How to Improve Security within Your VMware Environment
Guest Author: Ryan Birk, Technical Instructor
Cybersecurity is at the forefront of everyone’s mind right now. However, there can be a lot of confusion when it comes to those with virtual servers: How can businesses be sure their data will be safe? Should more precautions be taken because these are virtual machines? The answers may surprise you.
The benefits of having VMware, when it comes to security, is that it allows you to keep better tabs on your permissions. By using vCenter in VMware, you can manage all of your VMs and set permissions to only give certain people access. When you’re starting out with new software, you always make the adjustments that are preferable to you. When these changes are being made, it’s good to make the same ones to your security. Many people just ignore this step and think ‘I’ll come back to it later’ but it easily gets forgotten.
Many think because this is a virtual machine, there are certain extra measures that need to be taken to keep them secure. That's not the case. From a traditional VM standpoint, you can use more traditional methods of cybersecurity: use a firewall, make sure access is given to only the right people and lock down your physical data center. Many of these systems have these measures readily available. There isn't too much of a difference between VMware and a physical box. However, VMware does give you additional tools like Appsense and NSX to help keep additional tabs on your environment.
Patch it Up
The biggest thing you have to be sure of is that your hosts are patched. You should be most concerned about patching your ESXi host and vCenter in their environment at least once a business quarter. We’re talking four times in a year, not much by any means. We want to try and keep users on an isolated network in terms of storage. Good network design is key; the worst thing users can do to themselves that makes them vulnerable to attack is to have one big flat network with all VMs attached and linked to it. For instance, let's say you have 50 employee laptops that really don’t need to be attached to a storage network; this makes your network much more vulnerable. It’s best to keep the networks isolated and only give access to those systems and people who need it.
VMware Security Tools
Familiar ways to keep your network safe can certainly work for VMs, but there are also security measures specifically made for VMware that can also help keep it protected.
vSphere Replication is a tool that can help keep your files safe, although it wouldn’t truly be considered a security tool. What this does is allows you to replicate the VM you’re working on. That means every 15 minutes to 24 hours, it will replicate the VM and allow you to go back to the last saved version should anything happen to the VM. You’re not really talking security when it comes to the Replication tool, but more a sense of having previous versions and files backed up properly. If somebody on your network contracts a virus or some other threat like that, that's a security issue. By having backups and replicating your VMs to another environment then you can restore your stuff that much faster.
There is also vShield Endpoint and Appsense. These tools actually interact with your VMs at the hypervisor level to help keep you at optimal security.
Encrypted vMotion is the most recent security feature that VMware has created to migrate VMs. How it works is that anytime that you migrate a VM from one ESXi to another, you can use encrypted vMotion and it will make sure that the VM is encrypted during the migration process.
Many users worry about the disadvantages that could come with having a virtual server, but the worry over security isn't as big as you think. To make sure that your virtual system is secure, be sure to follow the same steps you would for a physical server; patch when necessary, and be sure to take advantage of additional security features that VMware offers. Whether your system is virtual or physical, making sure all your data is secure is priority number one.
View a Recent Webinar Delivered by Ryan Birk: Security Advantages of VMware
Ryan Birk is a technology educator and IT professional who has been working with various virtualization platforms since 2002 and has been a VMware Certified Professional since 2008. As a VMware Certified Instructor, he draws on real life experiences from working as a Virtualization Consultant with a wide variety of organizations. He takes great pride in running a vSphere home lab and colleagues often call him a “vNerd” which Ryan never denies.
Don't Forget to Subscribe to Our Blog
Join our community and subscribe to our blog to receive great content surrounding the IT industry delivered right to your inbox every week!