During the Virtual Thoughts podcast on 6/29/2010, the analysts discussed various hardware aspects of virtualization trying to determine if the hypervisor was to move into the hardware? and if so how much of it? as well as whose hypervisor? and lastly such a move part of any business model?
Virtual Thoughts is a monthly podcast that looks at the entire scope of virtualization to discuss new trends and thoughts within the virtualization and cloud communities.
This weeks podcast started with a discussion of TPM/TXT and the boost it gives to virtualization security. Since TPM/TXT is based in the hardware and provides a measured launch of an operating system, the next logical discussion was on whether or not the hypervisor would be placed into the hardware?
TVP Strategy Archives
vSecurity gets a boost from TPM/TXT
During the Virtualization Security Podcast on 6/22, Steve Orrin of Intel and Dennis Morreau of RSA joined us to discuss the impact of Intel Westmere chips built-in Trusted Platform Module (TPM) and Trusted Execution Technology (TXT) on Cloud and Virtualization Security. TPM is not all that new, but TXT’s usage in virtualization security is new. Both together can form a hardware root of trust for the virtual environment.
At the moment however, these technologies are limited to just providing a secure launch of a well known hypervisor within the hardware. As such they have not been extended to the virtual machine. TXT however solves a very important issue that at the time the book VMware vSphere and Virtual Infrastructure Security was written had theoretical solutions, I speak of Blue Pill style attacks. There were rumors of Hyperguard or Guard Hype tools becoming available, but they are only research projects. TXT on the other hand, offers protection from Blue Pill style attacks.
Announcement: Virtual Thoughts Podcast the rebirth
Virtual Thoughts Podcast the Rebirth, Join us Tuesday 29th June @ 7:00pm (BST), 2:00pm (EST), 11:00am (PST)
Working with VMware License Files
There is a cardinal rule that we should all know about, especially for those of us who have spent a lot of time developing kickstart scripts for automated builds of the VMware hosts in your environment, that you do not use windows word editors like Notepad or WordPad when working with Linux files. If you use notepad to edit Linux files it will add unwanted line feeds (LF) to the file which may cause the file to be misinterpreted. If you must use Microsoft Windows as your client OS use Microsoft WordPad which does not modify the file in this way.
Private Cloud Security Nice to Have!?
In a recent document written by virtualization.info and Secure Network of Italy entitled Securing the Private Cloud several issues come to mind. While this is a good document on the availability front of virtualization security, I did not read anything that affected integrity or confidentiality. You cannot be secure if you ignore 2 of the 3 tenants of security.
vNetwork Security: Looking at VLANs
There is nothing like fully understanding the protections inherent within your vNetwork and the Roles and Permissions you can set within the virtualization management tool suites to ensure your vNetwork is secured, audited, and monitored for issues. Just like you do now within the pNetwork. Unlike the pNetwork, the vNetwork provides a certain amount of introspection and capability that is missing from a pNetwork, and this will also help with security.