There were several sessions on security at VMWorld this past year and the people leading those sessions would definitely say there are security issues that come about from using virtualization. In some ways the security picture gets better, in some ways worse. There are some new security appliances coming out that can run as a VM and watch over the other VMs. VMWare has created some special hooks into the hypervisor to allow this. Keep an eye on the issue. At the very least there are additional privileges that must be tracked - it is never a good idea to have only one person who has the "keys to the kingdom" -Brian
________________________________ From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, December 30, 2008 5:33 AM To: NT System Admin Issues Subject: RE: Virtualization Questions - More Q's Most people have said "no" to question #2. I would say that there is a definite impact. Your virtualisation team are pretty much now an additional "god" in the organisation. For smaller shops this isn't an issue. For bigger shops, or where compliance/auditing/change control are important, then this is another layer of people who have significant privileges, who must be worked into your change control process. Cheers Ken From: Andy Shook [mailto:andy.sh...@peak10.com] Sent: Tuesday, 30 December 2008 2:57 AM To: NT System Admin Issues Subject: RE: Virtualization Questions - More Q's 1. As long as the resources are available for the VM, then transparent. I know in the past that processors had to be in the same family as well as the same brand for Vmotion but I heard that this has changed with (ESX) update 3. I don't know the details yet, so someone please chime in here for clarification. 2. No 3. Most environments will have both. Shared for the lightweight servers and dedicated for VMotion\HA\DRS and the heavy hitting servers. 4. An OS license is an OS license is an OS license. Doubtful but check with the vendors in question. Shook From: Roger Wright [mailto:rwri...@evatone.com] Sent: Monday, December 29, 2008 10:32 AM To: NT System Admin Issues Subject: RE: Virtualization Questions - More Q's Great responses so far! You've all given me even more to think about. A few other questions: 1. From a DR perspective, or perhaps just for rebalancing the load on a host machine, how does moving from one host to another with different HW impact the VM, or is it transparent? 2. Does Virtualization impact your domain security requirements in any way? 3. NIC Utilization - Shared NICs or separate for each VM? 4. OS & App licensing - can we expect any reduction in licensing requirements? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
