Feeds

Hipster SDN firewalls can gentrify hypervisor slums

Gartner chap ponders security-hungry VMs on generic hosts

High performance access to file storage

As the software-defined-networking (SDN) bandwagon gathers pace, the notion that all your networking appliances can be replaced with virtual appliances is being bandied about a lot.

Gartner chap Joerg Fritsch has just posed an interesting question to those pushing that line: “whether a computing node with a hyper-visor installed should be considered good enough to segregate virtual machines with different security levels”?

Fritsch doesn't come at the question from an SDN perspective: his piece considers a multi-tier application whose different components have differing security requirements. But his thoughts graze on firewalls, one network appliance now considered ripe for replacement with a virtual version.

So should you worry about which host your security-hungry VMs live on? Probably, but don't expect to save money doing it.

Reputable hypervisors, Fritsch points out, have won the same common criteria certifications that dedicated security appliances must win before anyone takes them seriously. So running a security-hungry virtual machine isn't going to mean your setup is less secure. It may also not make it cheaper: on his analysis one can only consolidate severs so much and consolidating to the point at which you need to comingle security-hungry VMs with less-important workloads may not be worth the saving of a server or two.

His concluding argument looks to be of interest to those contemplating SDN. Here's his thinking:

“Well, your data must come from somewhere, isn’t it? Your VMs are probably connected to some sort of SAN where you need to follow up with some serious SAN zoning, otherwise your SAN would defy the idea of a collapsed (or condensed) virtualized environment. And, how about your network? VLAN separation? SR-IOV? If you truly want to collapse your network across different levels of sensitivity, you will need to think of more than only the hypervisor. Maybe the hypervisor is even the least of your worries.”

SDN is, of course, designed to make chores like managing VLANs far easier and promises to make configuration of just about everything faster and more pleasant. It could therefore be an enabler of regimes in which security-hungry VMs can be directed to hosts and VLANs where they can run free and graze upon computing resources among others of their kind without introducing more risk. And nothing will ever go wrong with that. ®

High performance access to file storage

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
European Court of Justice rips up Data Retention Directive
Rules 'interfering' measure to be 'invalid'
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
Bored with trading oil and gold? Why not flog some CLOUD servers?
Chicago Mercantile Exchange plans cloud spot exchange
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.