Virtualization's Promise And Problems
Posted by
Charles Babcock
May 16, 2008
Challenges posed by desktop virtualization and server I/O will be resolved as virtualization works its way into the computing fabric of the enterprise. But as it spreads, virtual security becomes increasingly important since intruders could find a way to leap from a VM they infiltrate to the hypervisor itself, opening up sensitive data, message traffic, and the resources of the whole system to an attack.
Core Security Technologies, a network security software company, showed how this could happen in its lab earlier this year. VMware client virtualization software, including VMware Player, VMware ACE, and VMware Workstation, has a Shared Folder feature that lets it write to a file on the host's operating system, where other clients can share its contents. Under some circumstances, the shared folder could be used to plant a virus or Trojan program on the host's operating system, Core Security engineers said. VMware issued a critical security advisory to customers after the exposure was aired.
NETWORK VIRTUALIZATION has had significant success in the enterprise and is unlikely to change much over the next 10 years.
DESKTOP VIRTUALIZATION is in early stages of development but is growing quickly; will mature into next phase of adoption over the next three years.
HYPERVISORS from VMware, Citrix Systems, and Microsoft, along with versions from Sun and Oracle, are doing well and will evolve into a more advanced stage over the next three years.
VIRTUAL APPLIANCES have caught on as a way for vendors to ship trial software but are only slowly being adopted as a means of implementing new apps in the enterprise. They should make progress in that direction over the next three to five years.
Data: Forrester Research's TechRadar: Infrastructure Virtualization, Q2 2008, by Galen Schreck
Apani is working on making the EpiForce approach available dynamically so that VMs would be assigned to the appropriate security zone as they're created, says George Tehrani, the company's senior technology director. VMware's VMsafe API lets Apani give the Virtual Infrastructure 3 console the ability to assign EpiForce security policies and update them along with its other management functions, he says. VMsafe "will unify the management console, resulting in both time and cost savings" in administering virtual machines, he says. Instead of having an Infrastructure 3 console and a security console, all functions will be managed through Infrastructure 3.
VMware's security API makes sense, says Bruce McCorkendale, a distinguished engineer at Symantec, which is using the VMsafe API to extend its products to VMs. Building security products that monitor the hypervisor gives security software makers "a higher privilege perspective" than the intruders they're watching out for, he says. The corporate network is relatively flat in terms of privilege: Anyone who can assume or spoof a server administrator's role has a chance to get in. The hypervisor perspective is more like that of the watchman in the tower: He can see others before they see him.
Page: « Previous Page | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | Next Page »
