Would Homer Simpson Protect Virtualized Servers? (Hacktivism #5)
avatar

Problem to Solve:   What can we do to protect our Virtualized Server Infrastructure and Application Services against Hacktivism?

 

Homer Virtualization_2OK, I don’t know exactly what Homer Simpson thinks about virtualized servers, but do have a guess on his reaction. 🙂  

So the good news is that your company has decided to implement a Virtualized Server Infrastructure.  This is an excellent way to decrease data center footprint, decrease power consumption, and increase efficiency of the total compute environment. WOOHOO!!

And now the bad news if you have concerns like most organizations. Now that you have virtualized the servers, you cannot really ‘see’ when you have application performance issues.  And you have also created a blind spot and nearly invisible environment (other than SYSLOG info) for the Cyber Security team to defend.  DOH!!

Virtualized Servers… WOOHOO!!

Unless you just transferred from another “IT planet”, you probably are very aware of the different virtualization platforms. VMware, Hyper V, Citrix, Oracle, Red Hat etc. all offer virtualization platforms that organizations have invested and deployed. There are many benefits of this technology, including extreme flexibility (virtualized OS and software packages), ease of deployment (provisioning time), and redundancy (vMotion). I’m not writing this blog to debate the technology benefits or vendors, but to point out the new APM NPM & Cyber challenges of this deployment model.

Virtualized Servers… DOH!!

The challenge really begins with the term “virtualization”.  While “virtualization” is certainly not a new concept in computing, today’s new server deployment models have added a nuance when it comes to triage and troubleshooting applications. If you think of a multi-tier application (i.e. web, application, and DB server) from 10 years ago, it usually consisted of (3+) physical servers to run the application. A client would access the web server, who then made a call to the application server, who then made a call to the database server. All of that communication was transmitted over the network, and the traffic was easily accessible to network tools for troubleshooting. Now in today’s virtualized server environment, the web, application, and database can all reside as “virtual servers” all inside one physical host. From a traffic perspective, this server to server interaction occurs virtually inside of the virtual server. In many cases, this communication DOES NOT travel over the physical network, so traditional network tools have no point to see and analyze the traffic necessary to triage or troubleshoot. (Please see this previous article for details Don’t let a Multi-Tier Application Make You Multi Tear Up). Another challenge that this deployment model presents is for Cyber Security teams.  The same traffic that is “not accessible” to your network troubleshooting tools, is also “not accessible” to most network based cyber security tools. DOH!!  

Blade Chassis…. Double DOH!!

Many large organizations are deploying blade chassis to house their virtualized server environments. This effectively creates another layer of complexity when it comes to visibility of server communications. For example, you now could be faced with having 10+ virtualized servers running on a particular host, that is now sharing the same blade resource, (say 24 hosts on a blade). Oh and by the way, there may be 10 blades in an actual chassis. So, what do you get at the end of this equation?  10 servers X 24 hosts X 10 blades for a grand total of 2,400 servers that you basically cannot “see” from a traffic perspective. Do you think that the bad guys are aware of your virtualized environment, and the lack of security tool visibility that you may be facing? DOH!!

VoIP Deployments…. Triple DOH!!

Not only are customers deploying traditional applications on virtualized servers, but also their unified communication environment as well. So this blind spot in visibility for network and application performance, now extends into your UC environment and call center environments. Wait a second, aren’t most call centers critical to generating company revenue and addressing customer requests? (Please see this previous article for details  Bad Guys Playing Whack-A-Mole with your UC Services??Throw in a wrinkle regarding QoS into this complicated mix, and you have a proverbial party on your hands. DOH!!

What Can You Do??

I will admit that I “may not” have lifted everyone’s spirit by calling out this topic.   The good news is that you do have options to address these challenges. WOOHOO!!

1 – Time for Server, Network, Application and Cyber teams to Unite – No, not for a “group hug” or rallying cry, but to sit down at the same table and list out each group’s gaps in visibility, use cases, and requirements. You really cannot build a strategy to address a problem if you don’t know the issues. In a virtualized server world, all of these groups will be affected, so sit down together and document the requirements.
2 – APM NPM tools do provide Virtualized Visibility – After you have the requirements drawn up, invite your APM NPM vendor in for a chat. Frame the discussion as a technology discussion, not a sales pitch. Don’t be afraid to invite your virtualization software and hardware vendor as well. This will allow your teams to pick the brain of people that are likely having this discussion on a daily basis. It should also allow you to see the solution options available to you.
3 – TAP and Aggregation Visibility – in most cases your APM NPM vendor will somehow work in conjunction with a TAP and Aggregation solution. The key focus here is to think SOLUTION, not vendor or tool. This is especially important as you will likely have up to (4) internal IT groups involved, so stick to the group requirements to build the solution.
4 – Everybody Wins – if you do this correctly, you can build a solution that meets everyone’s performance, scalability, and cybersecurity requirements. In the end, IT and really your company wins. You be able to verify that the application services are performing, effectively triage and troubleshoot if they are not, and determine if you are under a cyber attack from the inside of the virtual environment.
 

WOOHOO!! …. I think Homer might like this approach …

Points to Ponder

  • Have you ever had to address an application performance challenge inside a virtualized environment?
  • Have you ever had your company be attacked from inside of your own virtualized environment?
  • Do you have an interesting war story to share on the topic of virtualization?

 

Continue on to the next article in the series, Remote Remote .. It’s Work From Home We Go

http://problemsolverblog.czekaj.org/troubleshooting/remote-remote-work-home-go-hacktivism-6/

Hey Cybersecurity Dudes … Don’t forget APM / NPM tools in your Defense Strategy
avatar

Problem to Solve — How can you add additional cybersecurity analysis functionality to protect your environment and your company’s intellectual capital … with some of your existing APM/NPM tools? Let’s face it …. CyberSecurity is an all-out war, and it … Continue reading