Securing the Data Center against

Similar documents
Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008

Directions in Data Centre Virtualization and Management

Potpuna virtualizacija od servera do desktopa. Saša Hederić Senior Systems Engineer VMware Inc.

VMware ESX Server 3i. December 2007

VMware Join the Virtual Revolution! Brian McNeil VMware National Partner Business Manager

The Future of Virtualization. Jeff Jennings Global Vice President Products & Solutions VMware

The Future of Virtualization Desktop to the Datacentre. Raghu Raghuram Vice President Product and Solutions VMware

The vsphere 6.0 Advantages Over Hyper- V

And do it with less...

Virtual Datacenter Automation

VMware vsphere: Taking Virtualization to the Next Level

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

VMware vsphere with ESX 4.1 and vcenter 4.1

Virtualization with VMware ESX and VirtualCenter SMB to Enterprise

VMware Overview VMware Infrastructure 3: Install and Configure Rev C Copyright 2007 VMware, Inc. All rights reserved.

VMware vsphere 4.0 The best platform for building cloud infrastructures

New Features in VMware vsphere (ESX 4)

VMware vsphere Customized Corporate Agenda

VMware vsphere with ESX 6 and vcenter 6

Virtualization with VMware ESX and VirtualCenter SMB to Enterprise

Kaspersky Security for Virtualization Frequently Asked Questions

Better Security with Virtual Machines

Availability & Resource

VMware HA: Overview & Technical Best Practices

VMware Infrastructure The New Computing Platform. Presented by: Nick Smith Corporate Account Manager, VMware

Detail the learning environment, remote access labs and course timings

Ensure Virtualization Security and Improve Business Productivity with Kaspersky

VMware vsphere Administration Training. Course Content

Symantec and VMWare why 1+1 makes 3

VMware - VMware vsphere: Install, Configure, Manage [V6.7]

VMware vsphere with ESX 4 and vcenter

VI3 to vsphere 4.0 Upgrade and New Technology Ultimate Bootcamp

Exam : VMWare VCP-310

VMware vsphere 6.5: Install, Configure, Manage (5 Days)

VMware vsphere 5.5 Professional Bootcamp

VMware vsphere 4. The Best Platform for Building Cloud Infrastructures

Virtual Server Agent for VMware VMware VADP Virtualization Architecture

Dynamic Datacenter Security Solidex, November 2009

Ret h i n k i n g Security f o r V i r t u a l Envi r o n m e n t s

Symantec Reference Architecture for Business Critical Virtualization

Back To The Future - VMware Product Directions. Andre Kemp Sr. Product Marketing Manager Asia - Pacific

Virtual Server Agent v9 with VMware. June 2011

COPYRIGHTED MATERIAL. Introducing VMware Infrastructure 3. Chapter 1

Welcome. Jeremy Poon Territory Manager, VMware

VMware vsphere. Using vsphere VMware Inc. All rights reserved

IT as a Service (Internally or Externally Provisioned) Efficiency. Control. Choice. VMware vsphere 4.0

Introducing VMware vsphere 4

Introduction. Application Versions. Virtual Machine Defined. Other Definitions. Tech Note 656 Building Wonderware Solution Architectures on VMware

1 Quantum Corporation 1

By the end of the class, attendees will have learned the skills, and best practices of virtualization. Attendees

VMware vsphere. Administration VMware Inc. All rights reserved

Foundation for Cloud Computing with VMware vsphere 4

Business Continuity and Disaster Recovery Disaster-Proof Your Business

Administering VMware vsphere and vcenter 5

vsphere 4 The Best Platform for Business-Critical Applications Gaetan Castelein Sr Product Marketing Manager VMware, Inc.

Chapter 10 Protecting Virtual Environments

EXAM - VCP550. VMware Certified Professional - Data Center Virtualization. Buy Full Product.

Security in a Virtualized Environment with TrendMicro

Exploring Options for Virtualized Disaster Recovery

VMware Technology Day 2009 Malaysia. Ong, Kok Leong Senior Consultant, VMware ASEAN E M W

vsphere 5/6: Install, Configure, Manage Review Questions

VMware vsphere 6.0 / 6.5 Infrastructure Deployment Boot Camp

[VMICMV6.5]: VMware vsphere: Install, Configure, Manage [V6.5]

VMware: Server Virtualization and Storage

VMware Mirage Getting Started Guide

Virtualizing Oracle on VMware

How it can help your organisation

Security Gateway Virtual Edition

T14 - Network, Storage and Virtualization Technologies for Industrial Automation. Copyright 2012 Rockwell Automation, Inc. All rights reserved.

1V0-621.testking. 1V VMware Certified Associate 6 - Data Center Virtualization Fundamentals Exam

Introduction. Application Versions. Virtual Machine Defined. Other Definitions. Tech Note 656 Building Wonderware Solution Architectures on VMware

Atos TM Virtualization Solutions

"Charting the Course... VMware vsphere 6.7 Boot Camp. Course Summary

Virtual SAN and vsphere w/ Operations Management

HP Virtual Desktop Infrastructure with VMware View Overview

VMware vsphere: Install, Configure, Manage plus Optimize and Scale- V 6.5. VMware vsphere 6.5 VMware vcenter 6.5 VMware ESXi 6.

Setting Up Cisco Prime LMS for High Availability, Live Migration, and Storage VMotion Using VMware

vsphere Update Manager Installation and Administration Guide 17 APR 2018 VMware vsphere 6.7 vsphere Update Manager 6.7

Enabling Fast Recovery of Your Virtual Environments: NetBackup, Backup Exec & VCS for VMware

Enterprise X-Architecture 5th Generation And VMware Virtualization Solutions

Next-Generation Virtualization Management: From the Datacenter to the Cloud. Stéphane Broquère Senior Product Marketing Manager

Introduction to Virtualization

Table of Contents 1.1. Introduction. Overview of vsphere Integrated Containers 1.2

Exploring Options for Virtualized Disaster Recovery. Ranganath GK Solution Architect 6 th Nov 2008

Exam Name: VMware Certified Professional on vsphere 5 (Private Beta)

Microsoft E xchange 2010 on VMware

VMware Exam VCAD510 VMware Certified Associate Data Center Virtualization Exam Version: 8.0 [ Total Questions: 112 ]

SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012

Table of Contents 1.1. Overview. Containers, Docker, Registries vsphere Integrated Containers Engine

Changes in VCP6.5-DCV exam blueprint vs VCP6

VMware vsphere: Fast Track [V6.7] (VWVSFT)

VCP-510 Volume Creating and Configuring VMware Clusters I

Securing Your Virtual World Harri Kaikkonen Channel Manager

Vmware VCP-511. VMware Certified Professional on vsphere 5 (Private Beta) Download Full Version :

Professional on vsphere

VCP410 VMware vsphere Cue Cards

BC/DR Strategy with VMware

Improving Blade Economics with Virtualization

VMware vsphere PowerCLI Reference

Vendor: VMware. Exam Code: VCAD510. Exam Name: VMware Certified Associate Data Center Virtualization (VCA-DCV) Exam. Version: Demo

Transcription:

Securing the Data Center against vulnerabilities & Data Protection

Agenda Virtual Virtualization Technology How Virtualization affects the Datacenter Security Keys to a Secure Virtualized Deployment and Data Protection The Future of Datacenter Security 2

Centralized Management VMware VirtualCenter VMware VirtualCenter SHARED STORAGE 3

Centralized Management Centrally manage your infrastructure from a single console 2 1 Virtual Machine Management Server Provisioning 3 Workload Migration 7 Programmatic Interfaces 4 Resource Management 6 Rich Security and Access Controls 5 System Monitoring

About Templates A template is a master copy of a VM used to create and provision new VMs.

About Clones A clone is a copy of a VM plus customization.

About Snapshots Process Tree Snapshots capture entire state of the VM Memory state Settings state Disk state A snapshot preserves the state of the virtual machine so you can return to it repeatedly. Windows operating system snapshot 1 snapshot 2 snapshot 3 snapshot 4 snapshot 5 Linear Process

Guided Consolidation DISCOVER ANALYZE Automatically discovers physical servers Analyzes utilization and usage patterns Converts physical servers to VMs placed intelligently based on user response CONVERT Lowers training requirements for new virtualization users Steers users through the entire consolidation process

ESXi: Thin, Hardware-Integrated Hypervisor 32MB footprint: Increased security and reliability No installation: From server boot to running VMs in minutes

From server boot to running VMs in Minutes 3i 1. Power on server and boot into hypervisor 2. Configure Admin Password 3. (optional) Modify network configuration 4. Connect VI Client to IP Address or manage with VirtualCenter

ESXi Enables Plug-and-Play Datacenter DRS + ESXi : Hot add of compute capacity Standardized and optimized servers as stateless compute nodes Plug-and-Play capacity management ESXi: 32MB thin, production-proven, OS-independent, secure hypervisor

Traditional ESX Server 98% 2% Agent Agent RPM RHEL3-based Service Console Helpers VMM VMM VMM Storage Networking VMkernel Resource Management HAL and Device Drivers Disk Footprint: 2 GB Percent of Patches >50% Disk Footprint: 32 MB

ESXi Server : Thin Virtualization! 98% 2% Agent Agent RPM RHEL3-based Service Console Helpers VMM VMM VMM Storage Networking VMkernel Resource Management HAL and Device Drivers Disk Footprint: 2 GB 32 MB Disk Footprint: Percent of Patches >50%

Agenda Virtual Virtualization Technology How Virtualization affects the Datacenter Security Keys to a Secure Virtualized Deployment and Data Protection The Future of Datacenter Security 14

How Virtualization Affects Datacenter Security Abstraction and Consolidation Capital and Operational Cost Savings New infrastructure layer to be secured Greater impact of attack or misconfiguration Collapse of switches and servers into one device Flexibility Cost-savings Lack of virtual network visibility ibilit No separation-by-default of administration 15

How Virtualization Affects Datacenter Security Faster deployment of servers IT responsiveness Lack of adequate planning Incomplete knowledge of current state of infrastructure VM Mobility Improved Service Levels Identity divorced from physical location VM Encapsulation Ease of business continuity Consistency of deployment Hardware Independence Outdated offline systems 16

Biggest Security Risk: Misconfiguration Neil MacDonald How To Securely Implement Virtualization Like their physical counterparts, most security vulnerabilities will be introduced through misconfiguration and mismanagement

Agenda Virtual Virtualization Technology How Virtualization affects the Datacenter Security Keys to a Secure Virtualized Deployment and Data Protection The Future of Datacenter Security 18

VMware Update Manager Automates patch management for ESX Server hosts and select Microsoft and RHEL virtual machines Scans and remedies online as well as offline virtual machines* and online ESX Server hosts Snapshots virtual machines prior to patching and allows rollback to snapshot Update Manager Host Server Eliminates manual tracking of patch levels of ESX Server hosts and virtual machines Automates enforcement of patch standards Reduces risk through snapshots and offline virtual machine patching 19 * Note: RHEL guests can only be scanned, not remediated

Non-disruptive ESX Server Patching with Update Manager and DRS Patch DB Patch server VMotion VMotion Update Manager patches entire DRS clusters Each host in the cluster enters DRS maintenance mode, one at a time VMs are migrated off, host is patched & rebooted if required VMs are migrated back on Next host is selected Automates patching of large number of hosts with zero downtime to virtual machines 20

Data and System Protection Physical vs. Virtual Data and system protection with physical infrastructure Separate processes for protecting data and system disks Require identical hardware for guaranteed restore Complex processes to ensure protection Data and system protection with VMware Infrastructure Same process for data and system disks Entire system stored as data Hardware-independent virtual machines are easy to restore to any hardware System configuration System Data System, data, system config

What to Backup in a ESX Server? VM 1 VM 2 VM 3 VMFS RDM.vmx.redo.vmdk.vmx.vmdk.vmx.redo.vmdk ESX Server Service Console 22

Approaches when Performing Backup > Run backup software inside id a virtual machine > Perform off-line backups > VMware Consolidated Backup 23

VMware Consolidated Backup > Backup load off ESX Server > Backup traffic off the LAN > Backup agents off virtual machines 24

VCB Software > VCB Software is not a replacement for backup software > VCB Software integrates with existing backup tools and technologies already in place 25

How VCB Works? VM 1 VM 2 VM 3 Backup Disk OR Tape ESX Server 1 Backup Proxy Server Centralized Data Mover Physical Server Mou unt snapshot snapshot snapshot SAN Storage 26

Securing Virtual Machines Provide Same Protection as for Physical Servers Host Anti-Virus Patch Management Network Intrusion Detection/Prevention (IDS/IPS) Edge Firewalls 27

Secure Design for Virtualization Layer Fundamental Design Principles Isolate all management networks Disable all unneeded services Tightly regulate all administrative access 28

Enforce Strong Access Controls Joe Security Principle Least Privileges Implementation in VI Roles with only required privileges Harry Separation of Roles applied only to Duties required objects Administrator i t Operator Anne User 29

Security Advantages of Virtualization Ease of maintenance Test patches on multiple configurations in contained environment before rolling them out Use snapshots to save the known good state of a virtual machine before trying out something risky Production VM can be cloned and then modified off-line while the original one still runs. Updated VMs can be brought up in parallel with the previous version Both can be kept running as long as necessary to validate the new configuration 30

Better Lifecycle Controls Security Advantages of Virtualization Create Approve Publish or Retract Audit Usage Retain Request Document Dispose Archive Deploy from Template Route for Audit/ Approval Power-On or Suspend Monitor & Adjust Resources Request for VM Provisioning Delete

Agenda Virtual Virtualization Technology How Virtualization affects the Datacenter Security Keys to a Secure Virtualized Deployment and Data Protection The Future of Datacenter Security 32

New Solutions for Reduced Downtime Availability Ap p OS Ap p OS Ap p OS ESX Server Server Fault Tolerance Zero downtime, zero data loss continuous availability Storage Data Recovery Integrated backup and recovery appliance 33

Availability VMware Fault Tolerance 2009 Single identical VMs running in lockstep on separate hosts Zero downtime, zero data loss failover for all virtual machines in case of hardware failures XApp OS OS HA App HA XOS App OS FT App App App App OS OS OS Integrated with VMware HA/DRS VMware ESX X VMware ESX Zero downtime, zero data loss No complex clustering or specialized hardware required Single common mechanism for all applications and OS-es 34

Transforming Availability Service Levels Hardwar re Failure Toleran nce CONTINUOUS AUTOMATED RESTART UNPROTECTED VMware FT with VMware HA 0% 10% 100% Application Coverage 35

Availability vcenter Data Recovery 2009 1. Backup VirtualCenter 1. Schedule backups via VC 2. Snapshots taken 3. Data de-duped and stored Agent-less, disk-based backup and recovery of your VMs VM or file level restore Incremental backups and data de-dupe to save disk space 2. Restore VirtualCenter 1. VM goes down 2. Select VM images/files to recover 3. Restore VM running in seconds X X De-duplicated Storage Quick, simple and complete data protection for your VMs Centralized Management through VirtualCenter Cost Effective Storage Management 36 Copyright 2005 VMware, Inc. All rights reserved.

VMware VMsafe Security Application API that enables protection of VMs by inspection of virtual components in conjunction with hypervisor Isolation of protection engine from malware Broad ranging coverage of virtual machine CPU, memory, storage and network Operating System Protection Engine VMware Infrastructure 37

Security Ecosystem Enablement with VMware VMsafe 2009 Multi-function Security Appliance A pp OS Security VM App App App App OS OS OS OS vnetwork Distributed Switch VMware ESX VMware ESX A pp OS Security VM Agent-less deployment of partner security services Single security VM for multiple security services AV, Firewall, IPS Security policy and state moves with virtual machine Integrated, more effective, comprehensive security solutions within the virtual infrastructure Better security than physical servers! 38

VMsafe: Broad Security Industry Support Enterprise to SMB End-points to Gateways Anti-Virus to IPS Networks to Host Audit to Patching And Anywhere in between 39

Thank You http://www.vmware.com/go/security

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback