Virtualization: Security and Management Required
VMwareGo software addresses security concerns and virtualization “sprawl” by scanning for missing security patches and managing hosts and virtual machines.
By Lauren Gibbons Paul
There have been some recent press reports that server virtualization may open up new security holes. That is not exactly true, says Steve Lafferty, vice president of marketing for Prism Microsystems Inc., which recently did a survey on server virtualization.
“Virtualization is another attack surface,” says Lafferty. “If you think about the defense of an enterprise as a city with a wall, the more gates you have the more potential places for attack. Those gates are not inherently more insecure than the other gates, but there are more places to attack.”
Also, the ad-hoc nature of server virtualization means that it can grow organically without appropriate management oversight. “People really didn’t think about it as a major IT initiative they had to plan and think strategically about,” says Rob Juncker, vice president of technology operations for Shavlik Technologies LLC, a Roseville, Minn.-based provider of Microsoft-based security solutions to midsize and large businesses.
“Everyone was just doing it willy-nilly,” says Juncker. “They were not thinking of the relative costs and advantages and disadvantages. ‘Joe’ fires up a few virtual machines. Pretty soon you have 20 of those running and no one knows what they are doing. “
To combat these problems, Shavlik has developed, in partnership with VMware, a tool called VMwareGo to automate the implementation of a virtual server from VMware. “We’re adding a management layer on top to make sure those systems are being cataloged,” says Juncker. Users will sometimes use the term “VM sprawl,” referring to the fact that users can create their own system without IT’s knowledge. Says Juncker: “The security angle and the management angle—both are real.”
Security: Survey Says
In March, Prism Microsystems surveyed 302 IT professionals across multiple industries and company sizes regarding their views on the security of their virtualized environments. Here are some of the company’s findings:
-
85% Say securing their virtual environment is as important as securing their physical environment
-
59%†Are using existing traditional solutions to secure their virtualized environments
-
59%†Have concerns about introducing a new layer that can be attacked
-
58%†Have concerns about the hypervisor creating a single point of entry into multiple machine instances
-
16% Have no specific security concerns with virtualization.
Key Takeaways
- Almost invariably, server virtualization does not make business sense unless a company is running more than five servers.
- There are other reasons to virtualize, and channel partners have an opportunity to advise SMBs on their options.
- For many SMBs, outsourced IT infrastructure will be a more compelling option than server virtualization.
For More Information
Microsoft Virtualization Team Blog http://blogs.technet.com/b/virtualization
Virtualization Viewpoint IT pro Scott Lowe’s blog on virtualization, storage, and servers. http://blog.scottlowe.org
VMware Virtualization Evangelist Senior systems engineer Jason Boche blogs about all things VMware and more. http://boche.net/blog