Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hyper-V Security Best Practices for Hosting, VDI and Service Providers Symon PerrimanAlex Karavanov VP, Business DevelopmentDirector of Solutions Engineering.

Published byChastity Tate Modified over 9 years ago

Similar presentations

Presentation on theme: "Hyper-V Security Best Practices for Hosting, VDI and Service Providers Symon PerrimanAlex Karavanov VP, Business DevelopmentDirector of Solutions Engineering."— Presentation transcript:

1 Hyper-V Security Best Practices for Hosting, VDI and Service Providers Symon PerrimanAlex Karavanov VP, Business DevelopmentDirector of Solutions Engineering Symon@5nine.comAMK@5nine.com 5nine Software, Inc. www.5nine.com Twitter @5nine_SoftwareMay 20 th, 2015

2 Hyper-V Security Best Practices Introduction Security for Virtualization Admins Best Practices for Hyper-V Best Practices for Providers Summary Q&A

3 Introduction Hyper-V Security Best Practices for Hosting, VDI and Service Providers

4 Meet the Speakers Symon Perriman is 5nine Software’s VP of Business Development and Marketing. Previously he was Microsoft's Senior Technical Evangelist and worldwide technical lead covering Hyper-V, Windows Server, and System Center. He has trained millions of IT Professionals, holds several patents and dozens of industry certifications, and in 2013 he co-authored "Introduction to System Center 2012 R2 for IT Professionals" (Microsoft Press). Contact Symon@5nine.com or Twitter @SymonPerriman Alex Karavanov manages 5nine Software’s Solutions Engineering team. He has been in information security field for more than 10 years. Alex leads major 5nine Software management and security projects worldwide and aims to deliver the best efficiency and protection of the virtual infrastructures, to achieve the highest system performance and security level. He also holds multiple industry certifications. Contact AMK@5nine.com or Twitter @5nine_Software

5 Meet 5nine Software Founded in 2009 Headquartered in Chicago with offices worldwide More than 50,000 customers globally, representing companies and datacenters of all sizes The #1 leading solutions provider of security & management applications for Hyper-V environments –5nine Cloud Security - Agentless security for Hyper-V, System Center and Azure Pack5nine Cloud Security –5nine Manager - Integrated Hyper-V and Cluster Management for SMB5nine Manager –5nine V2V Easy Converter - Free VMware to Hyper-V virtual machine migration tool5nine V2V Easy Converter www.5nine.com

6 Security for Virtualization Admins Hyper-V Security Best Practices for Hosting, VDI and Service Providers

7 Security Threats for Hyper-V Compute Denial of Memory or CPU Network Virus, Malware, Trojan Horses, Denial of Service Storage Data Breach or Loss, Denial of Data Web Denial of Service Active Persistent Threats Cross-Site Scripting (XSS), Man in Middle “This class of threats called APT is so top of mind for each of us…we want to detect Advanced Persistent Threats and to be able to take action as an organization to isolate and protect ourselves.” - Satya Nadella, Microsoft CEO at Microsoft Ignite, May 4 th 2015

8 Virtualized Environments are Never Secure New Threats End users / tenants Storage devices Network attacks Unidentified Threats New signatures Time bomb / logic bomb Most datacenters are already infected

9 Security Prevention Tools for Hyper-V Firewall Antivirus / Antimalware Network Traffic Filtering Intrusion Detection / Prevention Traffic Pattern Anomalies Unusual Endpoints Unusual Protocols Standard datacenter security practices are still recommended Physical security, BitLocker, VPN, Active Directory, etc. Security for virtualization and cloud is different

10 Best Practices for Hyper-V Hyper-V Security Best Practices for Hosting, VDI and Service Providers

11 Best Practice Use an Agentless (Host-based) Solution

12

13 Best Practice Use a Solution Designed for Hyper-V KB 961804 – If your solution is not designed for Hyper-V, Microsoft recommended to not scan folders with VM configuration files, VHDs, replicated disks, snapshots and executables

14 Best Practice Keep Security Signatures Updated Use antivirus / antimalware signatures from industry leaders Kaspersky Lab, ThreatTrack VIPRE, etc. Use intrusion detection rules from industry leaders Cisco Snort, etc. Use a centralized signature database to simplify updating Do not rely on users to keep endpoint security solutions updated

15 Best Practice Use a Single Firewall Solution for all VMs Manage traffic at the network protocol level TCP, UDP, GRE, ICMP, IGMP, etc. Hyper-V Guest OS List: aka.ms/HyperVGuestOSaka.ms/HyperVGuestOS Server Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 R2 Home Server 2011 Small Business Server 2011 Windows Server 2003 Client Windows 8.1 Windows 8 Windows 7 Windows Vista Windows XP Linux & UNIX CentOS Debian FreeBSD Oracle Linux Red Hat RHEL SUSE Ubuntu

16 Best Practice Protect Virtual Networks and Avoid Appliances Physical appliances protect traffic between hosts Does not protect traffic between VMs on the same host Private VLAN routing is possible, but complex and decreases performance Virtual Networks External Internal Private Appliance

17 Immediately identify and alert on incoming threats Best Practice Use a Active Protection on the Network 01010011 01111001 01101101 01101111 01101110 00100000 01110010 01110101 01101110 01110011 00100000 00110101 01101110 01101001 01101110 01100101 00100000 01010011 01101111 01100110 01110100 01110111 01100001 01110010 01100101 00100000 00111010 00101001

18 Best Practice Use Intelligent Disk Scanning Agent-based scanning can cause “scanning storms” Decreases VM performance Lowers host density Triggers alerts Live migration traffic 5nine uses its proprietary Change Block Tracking driver Scan only changed blocks on disk Scan up to 70% faster

19 Best Practice Schedule Repetitive Tasks Enables scalability Ensures consistent SLAs Eliminates human error For tasks with high resource utilization, stagger the action across the virtualized resources

20 DEMO 5nine Cloud Security for Hyper-V

21 Best Practices for Providers Hyper-V Security Best Practices for Hosting, VDI and Service Providers

22 It is impossible to guarantee security for VMs with endpoint protection Requires installation Slows deployment Cloud environments are dynamic Virtual machines Virtual disks Virtual networks Virtual switches Scripting allows advanced deployment options Best Practice Automatically & Immediately Protect Everything

23 Best Practice Use an Enterprise Security Solution Security must be centralized System Center integration Security must be remote Branch office support Security must scale Software-based solution Security must be automatic PowerShell integration Security must not have a single point of failure Highly-available through clustering or redundancy, and runs inside a clustered VM Security must be easy for end-users Azure Pack integration

24 Hyper-V Hosts SQL Server 5nine Cloud Security Management Server / VM Hyper-V Cluster Redundant Management Group SQL Server SQL Cluster Branch Office SQL Server 5nine Sync 5nine Cloud Security Management 5nine Console | 5nine PowerShell | Azure Pack Extension | SCVMM Best Practice – 5nine Cloud Security Architecture

25 Best Practice Protect against Internal, Inbound & Outbound Threats Hyper-V Hosts Database or SQL Server 5nine Cloud Security Management Server / VM Public Internet Normal Traffic Unusual Traffic

26 Best Practice Log and Analyze Security Events Hyper-V Hosts Database or SQL Server 5nine Cloud Security Management Server / VM Public Internet On-Premises Analytics (Syslog) Cloud-Based Analytics

27 Best Practice Do NOT Trust your Users The “public” is now using your resources Assume the user does not care about security Manage security for them Update signatures for them Ensure they cannot disable security Accidently Purposely With a bad intention Centrally view all user actions

28 Best Practice Isolate Everyone Isolation and privacy is critical in a cloud An admin cannot access a VMs A VM cannot affect the host A VM cannot affect another VM Use Quality of Service (QoS) or throttling for memory, CPU, network & storage bandwidth Avoid Denial of resource attacks

29 Best Practice Offer Security as a Service (SECaaS) The Azure public cloud is not available to everyone Azure Pack allows you to run Azure-like services in your datacenter Differentiate your services by offering improved security Provide guided service selection to maximize monetization Simply security through templates

30 DEMO 5nine Cloud Security SCVMM Plugin & Azure Pack Extension

31 Summary Hyper-V Security Best Practices for Hosting, VDI and Service Providers

32 Best Practice Maintain Compliance Requirements Virtualization & cloud security is different Regulators require it Customers expect it Hackers know how to exploit it Benefits Improved security for you and your customers Opportunity to differentiate and monetize on value-added services A single security breach can ruin your reputation…and business… “Most partner solutions are nice to have. 5nine Cloud Security is the only must have” -Alex Verkinderen (@AlexVerkinderen) Microsoft Hybrid Cloud Architect & MVP

33 www.5nine.com or Sales@5nine.comwww.5nine.comSales@5nine.com Cloud Security: http://www.5nine.com/CloudSecurityhttp://www.5nine.com/CloudSecurity Licensing options –Licensed per 2 CPUs –Flexible pricing based on VM density –Service provider licenses and volume discounts available Sales direct, online, or through resellers & solution integrators How to Acquire 5nine Cloud Security

34 Upcoming 5nine Webinars May 27 – Complete Hyper-Converged Infrastructure Solutions for SMBs –Presented with StarWind Software & xByte Technologies June – Scale & Secure Microsoft VDI on Hyper-V with Enterprise-Class Protection for Desktops –Presented with Unidesk June - Introduction to Hyper-V Management for the VMware Admin June – [Russian Language] Hyper-V Security Tips Visit www.5nine.com or join our mailing list to stay informedwww.5nine.com

35 5nine Cloud Security: http://www.5nine.com/CloudSecurityhttp://www.5nine.com/CloudSecurity 5nine Cloud Security Features: http://www.5nine.com/5nine-security-for-hyper-v-product.aspx#features http://www.5nine.com/5nine-security-for-hyper-v-product.aspx#features 5nine Cloud Security Azure Pack Extension: http://www.5nine.com/5nine-security-for-hyper-v-product.aspx#Azure http://www.5nine.com/5nine-security-for-hyper-v-product.aspx#Azure 5nine Cloud Security SCVMM Plugin: http://www.5nine.com/5nine-security-for-hyper-v-product.aspx#scvmm http://www.5nine.com/5nine-security-for-hyper-v-product.aspx#scvmm Microsoft Virtual Academy: Azure Pack Partner Solutions (Module 10): http://www.microsoftvirtualacademy.com/training-courses/windows-azure-pack-partner-solutions http://www.microsoftvirtualacademy.com/training-courses/windows-azure-pack-partner-solutions Whitepaper: The Challenges of Securing Hosted Hyper-V Multi-Tenant Environments: http://www.5nine.com/Docs/Brien_Posey_Securing_Hosting_Hyper_Environment.pdf http://www.5nine.com/Docs/Brien_Posey_Securing_Hosting_Hyper_Environment.pdf Resources

36 Sales: Phone US: +1 630-288-4700 Phone Europe: +44 (20) 7048-2021 Email: sales@5nine.com Technical Support: Phone US/Canada Toll Free: +1 877-275-5232 Email: techsupport@5nine.com Fax: +1 732-203-1665 Mailing Address: 1385 Highway 35, STE 133, Middletown, NJ 07748 USA 5nine Software, Inc Oak Brooke Pointe, 700 Commerce Drive Ste 500, Oak Brook, IL 60523 Copyright © 2015 | 5nine Software, Inc. | All Rights Reserved

Download ppt "Hyper-V Security Best Practices for Hosting, VDI and Service Providers Symon PerrimanAlex Karavanov VP, Business DevelopmentDirector of Solutions Engineering."

Similar presentations

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
System Center 2012 R2 Overview

System Center 2012 R2 Overview
Bucharest, July 31, 2012 | Bitdefender 2012 Cloud Security for Endpoints Customer Presentation.

Bucharest, July 31, 2012 | Bitdefender 2012 Cloud Security for Endpoints Customer Presentation.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
INTRODUCING: KASPERSKY Security FOR VIRTUALIZATION | LIGHT AGENT FOR MICROSOFT AND CITRIX VIRTUAL ENVIRONMENTS.

INTRODUCING: KASPERSKY Security FOR VIRTUALIZATION | LIGHT AGENT FOR MICROSOFT AND CITRIX VIRTUAL ENVIRONMENTS.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
VMware vCenter Server Module 4.

VMware vCenter Server Module 4.
Microsoft delivers a complete datacenter solution with Windows Server 2012 R2 out-of-the-box Cloud OS Development Management Identity Virtualization.

Microsoft delivers a complete datacenter solution with Windows Server 2012 R2 out-of-the-box Cloud OS Development Management Identity Virtualization.
CategoryDynamic Datacenter Toolkit for Hosters (DDTK-H)Dynamic Datacenter Toolkit (DDTK) Service OfferingEnables hosting service providers to offer on-demand.

CategoryDynamic Datacenter Toolkit for Hosters (DDTK-H)Dynamic Datacenter Toolkit (DDTK) Service OfferingEnables hosting service providers to offer on-demand.
Norman Endpoint Protection Advanced security made easy.

Norman Endpoint Protection Advanced security made easy.
Windows Server 2012 Certification and Training June 2012.

Windows Server 2012 Certification and Training June 2012.
Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.

Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.
Hyper-V High-Availability & Mobility: Designing the Infrastructure for Your Private Cloud Symon Perriman Technical Evangelist Microsoft

Hyper-V High-Availability & Mobility: Designing the Infrastructure for Your Private Cloud Symon Perriman Technical Evangelist Microsoft
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation

Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Copyright 2009 Trend Micro Inc. OfficeScan 10.5 VDI-aware endpoint security.

Copyright 2009 Trend Micro Inc. OfficeScan 10.5 VDI-aware endpoint security.
Agentless Security for Windows Server 2012, Windows Server 2012 R2, System Center VMM, Hyper-V and Windows 8 ISV Partner Alliance Value.

Agentless Security for Windows Server 2012, Windows Server 2012 R2, System Center VMM, Hyper-V and Windows 8 ISV Partner Alliance Value.
The Era of the Cloud OS: Transform the Datacentre

The Era of the Cloud OS: Transform the Datacentre

Similar presentations

Ads by Google