Virtualization White Paper

Cloud Security

The rapid rise in popularity of the computing model which has become known as "Cloud Computing" has created all sorts of challenges for Information Security professionals.  These challenges need to be addressed by organizations as soon as possible because this Cloud initiative is only gaining in momentum.

There are currently over 12 million servers running in datacenters across the world. The past 5 year growth rate shows a doubling of the server count and quadrupling of power consumption requirements yet server utilization continues to hover around its historic rate of 15%. Organizations looking to streamline their Information Technology operations will continue to seek the efficiencies provided by the Cloud computing model.         

There is a general lack of understanding of the technology due to many different cloud taxonomies and definitions being circulated by vendors and IT organizations.  It is a fairly generic term and frequently misused to refer to any service that is Internet accessible.  The National Institute of Standards and Technology (NIST) is already on its 15th revision of the definition of the term Cloud Computing and currently defines it as:

" Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."

Once the cloud computing concept is fully grasped by IT departments, they face the immense challenge of trying secure and safeguard data that exists in environments they have visibility into.  Surveys of IT shops reveal their biggest challenge by far is dealing with security issues created by the cloud model.  Security challenges far outpace those from the areas of Performance, Cost, Integration, and Reliability. 

The most common service delivery model is referred to as the SDI model (Software, Platform, & Infrastructure as a Service).  Some examples of each are below.

SaaS - (least amount of visibility and control)

SalesForce.com

SQL Azure

Concur

PaaS

Windor Azure

Google Apps

IaaS - (most amount of visibility & control)

Windows Azure Storage

Amazon EC2

Amazon S3

Rackspace Cloud

In the Infrastructure as a Service model  security is primarily managed by the developers writing the applications that are hosted on the infrastructure.  It is the most flexible of the models and easiest to secure because the vendor has to be trusted only with full control of only the physical security domain and minimal control of the other security domain areas.

Another challenge is trying to apply traditional security controls in a dynamic environment where the infrastructure, personnel, and security standard can change without the customer's knowledge.

Hyper-V

This month’s featured Virtualization White Paper covers Microsoft’s hypervisor-based server virtualization technology called Hyper-V.  The best thing about this hypervisor is that it if free assuming your organization already runs Windows Server 2008.  Hyper-V installs as a role in Windows Server 2008 and offers flexible licensing policies for customers.  Take full advantage of your investment in your computer hardware by consolidating multiple servers as separate virtual machines running on a single 64 bit Hyper-V physical server.  The guest operating systems don’t have to be Windows based.  Linux, Mac, and others Operating Systems are fully supported.

A Virtualization White Paper would not be complete without a examining the architecture.  Hyper-V was designed to be a highly secure Virtual Server with a thin micro-kernel hypervisor that has a minimal attack surface.  It comes available as a Server Core role which is the most secure hypervisor option.  The virtualization stack runs on the parent partition which must run Windows Server 2008 and has direct access to hardware devices.

Management of Hyper-V is a breeze with its integration with Microsoft’s System Center.  This allows customers to easily integrate it into their existing management tools console to perform virtualization administration.  Hyper-V is integrated with the Server Manager UI by default.  Migrating VM’s can be done with ease.  Hyper-V allows you to move running virtual machines around different host servers with minimal downtime.  Hyper-V is also cluster aware so all VMs running on a single host can be failed over to another host in the event of a host server failure.

A powerful feature of Microsoft’s latest Virtual Server is the ability to take snapshot backups of running VMs by integrating with Windows Server 2008’s Volume Shadow Copy Services.  This provides incredible flexibility for Release Management in development and test environments.  If you need to modify the size of your virtual machines, Hyper-V includes tools to compact, expand, and inspect VHD files.

Overall performance has improved about 25% over its predecessor Virtual Server 2005 R2.  This is mostly attributable to the new support for virtual SCSI controllers.  This new functionality enables broader disk support as well.  Virtual machine guests can use up to 64 GB of memory which allows for new server roles to be virtualized.   Hyper-V supports up to 64GB of memory per virtual machine

Please visit again to read the latest virtualization white paper covered on this site.  The next feature will be on AMD virtualization.

If you need custom software development check out Bespoke Software Development for all of your custom application needs.