Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;



Similar documents
Vmware VSphere 6.0 Private Cloud Administration

vsphere Private Cloud RAZR s Edge Virtualization and Private Cloud Administration

Virtualization Technologies. Embrace the new world of healthcare

Learn the Essentials of Virtualization Security

M6422A Implementing and Managing Windows Server 2008 Hyper-V

VMWARE VSPHERE 5.0 WITH ESXI AND VCENTER

Windows Server R2 Hyper-V. Microsoft's Hypervisor. Insiders Guide to. Wiley Publishing, Inc. John Kelbley. Mike Sterling WILEY

Presentation for ISACA Chapter NL. Auditing Virtual Servers. VMware: Security and Operations. Gert-Jan Timmer 3. September, 2012

STREAM FRBC

6422: Implementing and Managing Windows Server 2008 Hyper-V (3 Days)

Cedric Rajendran VMware, Inc. Security Hardening vsphere 5.5

Reader s Choice Preferred product

Hardening and Hacking vsphere and Private Cloud Everything you need to know about vsphere Security

Citrix XenServer-6.2 Administration Training

MS-6422A - Implement and Manage Microsoft Windows Server Hyper-V

Architektur XenServer

Learn the essentials of virtualization security

Implementing and Managing Windows Server 2008 Hyper-V

VMware vsphere 5.1 Advanced Administration

VMware vsphere 5.0 Boot Camp

Managing Physical and Virtual Machines in Paragon Protect & Restore

In addition to their professional experience, students who attend this training should have technical knowledge in the following areas.

Table of Contents. vsphere 4 Suite 24. Chapter Format and Conventions 10. Why You Need Virtualization 15 Types. Why vsphere. Onward, Through the Fog!

Windows Server 2012 Hyper-V Training

Limitations of Managing VMware vsphere with MS System Center Virtual Machine Manager 2012

Index C, D. Background Intelligent Transfer Service (BITS), 174, 191

Microsoft Windows Server 2008: MS-6422 Implementing and Managing Hyper V Virtualization 6422

Data Center Manager (DCM)

Study Guide. Professional vsphere 4. VCP VMware Certified. (ExamVCP4IO) Robert Schmidt. IVIC GratAf Hill

Bosch Video Management System High availability with VMware

Enterprise. ESXi in the. VMware ESX and. Planning Deployment of. Virtualization Servers. Edward L. Haletky

VMware for Bosch VMS. en Software Manual

Acronis Backup Product Line

Unlimited Server 24/7/365 Support

JOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI

Protecting your Data in a New Generation Virtual and Physical Environment

Khóa học dành cho các kỹ sư hệ thống, quản trị hệ thống, kỹ sư vận hành cho các hệ thống ảo hóa ESXi, ESX và vcenter Server

VMware vsphere: [V5.5] Admin Training

How To Make A Virtual Machine Aware Of A Network On A Physical Server

Cloud Optimize Your IT

VMware vsphere-6.0 Administration Training

FAQ. NetApp MAT4Shift. March 2015

Course Title: Virtualization Security, 1st Edition

How to Configure an Initial Installation of the VMware ESXi Hypervisor

How To Make A Cloud Based System A Successful Business Model

VMware vsphere Design. 2nd Edition

Enterprise Storage Solution for Hyper-V Private Cloud and VDI Deployments using Sanbolic s Melio Cloud Software Suite April 2011

10215A Implementing and Managing Microsoft Server Virtualization

VMware VDR and Cloud Storage: A Winning Backup/DR Combination

Red Hat enterprise virtualization 3.0 feature comparison

VMware vsphere: Install, Configure, Manage [V5.0]

VMware System, Application and Data Availability With CA ARCserve High Availability

SQL Server High Availability: After Virtualization SQL PASS Virtualization Virtual Chapter September 11, 2013

CA ARCserve Replication and High Availability Deployment Options for Hyper-V

Vmware Training. Introduction

simplify monitoring Environment Prerequisites for Installation Simplify Monitoring 11.4 (v11.4) Document Date: January

ASM Educational Center (ASM) Est VMS-ICM v5.5 - VMware vsphere: Install, Configure, Manage Training Program

PassTest. Bessere Qualität, bessere Dienstleistungen!

Implementing and Managing Microsoft Server Virtualization

Virtualization and Cloud Computing

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES

Outline SSS Microsoft Windows Server 2008 Hyper-V Virtualization

Deployment Options for Microsoft Hyper-V Server

VMware Virtual Infrastucture From the Virtualized to the Automated Data Center

Course Syllabus. Implementing and Managing Windows Server 2008 Hyper-V. Key Data. Audience. At Course Completion. Prerequisites

Migrating to ESXi: How To

VMware for SMB environments(min st year)

Onboarding VMs to Cisco OpenStack Private Cloud

Leveraging Public Cloud for Affordable VMware Disaster Recovery & Business Continuity

VMware vsphere: Fast Track [V5.0]

Block Storage Management using Microsoft System Center 2012 Virtual Machine Manager and SMI-S

Citrix XenServer Backups with SEP sesam

VMware vsphere on NetApp. Course: 5 Day Hands-On Lab & Lecture Course. Duration: Price: $ 4, Description:

Goliath Performance Monitor Prerequisites v11.6

VMware vsphere 4.1 with ESXi and vcenter

VMware ESXi in a Cloud-based Lab David Davis, VCP, VCAP, and vexpert

Server Virtualization with Windows Server Hyper-V and System Center

Thinspace deskcloud. Quick Start Guide

Data Center Networking Managing a Virtualized Environment

Vocera Voice 4.3 and 4.4 Server Sizing Matrix

1. VMware is part technology and part sales and marketing genius. As a result of their marketing efforts many people in IT (especially the newer

Server-Virtualisierung mit Windows Server Hyper-V und System Center MOC 20409

The Do s and Don ts of Server Virtualization Back to basics tips for Australian IT professionals

Balancing CPU, Storage

NEC SigmaSystemCenter 3.0 highlights

Cisco Nexus 1000V Virtual Ethernet Module Software Installation Guide, Release 4.0(4)SV1(1)

XenDesktop 4 Product Review

Evaluation of Multi-Hypervisor Management with HotLink SuperVISOR

Implementing and Managing Microsoft Server Virtualization

Business Process Desktop: Acronis backup & Recovery 11.5 Deployment Guide

Virtualization System Security

Betreibt viele der größten Rechenzentren, ermöglicht kleine Unternehmen auf der ganzen Welt, und bietet Unternehmen

Whitepaper. NexentaConnect for VMware Virtual SAN. Full Featured File services for Virtual SAN

Comprehensive Monitoring of VMware vsphere ESX & ESXi Environments

Server Virtualization with Windows Server Hyper-V and System Center

VMsources Group Inc

Hypervisor Competitive Differences: Beyond the Data Sheet. Chris Wolf Senior Analyst, Burton Group

HP + Veeam: Fast VMware Recovery from SAN Snapshots

Transcription:

Security N Environments '' J J H -. i ^ s j}! Dave Shackleford '**»* t i j i««; l:i in: John Wiley &. Sons, Inc.

Contents Introduction.. : xix Chapter l Fundamentals of Virtualization Security Virtualization Architecture 1 Threats to a Virtualized Environment 4 Operational Threats 4 Malware-Based Threats 5 VM Escape 6 Vulnerabilities in Virtualization Platforms 9 How Security Must Adapt to Virtualization 9 Challenges for Securing Virtualized Environments 10 Challenges of Vulnerability Testing in a Virtualized Environment 10 Chapter 2 Securing Hypervisors.15 Hypervisor Configuration and Security 15 Configuring VMware ESXi 17 Patching VMware ESXi 17 Securing Communications in VMware ESXi V 27 Change and Remove Default Settings on VMware ESXi 33 Enable Operational Security on VMware ESXi 34 Secure and Monitor Critical Configuration Files in VMware ESXi 38 Secure Local Users and Groups on VMware ESXi 40 Lock Down Access to Hypervisor Console 47 Configuring Microsoft Hyper-V on Windows Server 2008 52 Patching Hyper-V 53 Securing Communications with Hyper-V 53 Changing Hyper-V Default Settings 56 Enabling Operational Security for Hyper-V 59 Securing and Monitoring Critical Configuration Files for Hyper-V 60 Secure Local Hyper-V Users and Groups 63 Lock Down Access to the Hyper-V Hypervisor Platform 68 Configuring Citrix XenServer 72 Patching XenServer 72 Secure Communications with XenServer 75 Change XenServer Default Settings 76 Enabling XenServer Operational Security 80 Secure and Monitor Critical XenServer Configuration Files 81 Secure Local Users and Groups 81 Lock Down Access to the XenServer Platform 88 l

XVI I CONTENTS Chapter 3 Designing Virtual Networks for Security 93 Comparing Virtual and Physical Networks 93 Virtual Network Design Elements 95 Physical vs. Virtual Networks, : 98 Virtual Network Security Considerations 99 Important Security Elements 99 Architecture Considerations.. 100 Configuring Virtual Switches for Security 102 Defining Separate vswitches and Port Groups 103 Configuring VLANs and Private VLANs for Network Segmentation 112 Limiting Virtual Network Ports in Use 117 Implementing Native Virtual Networking Security Policies 122 Securing iscsi Storage Network Connections 125 Integrating with Physical Networking 129 Chapter 4 Advanced Virtual Network Operations 131 Network Operational Challenges 131 Network Operations in VMware vsphere 133 Load Balancing in vsphere Virtual Environments 133 Traffic Shaping and Network Performance in VMware vsphere 135 Creating a Sound Network Monitoring Strategy in VMware vsphere 136 Network Operations in Microsoft Hyper-V 141 Load Balancing in Hyper-V Virtual Environments...: 141 Traffic Shaping and Network Performance in Hyper-V 142 Creating a Sound Network Monitoring Strategy in Hyper-V 144 Network Operations in Citrix XenServer _ 145 Load Balancing in XenServer Virtual Environments 145 Traffic Shaping and Network Performance in XenServer 148 Creating a Sound Network Monitoring Strategy in XenServer 148 Chapter 5 Virtualization Management and Client Security 151 General Security Recommendations for Management Platforms 151 Network Architecture for Virtualization Management Servers 152 VMware vcenter 155 vcenter Service Account 157 Secure Communications in vcenter ( 158 vcenter Logging 160 Users, Groups, and Roles in vcenter 163 Role Creation Scenarios 167 vsphere Client 168 Microsoft System Center Virtual Machine Manager 168 SCVMM Service Account 169 Secure Communications with SCVMM 170 SCVMM Logging 171 Users, Groups, and Roles in SCVMM 172» Client Security 175

CONTENTS XVII Citrix XenCenter 175 Secure Communication with XenCenter 175 Logging with XenCenter 176 Users, Groups, and Roles in XenCenter 176 Chapter 6 «Securing the Virtual Machine 177 Virtual Machine Threats and Vulnerabilities' 177 Virtual Machine Security Research 178 Stealing Guests 179 Cloud VM Reconnaissance 179 Virtual Disk Manipulation 180 Virtual Machine Encryption 180 Locking Down VMware VMs 185 VMware Tools 188 Copy/Paste Operations and HGFS 188 Virtual Machine Disk Security 189 VM Logging 189 Device Connectivity 190 Guest and Host Communications 191 Controlling API Access to VMs 192 Unexposed Features 193 Locking Down Microsoft VMs : 195 Locking Down XenServer VMs.! 197 Chapter 7 «Logging and Auditing 201 Why Logging and Auditing Is Critical 201 Virtualization Logs and Auditing Options 202 Syslog 203 Windows Event Log 204 VMware vsphere ESX Logging 205 VMware vsphere ESXi Logging 207 Microsoft Hyper-V and SCVMM Logging 211 Citrix XenServer and XenCenter Logging 218 Integrating with Existing Logging Platforms 221 Enabling Remote Logging on VMware vsphere 221 Enabling Remote Logging on Microsoft Hyper-V 223 Enabling Remote Logging for XenServer 225 Effective Log Management 226 Chapter 8 0 Change and Configuration Management 229 Change and Configuration Management Overview 229 Change Management for Security 230 The Change Ecosystem 231 How Virtualization Impacts Change and Configuration Management 234 Best Practices for Virtualization Configuration Management 235

XV111 CONTENTS Cloning and Templates for Improved Configuration Management 237 Creating and Managing VMware vsphere VM Templates and Snapshots 238 Creating and Managing Microsoft Hyper-V VM Templates and Snapshots... 242 Creating and Managing Citrix XenServer VM Templates and Snapshots 247 Integrating Virtualization into Change and Management 249 Additional Solutions and Tools 250 Chapter 9 Disaster Recovery and Business Continuity 253 Disaster Recovery and Business Continuity Today 253 Shared Storage and Replication 254 Virtualization Redundancy and Fault Tolerance for DR/BCP 256 Clustering 256 Resource Pools 262 High Availability and Fault Tolerance 270 Setting Up High Availability and Fault Tolerance in VMware vsphere 270 Setting Up High Availability and Fault Tolerance in Microsoft Hyper-V 274 Setting Up High Availability and Fault Tolerance in Citrix XenServer 277 Chapter 10 Scripting Tips and Tricks for Automation 281 Why Scripting Is Essential for Admins 281 VMware Scripting: Power CLI and vcli '...: 282 Scripting with PowerCLI 282 Configuring VMs with PowerCLI 283 Configuring VMs with vcli 285 Configuring VMware ESXi with PowerCLI 286 Configuring VMware ESXi with the vcli 289 Configuring VMware Virtual Networks with PowerCLI 290 Configuring VMware Virtual Networks with the vcli 293 Configuring VMware vcenter with PowerCLI 294 Microsoft Scripting for Hyper-V: PowerShell 297 Getting Information about VMs 29S Getting Information about the Virtual Network 299 Assessing Other Aspects of the Virtual Environment 299 Citrix Scripting: Shell Scripts 300 Chapter 11 Additional Security Considerations for Virtual Infrastructure, 303 VDI Overview 303 VDI Benefits and Drawbacks: Operations and Security 304 Security Advantages and Challenges 304 VDI Architecture Overview 307 Leveraging VDI for Security 310 Storage Virtualization 310 Application Virtualization 313 Index 317

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information