1 / 12

Securing and Administering Virtual Machines

Securing and Administering Virtual Machines. George Manley and Yang He. What is a Virtual Machine?. Guest OS sitting on top of hypervisor which is on top of physical machine Able to be moved around between different physical machines Can share physical resources with other virtual machines.

justus
Download Presentation

Securing and Administering Virtual Machines

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Securing and Administering Virtual Machines George Manley and Yang He

  2. What is a Virtual Machine? • Guest OS sitting on top of hypervisor which is on top of physical machine • Able to be moved around between different physical machines • Can share physical resources with other virtual machines

  3. Basics of Securing a Virtual Machine • For the most part the security procedures of a virtual machine is the same as that of a physical machine • This is because the virtual and physical machines both run the exact same operating systems • Only main difference is the level of abstraction which is typically filled by the hypervisor

  4. Problems with VM Security • Overall there have not been a lot of major issues with companies transitioning to virtual machines • One of the major known security risks is the threat of someone maliciously accessing the hypervisor

  5. New Problems that VM’s present • Software Licensing • Software Lifecycle and physical machine upgrades • If only one OS on a physical machine, there’s only that one OS to worry about with the machine’s lifecycle • If multiple OS’s on a physical machine, and hypervisor must be updated, all OS’s must be considered

  6. Similarities of administering VM’s to traditional physical machines • Configuration Guides and all documentation for OS is essentially the same • Monitoring is the same for the OS • All typical day-to-day administration tasks are the same • Security of the OS is the same

  7. New things to administer • They hypervisor • Multiple OS’s on one system • Managing resources of the physical system • All VM’s share the same hardware • Hypervisor takes care of much of this

  8. More VM administration • Networking • Typically done now with VLAN’s • Storage • Typically this is virtualized on the root disks • Can also be virtualized on SAN storage

  9. Benefits of Virtualization • Delegating Management • Guest OS independence • Each OS installed over the hypervisor is a guest OS • These are completely independent of each other • Able to get the most of out of your resources • Testing

  10. What’s currently not being virtualized • Here at Clemson, we typically don’t virtualize san storage for boot devices • The only exception to this is AIM (Coming in a later slide) • Currently the only network virtualization is through the use of VLAN’s • The future of this is limitless though the use of Openflow

  11. Future of Virtualization- AIM • Every aspect of the environment can be virtualized • Used by lots of companies worldwide • OS is built on a persona • Persona can then be moved back and forth between different bare metal machines as well as different virtual machines automatically in only a matter of minutes

  12. Conclusion • Security • Very few differences between a native OS installed on a physical machine. Hypervisor is only major security difference • Administration • Administration of the OS will be the same • Only new administration tasks will be administering the hypervisor and more closely managing hardware resources

More Related