to find and control data at the same time in the short term. One strategy is to prevent data loss (DLP).

There have been a lot of articles about cloud computing before and during the migration of DLP, but I am here to describe the DLP is the situation on the mirror (after the cloud migration), that is, in the test/development mirror to find production data on the temporary expedient. You can do this by integrating DLP agents and testing and developing baseline mirrors. If you already have DLP, you can use it directly; if you do not, you can use a free alternative such as OPENDLP or MYDLP to monitor inbound and outbound data streams, such as credit card numbers, social Security numbers, and formal representations provided by custom users. Both software have virtual devices that can be used to set up and quickly put into production.

By focusing on changes in directory changes and the location of data resides, organizations can address some of the security challenges associated with the phenomenon of virtual machine sprawl in the private cloud.

(Responsible editor: The good of the Legacy)