On 9/22 was held the Virtualization Security Podcast featuring Anil Karmel, Solutions Architect at Los Alamos National Library (LANL), to discuss their implementation of secure multi-tenant Cloud. LANL makes extensive use of the entire VMware product suite from vCloud Director down to the vShield components to implement their SMT cloud. They have also added into their cloud their own intellectual property to improve overall cloud security. It was a very interesting conversation about the state of SMT today.
Anil provided us details of their implementation of a secure multi-tenant cloud as well as valuable advise in creating our own. He starts with the following:
- SMT starts with the Architecture and planning of your Cloud. This incorporates all aspects of the cloud from the storage to be used, switching, hypervisor, workloads, etc.
- You need to understand everything that you want to place into the cloud. What workloads are you going to run. Are these cross-domain workloads, single domain, etc.
- Realize that currently the ultimate hypervisor administrator can see everything and employ checks and balances to restrict who has that ultimate access.
- Use proper Role Based Access Controls to limit who can do what within the tools
- Unify RBAC the management stack.
Actually the last element is my own, but I feel that it is important to add into the mix. While Anil did not discuss RBAC unification, it is nonetheless a very important component of any RBAC solution. There are currently within any virtual or cloud environment a large number of RBAC solutions that do not tie together at any level, VMware’s tools are starting to use vCenter as its RBAC central component, but not everything does this yet. This unified RBAC is not only required for the administrative side, but also needed by the workload side.
At a site like LANL, workloads that cross-domains, security enclaves, or classification levels are important to understand from the beginning, not after the Cloud is deployed. The reason is that this complicates any configuration of work-loads as cross-domain traffic would need to be ensured to only come from specific locations while denying all other locations. Into this falls tools like vShield App which can keep all VMs from talking to each other, but also allow cross-talk across domains as necessary by specific VMs.
Architecture and Planning is the key to proper security within the cloud, but be aware that administrators can still see data they should not see, so in LANLs case, those administrators have the classification to see such data. Trust is still paramount within a SMT environment.
* The travelogue video was produced by Lars Troen