The virtual desktop and data center are here, but for this technology to continue taking over the enterprise, I/O and security issues need to be addressed.

Charles Babcock, Editor at Large, Cloud

May 13, 2008

2 Min Read

Citrix, owner of XenSource, doesn't have a VMsafe-type plan, but its hypervisor, Xen, contains security features that were derived from IBM's experience in virtualization. IBM Research produced sHype hypervisor security cloaking and donated it to the Xen open source project; sHype is slated to be built into Xen and Citrix's products.

An sHype-equipped hypervisor knows which virtual machines can be trusted to share data with other VMs and which can't. SHype monitors the VM components, recording "a unique fingerprint" of their correct configuration and then watching for any changes. As long as the configuration remains the same, it's a trusted resource.

If a running application suddenly takes on a new bit of functionality, because of an intruder or other cause, sHype detects the modification and changes its status to an untrusted component. The same principle applies to the guest operating system running a VM; operating systems are frequently an avenue of attack for intruders.

"We use trusted computing technology to measure the integrity of the running components," said Ron Perez, an IBM Research senior manager. The hypervisor is told which virtual machines may trust each other as they're fired up. It then watches to ensure that each of those VMs remains trustworthy.

In a management console, sHype shows virtual machines that can talk to each other in the same color. "A blue machine may talk to another blue machine, but a blue machine must never be allowed to talk to a red machine," Perez says. This approach leads to very strong isolation guarantees, he says.

VMsafe, sHype trusted computing concepts, and other measures are ensuring that virtualization continues to spread throughout the enterprise and, with proper management, will thrive there. As virtualized desktops link with virtual servers in the data center, it will be important that each element of the infrastructure is planned to work with the others and managed effectively.

If it's done any other way, then Forrester Research's "tipping point," instead of proclaiming virtualization's rapid adoption, could come to mean something else entirely: the point where the adoption rate grew beyond IT's ability to control it.

Continue to the sidebar:
Virtualization's Uneasy Alliance

About the Author(s)

Charles Babcock

Editor at Large, Cloud

Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive Week. He is a graduate of Syracuse University where he obtained a bachelor's degree in journalism. He joined the publication in 2003.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights