Sum Of All Virtual Fears: Page 3 of 10

Continue Reading This Story...

IMAGES View image gallery >>	RELATED LINKS Will Citrix OS Streaming Deliver Vista Or Linux? Review: Blue Lane VirtualShield NWC's Virtualization Immersion Center

Firm Foundation

To weigh theoretical risks as well as where new applications of old attack points are feasible, you need to understand the underlying design of virtualized hosts.
Virtualization creates an abstraction layer separating guest OSes from underlying hardware, enabling multiple VMs to be hosted on a single server. Virtual machines may rely on trim hypervisors using small, privileged code bases as the foundation for this abstraction; the strength of this approach is that performance of hosted apps can reach near-native levels. Products targeting the enterprise server market, including VMware ESX, Intel VPro, Virtual Iron and XenEnterprise, favor a hypervisor design.
Alternately, desktop VMs and Microsoft's virtual server offerings use a traditional "fat OS" model, where guest VMs ride atop full-fledged hosting OSes.

While hypervisors provide optimized performance and a reduced attack surface, they also bring new vulnerabilities to the party and so need to have security baked in from the beginning rather than added as an afterthought. The million-dollar question here: Is it safer to rely on the open-source community to vet and test Xen, or are VMware and other vendors of proprietary hypervisors the best path to secure hosts?

"From what I've seen, VMware's QA is pretty darn good," Shipley says. "They look like rock stars compared with many other companies. How many patches has Oracle come out with this year? I lost track as they approached triple digits."