Virtualization's Promise And ProblemsVirtualization's Promise And Problems
The virtual desktop and data center are here, but for this technology to continue taking over the enterprise, I/O and security issues need to be addressed.
May 13, 2008
WHO TO TRUST
Citrix, owner of XenSource, doesn't have a VMsafe-type plan, but its hypervisor, Xen, contains security features that were derived from IBM's experience in virtualization. IBM Research produced sHype hypervisor security cloaking and donated it to the Xen open source project; sHype is slated to be built into Xen and Citrix's products.
An sHype-equipped hypervisor knows which virtual machines can be trusted to share data with other VMs and which can't. SHype monitors the VM components, recording "a unique fingerprint" of their correct configuration and then watching for any changes. As long as the configuration remains the same, it's a trusted resource.
If a running application suddenly takes on a new bit of functionality, because of an intruder or other cause, sHype detects the modification and changes its status to an untrusted component. The same principle applies to the guest operating system running a VM; operating systems are frequently an avenue of attack for intruders.
"We use trusted computing technology to measure the integrity of the running components," said Ron Perez, an IBM Research senior manager. The hypervisor is told which virtual machines may trust each other as they're fired up. It then watches to ensure that each of those VMs remains trustworthy.
In a management console, sHype shows virtual machines that can talk to each other in the same color. "A blue machine may talk to another blue machine, but a blue machine must never be allowed to talk to a red machine," Perez says. This approach leads to very strong isolation guarantees, he says.
VMsafe, sHype trusted computing concepts, and other measures are ensuring that virtualization continues to spread throughout the enterprise and, with proper management, will thrive there. As virtualized desktops link with virtual servers in the data center, it will be important that each element of the infrastructure is planned to work with the others and managed effectively.
If it's done any other way, then Forrester Research's "tipping point," instead of proclaiming virtualization's rapid adoption, could come to mean something else entirely: the point where the adoption rate grew beyond IT's ability to control it.
Continue to the sidebar:
Virtualization's Uneasy Alliance
About the Author(s)
You May Also Like