How to effectively circumvent security risks caused by server virtualization

Source: Internet
Author: User
Keywords Aliyun Amazon data center Intel Cloud security supercomputer data center cloud security
Tags aliyun application application system application systems applications backup based business
Server virtualization can achieve physical server integration, breaking the original "one server one application" mode. By sharing hardware resources among a large number of virtual machines, the utilization of hardware resources is increased, the number of physical servers is reduced, and hardware procurement and running costs are reduced. This article explores the benefits of server virtualization and the security risks of deploying secure servers.

1. Introduction

With the development of IT technology, virtualization has become the hottest topic in the enterprise computing market. In the past two years, the virtualization technology has been developed continuously, the product application scope is more and more extensive, the domestic user through uses VMware, Microsoft and so on manufacturer's product to understand the virtualization gradually. And through VMware, IBM, Microsoft, Google and other propaganda "cloud", the virtualization technology has a deeper understanding of people.

2. Virtualization Technology

Virtualization consists of server virtualization, network virtualization, and storage virtualization. What we call virtualization usually refers to server virtualization. This article focuses on server virtualization. Server virtualization technology is an abstraction layer that separates physical hardware from the operating system to provide higher RR resource utilization and flexibility. Server virtualization allows multiple virtual machines of different operating systems to run independently and concurrently on the same physical machine. Each virtual machine has its own virtual hardware (such as RAM, CPU, Nic, and so on) that can load the operating system and applications in these hardware. No matter what physical hardware components are actually used, the operating system sees them as a consistent, standardized set of hardware.

Running multiple virtual functions on a single physical server improves server efficiency and reduces the number of physical servers that need to be managed and maintained. As application requirements increase, more virtual machines can be deployed quickly without the need to increase physical servers to respond flexibly to changing requirements. With virtualization technology, IT administrators can move virtual machines running between physical servers to keep services available continuously.

3. Benefits of Server Virtualization

3.1 Reduce IT cost and improve system efficiency through server integration

Now many application system resource utilization is not high, only 15%-30%, even some key application systems, most of the resources are not fully utilized, and also to run dual-machine hot standby to ensure continuity of the system. The enterprise has some quasi-critical applications running on a single server, and if all are hot standby for two machines, the cost of hardware input will double. At present, the utilization of IT application system is low, which leads to waste of resources. Server virtualization can achieve physical server integration, breaking the original "one server one application" mode. By sharing hardware resources among a large number of virtual machines, the utilization of hardware resources is increased, the number of physical servers is reduced, and hardware procurement and running costs are reduced.

The use of virtual software reduces the need for physical servers and related IT hardware, thus reducing the footprint of the computer room, reducing the power and cooling requirements, reducing the cost of the data center, and meeting the development trend of "green it".

3.2 Proactive risk avoidance to improve system and application availability

The biggest advantage of a virtual server is that it can reduce downtime by smoothly migrating a virtual host from one physical server to another through a clustered system. Application of automated load migration through virtualized DRS (dynamic Resource allocation) technology, that is, based on pre-set rules, when resources on one of the physical servers are not sufficient, dynamic and intelligent allocation of hardware resources can be used to meet the different needs of each business system, A virtual machine running in the above section can be migrated smoothly to another physical server. With this technology, IT resources can be allocated based on business priority, it is easy to extend the physical server implementation load balancing, and simplify the operation management, greatly improve the productivity of system administrators. By setting up the HA (high availability, high-availability) cluster, all virtual machines are re-enabled on another ha physical server when any one of the physical servers fails. Without the need for exact duplicate hardware, the availability of the system is improved.

3.3 Real-time migration virtual machines to avoid planned downtime and improve business continuity

Vmotion is an important function of virtual machines, by using the dynamic migration capabilities of virtual machines to achieve zero downtime and business continuity, many users are because of the need for this important feature of virtualization technology. Planned outages include hardware maintenance, server migrations, firmware updates, software upgrades, and system configuration, and so on, which typically account for more than 80% of data center downtime. The Vmotion feature allows us to dynamically move workloads to other physical servers, so you can perform maintenance at any time on a physical server without downtime or disruption, dramatically reducing planned downtime and increasing business continuity.

Virtual machines are independent of hardware and can share physical resources, so failover can be deployed without the same dedicated standby hardware, and additional complexity to maintain the same configuration is eliminated. In the event of a server failure, the HA ensures that the virtual machine is fast, automatically restarted on other physical servers, and intelligently restarts the affected virtual machines. With the snapshot feature, you can also perform a snapshot before installing a system patch or modifying the configuration in the system, restoring the virtual machine to a normal state when a problem occurs, and ensuring that the application system recovers quickly from downtime.

3.4 Support for the integration of heterogeneous operating systems to support the continuous operation of old applications

Many users have encountered: Because of special reasons the business system has been unable to upgrade, and the use of the server due to too long to face the warranty scrap, but the new server for the old operating system platform support can not be fully compatible. With the server virtualization solution, the new generation of server hardware can realize the superior performance, low-cost and high efficiency to meet the application of heterogeneous platform of multiple operating systems integration, and the implementation of the original operating system and application systems to a smooth migration of the system.

3.5 Support for fast transfer and replication of virtual servers, providing a simple and convenient disaster recovery solution

Because of the hardware platform independence of the virtual system, hardware configuration, firmware, operating system installation, and application installation are all stored as data in a small number of files on disk. Protecting these files with backup or replication software protects the entire system and greatly improves the service availability of the business system. Before implementing virtualization technology, if a hardware failure occurs on a server, it is usually time to deactivate the I-2 day for hardware replacement. If there is a hardware failure on the server running the virtual system, you can restore the normal use of your business system by simply restoring the backup virtual server's profile and virtual hard disk image files to a new server, restoring to any hardware without changing any settings, and restoring the most recent data backup. ·

Traditional recovery plans are often difficult to test and maintain, and rely on the accurate execution of complex manual processes. In a virtualized environment, testing becomes simple because you can use existing resources for non-disruptive testing. Hardware independence eliminates the failure caused by hardware differences, simplifying the complex J-Wins to maintain recovery sites and ensuring reliable data recovery. And hardware-based independence, we don't need to buy duplicate physical servers for fast recovery, and we can reuse existing servers for disaster recovery, dramatically reducing the cost of disaster recovery.

4. Risk of deploying virtualization technologies

Many of the advantages of using virtualization are listed earlier, and will users be at risk when deploying virtualization technology? This is a matter of general concern.

The deployment of virtualization technology, like other new technologies, will have some potential risks, and server virtualization, while maximizing server efficiency, also brings performance losses. Virtualized applications run a wide diversity of efficiencies, some of which are more efficient to run in the original physical environment, and some less acceptable to end users. Those like large database systems or the need to consume large amounts of I/O and memory resources are not suitable for implementing virtualization technologies.

It is precisely because of the ease of use of virtualization technology, we may be uncontrolled to create too many virtual machines, resulting in the "flood" of virtual servers. However, the more virtual machines on a physical machine, the greater the security problems and the more cumbersome the management. Although the CPU processing speed, memory capacity and storage capacity are developing fairly well, I/O bottlenecks still exist. In fact, when there are too many virtual machines on a physical machine, I/O resources become stretched because all virtual machines can access both memory and disk. Obviously, insufficient OS bandwidth reduces the actual performance of the system.

In addition, the creation of virtual machines can have problems with reliability, serviceability, and availability. For example, a "reboot system" affects not only the physical machine itself, but all virtual machines as well. Also, when you connect the machine to the network, it means taking on a certain risk, because a security vulnerability now affects multiple servers.

(Responsible editor: The good of the Legacy)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.