Was looking for something else on YouTube and I came across several interesting videos on virtualization. Specificly what Sun is doing with virtualization. This video shows how Sun Microsystems' technologies let you virtualize your datacenters.
Dr. James Baty, Chief Technology Officer with Sun Microsystems, discusses the challenges and approaches to addressing a virtualization strategy.
-- Frank
As the IT world is moving at a rapid pace toward some level of virtualization we, as solution architects, must not forget the basics that we have learned to protect our computing resources. All of the same principles still apply if we are deploying single systems or a virtualized environment with several different guest operating systems.
Over the past few weeks I have undertaken a "homework assignment" to become more familiar with Sun xVM Server technology. I have gotten my hands on an AMD based Sun Fire X4200 Server with two internal 73 GB disks. Once I fired up the system I quickly noticed that the BIOS, ILOM, and hardware controller firmware levels were several revisions back from the current release. In the case of the ILOM it lacked some of the functionally I was familiar with from a previous project. I upgraded the BIOS, ILOM, and hardware controller firmware via the ILOM's web interface. It was much easier than I thought it would be. The required files were downloaded from the Sun Download Site on Sun.com. This exercise got me thinking about security in the virtualized world.
Just because we would architect a solution at a "higher" level, a virtual level, we must be as vigilant as we would with a single system. We must still be concerned with the basics. I have noted several basic housekeeping tasks that can serve as a starting point to keep your virtualized environment a little more secure.
Secure the ILOM with an alternate unique set of user names and passwords. Set strong passwords that include numbers, symbols, upper and lower case characters. If deploying into a large environment integrate into the existing LDAP naming infrastructure for authorization to the ILOM.
Connect the ILOM to a private management network used for functions such as system administration, device management, and backup.
Physically secure the systems in a locked data center quality environment.
Secure passwords on the guest operating environments as if they are standalone systems. Avoid using generic, default and well know account names for administration functions.
Use virus protection and firewalls as if they are individual systems.
Use caution when connecting to networks and SANS.
Continue to implement SAN Security.
Patch the base hypervisor platform and guest operating environments as needed. This may require a controlled patch process. Patch them as if they are individual systems or a whole sale replacement of the guest environment which include the newly applied patches.
Implement hypervisor and guest operating environment best practices for hardening.
Adjust your corporate security policy as needed to accommodate virtualization technologies being deployed in your specific environments.
This is an active work in progress. Please check back for more details.
-- Frank
This blog copyright 2009 by FrankWickham
