Presentation I gave in August 2009 at the CMS Best Paractices Conference in Denver, Co

1. VMware Overview and
Security
11/12/2009 1

2. Today’s Discussion
Today’s
Early Successes in Virtualization
Current Virtualization Environment
Overview of Virtual Environment Security
11/12/2009 2

3. Early Successes With Virtual
Implementations
VDI VDI – WAH VDI
SHACK
External Sun Ray Internal
• Security • Security • Performance • Security
• Speed to market • Cost Savings • DR • Performance
• Scalability • Improved • Scalability • Speed to market
Support structure
11/12/2009 3

4. Virtual Infrastructure
Software Hardware
Technologies Utilized Technologies Utilized
Vmware Virtual Infrastructure EMC Clarion SAN
Vmware ESX 3.5 Dell PowerEdge R900 Servers
Virtual Center Server 2.5 Sun Ray DTUs
Quest Provision VAS Desktop PCs
Sun Ray DVI
11/12/2009 4

5. ESX 3.5 Host Hardware & Connectivity
Service
Console
Service Console Network
4 Port NIC
vMotion Network vMotion
VM
2 Port NIC Producton
VM Production Network
Dell PowerEdge R900 2 Port NIC
ESX 3.5 Storage
4 X 8 Core Processor
128 GB Memory
SAN Fibre Switch
2 Port HBA
11/12/2009 5

6. Datacenter
Cluster DRS HA
Current DEV Cluster VMware
DEV HOST 1
ESX 3.5
Virtual Center DEV HOST 2
VMware
ESX 3.5
Structure DEV HOST 3
VMware
ESX 3.5
VMware
DEV HOST 4
ESX 3.5
Datacenter
DRS HA
Cluster
VDI Cluster VMware
VDI HOST 1
ESX 3.5
VMware
VDI HOST 2
ESX 3.5
VMware
VDI HOST 3
ESX 3.5
VMware
VDI HOST 4
ESX 3.5
DRS HA
Cluster
PROD Cluster VMware
PROD HOST 3
ESX 3.5
VMware
PROD HOST 4
ESX 3.5
VMware
PROD HOST 1
ESX 3.5 VMware
PROD HOST 5
ESX 3.5
VMware
PROD HOST 2
ESX 3.5
PROD HOST 6 VMware
ESX 3.5
DRS HA
Cluster
SHACK Cluster VMware
SHACK HOST 1
ESX 3.5
VMware
SHACK HOST 2
ESX 3.5
11/12/2009 6

7. Virtualization Security Overview
Virtual Machine Security
ESX Host & Service Console Security
Virtual Network Security
11/12/2009 7

8. Virtual Machine Specific Security
The physical applies in the virtual
Remove unneeded virtual devices
Use templates to deploy virtual machines
Use native RDP rather than the virtual center console
Storage permissions
Persistent vs. non-persistent
Enforce physical machine & remote console isolation
11/12/2009 8

9. ESX & Console Security
Base security steps:
Restrict root privileges
Use strong passwords
Firewall restriction
Limit services running in the service console
Patch the ESX in accordance with your security policy
Use of Virtual center to manage
Configure SAN Storage correctly
11/12/2009 9

10. Virtual Network Security
Segregate network communications
Ensure proper vSwitch settings
Aim for consistency and compatible settings from physical
network devices to virtual.
11/12/2009 10