How to reduce the four risks of server virtualization

Source: Internet
Author: User

Intermediary transaction ">seo diagnose Taobao guest cloud host technology Hall

While server virtualization improves operational efficiency and management flexibility and reduces the total cost of ownership, server virtualization increases security risk.

From now until 2009, 60% of virtual machines are not as secure as physical servers, according to market research firm Gartner. These security challenges include:

· IP address dependencies: In virtualized environments, IP addresses often change as a virtual machine is created, removed or transferred from one physical host to another, causing problems in traditional protection mechanisms.

• Virtual machine sprawl: virtual machines can easily be created from pre-existing mirrors, often with a large number of virtual machines that are not properly maintained or are based on known vulnerabilities. Successfully attacking virtual machines with vulnerabilities can make those virtual machines an attack platform for attacking other virtual machines.

• Cannot monitor internal host traffic: Server virtualization introduces the concept of a "soft switch" that allows virtual machines to communicate with each other in a single host. Monitoring and protecting these communications requires special tools and limited selectivity.

• Silo-style approach to security policy: Unfortunately, many security vendors take a silo approach to security and recommend different solutions to the needs of each virtual machine. Gartner analyst Neil MacDonald recently said in an interview that mismanagement or a simple old mistake could create a lot of security problems in the virtual world. The fact is that the tools we use in the field of physics are different from the tools used in the virtual realm.

Given the need to address these challenges to realize the benefits of server virtualization, a new approach is needed, a cross-platform solution that addresses the security problems of both virtual and physical environments. Cross-platform virtual Security tools can help organizations enforce dynamic security policies throughout the data center without weighing the benefits of virtualization and maintaining strong security.

Cross-platform virtual security tools management consoles should be able to be deployed anywhere on the network and have the power to maximize flexibility. The management console generally writes detailed record data to system records and Windows event records, thereby easing the effort to integrate these tools with the existing management console.

To eliminate security policy dependencies on IP addresses, cross-platform virtual security ensures policy enforcement regardless of the platform or location of the machine. Security administrators can eliminate operating expenses related to rule changes. In fact, the various situations of coercion and adherence to policy include:

• When physical servers and endpoints move to different parts of the network.

• Physical servers and endpoints are turned into virtual machines.

• Virtual Machines

• In use or deactivation

• Transfer from one physical host to another.

Cross-platform virtual security places physical machines and virtual machines in a logical security zone, and prevents virtual machines from spreading by ensuring that rogue virtual machines are not members of this logical zone and cannot communicate with security zones that are unrelated to them. In fact, they are invisible to each other. By strictly controlling access to each region, the attack platform area of the compromised virtual machine will be significantly reduced. Cross-platform approaches are typically based on distributed Peer-to-peer architectures that allow upgrades to thousands of instances. You can complete policy management and update some or all of the endpoint policies with just a few clicks of the mouse.

Other benefits include:

• Eliminates the management complexity caused by a silo-style approach to data center security, and protects the host through a single console.

• Meet compliance requirements without reconfiguration.

• Eliminate operating costs associated with firewalls and virtual LANs.

• Leverage a distributed architecture to eliminate bottlenecks and single points of failure.

When evaluating a cross-platform virtual security solution, consider the following requirements:

• Cross-platform Support (virtual and physical): The ideal solution will support x86 operating systems that are common in virtualized environments, as well as other common and rare architectures such as Solaris, AIX, HP-UX, RedHat, Windows, and ip-based non-server devices.

· Do not rely on IP addresses: the ideal solution is to enforce security policies, regardless of the IP address of the computer, to ensure policy consistency during migration or physical mobility.

• Isolate virtual machines on the same host: to protect virtual machines from the spread of virtual machines due to security vulnerabilities, the ideal solution is to isolate the virtual machines from each other on the same physical host.

• Easy upgrades: To support growth without bottlenecks, look for solutions that can run in a distributed architecture.

• Selective encryption: Find solutions that provide selective encryption based on policy, and do not use "either full encryption or unencrypted" solutions to achieve optimal performance and protection ratios.

• Centralized management: To take advantage of the efficiency of management, you can seek a solution that provides a single point of security management.

• Host-based implementation: To achieve the maximum sophistication and mobility of security policies, seek a solution that enforces policies on the host.

• Transparent to infrastructure and applications: to reduce deployment time and compatibility issues, the ideal solution is transparent to network and application operations.

• Strong activity and audit registration: The ideal solution should register detailed activity data and create a server and endpoint as well as an audit trail of the management console.

• Authentication based identification: Seek a solution using the X.509 third edition certificate to ensure that the operator's certificate is not counterfeited.

Server virtualization operational benefits and economic benefits are beyond doubt. Cross-platform virtual security eliminates the trade-off between server virtualization and strong security, and uses a logical security model that extends to physical and virtual data centers to maintain the consistency of virtual machine migrations. In short, cross-platform virtual Security enables an organization to fully transition to server virtualization while simplifying its approach to enforcing security policies.

Webmaster Network News list

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.