March 10, 2011

Security Tips For Virtualization

I just got done reading this article and think it brings up a point that we have been talking to customers about for a while now. I usually avoid talking about our solutions. I mean I’m the IT guy not marketing, but in this case I’ll make an exception because we solve the number one issue they highlight in this article. Namely, change management of virtual machines. Actually it’s more change management of the data center, but since the article is specific to virtualization they only mention the virtual machines.

The article mentions five top threats. The one that we solve is:

“Loose controls: Implement strong change management that is auditable and mandates a separation of duties. The logins used to manage the virtual infrastructure must not have access to anything but the virtualization management software. Also, all virtualization infrastructure changes should be logged, and those logs reviewed by someone not on the virtualization team.”

The way we do this here is by integrating our change management in with our data center management solution. Data Center Manager is, at its simplest, a way to apply network rules to servers in the data center. The most basic rule is allow/deny.

Everyone has a change management process, but the problem is it’s easy to skip steps. We all know that if a new server comes online, you should probably back it up. Not always. For example, it’s easier to promote a server to be a domain controller than it is to build a new one, so we don’t back up all of our domain controllers. However we have had times where we forgot to tell the backup administrator about a new server. Of course, no one noticed until we needed to do a restore.

Now though, until everyone has signed off on the server, it is not allowed on the network, except to get to the server registration page and the Internet (for patch downloads). It’s a simple, but powerful solution. Until everyone is ready, no one can use the server. The server team loves it since it automatically provisions the network for them once it’s ready. The network team loves it for the same reason.

Data center manager does more than this as well, but the fact that it forces compliance to a change management process solves many IT issues. Oh yeah and if you are a mixed network environment, data center manager works with other network switches too…

If you’re in Andover, stop in and see it in action.

About The Contributor:
Extreme Marketing Team

See My Other Posts