Thursday, November 19, 2009

Keep secure your data center


Virtualization has been one of the biggest trends to hit the data center in recent years, and the race to consolidate servers to save power and cooling has seen many organizations move to a virtual environment . This may be a few machines used to test the updates that now all live on a server to save space, through complete virtual infrastructure that applications for production support.

Through all the excitement, there are still a few pillars of tradition trying to put the prospective adopters of virtualization. The facts are that this is baseless. There is no reason why virtualization and good security can not go together. In fact, it offers a number of ways to overcome problems of traditional security, while also providing the benefits of reduced costs and simplified management that are associated with virtualization.

Security consolidation can take hand in hand with an organization's approach to virtualization. Just as server virtualization can get the number of physical server machines that are present in the data center, security infrastructure can also be reduced, bringing greatly facilitates the management and the benefits of reduced cost. Security Cameras can be moved to virtual versions, while using an all-in-one security product or UTM device can also be an opportunity to consolidate.

Virtual infrastructure can be protected as effectively as traditional infrastructure. Where there is virtualization, there is always a physical layer below the host and there is always a single entry and shared on the network. In this spirit, there is no difference in how the network should be protected. Organizations can continue to use a standard device of security gateway and it will work just as well as it always has. Anyone who tells you otherwise is probably confused about the operation of virtualization.

Overall, there are standard guidelines and best practices for the implementation of virtual networks. In most cases, they are similar or identical to those of physical networks. When the problem occurs is when people are still trying to tackle virtualization technology, and assume it is secure from the start. This is wrong - just like a physical IP network may be at risk if you do not have a good set-up and managed firewall or security equipment in place, a virtual network can be attacked in the same way .
An area of risk where security best practices is crucial cover how virtual machines are being migrated over the network. Companies that have implemented virtualization can usually reduce their windows of downtime and ensure business continuity by moving their virtual machines between physical hosts. This approach allows them to update or add more machines in RAM on a server, while users do not see any significant impact on their ability to work. For a data center with a large number of servers and maintain strict SLAs in place, it gives a higher level of availability and flexibility that might otherwise be achieved.

However, the process involved in moving the virtual machine is not explicitly protected or encrypted. The data of the virtual machine is visible on the network, and can be copied in transit - this is the traditional "man-in-the-middle" attack, but applied to a virtual machine. There are a number of guidelines on best practices to prevent this from affecting the data center, including encryption of data while in transit and / or blocking traffic to the virtual machine. This may involve the use of a VLAN that is separate from production data, up to deploy a completely separate physical network, network cards, cables and everything.

Following these procedures together can ensure that the virtual machine of an organization and data are safe. However, the reality is that these rules are simply the best practice any type of network you've established. Secondly, moving virtual machines tend to be maintained in the data center, rather than moved from site to site. Scenarios for disaster recovery, tools, data replication or SAN-to-SAN links are normally used instead of moving data from virtual machines. Anything that seriously deviates from those use cases should automatically raise a red flag for the security team.

Bearing this in mind offers better security for the data center, while also allowing the organization to benefit from greater flexibility in patch management and systems maintenance update that offers virtualization. This ease of patching in itself contributes to making the datacenter more secure, as an image of the virtual machine can be repaired and then cloned, rather than several individual machines to be updated. This reduces the length of time that is taken to update the systems, while making tests easier to deploy.

The second area of growth around virtualization and security has been in virtual machines. Instead of installing software or adding new appliances in their networks, organizations have a new choice for how to implement security features. Virtual appliances are stripped of virtual machines with the same functionality as a traditional physical device, but based in a virtual machine.

Because they can be locked by the vendor to the installation, the virtual machines may be operating safely and without the overhead of managing that software implementations can have. The device can be optimized for a particular purpose, improving performance and eliminating unnecessary materials.
Virtual appliances can provide the traditional benefits of server virtualization through security instead of having to implement another hardware unit or a physical server to host the software, it can be added to the existing farm virtual server. With virtualization, the amount of computing resources that can be given to applications can be adapted to the importance of this service. This consolidation also means that the number of hardware units required in the data center is reduced, leading to less power consumption. The data center has therefore additional savings on power and cooling, while being able to provide additional security.

Provide security services can also be facilitated by using virtualization. Rather than using a separate device physical security for each customer in a shared data center, which can lead to a significant overload of material, the use of virtual devices may instead offer a much more resources efficiently while providing customers a service dedicated to safety. For organizations implementing environments data center on behalf of their clients, this has reduced the amount of material required.

With the growing interest in virtualization, and the number of organizations deploying people like VMware and Citrix for server consolidation, there is necessarily an interest of malware authors attacking these environments. However, hypervisors are incredibly complex to develop for, so this presents a real barrier to entry when it comes to malware development. Secondly, the same kind of challenge facing providers of operating systems: When the potential uses are found, patches are developed and deployed. As in the traditional environment of physical safety, well-thought strategy for patch management should eliminate this as a problem for the operator of data center by working with their vendor hypervisor.

Even if you do not want to virtualize your applications security force, there are benefits to virtualization security for training and testing the network. Although all security solutions are available in a virtualized form, those can really help an organization to train staff and develop safety procedures for innovative management in a secure sandbox environment. For the manager of data center, which makes the planning and implementation of security much easier because it can be more focused on customer needs.

Virtualization is available in several different flavors, server, storage virtualization and desktop with applications. All have the ability to produce clear benefits, including reduced costs, better availability and faster deployment for enterprises.

Virtualization can provide significant benefits, provided that directors take appropriate precautions to implement their virtual networks. To round up and repeat, there is no compelling security argument for why an organization should not go ahead and virtualize their infrastructure.

By Richard W.

No comments:

Post a Comment