Secure virtualisation: Much ado about next to nothing?
During a podium discussion as part of security conference RSA Conference 2009, which continues until Friday, controversial virtualisation expert Christopher Hoff made clear that IT professionals are, in practice, all too frequently overcomplicating the development of security concepts for virtualised environments. In particular, the mobile virtual machine (VM) function ('VMotion' at market leader VMware), which is promoted mantra-like by vendors, is, according to Hoff, barely used in normal everyday business.
These contentions found support among the audience, of whom 85 per cent use VMware hypervisors, but only a handful use VMotion. This prompted Hoff and co-panellist David Shackleford, Chief Security Officer at Configuresoft to advise against worrying too much about the complexity portended by the continuous use of VMotion, since the tool would more than likely never be used.
At the same time, the experts unanimously warned against treating too many virtualisation related issues as the same problem. According to Hoff, the issues of security of hypervisors, security of the virtual machine and the use of virtualisation as a security measure must be treated separately – failure to do so would simply run into the sand. Failure to separate these issues would, according to Hoff, lead to chaos, which would end with some one screaming 'Blue Pill', diverting the discussion towards entirely theoretical risks with no relation to the actual infrastructure.
Hoff and Shackleford were also united in their criticism of the leading hypervisor vendor. It has, according to Shackleford, still not provided any documentation to explain how virtualised storage and network components should be used. Even the VMware representative on the panel felt unable to dispute this point and admitted to the lack of documentation on this issue. Such topics can be incomparably more complex than server virtualisation, such that best practice documentation is more necessary than ever.
Hoff is particularly worried about the ever increasing number of virtual network components. As well as the hypervisor's virtual switch, virtualisation environments will soon include physical network cards which can themselves implement virtualisation, virtual switches from other vendors, network infrastructure like Cisco's Nexus which itself implements virtualisation and last but not least, VM direct access to the server's real network hardware.
In view of this concentration of active network components, Hoff and Shackleford are concerned about the ability of IT specialists to identify the origin of problems when they arise. "In this case, I wonder where the network actually isn't," reckoned Hoff. In order to avoid being all at sea in the face of such problems, before commencing a virtualisation project Shackleford advises clarifying with the vendor whether software such as network analysis tools or patch management applications currently in use will still work in virtualised environments.