Security Considerations in Securing the Journey to the Cloud
With virtualization and cloud technologies, the data center environment has evolved from rigid, fixed environments where applications run on dedicated servers towards dynamic, automated, orchestrated environments where pools of computing resources are available to support any application to be accessed anywhere, anytime, from any device.
![]() |
| Figure 2: Evolution of data center architectures |
Security is the biggest hurdle to embrace this new dynamic, automated, services-oriented architecture. The process to configure network security appliances today is excruciatingly painful and slow. Policy changes need to be approved, the appropriate firewalls need to be identified, and the relevant ports and protocols determined. While the creation of a virtual workload may take minutes, the security configuration for this workload may take weeks.
Security also cannot keep up with the dynamic nature of virtualization and cloud. Virtual machines can be highly dynamic, with frequent add, move and change operations. This complicates the ability to track security policies to virtual machine creation and movement so that requirements and regulatory compliance continue to be met. Virtualized computing environments also enable direct communication between virtual machines within a server. Intra-host communications may not be visible to network-based security appliances residing outside a virtual server. The routing of intra-host virtual machine traffic to external security appliances for inspection may not be ideal because of performance and latency requirements.
At the same time, the existing trends that have impacted the security landscape in the virtualized data center changing application landscape, distributed enterprise, and modern threats do not go away. The changing application landscape means that the identification, control and safe enablement of applications can no longer be accomplished via ports and protocols. The distributed enterprise of mobile users and extended enterprise, and the evolution of threats towards sophisticated, multi-vector, targeted attacks require user-based policies and a complete threat framework. In summary, next-generation firewalling capabilities to safely enable applications, protect against all known and unknown threats without performance impact, and integrate flexibly into the data center continue to be critical, fundamental security requirements.
Therefore, security for the virtualized data center must exhibit the following characteristics :
1) Deliver all the features that are table stakes:
These include safe application enablement, threat protection without impacting the performance of the data center, and flexible integration into the data center design. These features must be available within a virtualized firewall to secure intra-host communications or East-West traffic.
2) Must become more dynamic:
- Security policies must be applied as soon as a virtual machine is created.
- Security policies must follow virtual machine movement.
- Security workflows must be automated and orchestrated so it doesn't slow down virtual workload provisioning.
3) Centralized, consistent management :
Centralized management is critical, and must be consistent for all environments physical, hybrid or mixed environments. The management configuration must provide one unified policy rule base for ease of configuration and complete visibility into the policies being enabled in the data center. In fact, Gartner advocates that organizations “favor security vendors that span physical and virtual environments with a consistent policy management and enforcement framework.
Why Cloud Computing?
Virtualization is often the first step in an organization’s strategy to move towards automated, on-demand services. Cloud, unlike common misconceptions, is not a location but rather a pool of resources that can be rapidly provisioned. The U.S. National Institute of Standards and Technology (NIST) defines cloud computing in Special Publication (SP) 800-145 as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (such as networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
The business value of cloud computing is the ability to pool resources together to achieve economies of scale. This is true for private or public clouds. Instead of multiple organizations or groups within an organization independently building a data center infrastructure, pools of resources are aggregated and consolidated, and designed to be elastic enough to scale with organizational demand. This not only brings cost and operational benefits but technology benefits. Data and applications are easily accessed by users no matter where they reside, projects can scale easily, and consumption can be tracked effectively.
Virtualization is a critical part of this architecture, enabling applications to be delivered efficiently, and in a more dynamic manner. However, another critical aspect of cloud computing is software orchestration that enables disparate processes to be stitched together in a seamless manner, so that they can be automated, easily replicated and offered on an as-needed basis. The IT organizational model also needs to evolve towards a “services-centric”, multi-tenant model, where consumption needs to be measured, and segmentation between multiple tenants needs to be provisioned.
Tag :
Cloud Computing
Why Server Virtualization ?
Most data center virtualization initiatives begin with the consolidation of data centers running applications on dedicated, purpose-built servers into an optimized number of data centers with applications on standardized virtualized servers. Server virtualization improves operational efficiencies and lowers capital expenditure for organizations:
- Optimizes existing hardware resources: Instead of a “one server, one application” model, multiple virtual applications can be run on a single physical server. This means that organizations can leverage their existing hardware infrastructure by running more applications within the same system.
- Reduces data center costs: Reducing the server hardware “box” count not only reduces the physical infrastructure real-estate but also reduces data center related costs such as power, cooling and rack space.
- Gain operational flexibility: Through the dynamic nature of virtual machine provisioning, applications can be delivered quicker rather than the process of purchase, “rack/stack”, cabling, O/S configuration. This helps improve the agility of the IT organization.
- Maximizes efficiency of data center resources: Because applications can experience asynchronous, or bursty demand loads, virtualization provides a more efficient way to address resource contention issues and maximize server utilization. It also provides a better way to deal with server maintenance and backup challenges. For example, IT staff can migrate virtual machines to other virtualized servers while performing hardware or software upgrades.
Tag :
Server Virtual
Evolution Towards Virtualization and Cloud Computing
Today’s IT organizations are increasingly tasked with doing more with less. In these challenging economic conditions,IT organizations are faced not only with shrinking budgets but are being asked to improve operational efficiencies and drive responsiveness for business processes. For many IT organizations, the adoption of technologies like virtualization and cloud computing provide many benefits from operational efficiencies to speed in application delivery.
Virtualization technology partitions a single physical server into virtual machines running multiple operating systems and applications. The hypervisor, a software layer that sits between the hardware and the “virtual” operating system and applications, is what allocates memory and processing resources to the “virtual” machines.
Two types of virtualization are available – hypervisor virtualization and hosted virtualization. In hypervisor architectures, also known as bare metal or native virtualization, the hypervisor is the first layer of software running on the underlying hardware without a host operating system. In hosted virtualization, the hypervisor runs on top of the host operating system. This configuration supports the broadest range of hardware operating system including Windows, Linux or MacOS.
![]() |
| Figure 1: Virtualization Architectures |
Figure 1 shows both architectures. Server virtualization typically utilizes hypervisor architectures while desktop virtualization uses hosted virtualization architectures. In this whitepaper, we will focus primarily on server virtualization and hypervisor architectures.
Introduction to Data Center Design
The use of data centers are an integral part of our lives. When ever we use a credit card, visit a website, pay at a tollbooth, or use a phone a data center is being utilized. Many programs that use databases access this information from a data center. Even with the staggering use of data centers many continue to disregard their importance or understand what is entailed in a data center.
Data centers are highly secure, fault-resistant facilities housing equipment that connect to telecommunications networks. The facilities accommodate servers, switches, routers, and modem racks. Data centers support corporate data bases, web sites, provide locations for CLECs, ISPs, ASPs, Web hosting companies, DSL providers and other IT services.
Why is it important for Computer Science majors to have an understanding of data center design? People going into the industry may find themselves in a position to influence decisions on how to implement their company’s new data center or influence changes being made to an existing data center. Also, knowing where and on what your software will be running on can give insight in the development process and can take away false assumptions.
Data center design is an extremely large topic covering many different areas of study. The primary elements of data center design include the RLU definitions, the site, the command center, cable management, network infrastructure, environmental controls, and power. The primary rule of a data center is “Form follows function.”
Powered by Blogger.



