Virtualization: Security Best Practices
Published: November 9, 2011
Author: Harry L. Waldron, CPCU, AAI
Virtualization Provides Cost Efficiencies and Other Benefits
During challenging economic times, virtualization strategies can help reduce data center expenses. Rather than deploying a physical server for each application, virtual sessions can be created to consolidate hardware. Fewer physical servers provide real savings by reducing equipment, energy, and management costs.
Virtualization works well for consolidating multiple applications onto a single physical server. Smaller and less active applications are prime candidates for virtualization. Highly active and business-critical OLTP applications are better suited to reside on a dedicated physical server.
Currently, VMware ESX and Microsoft Hyper-V facility are two leading solutions. VMware is the most popular approach with a decade of industry experience. Hyper-V has experienced recent growth as guest licenses are built into Windows Server 2008 R2, which can lower costs. Both solutions offer advanced features including virtual clustering and server failover capabilities. The Additional Resources section at the end of this article offers some detailed best security and design practices for both environments.
Virtualization can be applied workstations to meet special connectivity requirements. Kiosk environments are sometimes needed for untrusted Active Directory environments. A service company may need to log on to multiple untrusted domains, and this access may be difficult to set up on a physical workstation. Virtual desktop infrastructure (VDI) capabilities permit users to log on to different domains using web links. These environments can be locked down; plus, they offer excellent performance.
Best Security Practices for Safeguarding Virtual Devices
Virtual resources must be safeguarded using the same principles used to keep Windows and Windows Server secure. Administrators must promptly apply security maintenance to all software components and help ensure the environment is restricted from unauthorized users. Strong corporate policies and security awareness help promote the user's role in the process as well.
Key best practices for safeguarding virtual information resources include:
Safeguarding the virtual environment is similar to protecting physical servers and workstations. The virtual layer adds some complexity, as the hypervisor environment must be included in the process. Because security is only as strong as its weakest link, all physical, virtual, and network components must employ rigorous controls throughout. Human behavior safeguards are equally critical in complementing stringent technology controls.
Below are several links to sites that include more detailed information for safeguarding leading virtualization strategies:
Best Security Practices for Hyper-V Facility Built into Windows 2008
Best Security Practices for VMware
About the Author
Harry Waldron is a Senior IT professional with Fairfax Information Technology Systems, based in Roanoke, Virginia. He has almost 35 years of experience in the insurance industry, including a decade as a senior IT Security specialist. Currently, he assists with the implementation of technology solutions for property and casualty insurance applications. He has insurance expertise, including the Chartered Property and Casualty Underwriting and Accredited Advisor in Insurance professional designations. He has been a Microsoft Enterprise Security MVP since 2003.