How to build the safest server virtualization environment

Server virtualization is not just the server and storage vendors to put forward specific data protection solutions, now, network security equipment manufacturers have also launched virtualization related products. We will tell you all the things you should be aware of in security protection.

Server virtualization is the resource sharing and sharing of IT infrastructure, and one of the important elements of the future computer room, however, in the process of the transfer of the whole environment, a slight carelessness will cause harm. Today we'll tell you what virtualization should be aware of in security protection.

Comprehensive review of virtual machine security practices

Server virtualization is one of the important elements in the future new Generation Enterprise room, because of the rapid progress of hardware efficiency, it makes it possible to execute multiple operating systems and provide services simultaneously on a single server. However, in the course of the transfer of the whole environment, there are a lot of safety problems will also arise, a slight careless will cause harm, and affect the day-to-day operation.

Many people believe that "virtualization is an extension of the application of the physical environment, for the security protection of the virtual machine only need to use the existing practice management can ...", this point is correct in some ways, but in fact there are still many differences between the two, if they do not face these differences in time, it is possible to create security problems. "

Network architecture has a qualitative change due to virtualization

Network architecture is the most important part of the process of server virtualization, and it is also the most likely to produce security problems. Before the transfer to virtualization, enterprises can be in front of the firewall device to establish a number of quarantine, for different functions of the server to apply appropriate access rules to manage, if the future of the server unfortunately attacked, the harm is usually limited to a single DMZ area, It is not easy to affect all servers in operation.

After virtualization, all virtual machines are likely to be centrally connected to the same virtual switch (such as VMware Esx/esxi, Microsoft Hyper-V) or bridged by "virtual-entity" network adapters (such as VMware Server/workstation, Microsoft's virtual SERVER/PC, which communicates with the external network. Under this architecture, protection that could have been blocked through a firewall disappears, and as long as a virtual machine goes wrong, security threats can spread through the network to other virtual machines.

The easiest way to solve these problems is to install antivirus software on every virtual machine, and other kinds of antivirus software. In this case, however, there may be some management concerns, such as the compatibility between applications and antivirus software, which is also possible in the context of virtual machines.

In addition, the virtual machine after the installation of anti-virus software operating efficiency, it is also worth noting that the past installation of antivirus software on an entity host, dozens of MB of memory usage will not be too much of a problem, but in a virtualized environment, multiple virtual machines can accumulate a considerable amount of hardware resources, Therefore, it is necessary to find other ways to solve the problem in order to do the security control on the virtual platform.