Back to Blog Home

In the ball park

I think it’s a fair statement to say that most IT organizations have adopted virtualization in some fashion, most commonly for the server environment. Gartner claims that nearly 50% of all x86 workloads are virtualized. Whether it’s a small tentative step with one host system and a handful of guests, or a modest farm of dozens of hosts and hundreds of guest operating systems, chances are you’ve gotten into the game.

The question is, how well is your company doing it? How do you know if you are doing it well? Is your virtualization environment growing in a predictable, measured fashion? Do you know the impact and performance profile of each workload? How is your storage environment scaling as you add hosts and guests? How is your patch program? And what about security?

These are things to think about before you get to the type of environment that has hundreds and hundreds of hosts, and thousands of guests, across multiple hypervisors.  Are you even in the ballpark when it comes to best practices, measuring performance and security?

As a specific example, let’s talk about security. Most shops spend little time focusing on security in a virtualized environment, and the data from Gartner that claims more than 60% of virtual servers are less secure than the physical servers they replace seems to reflect this. Do you have security tools to manage VM to VM traffic? In many cases, this traffic doesn’t traverse a normal IP network because it’s on a virtualized network inside the hypervisor. If I’m a bad guy, this is great because I know you’re blind to my activities. I can stand up to a VM, do bad things, and then obliterate the VM, destroying my trail. Black hat nirvana. The bigger the environment, the bigger this risk.

Ahh but wait, there’s more. There are tools to automate the scanning and exploitation of hypervisors. VASTO (Virtualization Assessment Toolkit) written by Claudio Criscione and open source was built with this specific purpose in mind, and it works in conjunction with Metasploit.

This means there are folks actively working to gain privileged access to your hypervisor. And if they have that, you are in serious trouble, and chances are you might not be able to detect it. Most IT staff aren’t even looking at this area, and few of the vendors have tools to help.

There is hope. Excellent communications across functions areas, a solid operational plan, good instrumentation on your systems, and meaningful event driven actions can go far. Learn about and understand what each vendor is doing to enhance security, and then test the capability of these new security features.

These basic things can go a long way toward making sure you stay in the ballpark, and win the game.

Scott Gill, Office of the CTO, Western US