• No results found

Virtualization and Security

N/A
N/A
Info
Download
Protected

Academic year: 2022

Share "Virtualization and Security"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

Nitika Sharma

, IJRIT 270

IJRIT International Journal of Research in Information Technology, Volume 1, Issue 11, November, 2013, Pg. 270-276

International Journal of Research in Information Technology (IJRIT)

www.ijrit.com

ISSN 2001-5569

Virtualization and Security

Nitika Sharma1, Priyanka Mogha2, Satish Sharma3

1Student, Dept. of Information Technology, Dronacharya College of Engineering Gurgaon, Haryana, India

[email protected]

2Student, Dept. of Information Technology, Dronacharya College of Engineering Gurgaon, Haryana, India

[email protected]

3Student, Dept. of Information Technology, Dronacharya College of Engineering Gurgaon, Haryana, India

[email protected]

Abstract

It is a process of simulating a specific computer or environment on a different one. It transforms individual servers, storage and networking into a pool of computing resources. There are various types of Virtualization Para Virtualization, Full Virtualization, OS Virtualization, Hardware Virtualization, Desktop Virtualization, Software Virtualization, Memory Virtualization, Storage Virtualization, data Virtualization. It is of great use, it helps in saving the memory space, and a more independent machine. It also makes the data more secure. This means security is more accurate, easier to manage and less expensive to deploy than traditional physical security. Security in a virtualized data center can also be more fully automated.

Keywords: Virtualization, simulation, virtual machine, guest machine

1. Introduction

he host operating system provides a host to one or more virtual machines.It is a process In Virtualization, t

of simulating a specific computer or environment on a different one. The guest operating system is the operating system installed inside a virtual machine. A hypervisor, also called a virtual machine manager (VMM), is a program that allows multiple operating systems to share a single hardware host.

It is ooriginally used from the 60’s for breaking up large mainframes,it transforms individual servers, storage and networking into a pool of computing resources. Virtualization is a framework or methodology of dividing the

(2)

Nitika Sharma

, IJRIT 271

resources of a computer into multiple execution environments.Virtualization techniques create multiple isolated partitions —Virtual Machines or Virtual Environments on a single physical System, thus providing better IT resource utilization, greater application flexibility and hardware independence.Virtualization is simulating a hardware platform,operating system,storage device,or network resources.

Guest OS/machine : commonly used for the virtualized OS or machine.

Host machine : is the actual machine on which the virtualization takes place.

Diagram showing Virtualization

2. Division of Virtualization

Virtualization is typically divided into two parts:

VIRTUALIZATION

HARDWARE VIRTUALIZTION PLATFORM VIRTUALIZATION

 Hardware or Resource virtualization: Redundant Array of Independent Disk (RAID), Virtual Private Network (VPN ) and Clusters.



Platform virtualization Virtual machine – simulated computer environment.Independent : from / Portable across multiple hardware platforms.

(3)

Nitika Sharma

, IJRIT 272 3. Types of Virtualization

1. Para Virtualization

2. Full Virtualization

3. OS Virtualization

1. Hardware Virtualization

2. Desktop Virtualization

3. Software Virtualization

4. Memory Virtualization

5. Storage Virtualization

6. Data Virtualization

3.1 Para Virtualization

Under Para virtualization, the kernel of the guest operating system is modified specifically to run on the hypervisor.

This typically involves replacing any privileged operations that will only run in ring 0 of the CPU with calls to the hypervisor (known as hyper calls). The hypervisor in turn performs the task on behalf of the guest kernel.

VM : Virtual Machine.

Apps : applications.

CPU : Central Processing Unit.

3.2 Full Virtualization

Full virtualization uses a special kind of software called a hypervisor. The hypervisor interacts directly with the physical server's CPU and disk space. It serves as a platform for the virtual servers' operating systems.The

(4)

Nitika Sharma

, IJRIT 273

hypervisor keeps each virtual server completely independent and unaware of the other virtual servers running on the physical machine.

3.3 Operating System Virtualization

An OS-level virtualization approach doesn't use a hypervisor at all. Instead, the virtualization capability is part of the host OS,which performs all the functions of a fully virtualized hypervisor. The biggest limitation of this approach is that all the guest servers must run the same OS.In operating system-level virtualization, a physical server is

virtualized at the operating system level, enabling multiple isolated and secure virtualized servers to run on a single physical server. The "guest" OS environments share the same OS as the host system – i.e. the same OS kernel is used to implement the "guest" environments. Applications running in a given "guest" environment view it as a stand-alone system.

3.4 Hardware Virtualization is a way of improving the efficiency of hardware virtualization. It involves employing specially designed CPUs and hardware components that help improve the performance of a guest environment.Platform virtualization is performed on a given hardware platform by host software (a control

(5)

Nitika Sharma

, IJRIT 274

program), which creates a simulated computer environment, a virtual machine (VM), for its guest software. The guest software is not limited to user applications; many hosts allow the execution of complete operating systems.

The guest software executes as if it were running directly on the physical hardware, with several notable caveats.

Access to physical system resources (such as the network access, display, keyboard, and disk storage) is generally managed at a more restrictive level than the host processor and system-memory. Guests are often restricted from accessing specific peripheral devices, or may be limited to a subset of the device's native capabilities, depending on the hardware access policy implemented by the virtualization host.

3.5 Desktop Virtualization

Desktop virtualization is software technology that separates the desktop environment and associated application software from the physical client device that is used to access it.This approach supports a more complete desktop disaster recovery strategy as all components are essentially saved in the data center and backed up through traditional redundant maintenance systems. If a user's device or hardware is lost, the restore is much more straightforward and simple.

3.6 Software Virtualization

The host system needs to completely emulate guest's platform (i.e. ranging from hardware, CPU instructions, through its firmware and even the operating system /if there is one/). The advantage is that host and guest platforms are independent.

3.7 Storage Virtualization

Storage systems may use virtualization concepts as a tool to enable better functionality and more advanced features within and across storage systems.Storage systems can provide either block accessed storage, or file accessed storage. Block access is typically delivered over Fibre Channel, iSCSI, SAS, FICON or other protocols.File access is often provided using NFS or CIFS protocols.

3.8 Data Virtualization

This term used to describe any approach to data management that allows an application to retrieve and manipulate data without requiring technical details about the data, such as how it is formatted or where it is physically located.

4. Virtualisation market and facts Vmware solutions over view

4.1 Desktop Virtualization Products

VMware Workstation (hosted) : create & run desktop virtual machines.

VMware Player (hosted) : run virtual machines (free).

VMWare ACE : deploy and manage desktops from a single point of control.

VMware Fusion (hosted) : create & run virtual machines on Intel-based Mac 4.2 Server Virtualization Products

Individual servers, storage and network devices can be transformed in pool of computing resources VMware Server (hosted) : create & run virtual servers (free).

VMware ESX & ESXi (hypervisor) : create & run virtual servers.

(6)

Nitika Sharma

, IJRIT 275

4.3 Administration and tools

VMware Virtual Center & Virtual Infrastructure : to administrate and manage the virtual machines infrastructure.

VMware Converter: Convert a physical machine into a virtual image.

5 PROS AND CONS

1. Memory usage: first experiment show very good management of the memory usage. Many methods are iimplemented in virtualisation solutions in order to reduce the overhead, and improve the management

in order to run smoothly many virtual machines on one host machine.

2. Get much more independent from hardware, and software versions.

3. By reducing the need of machines, we could replace them more often. A machine is more powerful.

4. Overhead leads to reduction of performances.

5. Dependence to hardware could possibly be replaced by one to virtualisation software version.

6. Impact of Virtualizaton

6.1 Positive Impact of Virtualization On Security

Virtualization improves security by making it more fluid and context-aware. This means security is more accurate, easier to manage and less expensive to deploy than traditional physical security.Security in a virtualized data center can also be more fully automated. Virtualization security gives data center administrators the power to automatically provision secure machines, automatically have security policies follow desktops when they move, automatically set up firewall rulesets for classes of servers and automatically quarantine compromised or out of compliance assets.

We can enlist the positive impact of virtualization as follows:

1. Isolation : It means limiting security exposure.It reduces spread of risk.

2. Roll-Back : It quickly recovers from securty breaches.

4. Abstraction : It provides limited direct access to hardware.

5. Portability : It provides Back-ups and disaster recovery.It can switch to "Standby"VM's.

6. Deployment : It provide easy ability to divide workloads.It also enhances custom Guest OS securoty settings.

6.2 Negative Impact of Virtualization on Security:

Virtualization and cloud systems will introduce significant security and compliance gaps. Such gaps include unprotected networks, access control failures, loss of change controls, new threat surfaces, breakdowns in separation of duties and escalation of privilege. Virtualization security addresses these potential gaps while also reducing cost

(7)

Nitika Sharma

, IJRIT 276

and complexity.

Following are the negative impact of virtualization:

1. A common concern for adopters of virtual machine technology is the issue of placing several different workloads on a single physical computer.

2. the tendency for environments to deploy many different configurations of systems.

3. It’s often difficult enough for IT departments to know what they’re managing, let alone how to manage a complex and heterogeneous environment.

4. If an unauthorized user gains access to a host OS, he or she may be able to copy entire virtual machines to another system.

5. Malicious users can also cause significant disruptions in service by changing network addresses, shutting down critical VMs, and performing host-level reconfigurations.

6. If a VM has access to a production network, then it often will have the same permissions as a physical server.

7. Conclusions

Virtualization is used for enabling resource partitioning, resource pooling, and for executing multiple operating systems or conflicting applications on one physical machine - concepts which are clearly justifying the use of virtualization as they provide benefits like reduction of total cost of ownership, flexible service allocation scenarios, and ease of administration.It should have become clear that virtual machines are not primarily designed for security.

That is, virtualization does not equal security. There are security risks, scenarios and vectors that are unique to virtualization software and architectures which must be considered very carefully.virtualization is a very unique and powerful concept which of immense use in IT industry. It also helps in reducing cost, achieving high security and a more independent environment of working. Virtualization as any other software also contains positive as well as negative side. Few of its positive’s and negative’s are mentioned below.

8. Acknowledgements

Much thanks to our guide for his Constructive criticism, and assistance towards the successful completion of this research work

.

9. References

[1] A Comparison of Software and Hardware Techniques for x86 Virtualization, Keith Adams and Ole Agesen, VMWare,ASPLOS’06 21–25 October 2006, San Jose, California, USA[2] http://www- 03.ibm.com/systems/virtualization

[3] http://superuser.com/questions/117774/what-is-the-difference-between-hardware-and- software-virtualization [4] http://www2.catbird.com/vsecurity/best-practices

[5] www.wikipedia.com

References

Download now ( PDF - 7 Page - 682.97 KB )

Related documents

Developing Fiscal Analyses and Children's Budgets to Support ECCS

• Solano County, California’s children’s budget includes: (1) all spending on government programs designed to assist children (such as, school meals; child care; foster

Slow Tight Binding Inhibition of Proteinase K by a Proteinaceous Inhibitor

However, in Scheme Ib (slow tight binding inhibition), the inhibitor will inhibit the enzyme competitively at the onset of the reaction, and at increasing concentrations of

Server Virtualization Infrastructure Deployment Guide: Deploying NComputing L-series and vspace on Virtual Machines

In this architecture scenario, the NComputing vSpace desktop virtualization software is installed on an operating system that runs directly on a physical host (ranging from PC

The State of Desktop Virtualization in 2013: Brian Madden analyzes uses cases, preferred vendors and effective tools

Types of desktop virtualization in use Reasons for expanding desktop virtualization Picking desktop virtualization vendors Concerns about desktop virtualization. About

Wyse vworkspace. Simple, flexible, high-performance and cost-effective, end-to-end desktop virtualization solution only from Dell. Learn more.

Included in Dell’s solution portfolio is a complete desktop virtualization solution – from datacenter to client - based on Wyse vWorkspace software.. This interactive document

Endpoint Virtualization Explained:

With connected solutions for application virtualization, desktop virtualization, profile manage- ment, and integrated physical and virtual management, Symantec is extending

Desktop Virtualization

Though the concept of Hosted Virtual Desktops seemingly reconciles the needs of both IT (centralization, security, etc) and users (personalized user experience), it does require