Virtualisation: Pitfalls in Corporate VMware Implementations.
Typical Corporate Implementations
When it comes to VMware, these are the typical questions that need to be asked and then the implementations that corporations need to undertake.
Why are they using virtualisation technology?
- Cost reductions, flexibility and efficiency, increase business resiliency
What are organisations using VMware for?
- Test environment, production systems, virtual desktop, virtual appliances
What are security practitioners using VMware for?
- Sandboxing, forensic analysis, and honeypotting
What are organisations not virtualising?
- CPU intensive apps
- Firewalls
How are they using it?
-
- Simply, with little regard for security
Some of the most common pitfalls include:
- Network architecture
- Configuration Management
- Securing the Virtual Machines
- Securing the Service Console (COS)
- Securing the Remote Command Line Interface
- Securing VI Client including Web Access
- Securing VirtualCenter
- Securing vSwitches
- Securing Storage
In relation to these pitfalls, certain solutions can be applied. These include:
- Applying Patches
- Defining Roles and Responsibilities
- Limiting Privileged Access
- Integrate with Existing Change Management
Processes
For more information, read our SOS consultant’s presentation Virtualisation Security This presentation was also conducted at AusCert 2009.