Educause Security Discussion mailing list archives

Re: Securing VM servers

From: "Jenkins, Matthew" <matthew.jenkins () FAIRMONTSTATE EDU>
Date: Thu, 29 May 2008 11:34:47 -0400

Michael, we have two separate clusters here for a private DMZ (we don't
have a true DMZ with real IPs, everything is natted here) and our
'production' servers (i.e. database servers, ad, internal applications,
file servers, etc.).  If a physical box interconnects two networks there
is always a risk.  Hence, if a vulnerability in VMWare were to allow
someone to administratively add a second NIC to a VM host in a network
that it should not have access to, the result could be that VM host
becomes a launch pad for an attack into the other network.  For that
reason we decided to separate our clusters.  They do not share network
resources or SAN space.  Perhaps we are over paranoid?

Matt

Matthew Jenkins
Network/Server Administrator
Fairmont State University
Visit us online at www.fairmontstate.edu

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Michael Jewett
Sent: Thursday, May 29, 2008 10:16 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Securing VM servers

Hi,

We're having a debate right now over securing our VMware clusters.  We 
currently have a couple of DMZs (Public/Private).  The DMZ policies 
state no multi-homed servers for obvious reasons, so we are not allowing

servers to be members of both.  Now we are aggressively looking into VM 
clusters.

1) Part of me is saying one VM cluster per DMZ to have a good separation

of our Public and Private servers.

2) And the part of me is saying one cluster with each host being 
multi-homed and using virtual switches in VMWare to sort out which guest

is a member of which DMZ.  This allows a bigger cluster for higher 
availability and we'd see greater savings.

Using the theory that we need N+1 for availability, that would mean 1) 
would require a minimum of 2 servers per DMZ or 4 servers and 2) would 
require only 3 servers... If all things remain equal.

I'm over simplifying the number of servers, but just giving it as an 
example.

What are other people doing about this?  One large Multi-homed cluster 
or multiple smaller single-homed cluster?  How secure is virtual 
switching in VMware?

Any thought or suggestions would be greatly appreciated.

Thanks in advance!

Michael

-- 
    Michael Jewett
    University of New Brunswick, Fredericton, NB
    mgj () unb ca       (506) 447-3022       (506) 453-3590 (FAX)

    ITS@UNB - Services, Solutions, Strategies
    ITS is a scent-reduced workplace - www.unbf.ca/its/policies

Current thread:

Securing VM servers Michael Jewett (May 29)
- <Possible follow-ups>
- Re: Securing VM servers HALL, NATHANIEL D. (May 29)
- Re: Securing VM servers Jenkins, Matthew (May 29)
- Re: Securing VM servers Jeff Wolfe (May 29)
- Re: Securing VM servers Mike Lococo (May 29)
- Re: Securing VM servers Paul Keser (May 29)
- Re: Securing VM servers Alex (May 29)
- Re: Securing VM servers John Ladwig (May 29)
- Re: Securing VM servers John Hoffoss (Jun 06)