Securing yourVirtualized Datacenter
Charu Chaubal
Senior Architect, Technical Marketing
6 November, 2008
Agenda
VMware Virtualization Technology
How Virtualization Affects Datacenter Security
Keys to a Secure Deployment
The Future of Datacenter Security
VMWARE VIRTUALIZATIONTECHNOLOGY
Securing your Virtualized Datacenter
Hosted Virtualization vs. Bare Metal Virtualization
Hosted Virtualization Bare-Metal Virtualization
VMware WorkstationVMware ServerVMware Player
VMware ESX ServerHost OSchanges securityprofile
Host OSchanges securityprofile
Guest VM can be trusted
Guest VM not necessarily
trusted
Isolation by design
5
ESX Hypervisor: Robust, Reliable Foundation
MSFT / Xen Architecture VMware Architecture
� Thin Custom Kernel� Direct driver model� VM-optimized drivers� Higher I/O throughput
� Large general-purpose OS� Indirect driver model� Generic drivers� I/O degradation under load
Drivers Drivers
Virtual Machine
Virtual Machine
Drivers Drivers
Virtual Machine
Virtual Machine
Drivers
Virtual Machine
Drivers
Virtual Machine
Drivers
Improving Security of the Platform
VMware ESXiCompact 32MB footprint
Fewer patches
Smaller attack surface
Absence of general-purpose management OS
No arbitrary code running on serverNot susceptible to common threatsOnly OS-independent design focused on virtualization
ESXi
Improving Security of the Platform
Harden Platform Services (2009)
Integrity on DiskTPM (Trusted Platform Module) supportCode & driver signing
Integrity in MemoryMemory Protection
VMware: Proven and Trusted
Thousands of customers in production
Passed security audit and put into production use by largest banks in the US
Passed Defense and Security Agencies scrutiny and audit
9
Independently validated
Common Criteria Certification EAL (Evaluation Assurance Level)
CC EAL 4+ certificationhttp://www.cse-cst.gc.ca/services/ccs/vmware-e.html
Highest recognized level
VMware Technologychosen as basis forNSA VirtualizedWorkstation
10
HOW VIRTUALIZATION AFFECTSDATACENTER SECURITY
Securing your Virtualized Datacenter
How Virtualization Affects Datacenter Security
12
How Virtualization Affects Datacenter Security
13
Biggest Security Risk: Misconfiguration
Neil MacDonald – “How To Securely Implement Virtualization”
“Like their physical counterparts, most security vulnerabilities will be introduced through misconfiguration and mismanagement”
What not to worry about
KEYS TO A SECUREVIRTUALIZED DEPLOYMENT
Securing your Virtualized Datacenter
Securing Virtual Machines
Host
Anti-Virus
Patch Management
Network
Intrusion Detection/Prevention (IDS/IPS)
Edge
Firewalls
17
Provide Same Protection as for Physical Servers
Secure Design for Virtualization Layer
18
Fundamental Design Principles• Isolate all management
networks• Disable all unneeded services• Tightly regulate all
administrative access
Enforce Strong Access Controls
Security Principle
Implementation in VI
Least Privileges
Roles with only required privileges
Separation of Duties
Roles applied only to required objects
19
Administrator
Operator
UserAnne
Harry
Joe
Maintain Strict Administrative Controls
Requirement Example Products
Configuration management, monitoring, auditing
Tripwire Enterprise for VMware ESXNetIQ Secure Configuration ManagerConfiguresoft ECM for Virtualization
Track and Manage VM Lifecycle
VMware Lifecycle ManagerVMware Stage Manager
Updating of offline VMs VMware Update ManagerShavlik NetChk Protect
Virtual network security CheckpointReflexThird Brigade
20
Diverse and growing ecosystem of products to help provide secure VMware Infrastructure
Security Advantages of Virtualization
Ease of maintenance
Test patches on multiple configurations in contained environment before rolling them out
Use snapshots to save the known good state of a virtual machine before trying out something risky
Production VM can be cloned and then modified off-line while the original one still runs.
Updated VMs can be brought up in parallel with the previous version
Both can be kept running as long as necessary to validate the new configuration
21
Security Advantages of Virtualization
Protect against attack of misconfiguration or attack
Ease of recovery
restoring it from last known good backup
patch in isolation before putting online
Ability to do forensics
Bring up hacked VM in isolation
22
Publish or Retract
Audit Usage
Retain
Dispose
Request for VM
Provisioning
Delete
Archive
Monitor & Adjust
Resources
Power-On or Suspend
Route for Audit/
Approval
Deploy from
Template
Create Approve
Request Document
Security Advantages of Virtualization
BetterLifecycleControls
BetterLifecycleControls
THE FUTURE OFDATACENTER SECURITY
Securing your Virtualized Datacenter
24
VMsafe™ Enables Application Protection
VMsafe API and Partner ProgramProtect the VM by inspection of virtual components (CPU, Memory, Network and Storage)
Run outside the VM
Complete integration and awareness of VMotion, Storage VMotion, HA, etc.
Fundamentally changes protection available for VMs running on VMware Infrastructure vs. physical machines
Provides an unprecedented level of security – “Virtual is more secure than Real”
ESX
VMsafe
ESX with VMsafe
http://vmware.com/go/vmsafe
VMsafe: Broad Security Industry Support
26
Enterprise to SMB
End-points to Gateways
Anti-Virus to IPS
Networks to Host
Audit to Patching
And Anywhere in between…
Virtual Datacenter OS: Security vService
App-specific security policies hard or impossible to set without interior visibility
Static, HW appliances cannot be dynamically re-configured based on topology changes
Fixed-capacity appliances forces over-provisioning
IIS #1
IIS #2
TomcatApp Server
OracleLoad BalancerFirewall Firewall
Before VDC-OS
After VDC-OS
Application topology and protocol awareness allows for dynamic security based on logical boundariesDynamic capacity and rerouting based on load balancing and power managementSecurity policies auto-adapt to network reconfiguration or upgrades to 3rd-party virtual networking, e.g Nexus 1000V
Where to Learn More
SecurityHardening Best Practices
Implementation Guidelineshttp://vmware.com/go/security
CompliancePartner Solutions
Advice and Recommendations
http://vmware.com/go/compliance