Your SlideShare is downloading. ×
April 2006
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

April 2006

180
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
180
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Using Virtualization to Secure and Optimize the Enterprise “ As I was walking down the stair, I saw a man who wasn’t there…”
  • 2. Traditional Model of Computing
    • One Platform, One Operating System
    • Functions are divided by platform
    • Data are backed-up
    • Platforms are rebuilt
    • Development environments are limited subsets of production
    • DEV to UT to SIT to UIT to PROD “Catch up”
    • Platforms are the most expensive element
  • 3. A New Model
    • One Platform, Multiple Operating Systems
    • Functions can be isolated without a new platform
    • Whole platforms can be “generated” and backed up
    • Development and Production can be identical
    • Defects can be exactly replicated in earlier environments
    • Systems on demand
  • 4. What Platforms are Supported? (Hosts)
    • Windows 2000 (Professional and Server, 32 and 64 Bit)
    • Windows 2003 (32 and 64 bit)
    • Windows XP (Home and Professional, 32 and 64 bit)
    • Linux (32 and 64 Bit)
      • SUSE
      • RedHat
      • Mandrake (Mandriva)
      • Ubuntu
    • ESX Native
  • 5. What Platforms are Supported? (Guests)
    • Microsoft
      • Windows 3.1, 95, 98, ME, NT, 2000, 2003, XP and “Vista”
      • DOS 6
    • Linux
      • RedHat (Fedora)
      • SUSE (7+)
      • Ubuntu (EdUbuntu)
      • Mandriva (Mandrake)
      • Most other (with compile)
    • SUN (all x86)
      • Solaris 9
      • Solaris 10
    • FreeBSD
    • Novell Netware 5.1 and up
  • 6. Other VM Products
    • Microsoft Virtual Server
      • Supports Microsoft guests only
      • Runs on Windows 2003 Server
    • Xen Virtualization
      • Open Source OS only
      • Mainly for platform testing
      • Still Beta
    • User Mode Linux
      • Test bed for non-root drivers
      • limited functionality
      • Linux only
    • QEM
  • 7. What is Virtualization?
    • “ Running a machine on a machine”
      • Creation of an “Abstraction Layer”
      • Sharing of peripheral devices
      • Providing file system space on the host file system
      • Protecting the resources of each machine from the others
  • 8. The Layers of Virtualization
  • 9. What Happens at Each Layer?
    • The Host Operating System and Hardware:
      • Physical Device Handling
      • I/O Processing
      • Interrupt and Network Processing
      • Application Queuing
      • Supervisor State (Privileged) Processor Functions
  • 10. The Virtualization Layer
    • Runs in problem state with hooks to the host for privileged operations
    • I/O mapping
    • Lock/Enque for virtual devices and memory
    • Memory Mapping
    • Bios emulation
    • Virtual OS dispatching
    • Presents virtual devices
  • 11. Virtual OS and Virtual Apps
    • Same as “real” Apps and OS
    • Can only see the local address space
    • Can only see the locally mapped peripherals
    • Do not recognize that they are not in a real environment
    • Sees I/O in real time, but queued
  • 12. How to Apply Virtualization
    • Multiple Desktops
    • Platform Testing
    • Disaster Recovery
    • Server Consolidation
    • Standardization
    • Application Development and Roll-out
  • 13. Multiple Desktops
    • Several Operating Systems
      • NAT, Host Only, or Bridged
      • Teams
      • Virtual disks (real, non-persistent or roll-back)
    • Different OS Levels
      • Clones
      • Service Packs
      • Risky patches
  • 14. Platform Testing
    • A New OS
      • Migration of applications
      • Dividing functions
    • Version Testing
      • Not just the OS
      • Database
      • Applications
      • Services
  • 15. Disaster Recovery
    • Cloned Systems
    • Live Backups
    • Recovery Platform Independence
    • Addresses do not need to change
  • 16. Server Consolidation
    • Multiple Servers per Platform
      • Less platforms, not less servers
    • Isolation of functions
    • Maintained by a single operator
    • “ Headless”
    • New servers can be “spawned”
    • P2V – Physical to Virtual
  • 17. Standardization
    • Build a “base” platform
    • Clones
      • Linked
      • Independent
    • Distributable Desktops
      • Player
      • ACE
      • Desktop Pooling
    • Policy Based Security
  • 18. Development Environments
    • Clones of the Production Systems
    • Each environment is identical
    • Same addresses
    • Easy to copy/regenerate
    • When defects occur
      • Whole system can be “snapped”
      • Corrections can be rolled forward
      • The integrity of the intermediary environments is maintained
  • 19. Special Security Challenges
    • Replicated Environment
      • Like stealing the hardware
      • Normal data protection still required
    • Licensing of Software
      • Microsoft model
      • Oracle model
    • MAC Address Duplication
      • Promiscuous mode network access
      • Administrator settable
    • VM Based Tools
      • Sniffers
      • Network servers (DHCP, DNS)
    • Forensics
  • 20. Levels of VMware
    • Player – For using existing VMs on a workstation
    • Workstation – Running on user platforms
    • GSX (VMware Server) – For servers sharing non-virtual workload
    • ESX – For servers in a “Virtual Only” environment
    • ACE – For distributed user desktops
  • 21. ACE Distribution
    • Policy based control
      • Only the guest can access resources
      • Chinese wall can be invoked to segregate resources (Dynamic Policy)
      • Policy is at the server
    • License Protection
      • Turn On/Off images
      • Use audit trail
    • Resettable/non Persistence
      • Limits “User Installs”
      • Shared Platforms
      • Kiosk systems
  • 22. Opportunities for Virtualization
    • Server Consolidation, Redundancy
    • Development Environments
    • Testing Platforms
    • Security
      • Policy Based
      • Standard Desktop
      • Easy “turn-off”
    • Back-Up
    • Disaster Recovery and Business Continuity
  • 23. Any Questions?
  • 24. Contact Information and Additional Resources:
    • Speaker Contact:
    • Michael D. Weisberg, CISSP
    • Principal Consultant
    • NYSTEC
    • 100 State Street, Suite 900
    • Albany, NY 12207
    • (518) 431-1059
    • [email_address]
    • Vmware Contact:
    • http://www.vmware.com