12
S Securing and Administering Virtual Machines George Manley and Yang He

Securing and Administering Virtual Machines

  • Upload
    justus

  • View
    38

  • Download
    0

Embed Size (px)

DESCRIPTION

Securing and Administering Virtual Machines. George Manley and Yang He. What is a Virtual Machine?. Guest OS sitting on top of hypervisor which is on top of physical machine Able to be moved around between different physical machines Can share physical resources with other virtual machines. - PowerPoint PPT Presentation

Citation preview

Page 1: Securing and Administering Virtual Machines

S

Securing and Administering Virtual

Machines

George Manley and Yang He

Page 2: Securing and Administering Virtual Machines

What is a Virtual Machine?

Guest OS sitting on top of hypervisor which is on top of physical machine

Able to be moved around between different physical machines

Can share physical resources with other virtual machines

Page 3: Securing and Administering Virtual Machines

Basics of Securing a Virtual Machine

For the most part the security procedures of a virtual machine is the same as that of a physical machine

This is because the virtual and physical machines both run the exact same operating systems

Only main difference is the level of abstraction which is typically filled by the hypervisor

Page 4: Securing and Administering Virtual Machines

Problems with VM Security

Overall there have not been a lot of major issues with companies transitioning to virtual machines

One of the major known security risks is the threat of someone maliciously accessing the hypervisor

Page 5: Securing and Administering Virtual Machines

New Problems that VM’s present

Software Licensing Software Lifecycle and physical machine upgrades

If only one OS on a physical machine, there’s only that one OS to worry about with the machine’s lifecycle

If multiple OS’s on a physical machine, and hypervisor must be updated, all OS’s must be considered

Page 6: Securing and Administering Virtual Machines

Similarities of administering VM’s to

traditional physical machines

Configuration Guides and all documentation for OS is essentially the same

Monitoring is the same for the OS All typical day-to-day administration tasks are the

same Security of the OS is the same

Page 7: Securing and Administering Virtual Machines

New things to administer

They hypervisor Multiple OS’s on one system

Managing resources of the physical system All VM’s share the same hardware Hypervisor takes care of much of this

Page 8: Securing and Administering Virtual Machines

More VM administration

Networking Typically done now with VLAN’s

Storage Typically this is virtualized on the root disks Can also be virtualized on SAN storage

Page 9: Securing and Administering Virtual Machines

Benefits of Virtualization

Delegating Management Guest OS independence

Each OS installed over the hypervisor is a guest OS These are completely independent of each other

Able to get the most of out of your resources Testing

Page 10: Securing and Administering Virtual Machines

What’s currently not being virtualized

Here at Clemson, we typically don’t virtualize san storage for boot devices The only exception to this is AIM (Coming in a later

slide) Currently the only network virtualization is

through the use of VLAN’s The future of this is limitless though the use of

Openflow

Page 11: Securing and Administering Virtual Machines

Future of Virtualization- AIM

Every aspect of the environment can be virtualized

Used by lots of companies worldwide OS is built on a persona Persona can then be moved back and forth

between different bare metal machines as well as different virtual machines automatically in only a matter of minutes

Page 12: Securing and Administering Virtual Machines

Conclusion

Security Very few differences between a native OS installed

on a physical machine. Hypervisor is only major security difference

Administration Administration of the OS will be the same Only new administration tasks will be administering

the hypervisor and more closely managing hardware resources