Thomas Ptacek writes about two ways virtualization complicates life for systems security people in his blog entry, Dark Reading on Virtualization Security.
First of all, he says, “you now face the spectre of guest-hopping attacks, which are vulnerabilities in your hypervisor that allow you to beat VM protection and gain access to other hosts. The driver for these attacks is that a hypervisor has to provide at least the illusion of a ‘ring 0’ for a guest operating system to run in.” Secondly, he adds: “If you’re on the same hardware as your target, you have significantly improved timing channels to pry encryption secrets out with.”
Fortunately, he has some ideas on how to handle these problems. So do the other writers for Matasano Chargen, a blog about information security.
Virtualization security is on our readers’ minds, too, and we’re answering their requests for advice. Check out Chris Wolf’s advice on virtual switch security on Virtual Server, VMware and XenExpress and the virtualization security series by Harley Stagner, in which he suggests ways to improve Microsoft Virtual Server security.
What aspect of virtualization security is bugging you? What should IT shops really be worried about?
This week, Microsoft revamped pricing for SQL Server 2005 whereby “Enterprise Edition” customers can run unlimited instances of SQL Server within virtual machines of any denomination — VMware, Microsoft Virtual Server, etc… Compare this with SQL Server Standard Edition, which is licensed per physical or virtual processor.
At first blush, this seems like a pretty good deal, kind of like the unlimited virtualization with Windows Server 2003 Datacenter Edition. But the more I think about it, the more I wonder — just how many folks is this really pricing really going to affect? First of all, how many SQL Server instances would one need to run per host in order for this deal to make economic sense? More to the point, how many shops are really running databases in virtual machines? And even if they are, don’t virtualization best practices state that we need to mix up our workloads?
Anyway, these are just some preliminary thoughts. If you’re running databases within VMs — particularly big honking I/O intensive ones — leave a comment; I’m curious to hear about how it’s working out.
Since I joined the site, I’ve watched our contributors help our tip section grow with some phenomenal series-length tips. To date, the best have been:
- Optimizing Microsoft Virtual Server 2005, by Anil Desai
- Getting started with VMware on Windows, by Andrew Kutz
- Microsoft Virtual Server from the ground up, also by Anil Desai
- Step-by-step virtualization, by Alessandro Perilli
- and Choosing the right virtualization solution, another by Andrew Kutz.
…at least in my opinion. Have you used them? Were they helpful? Comment and tell us. Also let us know what you’d like to see more of.
Just recently published a new guide by Alessandro Perilli, which talks about virtual machine backup, how to create failover structures, configure clusters and automate the provisioning of virtual machines.
Next up is a new series by Anil Desai. He gets in to detail about automating Virtual Server using Visual Studio .NET and VBScript.
Lastly, welcome to our blog! We’ve been talking about this for a while, and we’re all pretty excited about it. We hope you join right in and comment away. After all, it’s our readers that make our site.