Virtual Hosting & Virtual Machines



Similar documents
Comparing Virtualization Technologies

Anh Quach, Matthew Rajman, Bienvenido Rodriguez, Brian Rodriguez, Michael Roefs, Ahmed Shaikh

The Art of Virtualization with Free Software

Virtualization for Cloud Computing

Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi,

Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:

Virtualization in Linux

Virtualization and Other Tricks.

Virtualization. Types of Interfaces

Virtualization of Linux based computers: the Linux-VServer project

Chapter 14 Virtual Machines

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Virtualization. Dr. Yingwu Zhu

RPM Brotherhood: KVM VIRTUALIZATION TECHNOLOGY

Virtualization System Vulnerability Discovery Framework. Speaker: Qinghao Tang Title:360 Marvel Team Leader

Virtualization. Jukka K. Nurminen

IOS110. Virtualization 5/27/2014 1

managing the risks of virtualization

Enabling Technologies for Distributed Computing

How do Users and Processes interact with the Operating System? Services for Processes. OS Structure with Services. Services for the OS Itself

PERFORMANCE ANALYSIS OF KERNEL-BASED VIRTUAL MACHINE

Enabling Technologies for Distributed and Cloud Computing

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

Virtualization. Introduction to Virtualization Virtual Appliances Benefits to Virtualization Example Virtualization Products

Best Practices on monitoring Solaris Global/Local Zones using IBM Tivoli Monitoring

Distributed and Cloud Computing

Operating Systems Virtualization mechanisms

Virtual Machine Security

VMware Server 2.0 Essentials. Virtualization Deployment and Management

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

Virtual Machines.

Is Virtualization Killing SSI Research?

Virtualization. Pradipta De

Is Virtualization Killing SSI Research?

Week Overview. Installing Linux Linux on your Desktop Virtualization Basic Linux system administration

Outline. Outline. Why virtualization? Why not virtualize? Today s data center. Cloud computing. Virtual resource pool

OS Virtualization Frank Hofmann

Virtualization. Michael Tsai 2015/06/08

Uses for Virtual Machines. Virtual Machines. There are several uses for virtual machines:

Practical Applications of Virtualization. Mike Phillips IAP 2008 SIPB IAP Series

Virtualization and the U2 Databases

EXPLORING LINUX KERNEL: THE EASY WAY!

Installing & Using KVM with Virtual Machine Manager COSC 495

Enhancing Hypervisor and Cloud Solutions Using Embedded Linux Iisko Lappalainen MontaVista

Computer Virtualization in Practice

Virtual Private Systems for FreeBSD

Clouds, Virtualization and Security or Look Out Below

COM 444 Cloud Computing

Intro to Virtualization

System Structures. Services Interface Structure

Virtualization: Know your options on Ubuntu. Nick Barcet. Ubuntu Server Product Manager

Building Docker Cloud Services with Virtuozzo

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

Open Source Virtualization

Virtual Computing and VMWare. Module 4

DISTRIBUTED COMPUTER SYSTEMS CLOUD COMPUTING INTRODUCTION

Making Data Security The Foundation Of Your Virtualization Infrastructure

Cloud Computing #6 - Virtualization

CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers

9/26/2011. What is Virtualization? What are the different types of virtualization.

Analysis of Virtualization Tools and Techniques

Virtualization. Jia Rao Assistant Professor in CS

Cloud Server. Parallels. An Introduction to Operating System Virtualization and Parallels Cloud Server. White Paper.

Virtualization analysis

How To Virtualize A Computer System

Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module

Full and Para Virtualization

COS 318: Operating Systems

Chapter 16: Virtual Machines. Operating System Concepts 9 th Edition

KVM: A Hypervisor for All Seasons. Avi Kivity avi@qumranet.com

Data Centers and Cloud Computing. Data Centers. MGHPCC Data Center. Inside a Data Center

Regional SEE-GRID-SCI Training for Site Administrators Institute of Physics Belgrade March 5-6, 2009

PARALLELS CLOUD SERVER

Operating System Structures

<Insert Picture Here> Oracle Database Support for Server Virtualization Updated December 7, 2009

Best Practices: Modeling Virtual Environments in SPECTRUM

Distributed Systems. Virtualization. Paul Krzyzanowski

StACC: St Andrews Cloud Computing Co laboratory. A Performance Comparison of Clouds. Amazon EC2 and Ubuntu Enterprise Cloud

Flight Processor Virtualization

Models For Modeling and Measuring the Performance of a Xen Virtual Server

Before we can talk about virtualization security, we need to delineate the differences between the

Data Centers and Cloud Computing. Data Centers

2972 Linux Options and Best Practices for Scaleup Virtualization

What is virtualization

Virtualization Technology

Virtualization: Concepts, Applications, and Performance Modeling

A quantitative comparison between xen and kvm

Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module

General Introduction

Example of Standard API

COS 318: Operating Systems. Virtual Machine Monitors

Configuring and Managing a Private Cloud with Enterprise Manager 12c

Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk

Parallels Virtuozzo Containers

Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines

kvm: Kernel-based Virtual Machine for Linux

Transcription:

& Virtual Machines Coleman Kane Coleman.Kane@ge.com September 2, 2014 Cyber Defense Overview / Machines 1 / 17

Similar to the network partitioning schemes described previously, there exist a menu of options that enable a single piece of server hardware to be paritioned so as to provide varying levels of isolation to the applications and users served by this hardware. Cyber Defense Overview / Machines 2 / 17

Virtual hosting methods to be covered: : Apache virtual-hosting, Java VM OS Level: chroot, Jails, User-mode-Linux s: VirtualBox, VMWare, Xen Emulation: Bochs, VMWare & VirtualBox under special configuration Cyber Defense Overview / Machines 3 / 17

In, virtualization of the hosted applications are configured within the space of another application instance (typically a parent instance). Cyber Defense Overview / Machines 4 / 17

Generally the following ground rules are true: The administrator of the server hardware has full visibility and control inside the virtual environments The virtual applications may share, privileges, storage and RAM, unless specifically configured not to Virtual processes are still visible to each other on the server-side The shared nature of the infrastructure is generally opaque to the end-user, but counter-measures must be authored into the applications in order to ensure this remains true. Compromising one virtual server can put all other virtual servers at risk Cyber Defense Overview / Machines 5 / 17

Cyber Defense Overview / Machines 6 / 17

OS-Level With OS-Level virtualization, you set up independent deployments of whole application stacks which cannot share each others configurations, libraries, modules, etc. Configuration of the virtual environments hosting these deployments will either be configured at the supervisor OS level, or via specialized "no return" system calls which request that the OS isolate all future execution and child processes. In the case of User Mode Linux, a wholly-contained execution environment is created to run a different Linux kernel as a subprocess of a parent kernel, as a new application. Cyber Defense Overview / Machines 7 / 17

OS-Level Provides the following features beyond the virtual hosting Can be rooted at a sub-path in the filesystem, restricted from reads/writes outside of this zone Requires a dedicated instance of the service for each virtual host Lacks dedicated allocation, still competes for system resources, but executes with significantly limited visibility to other services Individual applications need not be specially configured, and will be relatively isolated from one another Networking and IPC may still be possible between isolation environments Cyber Defense Overview / Machines 8 / 17

OS-Level Extra cost is incurred by duplicating applications which were shared under application-level virtual hosting Cyber Defense Overview / Machines 9 / 17

A hypervisor further pushes isolation logic up to the hardware level. Requiring special hardware features, the hypervisor can natively execute code while maintaining lmost complete resource isolation between the instances. With a few small exceptions, the virtual hosts will execute as completely dedicated OS deployments, requiring complete OS + application installation within the virtual guest instances. Parent OS is called "host", while the children are called "guests". Cyber Defense Overview / Machines 10 / 17

Execute most code natively, but expose a false hardware representation to the "guest" OS Selectively allocate HW devices to guests Dedicate resources or limit resource with fine granularity Abstracted hardware enables suspend, move, restore, close, snapshot of running guest states Most common virtualization associated with "the cloud" Cyber Defense Overview / Machines 11 / 17

Cyber Defense Overview / Machines 12 / 17

s provide an environment which attempts to implement, in software, an entire architecture. The goal is to provide a method to execute the code in a manner which most closely replicates the underlying system in which the software would execute. Minimal assistance is provided by the host operating system, and typically no kernel-level or other supervisory hooks are required. The entire virtualized HW & SW stacks live entirely in user-space. Cyber Defense Overview / Machines 13 / 17

All code is executed at the application layer Absolutely zero access to the host operating system Host can execute guest code which is incompatible with host architecture (PPC on x86, etc.) 100% visibility into hardware-level operations Very slow execution Cyber Defense Overview / Machines 14 / 17

Cyber Defense Overview / Machines 15 / 17

VirtualBox & VMWare both offer hybrid implementations of s and s. This enables these platforms to adapt to presence/absence of hardwrae & software facilities which enable hypervisor-based virtualization. Cyber Defense Overview / Machines 16 / 17

Apache "VirtualHost" examples: http://httpd.apache.org/docs/2.2/vhosts/examples.html Best Practices for UNIX chroot() Operations: http://www.unixwiz.net/techtips/chroot-practices.html FreeBSD Handbook, Chapter 15. Jails: http://www.freebsd.org/doc/en_us.iso8859-1/books/handbook/jails.html User Mode Linux: http://usermodelinux.org/ VirtualBox Documentation: https://www.virtualbox.org/wiki/documentation Xen Project: http://www.xenproject.org/ QEMU Project: http://wiki.qemu.org/main_page (emu. for x86, PowerPC, SPARC 32/64, MIPS, ARM) Cyber Defense Overview / Machines 17 / 17