Encryption is important, encryption within a VM even more important. But the question is how to do this securely without allowing the encryption keys to be seen by an administrator of the virtual environment and that supports vMotion or LiveMigration. The solution is per VM encrypted memory, but something more robust that makes use of hardware, out of band key exchange, and supports vMotion or LiveMigration.
During the Virtualization Security Podcast on 7/8, Vizioncore’s Thomas Bryant joined us to discuss the state of virtualization backup security and forensic use of such backups. In the world of virtualization, backups are performed mostly by 4 distinct vendors: VMware Data Recovery (VDR) and VMware Consolidated Backup (VCB), Vizioncore vRanger, Veeam, and PHD Virtual Backup for vSphere. Each of these provide the most basic of security capabilities:
* Encrypted tunnels for data movement (SSL)
* Encryption of the backup
But in the increasing global nature of businesses and the difference in privacy laws between townships, states, and the need for Secure Multi-Tenancy, backup companies fall short with their products while making it increasing harder to use backups as a source of forensically sound data.
The panel of the Virtualization Security Podcast on 5/27/2010 was joined by an attorney specializing in the Internet space. David Snead spoke at InfoSec and made it clear that there was more to secure multi-tenancy than one would imagine. The first question was “how would you define tenant?” which I believe is core to the discussion of SMT as without definitions we have no method of communicating. Before we get to David’s response, we should realize that nearly every one has their own definition of Tenant for a multi-tenant solution.
Due to what I stated during GestaltIT’s TechFieldDay, I was invited with Bas Raayman and others to discuss Secure Multi-Tenancy (SMT) in more detail with Chuck Hollis at EMC World. In addition, during one of the Keynotes SMT was renamed from Secure Multi-Tenancy to Simple Multi-Tenancy. The current Cisco VMware Netapp solution is plainly not secure. During the TechFieldDay at Cisco, Cisco even claimed “we did not think about security” when designing the initial solution. Cisco is worried about Quality of Service, I.E. Bandwidth through out the system to the disk. Furthermore, their definition of ‘Tenant’ was quite a bit different than my own. So we should first start off by defining Tenant.
I participated in GestaltIT’s TechFieldDay which is a sort of inverse conference, where the bloggers and independent analysts go to the vendors and then discuss the information they have received. We visited the following virtualization vendors:
* vKernel where we were introduced to their Predictive Capacity Planning tools
* EMC where we discussed integration of storage into the virtualization management tools as well as other hypervisor integrations
* Cisco where CVN and CVE were discussed in detail.
Cloud Computing ...
• • 0 Comments
The Cisco-VMware-NetApp (CVN) was discussed on the Virtualization Security Podcast as it pertains to Secure Multi-Tenancy (SMT). This is a major concern that was also discussed at RSA Conference 2010 within the Cloud Security Alliance Summit. The question still remains how to achieve this goal however. CVN is a very good start, but as we discussed on the podcast is missing some key elements.