Thursday, January 28, 2010

Virtualized Data Center - but, where is Security?

Cisco, NetApp & VMWare made a announcement on Virtual Data Center.  The paper gives a very high level view of how a virtual data center would look like.  One could possibly replace these company names with something like: Virtual Networking Components, Storage, and Hypervisor.  The only concern I have with this paper is it does not talk about security.  It does make a mention of "Secure multi-tenancy" without explaining what secure really means.  In the world we live in today with most information in electronic format, customers must reject marketing collateral if it does not explicitly address security.  With the advertised provisioning time of 1 minute, imagine the amount of damage that can be done by provisioning this and not realizing the effect of security for 30 minutes.

January 29 - Update
Here is the blueprint architecture guide to Designing Secure Multi-Tenancy into Virtualized Data Centers
While they talk about secure separation, it is illustrated via use of operational methods (use of different types of administrators, etc) and logically using vSwitches.  While these are MUST HAVE s, they are not sufficient.  One would also need a Virtual Firewall (Key Pair Technologies) for enforcing ACLs and for Identity based access, you will also need a wire-speed access control device - Access Control Appliance (Key Pair Technologies)

Tuesday, January 26, 2010

Cloud Customers Report Capital Cost Savings - really??

I was reading this article "Cloud Customers Report Capital Cost Savings" which is based on a research report from "Responsible Cloud": very interesting data:
  • Total enterprises interviewed: 159
  • Private Cloud preferred: 75% Out of which 52% are implementing both on-premises and off-premises
  • Customers seeing CAPEX (power, cooling) savings: 61% 
  •  Customers seeing both CAPEX & OPEX savings: 25%
  • Other benefits include freeing up strategic resources (49%), enabling disaster recovery/business continuity planning (46%), and increased flexibility and agility (46%). Overall, 89% of customers reported multiple outcomes, with just under half of all enterprises (46%) reporting five or more significant outcomes.
  • The report also found that the single most common level of OpEx reduction (from a sample of 79 respondents) was in the range of 21-30%. However, across all these respondents, cloud computing returned an average 22% OpEx saving.
  • Of the 76% of cloud customers that also reported real, measurable cost savings, the single most common level of CapEx reduction was between 11-20%. The CapEx return across all these respondents was 26%.
There are many more numbers attached, but, I am not convinced how Cloud deployment can save mainly CAPEX savings.  I strongly believe that this is due to Virtualization and not just deploying REST based services.  If they really went to REST based services for storage, applications, etc., then they would have encountered lots of professional services expenses which is not shown.

    Virtualization ROI

    There is an article on Network World which is titled "Virtualization Projects fail to reach ROI targets".  The main reason provided was that customers believed too much into hypervisor vendor provided models which are skewed to illustrate ROI.  I agree with the author that there is some truth to it.

    I started to look at major vendors like VMWare, Cisco, HP, Microsoft, IBM, etc and their version of Virtualization ROI.  They are talking mainly about energy (power & cooling) savings - which can be easily demonstrated as $ spent/saved.  What these don't take into account are the other costs to make this saving happen.

    Here is an example: Datacenter wants to move 50 web servers to virtual environments.  If they just move 50 to such an environment + add a few more to compensate against performance, then ROI can be achieved.  But, if they now state, I want to move my switch to a virtual switch, my firewall to virtual firewall, my Single Sign On solution to vitrual platform, you are asking for trouble in terms of ROI as these were never accounted for (professional services costs, time to deploy, cost of new licenses, management infrastructure, security/threat modeling, etc)  in the first place.  There is nothing wrong in doing it, it just needs to be accounted for.

    Monday, January 25, 2010

    Security in a multi-tenant hypervisor (virtualization) platform

    By definition, a hypervisor is a layer that sits between a guest operating system and the hardware or a native operating system.  By using a operating system, multiple applications can be run simultaneously.  By using a hypervisor, multiple guest operating systems can be run simultaneously on the same hardware.

    By running multiple guest operating systems, on a single hypervisor, security must be ensured.  Security entails:
    1. Isolation between multiple operating systems.  In a traditional network, one can check physical hardware and network cables.  But, this is a logical network and hence  settings must be carefully reviewed.
    2. Protection of hypervisor and other guest operating systems due to compromised guest operating system or applications
    3. Possibility of rootkits in Hypervisor or Hardware
    4. Hypervisor (or the hardware on which it is running) can become the single point of failure
    5. Misconfiguration of virtual networking components (virtual switch, virtual load balancer, virtual VPN, virtual firewall, etc) can enable serious threats
    6. With dynamically available guest operating systems, audits and especially forensic audits become a nightmare (something went wrong a day ago - what/where can we look to determine the cause - especially if that guest operating system is no longer up).
    7. Threat modeling and Regulatory compliance is a key requirement for many enterprises and service providers.  There is no cookie-cutter model for threat modeling or compliance when dynamic resource (de) allocation is enabled.
    8. For an application or soft-appliance vendor, avoiding piracy and managing licenses is a significant challenge.  This impacts the customer who has to maintain the licensing information and protect the assets from being stolen and reused somewhere else.
    9. Security patches or software updates on hypervisor may introduce unknown threats to guest operating systems and applications.  There is no real model for testing this.
    10. Moving a virtual network with all of the guest operating systems & applications to another hypervisor may introduce unknown security risks. Known security risks include static polices may no longer be effective, guest OS may be moved to a different security domain, etc. There is a direct asset tracking & management risk - "Where is my Virtual Machine?"
    11. Traditional IT is managed by a few teams: Network Operations, Security, Application Development, Business Operations and so on.  With everything being on  a single hypervisor, ownership lines are blurred.
    12. Most viruses, trojans, etc are found on Windows Platform - because it is the most widely used.  Similarly, it is a matter of time that popular hypervisors and deployment models will be affected.
    Security can be rephrased as "Risk Management".  While the above threats are real, one has to carefully look at the deployment model and build a playbook (people, process, technology) for rules of deployment.  That is the only way we can benefit from this new technology.

      Sunday, January 24, 2010

      Cloud & Virtualization Security

      This blog is intended to share our experiences & expectations with Cloud & Vitrualization security.  But, before we go there, lets get some understanding what these mean and why it matters.

      Today, the top issue for a CIO is Data Center consolidation using Server Virtualization techniques.  This is mainly driven by the need to reduce CAPEX (better use of server hardware & depreciation costs) & OPEX (power and cooling $ savings).   But, moving applications to virtualized platforms introduces a change in deployment model and hence threat model.  Threats associated with this is widely categorized as "Virtualization Security".

      There is another phrase that is loosely talked about by IT - "Cloud enablement".  The way I would explain this is  accessing services such as Storage, application, etc using REST based protocols.  Many of them even consider "Platform or Infrastructure as a Service" as a part of Cloud.  Platform would include Virtualization and Infrastructure would be configuring hardware (network, memory, CPU) dynamically.  So, it will be necessary for us understand the differences amongst all of these.  Google Apps, are some Cloud based applications - we never ask them if they are running on platform A or infrastructure X.  In terms of Infrastructure as a Service Amazon EC2 or RightScale are some examples where they provide tools to upload software.  These services run on virtualized platforms.

      As I mentioned, Cloud Applications mostly use REST based protocols.  Added to this, they may be dynamically provisioned or de-provisioned.  These applications need be secured from traditional threats, denial of service attacks, application attacks, cross site scripting, session hijacking, etc.  Single Sign On is an absolute must.  If these Cloud applications are hosted on public service Infrastructures or Platforms (Amazon, RightScale, etc) then, the applications can be a multi-tenant platform and hence they need to secure themselves.  The platform also needs to provide that confidence to their cloud application customers that their platforms are secure.

      The above would be the starting points in enabling security for Virtualization and Cloud environments.