Server virtualization requires fewer hardware resources to run multiple applications and operating systems, allowing users to quickly provision new resources based on their needs. But these flexibility also led network and security managers to worry that security risks in the virtual environment will spread throughout the network. Because if there is a problem with the server hypervisor, it will soon spread through the virtual machine through the entire network. Next, let us look at issues related to server virtualization from the following four aspects:
1. virtual machine overflows cause security problems spread
management program design process safety Hidden dangers can infect virtual machines on the same physical host. This phenomenon is called "virtual machine overflow."
If the virtual machine can be detached from the stand-alone environment where the management of the program, will take advantage of an intruder entering the hypervisor virtual machine, thus avoiding the safety control system specially designed for the protection of virtual machines.
virtual world security issues is trying to spin out of control range of the virtual machine. Although no company will allow security issues to spread and spread between virtual hosts through hypervisor technology, such security risks still exist. Because intruders or security vulnerabilities can get up and down between virtual machines, this will become a problem that developers must face in the development process.
Now engineers usually to protect the security of virtual environments using virtual machine isolation mode. The traditional way to secure a virtual environment is to set up a firewall between the database and the application layer. They save virtualized environments offline from the network to help alleviate security concerns. This is a good way for a virtualized environment.
2. virtual machine doubling, patch updates burden
opportunity to another virtual security risks are: virtual machine patching face greater challenges, because as the growth rate of the virtual machine Speed up, patch repair issues are also multiplying.
IT management people agree patch critical in a virtual environment, but in between virtual machines and physical servers patches real difference is that security is not a problem, but a problem of quantity. Virtualized servers, like physical servers, also require patch management and routine maintenance. Currently, there are companies in the world that adopt three virtualized environments—two inside the network and one in the demilitarized zone (DMZ)—about 150 virtual machines. But such an arrangement means that the hypervisor adds extra layers for patch management. Even so, it is impossible to change the key issues regardless of patches on physical or virtual machines.
In addition, when the number of servers doubled in time but also to increase technical engineers patch server brought some pressure, they began increasingly concerned about the birth of automated tools to achieve this process.
3. (DMZ) running in a virtual machine
quarantine Typically, many IT managers are reluctant to place the virtual server on the quarantine zone (DMZ). Other IT managers will not run critical applications on virtual machines in the demilitarized zone (DMZ), or even those that are protected by corporate firewalls. However, this is also possible if the user takes corrective measures. Users can run virtualization in the demilitarized zone (DMZ), even if the firewall or isolation device is on a physical machine. In most cases, it is safer to separate resources. At this time, whether it is an isolated or non-isolated area, a virtualized environment can be established. It is a method of restricting access in a cluster of virtual resources. "Every cluster is its own resource and portal, so it can't be cascaded back and forth between clusters," he explained. Many IT managers are working to separate their virtual servers, placing them under the protection of corporate firewalls, and some by placing virtual machines in quarantine - running non-critical applications only on them . New features
4. hypervisor technology is vulnerable to any new operating system, hackers
there are loopholes and flaws. Does this mean that hackers can take advantage of the virtual operating system's flaws and then launch attacks?
Industry observers recommend that security maintainers should always be vigilant about virtualized operating systems, they have potential vulnerabilities And the possibility of safety hazards, it is not enough for safety maintenance personnel to rely on manual patch repair.
new operating system virtualization In essence, there are many ways we do not yet know. It interacts between the prioritized hardware and the usage environment, making it possible for a mess.
hypervisor is not the kind of people his own imagination security risks. Based on an understanding of Microsoft's aggressively patched Windows operating system, virtualization vendors like VMware are also working to control the potential for security vulnerabilities while managing hypervisor technology.