1 / 17

Virtual Machine

Virtual Machine. 5205 – IT Service Delivery and Support Darshana Shardha Leo Serrano Kalyani Prabhakar. What is virtualization. V irtualization is a software technology Divides a physical res ource into multiple virtual resources Consolidates physical resources

mariko
Télécharger la présentation

Virtual Machine

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virtual Machine 5205 – IT Service Delivery and Support Darshana Shardha Leo Serrano Kalyani Prabhakar

  2. What is virtualization • Virtualization is a software technology • Divides a physical resource into multiple virtual resources • Consolidates physical resources • Separates Operating systems from hardware • Enables multiple operating systems and applications to share the resources of a single physical machine

  3. Types of Virtualization • Server Virtualization • One physical server is partitioned into smaller virtual servers • Resources of physical server are hidden from users • Storage Virtualization • Physical storage from multiple network storage devices are virtualized • Network Virtualization • Available resources in a network are combined by splitting the available bandwidth into independent channels • Each channel can be assigned or reassigned to a device in real time

  4. History • In 1970s, IBM introduced virtualization technology • Used the technology to partition mainframe systems into logical, separate virtual machines that could run multiple applications and processes at the same time • Examples of the current virtualization solutions: VMWare, Citrix, Microsoft, IBM, RedHat

  5. Hypervisor • Layer of abstraction between the hardware and guest operating systems • Called Virtual Machine Manager • A resource manager that monitors and manages sharing of processing power and memory

  6. Types of Hypervisor Type I – Bare Metal Type II–Hosted Hypervisor OS1 OS2 OS3 OS4 OS1 OS2 OS3 OS4 Hypervisor Hypervisor Host Hardware Operating System Host Hardware

  7. Benefits • Reduced cost (efficiency)and maintenance is easier • increase efficiency and decreased cost in IT operation • Server hardware costs decrease for both server builds and server maintenance • Physical footprint of servers may decrease • Less heat buildup • Operating costs reduced • OSs can share processing capacity and storage space • Faster redeployment and easier backup strategy • Better testing • A single host can have multiple versions of the same OS, or even difference OSs, to facilitate testing • Ease of migration and ease of growth • Management tasks, such as securing and updating desktops is centralized through virtualization management functions.

  8. Limitations • Host represents a potential single point of failure • impact larger in both scope and size • Data leakage • Data could leak if memory is not released and allocated in controlled manner • Inadequate configuration or exploits of vulnerabilities could have a very big impact • High risk in physical fault • requires high availability/redundancy • Performance concerns • Application compatibility • Applications that require a lot of memory, processing power or input/output are not suitable for virtual implementation • Bandwidth consumption is much higher due to high VM density on a single physical server.

  9. Security Risks • Since the virtualization host is an OS in itself, the performance risks associated with any OS apply to virtualized hosts servicing other guest servers. • The host providing a receptacle for multiple guest servers represents a single point of failure for the guest OSs residing on that host. • Hosts usually have the capability to reallocate memory among guests. Assurance is needed that the memory released by the first guest using that storage is not disclosing content to the receiving guest servers using those addresses.

  10. ...Security Risks (cont) • Architectural vulnerability • The layer of abstraction between the physical hardware and the virtualised systems running the IT services is a potential target of attack. • Software vulnerability • The most important software in a virtual IT system is the hypervisor. Any security vulnerability in the hypervisor software will put VMs at risk of failure. • Configuration risks • Due to the ease of cloning and copying images, a new infrastructure can be deployed very easily in a virtual environment. This introduces configuration drift; as a result, controlling and accounting for the rapidly deployed environments becomes a critical task.

  11. How to address the risks • Strong physical and logical access controls • Sound configuration management practices and system hardening • Appropriate network segregation • Strong change management practices

  12. IT Audit of Virtual Environment • Auditing a VM server is similar to auditing a physical server. The same principles, best practices, and basic audit approaches can be used • Things to keep in mind: Some VM tools are proprietary and unique to VMs, VM creation takes minutes or even seconds,

  13. IT Audit of Virtual Environment • The IT auditor should gain an adequate understanding of the infrastructure and how controls are embedded, or overlaid upon, the partitions and server. • Evaluate the completeness of the VM documentation: Change controls, and logs. • Ensure that you know how to determine completeness of log data in regards to VMs.

  14. IT Audit of Virtual Environment • The auditor should be familiar with the best practices as a benchmark for effective control. • They should use these best practices as a baseline and ensure settings have not been altered since the VM’s creation. • Communication methods between servers and servers and servers and outside devices should be carefully configured. Check for the use of virtual firewalls and virtualized intrusion detection. • Verify the security and location of the management console.

  15. Future of VMs • Network as a Service (Naas) • Replacement of Desktops with thin clients running on centralized servers. • Enhanced VM mobility and live migration • Private cloud computing • Software defined everything

  16. Conclusion What this means to you? Risk Example The bottom line is that VM technology will be a staple of IT in business for years to come and the IT auditor needs to be able to evaluate the process of creating, deploying, managing and making changes to virtual machines.

  17. References: http://www.isaca.org/Journal/Past-Issues/2011/Volume-1/Documents/jpdf11v1-auditing-security-risks.pdf http://www.ibm.com/developerworks/cloud/library/cl-hypervisorcompare/ http://searchsecurity.techtarget.com/answer/If-a-virtual-machine-is-hacked-what-are-the-consequences http://www.ibm.com/developerworks/cloud/library/cl-hypervisorcompare/cl-hypervisorcompare-pdf.pdf http://docs.media.bitpipe.com/io_10x/io_100160/item_409004/CAE-guide2.pdf http://www.isaca.org/Knowledge-Center/ITAF-IS-Assurance-Audit-/IT-Audit-Basics/Pages/What-Every-IT-Auditor-Should-Know-About-Auditing-Virtual-Machine-Technology.aspx http://searchnetworking.techtarget.com/opinion/Network-as-a-Service-gets-new-life-from-new-networking-techniques http://www.isaca.org/Journal/Past-Issues/2011/Volume-1/Pages/Auditing-Security-Risks-in-Virtual-IT-Systems.aspx https://www.youtube.com/watch?v=zLJbP6vBk2M

More Related