CCSK Guide
4Apr/12Off

Full Virtualization

There has been a marked increase in the use of full virtualization produces and services, due to its ability to significantly increase operational efficiency. This article takes a look at full virtualization, its advantages and its security concerns.

What is full virtualization?

There are various forms of virtualization and they are distinguishable mainly by computing architecture layer. With full virtualization, one or more OSs and the applications they contain are run on top of virtual hardware. Each OS instance and its applications run in a separate VM known as a guest operating system.

Guest OSs are located on a host and managed by the hypervisor, which controls the flow of instructions between the guest Oss and the physical hardware (e.g. CPU, disk storage, memory, network interface cards, etc.). Hypervisors can partition system resources and isolate the guest OSs so that each only has access to its own resources, as well as potential access to shared resources, for instance, files located on the host OS. Each guest OS can be totally encapsulated, thus making it portable. Finally, some hypervisors are able to run on top of another OS, referred to as the host operating system.

According to VMware, “Full virtualization offers the best isolation and security for virtual machines, and simplifies migration and portability as the same guest OS instance can run virtualized or on native hardware.”

There are two types of full virtualization: bare metal virtualization (aka native virtualization) and hosted virtualization. With bare metal virtualization, the hypervisor runs directly on the underlying hardware, without a host OS. In fact, the hypervisor can be built into the computer’s firmware. With hosted virtualization, the hypervisor runs on top of the host OS. The host OS can be any common operating system (e.g. Windows, Linux, or MacOS).

Why use full virtualization?

The marked increase in the use of full virtualization products and services is triggered by the many advantages it offers. One of the most common reasons for implementing a full virtualization solution is for operational efficiency. It allows organizations to use existing hardware more efficiently by placing a greater load on each computer. This means that servers using full virtualization can use more of the computer’s processing and memory resources than servers running a single OS instance and a single set of services.

Another reason to use full virtualization is to facilitate desktop virtualization, in which a single PC runs more than one OS instance. There are a number of reasons to do so. This can offer support for applications that only run on a particular OS. It can also allow changes to be made to an OS and later on, revert to the original if necessary. Desktop virtualization has also proven to support better control of OSs, in order to ensure that they meet basic security requirements.

Desktop virtualization also enables the use of applications that run on older versions of an OS, when the user’s desktop is running a newer version. This allows for the continuity of applications as the OSs advance faster than the applications that run on them.

What’s the downside?

Despite the advantages offered by full virtualization, this option does come with a few negative security implications. These are briefly discussed below:

  • Adds layers of technology, which increase the security management burden as it requires additional security controls.
  • Combining a number of systems onto a single physical computer causes a larger impact, should a security compromise occur.
  • It’s relatively easy to share information between virtualization systems, which can facilitate attack vectors, if not carefully controlled or regulated.
  • The dynamic aspect of virtualized environments renders creating and maintaining the necessary security boundaries more complex.

Full Virtualization Security

Ultimately, the security of a full virtualization set up is dependent on the individual security of each of the components that comprise it (i.e. hypervisor, host computer, host OS, guest OSs, applications and storage). Organizations should ensure that all these elements are secure and their security should be founded on sound security practices. These practices would include:

  • Restricting access to administrative interfaces
  • Keeping software up-to-date with security patches
  • Using secure configuration baselines
  • Performing monitoring and analysis of logs at all layers of the solution
  • Using host-based firewalls, antivirus software or other appropriate mechanisms that would detect, prevent or halt attacks

Summary

This article takes a look at full virtualization solutions. With full virtualization, one or more OSs and the applications they contain are run on top of virtual hardware. Each OS instance and its applications run in a separate VM known as a guest operating system. The article briefly introduces two types of full virtualization: bare metal virtualization (native virtualization) and hosted virtualization. It also lists some advantages and security challenges involved with this type of virtualization.

CCSK Exam Preparation

In preparation for the Certificate of Cloud Security Knowledge (CCSK), a security professional should be comfortable with topics related to this post, including:

  • Virtual machine security features (Domain 13)
  • VM attack services (Domain 13)
  • Compartmentalization of VMs (Domain 13)

Enjoy this article?

Consider subscribing to our rss feed!

Tagged as: , Comments Off
Comments (0) Trackbacks (0)

Sorry, the comment form is closed at this time.

No trackbacks yet.

» «

Login

Sponsored Links

Tags

access control Amazon Amazon EC2 API audit authentication authorization best practices compliance contracts CSA data breach data breaches data security disaster recovery encryption EU google government IaaS IAM identity identity federation interoperability lock-in management Microsoft open source PaaS portability private cloud provider selection public cloud risk management risks SaaS security SOA standards threats trends vendors virtualization virtual machines vulnerabilities

Archives

Meta



Our mission: Provide reliable and accurate information to cloud security professionals seeking CCSK certification.



We expect individuals seeking the Certificate of Cloud Security Knowledge will find our information specifically targeted at their CCSK pursuit useful. Our test preparation software and forums give candidates a higher chance for success.

Thank you for visiting. Since you're new to the site:
  • Please review the user agreement.
  • Register for the site so you may use the testing services.



    • We hope you find this service useful, and good luck on the exam!