Hypervisor as virtualization's enforcer?

Some experts advocate putting more security features into the hypervisor layer, but others say that would be a disaster waiting to happen.

Citing performance and security benefits, virtualization vendors are shoving more add-on software into the hypervisor layer. VMware Inc., Citrix Systems Inc. and Microsoft Corp. all allow for third-party software execution at this layer of their virtualization technologies, says Neil MacDonald, an analyst at Gartner Inc.

virtualization security

[See related story, The scary side of virtualization.]

Is that a good thing? Yes -- and no -- say users and experts.

Early virtual machine management software resided on top of a host operating system. That went away with the development of the hypervisor -- a thin layer of software that runs directly on the hardware. A hypervisor has two advantages: It's not affected by vulnerabilities in an underlying operating system that hosts it, and it's small -- less than 100MB for VMware ESXi -- and therefore provides a very small target for attacks. "When you have that small of a footprint, the opportunities for exploits and errors go down dramatically, " says KC Condit, senior director of information security at Rent-a-Center Inc.

But that's changing. Companies like Trend Micro Inc. are beginning to offer software designed to be inserted at this layer. Doing so can improve security and give a performance boost. "The simplicity of deploying security in an agentless manner is very appealing and easier to manage," says Bill McGee, senior director of data center security product development at Trend Micro. But as more third-party software vendors insert code into the hypervisor layer, for security and other functions, the layer could get more crowded, with more updates required and a bigger attack surface.

Eric Baize, senior director for the RSA Security Practice at RSA, the security division of EMC Corp., says pushing security down to the virtualization layer is ultimately a good thing. "The more it's built in, the easier it is to deploy and manage," he contends. Eventually, he predicts, security will be rolled into the core virtual infrastructure and third-party add-ons will no longer be needed.

But others worry that the current trend may set the stage for a new set of risks.

Kris Lovejoy, vice president at IBM Security Solutions, IBM's security consultancy, doesn't think additional complexity in the hypervisor is necessarily a good idea. Most IT organizations already struggle with patch management, configuration management and change management at the operating system level. The problem could be "way worse" at the hypervisor layer, he says.

KC Condit
KC Condit, senior director of information security at Rent-a-Center, likes a hypervisor with a small footprint.

Venu Aravamudan, senior director of product marketing for VMware's server business unit, says third-party vendors that plan to include software in VMware's hypervisor layer through its VMsafe program must meet a "rigorous" certification process. So far, certified products include antivirus, intrusion-protection, anti-rootkit, firewall and network-monitoring tools. "The third-party solutions will add up over time, but customers can be assured that it will be a controlled program," he says.

But analysts remain wary about creating opportunities for vulnerabilities in the hypervisor layer. "My gut says that unless you're really diligent in managing all of that stuff, it's going to create a [security] hole. I'm bearish on the concept," says John Kindervag, an analyst at Forrester Research Inc.

Aravamudan points out that only a part of the code goes into the hypervisor. "In general, this footprint is not large," he says. The rest sits in a secure virtual machine and uses a "minimal" amount of kernel capability. "We clearly will ensure that the hypervisor doesn't double in size because you're adding all of those components," he says.

Nonetheless, MacDonald says he's still wary of advising Gartner's clients to add a lot of third-party code into the hypervisor layer. "The best advice is to keep it thin and hardened from a security perspective." he says. "Putting additional code into the hypervisor increases the attack surface."

Robert L. Mitchell writes technology-focused features for Computerworld. You can follow Rob on Twitter at twitter.com/rmitch or subscribe to his RSS feed. His e-mail address is rmitchell@computerworld.com.

Copyright © 2010 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon