TVP Category Archives

40,000 Firewalls! Help Please!?

While at VMworld I was suddenly hit with a blast of heat generated by the 40,000 VMs running within the VMworld Datacenter of 150 Cisco UCS blades or so. This got me thinking about how would VMsafe fit into this environment and therefore about real virtualization security within the massive virtual machine possible within a multi-tenant cloud environment. If you use VMsafe within this environment there would be at least 40,000 VMsafe firewalls. If it was expanded to the full load of virtual NICs possible per VM there could be upwards of 400,000 virtual firewalls possible! At this point my head started to spin! I asked this same question on the Virtualization Security Podcast, which I host, and the panel was equally impressed with the numbers. So what is the solution?

VMsafe – Vendor Implementations at VMworld

With the advent of existing VMsafe products from Altor Networks, Reflex Systems, and ones on the horizon from Trend Micro and others in the security space, all administrators should have a clear understanding of how they work under the covers. Where does VMsafe appear within the stack? Is VMsafe on the incoming physical NICs, within the vSwitch, portgroups, or before or after the vNIC? Can we expect the other aspects of VMsafe to be the same? While I was discussing VMsafe with the vendors, VMware was also going around and talking to all the VMsafe vendors for VMware TV shots.

Reflex VMC — The First VMsafe Certification

Reflex Systems announced today that they have the first VMware VMsafe Certification for their Reflex VMC product.   This announcement brings two things to light. The first is that VMware has made a very smart move to certify VMsafe drivers for their hypervisor, which is a much needed step I have written about previously. The second …

Continue reading “Reflex VMC — The First VMsafe Certification”

Measuring Hypervisor Footprints

There have been several interesting posts in the blogosphere about virtualization security and how to measure it. Specifically, the discussions are really about the size of the hypervisor footprint or about the size of patches. But hypervisor footprints from a security perspective are neither of these. The concern when dealing with hypervisor security is about Risk not about the size of the hypervisor or the size of a patch it is purely about the Risks associated with the hypervisor in terms if confidentiality, availability, and integrity.

Hosted Virtualization Security – Type 2 Hypervisors

There is quite a bit of documentation on bare metal or Type 1 hypervisors, including my own book, VMware vSphereTM and Virtual Infrastructure Security: Securing the Virtual Environment, but there is not much material on the proper security of hosted environments, or Type 2 hypervisors, such as Microsoft Virtual Server, VMware Workstation, Fusion, Player, or Server as well as Qemu, Virtuozzo, or OpenVZ.