MCTS Self-Paced Training Kit (Exam 70-652): Securing Hosts and Virtual Machines
Microsoft, as the manufacturer of Microsoft Windows, provides you with tools and guidelines for securing your systems. One excellent example is the Windows Server 2008 Security Guide, as well as its sister publication, the Windows Vista Security Guide. Both offer a structured way for you to further protect your systems beyond the base protections enabled when you install Windows. In addition, Microsoft has published a specific security guide for Hyper-V, the Hyper-V Security Guide. This last guide offers advice on security for host servers and virtual machines along with a strategy for administrative role delegation.
But security has a life cycle of its own. On the technical side, it begins with the planning and then the installation of a computer system and lasts throughout the duration of its usefulness to you until its retirement. Security is not only a technical operation; it must also involve everyone in your organization. Even if you provide the most stringent technical levels of security on your systems, all of it can come crashing down if your users are not aware of their own responsibilities in the security life cycle.
Protecting traditional networks is nothing new. Protecting virtual infrastructures, however, presents challenges that you may never have faced before. First, you need to understand which types of challenges will arise in the resource pool—the grouping of your host servers. Second, you need to learn whether unknown or unforeseen challenges will arise in the infrastructure you create to run your virtual workloads. This division of the infrastructure into physical and virtual machines demands new approaches and a serious reflection on security practices.
However, traditional security approaches still apply, even if you have two different infrastructures to protect. To protect each of these infrastructures, you must put in place a layered protection system that will provide the ability to perform the following activities:
Identify people as they enter each infrastructure.
Identify appropriate clearance levels for people who work within each environment and provide them with appropriate access rights once identified.
Verify that the person modifying the data is the person who is authorized to modify the data (irrevocability or non-repudiation).
Guarantee the confidentiality of information once it’s stored within your infrastructures.
Guarantee the availability of information in your infrastructures.
Ensure the integrity of the data stored within your infrastructures.
Monitor the activities within each infrastructure.
Audit security events within the network and securely store historical auditing data.
Put in place the appropriate administrative activities to ensure that the network is secure at all times and at all levels.
Each of these activities has various scopes of interaction:
Local People interact with systems at the local level; these systems must be protected, whether or not they are attached to a network.
Intranet People interact with remote systems on the internal network. These systems must also be protected at all times, whether they are located on the local area network (LAN) or the wide area network (WAN).
Internet Systems that are deemed public must also be protected from attacks of all types. These are in a more vulnerable situation because they are exposed outside the boundaries of the internal network.
Extranet These systems are often deemed internal, but are exposed to partners, suppliers, and clients. The major difference between extranet and Internet systems is authentication—although there may be identification on an Internet system, authentication is always required to access an extranet environment.
The challenge is to identify how security must differ when running virtual infrastructures. Virtual service offerings (VSOs) will run all of the networked services your end users interact with. Therefore, the traditional security measures you undertake when building and designing these services still apply. The fact that users interact with virtual machines instead of physical machines does not change the need for tight security at all levels in this infrastructure.
What does change is how you secure resource pools. By their very nature, resource pools are not designed to interact with users. They are nothing more than host servers that run a virtualization engine. Because of this, they are dealt with by administrators and technicians only. An end user running Microsoft Office Outlook will never have any interaction with the resource pool itself. Instead, the end user will interact with a number of different virtual machines running Active Directory Domain Services, Microsoft Exchange, and perhaps a collaboration engine such as Microsoft Office SharePoint Server. Because all of these machines are virtual, users and host or physical servers have no direct interaction (see Figure 8-1).
Figure 8-1 The natural segregation of resource pools and virtual service offerings
This segregation of the two environments is what forms the key to the protection of your resource pool and the VMs it runs. This is the focus of this chapter.
Exam objective in this chapter:
Manage and optimize Hyper-V Server.
Before You Begin
To complete this chapter, you must have:
Experience with Windows Server 2003 and or Windows Server 2008 security implementations.
Access to a setup as described in the Introduction. In this case, you need to access host servers as well as virtual machines running domain controller services and SCVMM and an administrative workstation.