Wednesday,  Aug 25th,  2010
Good News for Securing the Cloud

Securing virtualized cloud systems has traditionally been challenging.  It is crucial to secure not only the virtual servers but the infrastructure in which they reside.  Traditionally external devices such as firewalls, IDS/IPS, access control, monitoring and other systems have been used to combat external threats. These are good at securing the LAN infrastructure and can be an effective barrier even when deployed to protect elements such as virtual switches, virtual I/O  directors (such as Xsigo’s) and SAN infrastructure.  However there’s a greater challenge in securing the virtual host systems themselves. 

These virtualized server environments are typically difficult to secure because the host cannot even see threats that come from outside over virtual LANs.  Protecting virtual machines from their most immediate neighbors is paramount and failure to do so can create serious consequences.  Inadequate virtual host security can result in the spread of computer viruses, theft of data, denial of service, regulatory compliance conflicts or other harmful situations. 

Fortunately, there are virtual host security solutions available both from a variety of sources including VMware and its technology partners.  Some partners can supply both external appliances (used for firewalling, IDS and monitoring, etc.) and host-based software solutions that run on the host directly.

In addition, VMware itself is about to release two new modules, (currently in beta test) which will provide protection for virtualized host systems:

  •  vShield App 1.0 dynamically protects applications within the virtual data center from internal threats
  •  vShield Edge 1.0 provides a set of perimeter services akin to a DMZ, protecting a customer virtual datacenter or organization

These modules deliver quite a powerful solution in that they supply a stateful firewall, with deep packet inspection and a dedicated network security gateway for the virtual data center. In addition to firewall services the two modules together provide load-balancing and a variety of other configuration services such as NAT.  And, they are cost effective since they do not require external hardware.

These virtual host security modules are yet another layer of security needed for securing these complex environments. They can effectively complement external systems and provide  significant improvements in securing the virtual host systems in the cloud.

12:06 pm: integrationpartners1 note

[xsigo] [vmware] [network security] [virtualization]

Notes
  1. integrationpartners posted this

Previous Post | Next Post