Educause Security Discussion
mailing list archives
Re: Virtualization and Security ?
From: "Rappaport,Jason" <jbr32 () DREXEL EDU>
Date: Tue, 11 Nov 2008 07:37:06 -0500
Anand - all of our core infrastructure is virtualized (web servers,
database servers, license servers, etc). We went with VmWare and
attended several Vmware User Group meetings before we went full steam
with this project. VmWare does have a free version of its product
VmWare server that is nearly identical to VI3 (at least the current
version is); with the exception of performance.
In regards to security, we have locked down and restricted all access to
our virtualization server to on campus access only. The virtual
machines that sit on top of VI3 are all secured using traditional
methodologies (firewall, anti virus, anti spyware, etc.).
Each virtual machine does daily backups to a NAS device that is
In the event of a DR scenario, we have a backup virtualization server
(VmWare Server) that we can bring online and restore form the latest
backups. We actually had to do this once when we patched VI3 and it
corrupted the boot partition. I had the backup virtualization server
started within minutes and it took me 90 minutes to restore from the
latest backups on all VMs; the support contract is well worth it.
I am actually working on a project to phase our VmWare server and go
with Vmware ESXi, which is Vmware's free product that runs on bare
metal; Vmware Server runs on top of Linux or Windows.
I hope that helps.
jasonrap () drexel edu
Design & Imaging Studios
Antoinette Westphal College of Media Arts and Design
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand Malwade
Sent: Monday, November 10, 2008 5:12 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Virtualization and Security ?
We are looking into Data Center Consolidation and plan to virtualize
most of our servers. Now Virtualization can yield sigificant operational
advantages, but also introduces among others network, security
complexity and management challenges.
My question to the forum is
a) Is anyone fully virtualized ? If so was a Vendor hired to perform
this function and are there any lessons learnt that i should be aware
of with the deployment?
b) Has anyone run into significant Security and Risk Issues.
Information Security Officer,
Seton Hall University,
Tel: 973 275 2209
malwadan () shu edu