Vmworld 2005-sln241


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Vmworld 2005-sln241

  1. 1. Virtualization StreamlinesRegulatory ComplianceKacee Bui: Sr. Manager, IT Complianceand Governance, VMwareIben Rodriguez: Technical Operations,VMware
  2. 2. This presentation may containVMware confidential information.Copyright © 2005 VMware, Inc. All rights reserved.All other marks and names mentioned herein may be trademarksof their respective companies.
  3. 3. What Led Us Here?Growing complexity of TechnologyBusiness Environment changing
  4. 4. What Led Us Here, cont.Certification and Accreditation – C & A:Internal controlsRisks are mitigatedIncreased legislations as a result of variouscorporate scandals (Enron, WorldCom)
  5. 5. Regulatory Rules and StandardsSarbanes-Oxley (SOX 302 & 404)HIPPACalifornia SB1386Graham-Leach-Bliley (GLB)Federal Info. Security Mgmt (FISMA)Internal auditsISO17799, ITILEtc., etc., etc.
  6. 6. How Does Compliance Affect You?You have to follow regulationsIncrease IT resource and cost requirementsHigh demands on IT organization:Control ActivitiesDocumentation & MaintenanceTesting / quarterly audit
  7. 7. How Does VirtualizationStreamline Regulatory Compliance?Reduces resource & cost requirementsUnify IT ControlsProvides efficient audit trailsReduces compliance administrative effort
  8. 8. Examples
  9. 9. Example 1– Access ControlsRisk: The security architecture for thenetwork (LAN) and servers is notconfigured to properly preventinappropriate and/or unauthorized accessControl:With Virtualization: Virtual machines can beISOLATED from each other
  10. 10. ExchangeWindows2000ConsoleNICCD, Floppy,Serial, etcIntel Processor VirtualizationService ConsoleSNMPAgentPerlScriptingRemoteKVMSecurityMgmtWeb ServerCPUCPUOtherdevicesSQL ServerWindowsNT4ApacheRed Hat7.2SchedulerCPUMemoryMgmt.MemorySCSI/FCStorageEthernetNetworkOtherDevicesWhat Is Virtualization?
  11. 11. IsolationCPU hardware / protectionFault, performance andsecurity isolationCPU, RAM, Disk, and networkresource controlsResource allocations can bechanged “on the fly”Guaranteed service levelsIf one virtual machine“crashes”, it has no negativeeffect on any other runningvirtual machines
  12. 12. Virtualization Reduces ResourceRequirementsYour production and development instancesmust be separatedWithout virtualization, you would need to obtainadditional machines for each production anddevelopment instanceWith virtualization, you will have fewer physicalmachines and software controls are used toisolate machines
  13. 13. Example 2 – Change Mgmt ControlsRisks:Incomplete, inaccurate, or unauthorized development isintroduced into the Production environment, impactingsystem integrity and availabilityKey business processes and/or IT assets may beunavailable because of unauthorized changes to theinfrastructure and/or job schedulesControl:With virtualization, events and changes are capturedautomatically
  14. 14. Virtual Controls: Audit TrailsIncidents and changes must belogged and documented accuratelyWithout virtualization this is amanual process and subject to errorWith virtualization events andchanges are captured automaticallyExamplesAdding drive spaceDB Schema changesAdding network interface
  15. 15. Change Control ExamplesVirtual networkinterfaces:Virtual NICs plug intovirtual switchesTwo or more: Bondedexternal links for faulttolerance and bandwidthaggregationVLAN AVLAN BVirtualVLANSwitchUplink NICTo physical switchVLAN trunk portsUplink NIC
  16. 16. Example 3 – IT Operations ControlsRisk:Segregation of duties – unauthorized access, shared functionsControl:With virtualization: Minimizes discrepancies andexceptions
  17. 17. Virtual Controls: SegregationSeparate roles for system anddatabase administrators, softwaredevelopers and business analysts. UseRole Based Access Control lists toauthorize who can make what changesWithout virtualization, this requiresmore training, oversight and manualauditingWith virtualization, only members ofhardware support team can upgradephysical hardware
  18. 18. Example 4 – IT Operations, cont.Risk:Backup and Recovery: Inability to recover and restore criticalbusiness data accurately, completely and in a timely mannerin the event of a failed system or disaster.Control:With virtualization: Recovery time is minimized
  19. 19. Virtualization: RecoveryMany of you will leverage SOX to ensureproper recovery plans are in place and testedTypically standby data center and hardwareReplacement servers do not need to beidentical hardwareVirtual machines can be consolidatedduring recoveryVirtual machines can be replicated, andstandby site can be brought up quickly
  20. 20. Virtualization: EncapsulationEntire state of the virtualmachine is stored in acomputer controlled fileAdministrators can now usesoftware and not screwdriverswhen working on machinesVirtual machine state can betransferred through spaceand timeTime: stored on a DVD-ROMSpace: Transfer over a network
  21. 21. Recovery ExampleArchitectureHypervisorAppOSArchitectureHypervisorVirtualization LayerAppOSAppOS
  22. 22. Virtualization Simplifies ChangesHardware upgradeshappen in virtual world.Requires 1 - 3 hourmaintenance windowHardwaremaintenanceA few minutes with virtualmachine managementconsole4 - 6 hours for migrationService interrupted forduration of maintenancewindowRequires days/weeks ofchange managementpreparationMoving anapplication to anew server orRepurposing aserverA few minutes to provisiona new virtual machine.Standard templates areused.3 - 10 days hardwareprocurement1 - 4 hours provisioning newserverProvision a newserverWith ServerVirtualizationTraditional ApproachKey Task
  23. 23. Summary - Virtualization andComplianceRegulatory compliance is complexVirtualization is a complex toolCareful planning, implementation andmonitoring are essential
  24. 24. Questions