Java based applications can now be moved between not only a SpringSource TC-Server Java platform on VMware vSphere, but also between the same platform on VMForce, and now Google AppEngine. This level of support from VMware, Salesforce.com, and now Google is starting to make SpringSource look like the early leading technology for PaaS Clouds. This is a significant advance in the state of PaaS clouds as there were previously no examples that offered such broad support for one platform by such a diverse set of industry leaders. However as is always the case, platform advances have outstripped security, management and performance assurance capabilities.
Due to what I stated during GestaltIT’s TechFieldDay, I was invited with Bas Raayman and others to discuss Secure Multi-Tenancy (SMT) in more detail with Chuck Hollis at EMC World. In addition, during one of the Keynotes SMT was renamed from Secure Multi-Tenancy to Simple Multi-Tenancy. The current Cisco VMware Netapp solution is plainly not secure. During the TechFieldDay at Cisco, Cisco even claimed “we did not think about security” when designing the initial solution. Cisco is worried about Quality of Service, I.E. Bandwidth through out the system to the disk. Furthermore, their definition of ‘Tenant’ was quite a bit different than my own. So we should first start off by defining Tenant.
• • 0 Comments
I recently spoke at the InfoSec World 2010 Summit on Virtualization and Cloud Security and also attended the main conference sitting in on many Virtualization discussions. Perhaps it was the crowd, which was roughly 30-40% auditors. Perhaps it was the timing as SourceBoston was also going on, as well as CloudExpo in NY. But I was surprised to find that people are still ‘just starting’ to think about Virtualization Security. Since I think about this subject nearly every day, this was disappointing to me at best. I found ideas around virtualization security ranging from:
* Virtualization Security is not part of an architecture/design, what do I bolt on?
* My Physical Security will work
* Virtual Environments NEED More security than physical environments
* There are no new threats, so why have something more
* Security is a hindrance
the Cloud is increasingly being used to provide external security testing services (such as AVS, Application Vulnerability Scanning). The argument of the proponents of such services is that security threats come from the cloud, and thus it makes most sense to embed the AVS in the cloud. However after very detailed examination of the options we have come to the conclusion that the Cloud it isn’t necessarily the right answer for many enterprises, and that the AVS service may best be delivered inside the datacenter.
During the last Virtualization Security Podcast, our guest had to postpone so we discussed to several interesting topics all related to Digital Forensics and how encryption would best work within the virtual environment. Our very own Michael Berman, in a previous life was a forensic investigator and had some great insights into the problem of digital forensic within the virtual environment.
Since coming out with VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment, I have continued to consider aspects of Digital Forensics and how current methodologies would be impacted by the cloud. My use case for this is 40,000 VMs with 512 Servers and roughly 1000 tenants. What I would consider a medium size fully functioning cloud built upon virtualization technology where the environment is agile. The cloud would furthermore contain roughly 64TBs of disk across multiple storage technologies and 48TBs of memory. Now if you do not think this exists today, you were not at VMworld 2009, where such a monster was the datacenter for the entire show and existed just as you came down the escalators to the keynote session.
• • 3 Comments
Virtualization Security vendors are starting to seriously investigate the possibilities of the various introspection APIs available to the hypervisors. Introspection APIs allow security groups to now investigate the security of a virtual network, virtual machine, and other components from without. In other words, why rely on an agent within the VM to protect your network, virtual machine, or components. Instead, we can use these APIs to peer into these components from without the system to be tested.
Security baselines and security health checks are an important part of any modern day infrastructure. These checks are done periodically throughout the year, usually ever quarter. In my opinion this is a good thing to check and make sure your security settings are following the guidelines that the company has set out to achieve. Here is where I do have a problem. When setting up the guidelines for the different technologies in your infrastructure it would make the most sense that the people establishing the guidelines need to fully understand the technology they are working with. After all, would you really want the midrange or mainframe group to write the policies and guidelines for the Microsoft Windows Servers in your environment?
On the most recent Virtualization Security Podcast, the panel was joined by VMware’s Charu Chaubal to discuss the latest draft of the VMware vSphere hardening guide.