Most companies by now have virtualized a large percentage of its datacenter infrastructure.One mistake that may be made is to rely on existing physical security devices only to protect your virtual infrastructure . A physical servers traffic normally traverses our physical network devices but inter vm traffic may never leave your hypervisor hence an intruder who gains access to one improperly secured Virtual Machine may be able to compromise additional virtual machines without being detected by a physical Intrusion prevention system or firewall,since inter vm traffic flows exists within virtual switches.In order to properly protect virtual machines hypervisor level firewalls are required,these Vfirewalls are virtual comstructs managed like a physical device and providing visibility into virtual network traffic flows.
Tag Archives: vswitch
The Cloud means many things to many different persons,but personally I view a Cloud as a distinct pool of computing resources that can be manage centrally, provides the ability to scale resources via pre configured policies and lastly provides the ability to automate manual requests such as Virtual Machine creation and deployment.
Though not recommended by many IT professionals, I am planning on making our IT department an internal service provider. In this vain it is my vision to build out a Private Cloud that can provide self service to authorized internal clients such as our developers and application administrators.Currently we utilize a Vmware Vsphere platform, but in another few months this platform will possess all the attributes of a true cloud.To provide the functions necessary I have decided that we will look at the Open Source Eucalyptus platform.
Eucalyptus is Open Source so it reduces our initial capital expenditure ,it is compatible with Vmware and it has the ability to support Amazon based workloads thus providing a Hybrid platform mangement tool.
At Stage one, we will roll out a Private Cloud that will allow authorized internal clients to perform various tasks related to a an assigned blocked of computing resources.
At Stage two we will seek to allow the migration of workloads between Amazon and our Vmware based private cloud,this should provide Disaster recovery and scalability benefits to our group.