Issue link: http://cp.revolio.com/i/257227
20 | THE DATA CENTER JOURNAL www.datacenterjournal.com seCuRity e benefits of virtualization are tempting, but in any transition from one environment to another, security concerns arise—particularly for com- panies and users that are less familiar with the new environment than the old. In the first half of 2013, BeyondTrust conducted a survey of over 400 server, IT and virtualization administrators and IT architects (Survey Results: Virtual Insecu- rity). e majority (48%) of respondents used VMware, with Microso (21%) and Citrix (19%) rounding out the top three vendors. Of those respondents, however, only 41% answered "no" to the question, "As part of your virtual systems admin- istration, do you use any security tools regularly?" Among those who said "yes," these tools included antivirus soware, security scanners, configuration tools and identity-management applications. is situation indicates a lack of active effort to maintain security in many cases. Complication of the computing model because of a new soware layer (the hypervisor) creates more avenues of exploitation, but security vendors are re- sponding with tools designed particularly for addressing the concerns associated with virtual machines. Kaspersky Lab notes in a press release that "it's quite common for dozens of virtual machines to run simultaneously on the same physi- cal server, and installing protection solu- tions on each of them individually can generate excessive strain on that server. is problem is especially acute when routine operations are involved, such as updating signature databases." As a result, security tools specific to each process can become burdensome, both on physical resources and in the updating process (say, when installing new virus definitions in antivirus tools). A tool like Kaspersky's Security for Virtualization 2.0 aims to address these concerns by focusing on the peculiarities of virtualized architectures. is so-called agentless approach to security involves protecting "all the virtual machines on the host without having to deploy an agent to each virtual machine," according to Trend Micro at Antivirus.com. Agentless security can improve performance by limiting the required resources necessary to conducting security tasks. opeRating systeM viRtual MaChines Although dual booting of operat- ing systems on a single machine has been a popular approach for many years—a user might, for instance, run both Linux and Windows from the same physical system—the hassle of switching back and forth detracts from its appeal. Virtual machines enable users to run an operat- ing system from within another operating system, such as running Windows from a Linux environment using VMware Player. us, a Linux fan who nonetheless wants to use certain Windows-only applica- tions need not dual boot the machine; the Linux OS can run Windows in a separate window of its own as a virtual machine. Of course, the difficulty is that the extra soware layer means more resource utilization for a process that otherwise runs directly on the physical machine. But virtual machines for operating systems enable more possibilities, including an avenue for alternatives to proprietary OSs like Windows. e recent emergence of Android for the PC could benefit from virtual machine technology, particularly since it already faces an uphill battle in this market. ClouDy viRtual MaChines Cloud service providers, such as Amazon Web Services, have taken extensive advantage of virtual machines to drive their businesses. ese provid- ers pool resources and offer customers the ability to provision virtual machines by selecting an operating system, a CPU configuration and so on; they can also run multiple virtual machines, depending on their project needs. anks to virtualiza- tion, service providers need not dedicate integral numbers of servers to each customer; instead, they can essentially sell unused capacity, however it is distributed physically, to ensure that they squeeze maximum value from their data centers. e trend among cloud providers, particularly smaller ones as Network World notes ("DIY Cloud: Choosing your own virtual machine image sizes"), is toward offering customers more-con- figurable virtual machines, "specified by however much RAM, CPU and memory they want. In an increasingly busy market, vendors…are looking to differentiate themselves from the mega-players," like Amazon and Google, for instance. e difficulty for customers, however, is navigating the pricing picture. For large projects, determining which vendor's offering is the most cost effective can be challenging, especially when the different options vary significantly in their virtual machine configurations. Moving BeyonD os viRtualization: ContaineRs David Strauss, CTO and cofounder of Pantheon, says at Linux Journal ("Con- tainers—Not Virtual Machines—Are the Future Cloud") that "until recently it has been assumed that OS virtualization is the only path to provide appropriate isolation for applications running on a server. ese assumptions are quickly becoming dated." Strauss is referring to the use of a separate full OS image for each virtual machine, which can waste resources. "e OS oen consumes more memory and more disk than the actual application it hosts," he said, also citing boot time as