Client operating system virtualization enhances server security

A new technology to enhance server security is "client operating system virtualization"---its rationale is to use a special virtualization engine to run a virtualized guest instance, or to run an operating system client instance on a top-level physical structure and host instance.

In a client-side virtualization operating system, the host divides its resources roughly into separate parts, which together support different operating systems and different applications. A virtual machine is a fully equipped operating system environment that runs at the top of the virtual layer and plays an independent computer role.

Microsoft offers a free version of the commercial use of "virtual machine server R2" and "Virtual PC 2007". VMware has also released several free version of the virtual machine services, such as VMware Server, and "WORKSTATION 6.0", which can be run on a regular PC, plus virtual infrastructure 3.x or ESX Server 3.x, this is the most comprehensive solution for VMware, and finally the Virtual Desktop Architecture (VDI), which can virtualize the desktop environment.

Other vendors also offer solutions for client-side operating system virtualization, including Swsoft,virtual Iron and XenSource. For example, any Xen version of Linux includes a core virtual engine. XenSource also provides stand-alone virtualization tools, and virtual iron and swsoft companies offer such tools. The most interesting thing about XenSource is that they, like Microsoft, are in the same format as the same virtual machine, and are guaranteed to be able to migrate from one virtual machine solution to another on a single virtual machine.

Operating system virtualization frees the operating system itself from the hard drive

The reason that client-side operating system virtualization has such a powerful effect is that it frees the operating system itself from a running hard disk. After all, a virtual machine is just a whole set of files under a folder, as shown in the catalog diagram of the following figure.

　　

These files consist primarily of configuration information, virtual hard disk drives, and memory files, as shown in the following table.

　　

File type	Microsoft Inc.	VMware Corp.
Configuration information file	VMC	. VMX
Virtual Hard Drive files	. VHD	. VMDK
Memory files	. VSV	. Vmem

Once a client operating system is "liberated", you can use it to do all sorts of things. For example, you can migrate it from one host server to another host server. In addition, you can easily protect a client virtualization operating system, and do these you only need to use a replication engine to copy a host information to another host to go up on it, or even posted on a different Web site. There are countless things you can do with this technology.

The tools for client operating system virtualization are divided into several different types. The most common tool is a virtualization engine on top of an existing operating system. For example, suppose you have Windows 2003 server installed on your host, and then you can create and run a virtualized operating system, whether you are installing Microsoft's virtual server or VMware server.

However, this approach is better suited for testing and for use in research and development environments, and when it comes to product systems, it may be a lot of distance away. In a product environment, you will also need to use a Virtualization System Management program tool. A System management program is the most basic software that runs directly on top of the hardware to manage different virtualized operating systems. The purpose of this system management program is to expose hardware resources to the virtual machine operating system.

The System Management program is in fact some small code size between 180K and 500K. Because of its small size, so the use of the feeling is very good.

You can run several different virtual operating systems on one physical device at a time. On average, a company that relies on Hypervisor can run 10 to 20 virtual machine operating systems at the same time on a physical device. Because they are just files in some folders, virtual machine operating systems can be easily protected and fully support all aspects of business continuity.

Software vendors even create custom features on their server operating systems to make the client operating system more sophisticated. For example, Microsoft has added new features to the Windows Server with SP2 patches to make it work better with the host for communication.

Patch License Mode

But the reason for the popularity of client-side virtualized operating systems is that some vendors have recently made some changes to their licenses. For example, Microsoft has modified the license mode for the server operating system. In old license mode, you will have to purchase a Windows license for this, whether it is a physical actual system instance or an instance that exists on a virtual machine.

But now, with the R2 Enterprise version of Windows Server 2003 (abbreviated, WS03 R2 EE), each license you purchase allows you to install, create, and run four virtual machines simultaneously on the host. So you only need to buy a license for your actual physical operating system, and then you can add four free and any version of the Windows client system. If you want more than four virtual operating systems, then you can buy a license for WS03 R2 EE.

In addition, Microsoft has revoked the restrictions on the Windows R2 Data Center version of OEM. If you purchase a data center version, you can run a virtual machine instance of Windows that is not limited in number. Then it's like a sundae with the top cherry, which has nothing to do with what virtual platform you're using.

The benefit of this pattern is that it supports faster virtual machine responses, so you don't have to worry about licensing things. Consider the problem carefully. When you install it on a virtual instance instead of on a physical host, you get a 75% discount on the WS03 version of the purchase. This makes it more satisfying to harden servers through the virtual machine operating system.

Microsoft has also made some changes to the technology for granting server licenses. The simplest way to calculate the number of licenses you need is to use the Windows Server virtual machine calculator that Microsoft now offers, and there are two ways you can choose to use one of them.

When you create a virtualized host, the first calculator can configure your virtualization technology-based servers, sockets programs, and cluster requirements.

The second calculator lets you estimate the number and cost of licenses for the version of Windows Server. It provides you with two options:

1. Option A calculates the average number of virtual machines that can be run on each server based on the number of servers in your network.

2. Option B calculates the number of virtual machines that can be run for each individual server, based on the number of processors on each server.

Microsoft is not the only company that is in the process of making a license change, and some other vendors are also very much in favor of the virtual operating model, as evidenced by their license scheme. First of all, before you decide to virtualize a server product, be sure to discuss it with your software.

This article is the last of four articles on server consolidation. The first article, on "How to enable IT administrators to manage server consolidation in five steps". The second article describes the "controlling cost is the first step in server consolidation", and in this article discusses the hardening projects that control IT spending should take precedence over servers. The third article discusses the important role of multi-core processors and 64-bit servers in today's server security consolidation.

64-bit server technology, multi-core processors, virtualized operating systems, and operating system license mode modifications that make migrating virtualized servers very compelling. Because the goal of server hardening is to reduce the proliferation burden on servers, you will have to use some other technology before our reinforcement works are completed. After all, if you virtualize every physical instance of your operating system, it's about managing the actual host operating system as well as managing the more client virtualization operating system now.

Source: TechTarget Author: Danielle ruest Zebian: Bean Technology Application