Selecting protection for a virtual infrastructure is like buying an anti-virus software product for Mac OS: Most people wonder why you are annoyed. However, as more and more IT companies migrate their servers to virtual machines and cloud-based environments, the issue of protecting these resources is gradually emerging and becoming more important.
but not just for cloud computing virtual machine (VM) simply install a firewall or anti-virus software so simple. The physical server is not designed to check and filter large amounts of data on a hypervisor running 10 virtual servers. Because virtual machines can initiate, notify, and migrate between different hypervisors by clicking a button, whatever action you choose must be able to handle them easily. In addition, as the number of virtual machines in the data center continues to increase, they are becoming increasingly difficult to interpret, manage, and protect. If unauthorized people gain access to the hypervisor, they can use the lack of control vulnerabilities to modify all of the virtual machines.
with the degree of virtualization enterprise servers and data center infrastructure deepening, they need professional technical protection measures to match. While the level of protection is still closely related to the depth and breadth of physical server protection products, fortunately, there are still countless industry players who are brave enough to meet this challenge.
protection type
virtual world currently no single, unified threat management tool; any virtual machine dedicated to product development companies in mind not only that a Protective products. These products can be roughly classified into four different functional categories:
Regulations and Auditing. This capability includes the ability to generate reports on different regulatory requirements, such as payment card initiative standards, and the ability to audit access and manage logs.
Intrusion Detection (IDS) and firewall features. These features are the first things that most people think of when considering virtual machine security issues.
Access control. This feature includes the ability to restrict users from aborting virtual machine operations and changing virtual machine health on any protected host. Some products have the ability to combine access control roles with Active Directory users to make policy deployment easier and easier.
Anti-virus /anti-malware protection. Similar to anti-virus tools in the physical world, these products also provide protection for applications in virtual machines.
Figure 1: Reflex Systems' Virtual Management Center has a very nice diagram that shows you how your virtual machines are distributed. When your mouse is over each icon, the relevant status information is displayed in the upper right corner of the screen.
Available virtual machine protection options
In the past year, the pace of mergers and acquisitions in the industry has gradually accelerated, while the main virtualization and security Vendors are trying to expand their products and integration products. VMware acquired Blue Lane Technologies and incorporated its software into its product vShield; Juniper Networks acquired Altor Networks, and Third Brigade is now part of Trend Micro's Deep Security product line. Of course, there are some other smaller companies of its kind.
Here is a list of typical virtual machine protection products:
- Beyond Trust Power Broker's Virtualization Server
- Catbird vSecurity
- CA Virtual Rights Manager
- Centrify Direct Authorization
- Fortinet FortiWeb Virtual Machine
- HyTrust Appliance
- Juniper/Altor Virtual Firewall
- Fine Cloud Computing
- Reflex System Virtualization Management Center
- Splunk Virtualization
- Third Brigade/Trend Micro Deep Security
- VMware /Blue Lane vShield product line
All of these products are protecting different parts of your virtual infrastructure, so there is no direct comparability between them. From the different mergers and acquisitions mentioned above, you can find that the virtual machine protection market is very dynamic, and there are a lot of variables.
Figure 2: Trend Micro's Deep Security has an active anti-intrusion board with alert summaries and event history.
When you are finally ready to purchase for a virtual machine-themed protection, please be sure to sort out and reach the following consensus with your supplier:
1. What needs to be protected? A specific version of the hypervisor? All of these products work with specific VMware hosts, while others are only compatible with newer versions (v4 or above). Some also cooperate with the Xen mainframe (and widely used, that is, the network services built into Xen and Amazon). There is currently no product that matches Microsoft's Hyper-V technology.
2. Do you need a proxy, if required, they are installed? Some products install agents on the hypervisor itself, so there is no need to install additional software in each virtual machine. Other products interact directly with the VMware interface, and there are still other products that require VMware's vMA or vShield add-ons. Since virtual machines can be paused and restarted frequently, the goal here is to provide instant protection against boot checks of traditional physical anti-virus products.
3. Can I report through the email manager? Will they implement decision-making measures based on those reports? Some products, if printed, can form a report like a phone book. This level of detail is often overwhelming and less practical. Other products do better, even your manager can easily understand. How
4. The level of detail of its policy control? Is the product easy to supplement existing strategies or completely create a new strategy? This is a basic functional requirement for these products, please make sure you are familiar with this information as this will ultimately determine the most time you spend on it.
5. Finally, what is the price? Each product has a complex pricing plan: some are charged based on virtual machines, seats, protected hosts or devices.