January 22, 2012

1.3.8 Virtualization

Virtualization

Virtualization providers include proprietary solutions from VMware, Citrix, Microsoft and Red Hat open source solutions from Xen and VirtualBox, for example.

Virtualization technology allows you to take any single physical device and hide its characteristics from users—in essence allowing you to run multiple items on one device and make them appear as if they are stand-alone entities.

Virtualization is a method of running multiple independent virtual operating systems on a single physical computer.  It is a way of maximizing physical resources to maximize the investment in hardware.

A single server can host multiple (logical) virtual machines. Each virtual machine (VM) can run a different operating system, e.g. Ubuntu Linux, Microsoft Windows 2008 R2, etc. By using one host to do multiple functions, you can immediately gain cost savings in terms of hardware, utility, infrastructure, etc.

Virtualization presents security challenges. A user accessing the system could have access to everything on the system (not just within their virtual machine) if they could override the physical layer protection.

Some of the security risks that are possible with virtualization include the following:
  • Breaking Out of the Virtual Machine – If a malcontent could break out of the virtualization layer and be able to access the other virtual machines, they could access data they should never have access to.
  • Network and Security Controls Can Intermingle – The tools used to administer the virtual machine may not have the same granularity as those used to manage the network. This could lead to privilege escalation and a compromise of security.
  • Virtualization software, also called a hypervisor or the virtual machine monitor, emulates computer hardware allowing multiple operating systems to run on a single physical computer host. It is the software that allows the virtual machines to exist. If the hypervisor can be successfully attacked, the attacker can gain root-level access to all virtual systems.
There are two types of x86 server virtualization: bare-metal and hosted. Sometimes these types are referred to as Type-1 and Type-2 hypervisors respectively. Bare-metal means the virtualization layer (hypervisor) installs directly onto a server without the need for a traditional operating system like Windows or Linux to be installed first. “Hosted” means that an operating system must first be installed on a server, and the virtualization layer is installed afterwards, just like an application.

Types of virtualization include:
  • Server virtualization – run multiple independent virtual operating systems on a single physical computer.  
  • Desktop virtualization –separating the logical desktop from the physical machine, e.g. virtual desktop infrastructure (VDI).
  • Application virtualization – hosting individual applications in an environment separated from the underlying OS.
  • Memory virtualization – aggregation of RAM resources from networked systems into a single memory pool
  • Network virtualization – creation of a virtualized network addressing space within or across network subnets
  • Storage virtualization –abstracting logical storage from physical storage
References:

No comments:

Post a Comment