The growing importance of a secure Cloud environment

The growing importance of a secure Cloud environment Jan Tiri jtiri@vmware.com System Engineer, VMware BeLux 2009 VMware Inc. All rights reserved

Cloud components Enterprises Cloud Service Providers Private Cloud Operated solely for an organization, typically within the firewall Low total cost of ownership Greater control over security, compliance, QoS Easier integration Support existing applications Hybrid Cloud Composition of 2 or more interoperable clouds, enabling data and application portability VMware focus to deliver the best of both worlds Public Cloud Accessible over the Internet for general consumption Low acquisition costs Less administrative burden On-demand capacity Limited offerings

Gartner: VMware is the Clear Market Leader VMware stands alone as a leader in this Magic Quadrant VMware is clearly ahead in : Understanding the market Product strategy Business model Technology innovation, Product capabilities Sales execution VMware Strengths : Far-reaching virtualization strategy enabling cloud computing, new application architectures and broader management Technology leadership and innovation High customer satisfaction Large installed base (especially Global 2000), and rapid growth of service providers planning to use VMware (vcloud)

VMware Approach to Security Platform Security Secure hypervisor architecture Platform hardening features Secure Development Lifecycle Secure Operations Prescriptive guidance for deployment and configuration Enterprise controls for security and compliance Virtualization of Security Virtualizationaware security Unique Advantage of virtualization

VMware Approach to Security Platform Security Secure hypervisor architecture Platform hardening features Secure Development Lifecycle Secure Operations Prescriptive guidance for deployment and configuration Enterprise controls for security and compliance Virtualization of Security Virtualizationaware security Unique Advantage of virtualization

Architecture: Types of Server Virtualization Hosted (Type 2) Bare-Metal (Type 1) Virtualization Layer APP Windows, Linux, Mac VMware Workstation VMware Server VMware Player VMware Fusion Host OS changes security profile VMware ESX/ESXi

Isolation by Design CPU & Memory Virtual Network Virtual Storage VMs have limited access to CPU Memory isolation enforced by Hardware TLB Memory pages zeroed out before being used by a VM No code exists to link virtual switches Virtual switches immune to learning and bridging attacks Virtual Machines only see virtual SCSI devices, not actual storage Exclusive virtual machine access to virtual disks enforced by VMFS using SCSI file locks 7

ESXi Security Model Physical / Console Management Network Production Network CIM Client VM VM VM vsphere API vsphere Client vcli vsphere SDK VC hostd vpxa vmkernel CIM Broker Tech Support Mode DCUI BIOS VMM VMM Network Stack Storage Stack VMM Trust Boundary IP-based Storage Inter-ESX network Fibre Channel Storage Keyboard or ilo/equivalent Confidential - INTERNAL ONLY 8

VMware Secure Development Lifecycle Process Training Protect Customer Data & Infrastructure Security Response Architecture Risk Analysis Enable Policy Compliance Security Testing Product Security Policy Best Practice and Compliance Requirements 3 rd party experts continually involved at various points Code Analysis & Inspection VMworld 2009 Session TA2543: VMware s Secure Software Development Lifecycle

VMware Product Security Policy Baseline requirements for the entire software development life cycle Requirements being prioritized by customers Chief Security Officers; Drives products to comply to customer security expectations Derived from Customer policies, SOX, PCI, HIPPA, FIPS, ISO 17799, NIST security standards, OWASP, CWE, CERT vulnerabilities Timely revisions tracking industry advances and feedback from the field Architecture & Design Serviceability Product Development Testing & Assurance 67 Mandatory and 25 Recommended Requirements

Independently validated Common Criteria EAL 4+ Certification Highest internationally recognized level Achieved for ESX 3.0 and 3.5; in process for vsphere 4 DISA STIG for ESX Approval for use in DoD information systems NSA Central Security Service guidance for both datacenter and desktop scenarios 11

NSA Secure Workstation Solution http://www.gdc4s.com/tve Source: VMworld 2009, Session TA3353 12

VMware Approach to Security Platform Security Secure hypervisor architecture Platform hardening features Secure Development Lifecycle Secure Operations Prescriptive guidance for deployment and configuration Enterprise controls for security and compliance Virtualization of Security Virtualizationaware security Unique Advantage of virtualization

How Virtualization Affects Datacenter Security Abstraction and Consolidation Capital and Operational Cost Savings New infrastructure layer to be secured Greater impact of attack or misconfiguration Collapse of switches and servers into one device Flexibility Cost-savings Lack of virtual network visibility and control No separation-by-default of administration 14

How Virtualization Affects Datacenter Security Faster deployment of servers IT responsiveness Inconsistencies in configuration Poorly-defined procedures VM Mobility Improved Service Levels Identity divorced from physical location VM Encapsulation Ease of business continuity Consistency of deployment Hardware Independence Outdated offline systems Unauthorized Copy 15

How do we secure our Virtual Infrastructure? Use the Principles of Information Security Secure the Guests Harden the Virtualization layer Access Controls Administrative Controls

Securing Virtual Machines Provide Same Protection as for Physical Servers Host Anti-Virus Patch Management Network Intrusion Detection/Prevention (IDS/IPS) Edge Firewalls 17

vnic vnic vnic Isolation in the Architecture Segment out all non-production networks VMkernel Use VLAN tagging, or Production Mgmt Storage Use separate vswitch (see diagram) vswitch1 vmnic1 2 3 4 Prod Network Mgmt Network vswitch2 Strictly control access to management network, e.g. RDP to jump box, or VPN through firewall vcenter Other ESX/ESXi hosts IP-based Storage 18

vsphere Security Hardening Guide (13/4/2010) http://communities.vmware.com/docs/doc-12306 This document provides guidance on how to securely deploy vsphere 4.0 in a production environment. The focus is on initial configuration of the virtualization infrastructure layer, which covers the following: The virtualization hosts (both ESX and ESXi) Configuration of the virtual machine container Configuration of the virtual networking infrastructure, including the management and storage networks as well as the virtual switch vcenter Server, its database, and client components VMware Update Manager 19 Confidential

Separation of Duties with vsphere Broad scope Super Admin Networking Admin Server Admin Storage Admin Narrow scope Operator Operator VM Owner VM Owner

Administrative Controls for Security and Compliance Requirement VMware Solutions Partner Solutions Configuration management, monitoring, auditing Auditable and repeatable procedures Updating of offline VMs Virtual network security VMware vcenter Server VMware vsphere Host Profiles VMware vcenter ConfigControl VMware vsphere event logging VMware Ionix VMware vcenter Orchestrator VMware vcenter Lifecycle Manager VMware Update Manager VMware vshield Manager vnetwork Distributed Switch Configuresoft ECM for Virtualization NetIQ Secure Configuration Manager Tripwire Enterprise for Vmware Hyperix Shavlik NetChk Protect Cisco, Checkpoint, Reflex, Third Brigade Diverse and growing ecosystem of products to help provide secure VMware Infrastructure

VMware Approach to Security Platform Security Secure hypervisor architecture Platform hardening features Secure Development Lifecycle Secure Operations Prescriptive guidance for deployment and configuration Enterprise controls for security and compliance Virtualization of Security Virtualizationaware security Unique Advantage of virtualization

Management vshield Manager Security Solutions 2010 Plan Endpoint Seraph Thin A/V enablement McAfee, Trend Thin A/V Joint GTM with next release of View Cloud vshield Edge Port Firewall, NAT, DHCP Site-2-site VPN*, Load Balancer* Joint GTM with Service Director Mgr Application vshield Zones Distributed vnic firewall, monitor App Zones, Isolation Joint GTM with KL.next Endpoint, Cloud, App security realized via vshield security VMs Management unifies security VMs; provides REST APIs Management integrated with vcenter, Service Director Manager 23 Confidential

Endpoint protection: Seraph Issues AV storms can cause brownouts in shared compute (virtualization) and storage (SAN/NAS) environments SVM VM VM VM Traditional agents are resource intensive - not optimized for high utilization, efficient clouds Up to 6 GB on VMware View desktops Opportunities Leverage hypervisor to offload AV functions from agents into a dedicated security VM AV OS Hardened Introspection APP OS Kernel BIOS APP OS Kernel BIOS VMware vsphere APP OS Kernel BIOS Deploy security in a more agile, service-driven manner to both private and public cloud environments

Cloud protection: vshield Edge vcloud Service Director vshield Manager 2.0 DMZ APPS DB Edge net/sec services VPN with overlay enables extending local L2/IP to cloud Web Load Balancer enables scaling web server farms vcloud APIs extended to include VPN, WLB services vshield Edge Firewall, NAT, DHCP, VPN/overlay, Web LB vcenter VMware vsphere Network REMOTE SITE INTERNET SITE 2 SITE VPN

Application protection: vshield Zones vapps Isolated Zones vsphere CLUSTER DMZ APP DB VDI vshield Zones vsphere vshield Zones vsphere vshield Zones vsphere vshield Zones vsphere Capabilities Define VM zones based on familiar VI containers Monitor allowed and disallowed activity by application-based protocols One-click flow-tofirewall blocks precise network traffic Benefits Pervasive: well-defined security posture for inter-vm traffic anywhere and everywhere in virtual environment Persistent: monitoring and assured policies for entire VM lifecycle, including VMotion live migrations Simple: Zone-based rules reduces policy errors

VDC Key Building Block of the Infrastructure 1. Encapsulate secure, auto-wired VDC Edge Zones EndPoint vmsafe Sales 2. Standup VDC per Org, on demand 3. Migrate, burst, federate VDC to vcloud EndPoint vmsafe Zones Edge Finance EndPoint vmsafe Zones Edge Intranet EndPoint vmsafe Security & Network vservices Secure Edge Zones Corp Web Vmware vsphere

Where to Learn More Security Hardening Best Practices Implementation Guidelines http://vmware.com/go/security Compliance Partner Solutions Advice and Recommendation http://vmware.com/go/compliance Operations Peer-contributed Content http://viops.vmware.com

Thank You 2009 VMware Inc. All rights reserved