Virtualisation

From Blindside

Contents 1 What is it 2 Impact & Maturity assessment 3 Information Assurance issues 4 Timescale 5 Examples 6 Comments (attributed) 7 Organisations 8 Documents & research papers 9 Experts (academic, practitioner)

[edit] What is it

In computing, virtualisation is a broad term that refers to the abstraction of computer resources. One useful definition, from independent IT analyst firm Enterprise Management Associates, is "a technique for hiding the physical characteristics of computing resources from the way in which other systems, applications, or end users interact with those resources. This includes making a single physical resource (such as a server, an operating system, an application, or storage device) appear to function as multiple logical resources; or it can include making multiple physical resources (such as storage devices or servers) appear as a single logical resource." (source - Wikipedia)

Virtualisation software allows simultaneously use of multiple operating systems (OS), or multiple sessions of a single OS, on a single physical server or desktop.

[edit] Impact & Maturity assessment

As with grid computing and computing on demand (covered elsewhere on this wiki) Virtualisation will have an impact only if it takes IT administrators by surprise. We assign this an Impact Level of 1 and a Maturity Level of 2.

[edit] Information Assurance issues

Virtualization software allows users to simultaneously run multiple operating systems (OS), or multiple sessions of a single OS, on a single, physical machine — server or desktop. Regardless of the specific architecture, virtualization uses a privileged layer of software that, if compromised, places all consolidated workloads at risk.

Regardless of the specific architecture, virtualization uses a privileged layer of software and therefore all consolidated workloads may be potentially susceptible to security risks if the software is compromised. Early reports from media sources citing research to be tabled by Gartner in the month of May 2007, report the following potential reasons for security issues in virtualized environments as observed by Gartner:

• Virtualization software, such as hypervisors, represent a new layer of privileged software that will be attacked and must be protected. The potential rush to adopt the technology for server consolidation efforts that may result in security issues being overlooked.
• The loss of separation of duties for administrative tasks, which can lead to a breakdown of defense in-depth.
• Patching, signature updates, and protection from tampering for offline virtual machines (VM) and VM "appliance" images.
• Patching and secure confirmation management of VM appliances where the underlying OS and configuration are not accessible.
• Limited visibility into the host OS and virtual network to find vulnerabilities and assess correct configuration.
• Restricted view into inter-VM traffic for inspection by intrusion prevention systems (IPSs).
• Mobile VMs will require security policy and settings to migrate with them.
• Immature and incomplete security and management tools.

[edit] Timescale

Day-by-day virtualization is becoming a part of the business arena, but the impact can be only felt in next 5-25 years.

[edit] Examples

Software Virtualisation (Hardware Level)

• HP Integrity Virtual Machines (http://h71028.www7.hp.com/enterprise/cache/262803-0-0-0-121.html?jumpid=go/integrityvm)
• Logical Domains (http://www.sun.com/bigadmin/hubs/ldoms)
• z/VM (http://www.vm.ibm.com)

Software Virtualisation (Operating System Level)

• Virtuozzo (http://www.swsoft.com/en/products/virtuozzo)

Software Virtualisation (Application Level)

• Thinstall (http://thinstall.com)
• Softricity (http://www.softricity.com)
• Trigence (http://www.trigence.com)

[edit] Comments (attributed)

“The message is that we're heading into pervasive virtualization now. If you look back over a number of years, it was a lot of early adopters that were in the fray. Now it's really difficult to find a company that hasn't done some project. With enterprise customers and even some large-to-medium-sized customers, 75 percent of them tell us that they have already implemented a virtualization project or will implement one within 12 months,” says Nick van der Zweep, HP's Director of Virtualization Programs

[edit] Organisations

HP

Sirius

Sun

Intel

Dell

[edit] Documents & research papers

Impact of Virtualization on Management Systems

Virtualization's Impact on the Desktop

Gartner: Virtualization Can Weaken Security

[edit] Experts (academic, practitioner)

Jason Nieh