Best practices for controlling and managing virtual machines

December 17, 2008, 10:12 PM — This is the final segment of a three part article that looks at the impact of server virtualization on data center management, security and compliance and suggests best practices to control and manage the virtual data center.

Compliance and governance risk

The differences between physical and virtual servers can compromise existing control systems and processes while at the same time the traditional data center management tools are not effective in this space.

This lack of control combined is compounded by the lack effective management tools from the virtualization platform vendors, making tracking, visibility and reporting difficult, while the inherent mobility of virtual machines (VMs) can inadvertently contravene compliance regulations.

All of which, combined with the prevalence of manual process and activity, makes this environment difficult to audit and introduces new compliance and governance risk into the datacenter.

Security Risk

Server virtualization also introduces new security risks into the datacenter with all the configuration and patching issues that this brings. This is a relatively immature technology and vulnerabilities are continually found. These vulnerabilities are usually quickly fixed, but should be monitored and tracked.

The hypervisor is also a new target for attackers, both directly, as well as through potential guest breakouts (where someone breaks out of the guest OS into the hypervisor). The subversion of a hypervisor, referred to as “Hyperjacking”, would lead to a compromised platform, allowing full access to all hosted guests. Malicious software could also disguise its presence from traditional security tools that reside in software layers above the hypervisor. There have been no proven attacks in the wild yet, but it is only a matter of time.

Existing security systems, like the traditional management systems do not work well in the virtual space and server sprawl is a proven danger. Virtual sprawl increases complexity and decreases visibility making auditing difficult and creating pockets of risk.

The Risk Profile

Fortunately, for datacenter security, most folks are just starting out down the virtualization path and have a relatively low risk profile: small populations and limited application sets that are deep within the datacenter, safe from direct attack, with no real visible threats and little evidence of sprawl.