How to secure the new data center

their presence in the hypervisor.

What to do? Help will come in two forms, says Hernick. First, it is likely that as virtualization becomes more mainstream, hardware vendors will design end-user systems from the ground up to provide administrator-controlled VM partitions and hypervisor layers, making it harder for malware to enter systems. A better fix uses the Trusted Platform Module (TPM) found in most new x86 based systems. Using the TPM, software authenticity can be tested and inter-VM traffic can more easily be encrypted. Using the TPM’s ability to sign software makes it easier to determine that a system image has been altered and that it should be assumed to be compromised. Since the TPM is designed to be a tamper-proof hardware approach to encryption and software signing, it should help substantially in validating that software of all stripes hasn’t been corrupted by malware or by other means.

The other substantive threat is a byproduct of how multiple virtual machines communicate with each other on the same system; that, along with the ability to move running VMs from machine to machine, makes most network-based security products much less effective. One of the first production uses for x86 virtualization has been server consolidation. The idea is that a single powerful server running a number of VMs can replace potentially dozens of older, lightly loaded individual servers. With so many VMs running on a system, the amount of communication between them can be significant. For intraserver communication between VMs, all virtualization products create a virtual switch, which is then shared by all VMs on the server. External network security tools from firewalls to intrusion detection and prevention systems to anomalous behavior detectors are all, by definition, blind to network traffic that never leaves the physical server.

Hernick says that one approach to securing multiple VMs on a single server is to ensure that all the VMs are running similar operating systems and that each has been properly patched. The idea is that if all systems running on a given server are similarly secure, their communications will be, too. Security products like host-based firewalls should be in place to provide what security they can. A better solution, though, is to use tools that are specifically intended to improve the security of virtualized environments. Virtual appliances are VMs with a minimized and hardened operating system which has been configured precisely to meet the needs of the appliance’s