Upload
justus
View
38
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Securing and Administering Virtual Machines. George Manley and Yang He. What is a Virtual Machine?. Guest OS sitting on top of hypervisor which is on top of physical machine Able to be moved around between different physical machines Can share physical resources with other virtual machines. - PowerPoint PPT Presentation
Citation preview
S
Securing and Administering Virtual
Machines
George Manley and Yang He
What is a Virtual Machine?
Guest OS sitting on top of hypervisor which is on top of physical machine
Able to be moved around between different physical machines
Can share physical resources with other virtual machines
Basics of Securing a Virtual Machine
For the most part the security procedures of a virtual machine is the same as that of a physical machine
This is because the virtual and physical machines both run the exact same operating systems
Only main difference is the level of abstraction which is typically filled by the hypervisor
Problems with VM Security
Overall there have not been a lot of major issues with companies transitioning to virtual machines
One of the major known security risks is the threat of someone maliciously accessing the hypervisor
New Problems that VM’s present
Software Licensing Software Lifecycle and physical machine upgrades
If only one OS on a physical machine, there’s only that one OS to worry about with the machine’s lifecycle
If multiple OS’s on a physical machine, and hypervisor must be updated, all OS’s must be considered
Similarities of administering VM’s to
traditional physical machines
Configuration Guides and all documentation for OS is essentially the same
Monitoring is the same for the OS All typical day-to-day administration tasks are the
same Security of the OS is the same
New things to administer
They hypervisor Multiple OS’s on one system
Managing resources of the physical system All VM’s share the same hardware Hypervisor takes care of much of this
More VM administration
Networking Typically done now with VLAN’s
Storage Typically this is virtualized on the root disks Can also be virtualized on SAN storage
Benefits of Virtualization
Delegating Management Guest OS independence
Each OS installed over the hypervisor is a guest OS These are completely independent of each other
Able to get the most of out of your resources Testing
What’s currently not being virtualized
Here at Clemson, we typically don’t virtualize san storage for boot devices The only exception to this is AIM (Coming in a later
slide) Currently the only network virtualization is
through the use of VLAN’s The future of this is limitless though the use of
Openflow
Future of Virtualization- AIM
Every aspect of the environment can be virtualized
Used by lots of companies worldwide OS is built on a persona Persona can then be moved back and forth
between different bare metal machines as well as different virtual machines automatically in only a matter of minutes
Conclusion
Security Very few differences between a native OS installed
on a physical machine. Hypervisor is only major security difference
Administration Administration of the OS will be the same Only new administration tasks will be administering
the hypervisor and more closely managing hardware resources