Final Case Study

THIS IS JUST THE SAMPLE

XXX, XXX

Virtualization Security

Dr. YYYY

Final Case Study: Hardware / Software Setup

Date

Table of Contents

Table of Contents 1

Abstract 2

Controlling Communication 3

Organizational and Segregation Concerns 4

Patch Management 5

Direct Attached Storage vs Storage Area Network (SAN) 6

Resources 7

Abstract

This final case study will cover how organizations turned to virtualization to increase their capacity of servers. Explanation of how virtualization solutions are used for migration of 300 plus physical servers and use of iSCSI storage. Areas of concentration that will be covered are communication, structural concerns, patch management, networks, and storage.

How will the organization ensure that communication between guests remains under control? Migration of large amount of servers, in this case over 300, is a intimidating task to move to a virtualization solution. As we move into the future and technology increasingly advances, organizations are turning to virtual solutions to the most for their money. By upgrading to virtual solutions things become more efficient, reliable, ability to be scaled, and cost effective. Configurations have the ability to better suit the needs of the organization ans they expand over time.

As migration from these servers to virtualization communication being lost or interrupted becomes an issue of concern. In order to successfully ensure that communication between guest remains in order and under control the organization must keep the current physical system up and operational, as the new system is setup and functioning properly. Once a virtual environment is established, properly functioning, and secure migration may start to take place by moving little by little physical servers to the new virtualization setup. They must be moved one by one, not all at once, to ensure it has properly migrated and functioning before further migrations take place. This transition is done by duplicating the files from the physical server are simply dropped into the virtual environment, or copy and paste style (UNSENIX Association, 2005).

Security must be a huge focus while migrating servers. Enhanced security measures will protect both the current servers / host server and the newly added virtualized environment and VMs. Outlined security measures such as, “defined access control policies, authentication between sender source server and the destination server, non-repudiation by source and destination server, data confidentiality while migrating a VM, data confidentiality before and after migration, and data integrity and availability” (Awasthi, Choudhary, Govil, Kapil, Philli, Singh, 2017).

What concerns, if any, should the organization have in the placement of the newly virtualized servers? That is, should the organization use some type of classification scheme to keep servers segregated from one another? When a newly created virtual environment is created, specific guidelines should be followed by administrators or internal auditors to ensure the benefits and risks are laid out. With the placement of the newly virtualized servers, the organization should have security concerns, system management, data integrity, disaster recovery plans, training, and duty segregation. System administrators should use a “classification scheme” and segregate servers from one another. This segregation should be based on the applications and type of permission administrators can access from physical servers to that of the virtual server. New virtual machines should start in a test phase or pre-production server, while properly functioning VM are running on the “production” environment (Lee & Sawyer, 2009).

The type of software, version, and vendor used, that is running on the physical servers and what's installed on the virtual servers should be verified. By verifying the software it provides the organization with whether that particular vendor still provides that software, continues to support the most up to date version, and if the most up to date patches have been installed (Lee & Sawyer, 2009).

Procedures for backup and disaster recovery plans for the new virtual servers should be implemented and in place prior to transitioning from physical to virtual. In the event a recovery is needed and no place or procedures have been specified it creates chaos and liability issues for possible lost data. Routine maintenance and training should be done on the virtual servers to assure proper function, ability to maintain, and proper usage of VM (Lee & Sawyer, 2009). The organization does not have a patch management system in place. Does the lack of such a system put the organization at a greater risk in the virtualization project? Please explain your answer. Patch management is a revolving vulnerability repair cycle that detects, assesses, priorities, acquires, tests, deploys, and maintains within an infrastructure (Microsoft, n.d.). To keep and maintain an efficient virtual host environment patching VM's are necessary. Without having patch management current security concerns with the physical servers will also become security concerns for the virtualized servers. The lack of patch management the organization has creates security threats to their current server set up and only makes the virtualization project less secure when they do the migration.

Smaller organizations tend to not have the personnel and / or resources needed to maintain patch management to monitor any gaps within their security measures. Therefor they leave themselves vulnerable to threats and attacks. An organization such as this, again assuming it's a larger organization having 300 servers, not having a patch management system with this many servers is a huge security risk for them. Not having patches in place, the efforts to fix and patch vulnerabilities as threats occur creates on on going cycle of trying to play catch up with continuous threats. Patch management system will also require testing at they are put into place. It is possible the implemented patch could affect current software and it's ability to operate correctly.

Briefly explain if you believe that the organization’s shift from direct attached storage to a storage area network has improved the organization’s ability to keep systems available.

Direct attached storage (DAS), is pretty much what it sounds like, a direct linked storage to a server or machine. Storage area network (SAN), differs by allowing shared data among accessible servers. According to John Paulsen there are at least seven key factors to think about when choosing storage; capacity, scalability, reliability, backup and recovery, performance, budget, and IT staff and resources. DAS is pretty basic as it's connected to the host computer, and is designed for smaller organizations with local data sharing and a complex system needing limited support and maintenance. Being directly linked to a machine this offers sufficient speed to DAS usage (Paulsen, 2017).

SAN is available over the network but has flexibility, data sharing across the network, and high speed performance. Storage area network is built for things such as data centers and large organizations. Smaller organizations or those working within a low budget would not find this suitable for it's organization. SAN is equivalent to DAS with file sharing speed with the flexibility and reliability much like NAS, Network Attached Storage (Paulsen, 2017).

Pertaining to this particular organizations switch from DAS to SAN, I believe it is a good switch to keep their system available. This organization is migrating roughly 300 computers, my guess is that it's a fairly large organization. Large organization needs the speed, file sharing, flexibility, and reliability to maintain the usage of 300 servers condensing into a virtual environment. In fact, SAN is typically used not only for data centers and larger organizations, it is also utilized for virtual computing environments. Something geared towards virtualization is needed for this organization as they convert to the virtual environment.

RESOURCES

Awasthi, Choudhary, Govil, Kapil, Philli, Singh (2017). A Critical Survey of Live Virtual Machine Migration Techniques. Retrieved on 22 January 2018, from https://link.springer.com/article/10.1186/s13677-017-0092-1

EC-Council (2011). Virtualization Security. Retrieved on 22 January 2018, from https://online.vitalsource.com/#/books/9781305332430/cfi/6/2!/4/[email protected]:94.1.

Lee, L. and Sawyer, R. (2009). The New Age of Virtualization. Retrieved on 22 January 2018, from https://www.apus.edu/apus-library/index.html.

Microsoft. (n.d.). How To: Implement Patch Management. Retrieved 22 January 2018, from https://msdn.microsoft.com/en-us/library/ff647981.aspx.

Paulsen, J. (2017). NAS vs. SAN vs. DAS: Which Is Right For You? Retrieved on 22 January 2018, from https://blog.seagate.com/business/nas-vs-san-vs-das-which-is-right-for-you/.

USENIX Association (2005). Live Migration of Virtual Machines. Retrieved on 22 January 2018, from https://www.usenix.org/legacy/event/nsdi05/tech/full_papers/clark/clark.pdf.