2. Today’s Discussion
Today’s
Early Successes in Virtualization
Current Virtualization Environment
Overview of Virtual Environment Security
11/12/2009 2
3. Early Successes With Virtual
Implementations
VDI VDI – WAH VDI
SHACK
External Sun Ray Internal
• Security • Security • Performance • Security
• Speed to market • Cost Savings • DR • Performance
• Scalability • Improved • Scalability • Speed to market
Support structure
11/12/2009 3
4. Virtual Infrastructure
Software Hardware
Technologies Utilized Technologies Utilized
Vmware Virtual Infrastructure EMC Clarion SAN
Vmware ESX 3.5 Dell PowerEdge R900 Servers
Virtual Center Server 2.5 Sun Ray DTUs
Quest Provision VAS Desktop PCs
Sun Ray DVI
11/12/2009 4
5. ESX 3.5 Host Hardware & Connectivity
Service
Console
Service Console Network
4 Port NIC
vMotion Network vMotion
VM
2 Port NIC Producton
VM Production Network
Dell PowerEdge R900 2 Port NIC
ESX 3.5 Storage
4 X 8 Core Processor
128 GB Memory
SAN Fibre Switch
2 Port HBA
11/12/2009 5
8. Virtual Machine Specific Security
The physical applies in the virtual
Remove unneeded virtual devices
Use templates to deploy virtual machines
Use native RDP rather than the virtual center console
Storage permissions
Persistent vs. non-persistent
Enforce physical machine & remote console isolation
11/12/2009 8
9. ESX & Console Security
Base security steps:
Restrict root privileges
Use strong passwords
Firewall restriction
Limit services running in the service console
Patch the ESX in accordance with your security policy
Use of Virtual center to manage
Configure SAN Storage correctly
11/12/2009 9
10. Virtual Network Security
Segregate network communications
Ensure proper vSwitch settings
Aim for consistency and compatible settings from physical
network devices to virtual.
11/12/2009 10