The magic pixie dust that makes a cloud a cloud is virtualization technology. The trick is to decouple the physical world of fixed hardware where one computer can behave as though it were many. Where your workspace is in the cloud and all you need is a Netbook (maybe an exaggeration).
One of the more curious aspects of virtualization is the “virtual machine”. It is most affiliated with data-center server virtualization. A virtual machine is nothing more than a file that represents its physical counterparts. No hardware to purchase. No shipping fees. No wires to plug-in. (For those readers that are experts on virtualization, please forgive the oversimplification.)
Hundreds of virtual machines are likely working in earnest inside your own organization. And yes, you are likely your very own cloud provider.
All those virtual machines are important to your business. They can run your email system, your expense reporting application or your customer portal.
So let’s briefly look at some of the ways that the virtual world of servers is vastly different than the physical one.
We are familiar with our laptops going to sleep. (and waking up with a hang-over). How about if 10, 20 or 30 virtual machine go to sleep and wake up at varying times. Will all occurrences of a virus be identified across running, suspended and shutdown virtual machines? Not likely a big deal issue. But its worth thinking about the implications of appropriately configuring the virus scan.
Relocating a physical server is back-breaking work. You pick it up, twist your neck and fall down. A virtual machine (after all it’s a file) can be made to zip across a network. Let’s think about that for a moment. What if it gets intercepted and lands in the wrong hands? A physical machine has to be carried into a facility. Is it easier for a virtual machine file that is not legit to find its way into your network? Not if you have policies in place to have a master or gold copies.
Another interesting property in the virtual world is time. A virtual machine has to keep time, if nothing else than to remind you of mum’s birthday. Time is important. It is used to time-stamp transactions. However timestamps written in log files can also be stomped upon by a perpetrator to mask their activities.
There are plenty of best practices to implement a safe and sound virtual infrastructure. Take a look at your policies and procedures to make certain they are available and executable. Some examples:
· Continue to protect the physical environment.
· Control who creates virtual machines
· Quality control must include real-time configuration management
· Consider encryption as an extra layer of protection for high-risk assets
· Get to know your virtualization technology and how it can be exposed
You can’t get into the virtual world without stepping through the physical world. However, things that happen in the virtual world are not a direct reflection of the physical world. Get savvy.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment