Hypervisor as virtualization's enforcer?
Some experts advocate putting more security features into the hypervisor layer, but others say that would be a disaster waiting to happen.
Computerworld - Citing performance and security benefits, virtualization vendors are shoving more add-on software into the hypervisor layer. VMware Inc., Citrix Systems Inc. and Microsoft Corp. all allow for third-party software execution at this layer of their virtualization technologies, says Neil MacDonald, an analyst at Gartner Inc.
[See related story, The scary side of virtualization.]
Is that a good thing? Yes -- and no -- say users and experts.
Early virtual machine management software resided on top of a host operating system. That went away with the development of the hypervisor -- a thin layer of software that runs directly on the hardware. A hypervisor has two advantages: It's not affected by vulnerabilities in an underlying operating system that hosts it, and it's small -- less than 100MB for VMware ESXi -- and therefore provides a very small target for attacks. "When you have that small of a footprint, the opportunities for exploits and errors go down dramatically, " says KC Condit, senior director of information security at Rent-a-Center Inc.
But that's changing. Companies like Trend Micro Inc. are beginning to offer software designed to be inserted at this layer. Doing so can improve security and give a performance boost. "The simplicity of deploying security in an agentless manner is very appealing and easier to manage," says Bill McGee, senior director of data center security product development at Trend Micro. But as more third-party software vendors insert code into the hypervisor layer, for security and other functions, the layer could get more crowded, with more updates required and a bigger attack surface.
Eric Baize, senior director for the RSA Security Practice at RSA, the security division of EMC Corp., says pushing security down to the virtualization layer is ultimately a good thing. "The more it's built in, the easier it is to deploy and manage," he contends. Eventually, he predicts, security will be rolled into the core virtual infrastructure and third-party add-ons will no longer be needed.
But others worry that the current trend may set the stage for a new set of risks.
Kris Lovejoy, vice president at IBM Security Solutions, IBM's security consultancy, doesn't think additional complexity in the hypervisor is necessarily a good idea. Most IT organizations already struggle with patch management, configuration management and change management at the operating system level. The problem could be "way worse" at the hypervisor layer, he says.
Venu Aravamudan, senior director of product marketing for VMware's server business unit, says third-party vendors that plan to include software in VMware's hypervisor layer through its VMsafe program must meet a "rigorous" certification process. So far, certified products include antivirus, intrusion-protection, anti-rootkit, firewall and network-monitoring tools. "The third-party solutions will add up over time, but customers can be assured that it will be a controlled program," he says.
But analysts remain wary about creating opportunities for vulnerabilities in the hypervisor layer. "My gut says that unless you're really diligent in managing all of that stuff, it's going to create a [security] hole. I'm bearish on the concept," says John Kindervag, an analyst at Forrester Research Inc.
Aravamudan points out that only a part of the code goes into the hypervisor. "In general, this footprint is not large," he says. The rest sits in a secure virtual machine and uses a "minimal" amount of kernel capability. "We clearly will ensure that the hypervisor doesn't double in size because you're adding all of those components," he says.
Nonetheless, MacDonald says he's still wary of advising Gartner's clients to add a lot of third-party code into the hypervisor layer. "The best advice is to keep it thin and hardened from a security perspective." he says. "Putting additional code into the hypervisor increases the attack surface."
Robert L. Mitchell writes technology-focused features for Computerworld. You can follow Rob on Twitter at twitter.com/rmitch or subscribe to his RSS feed. His e-mail address is firstname.lastname@example.org.
Read more about it
- The scary side of virtualization
- Hypervisor as virtualization's enforcer?
- Tighten up virtual server security, cautions Gartner
- The virtual blind spot
- Case study: Hungry for virtual server security
- Blog: Securing mixed environments - not everybody will be virtualized
- Opinion: Virtualization security assessment guides inadequate
- Virtualization's security threats
Read more about Virtualization in Computerworld's Virtualization Topic Center.
- Virtualization Security Is Not an Oxymoron While the business benefits of virtualization are clear, the virtualized world makes your organization vulnerable to an array of new cybersecurity threats.
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Enabling Ubiquitous Visibility in Virtualized Environments Enterprises are rapidly adopting virtualization for dynamic service delivery and service management agility. IT challenges already exist in virtual environments and will only...
- ESG - Economic Value Validation - Riverbed Performance Management: Cascade Top 10 Most Important IT Priorities
- Live Webcast Best Practices: How to Improve Business Continuity with Virtualization VMware solutions include a range of business continuity capabilities to help ensure availability for applications across your virtualized environment. Learn More>>
- Best Practices: How to Improve Business Continuity with Virtualization VMware solutions include a range of business continuity capabilities to help ensure availability for applications across your virtualized environment. Learn More>>
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Virtualization White Papers | Webcasts