Virtual server policy is key to mitigating systems vulnerabilities

Indeed, there already has been a lot of press concerning the threats represented by the spread of virtualized devices. You can count on a lot more as pundits, vendors and the media crank up the panic rhetoric. As a result, new products targeted at the spread of virtualization, its management and application are flooding the market. Let's examine virtualization fears that may be justified.

More on virtualization in the data center: Managing server virtualization complexity Data center consolidation, virtualization: Ultra-dense server deployments  Virtualization in the data center fast guide

Virtualization layers pose concern
There is no doubt that some potential pitfalls exist in the implementation of virtual servers. The virtualization layer is, in reality, another operating system. And, as such, it is vulnerable to attacks. Furthermore, virtualization in the data center (except for mainframes) is relatively new. This means it has not been subjected to and hardened against serious attacks. However, vendors are aware of the potential problem and are working hard to identify and harden their products.

Common sense tells data center managers to monitor and attentively manage vendor alerts, warnings and updates. Care will have to be taken to assure the integrity and robustness of the partitioning and separation protecting user space. At risk is an attack against the host operating system by the client operating system. Again, the vendors are working here to build internal protections (e.g. software firewalls.) There are other specialized attacks to worry about, but we feel the real threat comes from another source.

Nothing like the real thing . . . for security
The biggest threat of virtual servers comes from their most significant advantage. Because they are not physical machines, they cannot be secured the same way. Asset tracking, maintenance, configuration control, security and compliance all require special consideration, handling and processes.

Virtual device operational and compliance management is multi-faceted. Some aspects are traditional, such as management of the actual virtualization process, while others are new. For example, virtualization requires management to assure detailed configuration tracking of virtual machines that may have been removed from service. VMs may need protection against re-infection by activation of a long-ago retired virtual machine whose inheritance line was infected with a serious virus.

Understanding and managing virtual servers
This all sounds serious -- and it is. But data center operations can take steps to prepare, protect and manage its obligations with respect to virtual servers. First and foremost, understand the current state of virtualization in your data center. How many virtual servers are in your environment? How they are being used/maintained/operated, etc.

Think about and prepare policies and supporting processes for authorizing, creating, maintaining, configuring, provisioning, tracking, retiring and re-activating virtualized servers. Outline how long should a virtual server operate, under what conditions is it retired, who is responsible for enforcing the policy, where and how do you retain configuration and provisioning records on retired machines for compliance, for example. Furthermore, what are the compliance requirements for virtualized servers?

Lastly, start learning about the issues for managing virtualized servers not simply for operational issues like performance, priority, configuration, etc. but review and understand the issues we've just discussed. Of course, you should look to your major vendor partners like IBM, VMware, BMC, etc but don't forget emerging players like Embotics Corporation (www.embotics.com). They offer a portfolio of solutions to maintain oversight and manage operation of VMs as well as providing thought leadership about the problems around retiring VMs.

Comments? Questions? Disagreements? Corrections? Send your thoughts and comments to Richard Ptak

ABOUT THE AUTHOR: Richard Ptak is an analyst with Ptak, Noel & Associates. He has over 30 years experience in systems product management.

Rate this Tip To rate tips, you must be a member of SearchDataCenter.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Data center server virtualization The role of virtualization in data center disaster recovery The green data center 2.0: Beyond best practices Data center cooling optimization in the virtualized-server world HP taps Scalent to virtualize I/O on c-Class blades Sun signs Dell as Solaris reseller and launches xVM Cisco, VMware collaborate on VFrame Data Center Solaris upgrade continues Sun's push among Linux users Capacity planning for virtual servers: New risks, new tools Server virtualization: Virtual disaster recovery takes hold Microsoft: Can it stand up to the challenge of virtualization? Systems Management Tips Use Nagios to trend and troubleshoot performance issues Saving money on the mainframe in tough economic times Is effective performance management in the data center possible? Third-party software vendors and the new IBM z10 technology Unix admin tutorial: How much memory is in this machine? Mainframe vulnerabilities: Be proactive rather than reactive The Unix year 2038 problem Mainframes playing catch up: Open source advantages surpass traditional programming The role of virtualization in data center disaster recovery IPMI Tutorial: Are you using it? Do you know how? RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.