1.  Securing and Administering Virtual Machines George Manley and Yang He

2. What is a Virtual Machine?  Guest OS sitting on top of hypervisor which is on top of physical machine  Able to be moved around between different physical machines  Can share physical resources with other virtual machines

3. Basics of Securing a Virtual Machine  For the most part the security procedures of a virtual machine is the same as that of a physical machine  This is because the virtual and physical machines both run the exact same operating systems  Only main difference is the level of abstraction which is typically filled by the hypervisor

4. Problems with VM Security  Overall there have not been a lot of major issues with companies transitioning to virtual machines  One of the major known security risks is the threat of someone maliciously accessing the hypervisor

5. New Problems that VM’s present  Software Licensing  Software Lifecycle and physical machine upgrades  If only one OS on a physical machine, there’s only that one OS to worry about with the machine’s lifecycle  If multiple OS’s on a physical machine, and hypervisor must be updated, all OS’s must be considered

6. Similarities of administering VM’s to traditional physical machines  Configuration Guides and all documentation for OS is essentially the same  Monitoring is the same for the OS  All typical day-to-day administration tasks are the same  Security of the OS is the same

7. New things to administer  They hypervisor  Multiple OS’s on one system  Managing resources of the physical system  All VM’s share the same hardware  Hypervisor takes care of much of this

8. More VM administration  Networking  Typically done now with VLAN’s  Storage  Typically this is virtualized on the root disks  Can also be virtualized on SAN storage

9. Benefits of Virtualization  Delegating Management  Guest OS independence  Each OS installed over the hypervisor is a guest OS  These are completely independent of each other  Able to get the most of out of your resources  Testing

10. What’s currently not being virtualized  Here at Clemson, we typically don’t virtualize san storage for boot devices  The only exception to this is AIM (Coming in a later slide)  Currently the only network virtualization is through the use of VLAN’s  The future of this is limitless though the use of Openflow

11. Future of Virtualization- AIM  Every aspect of the environment can be virtualized  Used by lots of companies worldwide  OS is built on a persona  Persona can then be moved back and forth between different bare metal machines as well as different virtual machines automatically in only a matter of minutes

12. Conclusion  Security  Very few differences between a native OS installed on a physical machine. Hypervisor is only major security difference  Administration  Administration of the OS will be the same  Only new administration tasks will be administering the hypervisor and more closely managing hardware resources