Avoiding some big hypervisor mistakes when deploying a private cloud

By: Bill Kleyman| - Leave a comment

Although we’ve come a far way with cloud and hypervisor design, there are still some concerns and issues to overcome. Here’s the reality – There are so many moving parts that create a private cloud environment that sometimes, not all of the pieces fit together entirely well. One of the most critical pieces of your entire private cloud ecosystems is your hypervisor. Basically, for your organization – this is your gateway to shared resources, underlying hardware components and the external user. Through the hypervisor, you can support your private data center functionality while extending into outside cloud resources when needed.

Still, as virtualization and hypervisor deploying continue to integrate within even more data centers – security is still a big concern. In fact, it’s a growing issue. Juniper Research recently pointed out that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015. As cloud computing becomes more popular, it will become the target of more malicious attacks. No single environment is safe and every infrastructure must be controlled with set policies in place.

In working with a variety of industries there are always better ways to secure and lock down your infrastructure. Today, we take a look at a few ways you can avoid hypervisor security mistakes and better control your private cloud environment.

  • How well is your corporate network managed and monitored? At the hypervisor layer – you have the direct capability to create powerful multi-tenant environments with intelligent policies built in. However, many advanced environments still see misconfigurations around network security, policy management, and even VLAN traffic. Your hypervisor capabilities are a lot more powerful than you think. By integrating security directly into the hypervisor, you create proactive monitoring capabilities and advanced network management. This means integrating with technologies like Splunk, SIEM, and so on. Not only does this help you better control users and workloads – it also helps you lock down various network segments.
  • Is business data locked down, segmented, isolated? One of the biggest benefits of working with the modern hypervisor is the capability to intelligently segment networks and corporate users. As mentioned earlier, security integration allows administrators to logically segment traffic, users, and entire application farm sitting on top as a VM. Furthermore, visibility into data flowing through a network segment allows you to catch problems before they become major issues.
  • Do you have open ports or poor firewall policies? What if you decommission an application – or an entire VM? Do you have policies and alerts in place to let you know associated security ports? Remember, some of your business applications sitting on VMs have access to external and internal resources. New security solutions directly integrate into the hypervisor to create firewall and private cloud rule sets. From there, you can control which VMs are associated with which security policies. Remember, application and VM interdependencies must be considered when creating good corporate security strategies.
  • How well are you controlling user access to corporate resources? Your virtualization infrastructure must allow for powerful multi-tenancy and user controls. How well are your user policies set up? Do you have proper level-access controls? New security tools integrate directly into your hypervisor to support of multi-tenancy in workgroup/mixed environments while allowing for granular user and role controls. Furthermore, users are accessing a variety of resources hosted on a variety of VMs. It’s critical for managers to create good isolation policies when allowing access to critical data points and workloads. For cloud computing – this can be done via policies directly at the data center and even virtualization layer.

It’s time to holistically rethink your corporate security strategies by making the entire security process a priority. Environment testing, security assessments, as well as good virtualization policies all go a long way in creating a proactively secure architecture. Multi-tenant segmentation of data and users can help lock down sensitive points of data. Furthermore, good monitoring policies allow you to see network traffic flow and assign alerts around anomalous traffic. Overall visibility and the management of your hypervisor security policies can go a long way in reducing security mistakes and creating a healthier corporate cloud ecosystem.

Topics: , ,


About The Author

Bill Kleyman

CTO at MTM Technologies

Bill is an enthusiastic technologist with experience in datacenter design, management, and deployment. His architecture work includes large virtualization and cloud deployments as well as business network design and implementation. Bill enjoys writing, blogging, and educating colleagues around everything that is technology. During the day, Bill is the CTO at MTM Technologies, where he interacts with enterprise organizations and helps align IT strategies with direct business goals. Bill’s whitepapers, articles, video blogs and podcasts have been published and referenced on InformationWeek, NetworkComputing, TechTarget, DarkReading, Data Center Knowledge, CBS Interactive, Slashdot, and many others. Most recently, Bill was ranked #16 in the Onalytica study which reviewed the top 100 most influential individuals in the cloud landscape, globally.

Articles by Bill Kleyman
See All Posts