These are things to think about before you get to the type of environment that has hundreds and hundreds of hosts, and thousands of guests, across multiple hypervisors. Are you even in the ballpark when it comes to best practices, measuring performance and security?
As a specific example, let’s talk about security. Most shops spend little time focusing on security in a virtualized environment, and the data from Gartner that claims more than 60% of virtual servers are less secure than the physical servers they replace seems to reflect this. Do you have security tools to manage VM to VM traffic? In many cases, this traffic doesn’t traverse a normal IP network because it’s on a virtualized network inside the hypervisor. If I’m a bad guy, this is great because I know you’re blind to my activities. I can stand up to a VM, do bad things, and then obliterate the VM, destroying my trail. Black hat nirvana. The bigger the environment, the bigger this risk.
Ahh but wait, there’s more. There are tools to automate the scanning and exploitation of hypervisors. VASTO (Virtualization Assessment Toolkit) written by Claudio Criscione and open source was built with this specific purpose in mind, and it works in conjunction with Metasploit.
This means there are folks actively working to gain privileged access to your hypervisor. And if they have that, you are in serious trouble, and chances are you might not be able to detect it. Most IT staff aren’t even looking at this area, and few of the vendors have tools to help.
There is hope. Excellent communications across functions areas, a solid operational plan, good instrumentation on your systems, and meaningful event driven actions can go far. Learn about and understand what each vendor is doing to enhance security, and then test the capability of these new security features.
These basic things can go a long way toward making sure you stay in the ballpark, and win the game.
Scott Gill, Office of the CTO, Western US