Defend Your Virtualised Data Centre

data centre1

Many IT managers remain concerned about the security implications of the widespread virtualisation of mission-critical applications. Compared to non-virtualised environments, server virtualisation introduces additional points of attack, particularly in the virtualisation layer, including the hypervisor, the virtual machine environment, and the soft switches that replace the physical access-layer switches in the network. These additional layers introduce more vulnerable points into the data centre.

The need for context-aware security policies

Traditionally, data centre applications and desktop clients have been responsible for most user authentication and access control, however as networks become more context and application aware the network must take over more of the security policy enforcement responsibilities from application endpoints.

The network security infrastructure is increasingly required to enforce identity and role-based policies, as well as to make other contextual decisions. The capability to block traffic to an application or server in the data centre or cloud can no longer be based on the typical source or destination addresses of hosts. Now it must be based on the identity or role of the user, the process, or application in the transaction. Access can also depend on context specific attributes other than identity, including the type of device accessing the application, the location of the user, the time of the request, and more.

These context-aware policies are increasingly becoming the responsibility of the Data Centre Firewall and Intrusion Prevention System (IPS), which have to expand their capabilities to detect and decide based on these factors, as well as to monitor for the presence of malware, unauthorised access attempts, and various attacks.

How to defend your virtualised datacentre

1.      Defend the Data Centre from Unauthorised Users and Outside Attacks

The first step is to block from the rest of the LAN all traffic that is not authorised traffic to and from the data centre. Deploy a stateful firewall in front of the data centre or a large segment of shared server resources that can block all traffic from unauthorised sources to invalid data centre destinations.

2.      Prevent Intrusion and Malware

Legitimate traffic from outside the data centre may still contain malware, including Trojan horses, viruses, and worms. Deploy a scalable, high-bandwidth IPS to inspect all traffic coming into the data centre, or at appropriate points within the data centre. This inspection can reasonably ensure that all data centre traffic and virtual machines are clean of threats. There is minimal risk that malware will attack other virtual machines if these are blocked from applications in other trust zones by the virtual firewall.

3.      Defend the Tenant Edge with a Proven Firewall

Extend the well-proven security component of the physical environment to the virtual and cloud infrastructure and secure different department, business unit, or client zones with strong multitenant edge security for highly secure communications between multiple tenants.

4.      Assign Virtual Machines to Segmented Trust Zones and Enforce Access Policies

Inside the data centre, enforce security policies that isolate traffic between application groups to help ensure that users and services authorised for one application cannot inappropriately access other applications residing in other trust zones. This degree of access control and logical isolation is easily provided by firewalls, but not long ago it was impossible to provide firewall capability at the virtual machine level or to isolate virtual machines on the same server. Virtual machines were not visible to the physical network and firewall as separate entities.

Need more advice?

Please feel free to contact us to discuss how to best secure your virtual environment.

The Internet of Everything

internet-fridge

The “Internet Of Everything” is the existence of uniquely identifiable devices interconnected via the Internet. The interconnection of these devices is expected to introduce automation in nearly all fields.

There is a lot of hype about IoE and we are at the point of wondering what it will mean for us as individuals, employees and businesses.

IoE will change our lives.

One of the suggestions is that your toothbrush might have a chip in it and via Bluetooth will communicate with your mobile device to tell you stuff like how long it has been since you started using it or in the case of the kids tooth brushes, have they been used recently. Is that too invasive? We will be faced with all sorts of questions about what we do and don’t want connected to the IoE.

Wearable technology is already beginning to monitor health vitals and offer connected watches that monitor or report on our movements. It won’t be long before your fridge knows what is inside it and your rubbish bin knows what you threw out and the shopping list on your connected fridge door asks you to confirm the on-line order for replacing everything you have consumed this week for delivery tomorrow.

IoE will have very practical uses across our infrastructure. Street lights and traffic lights will have sensors so the services companies know where to replace a failed globe. Pipes will be able to detect where a leak is occurring so that water wastage is reduced (today 30% of our water supply is currently lost to leaks). The infrastructure cost savings by this sort of technology in smart-pipes will equate to billions of dollars and save many valleys from being flooded by new dams.

There are plenty more examples of this sort of sensor information making big differences and when this is tied to big data and data analytics the world will change quickly and significantly. The impact on businesses that must reduce wastage to remain competitive will be huge.

IoE will affect your business, so be prepared.

Some of the technology is here today and much of it is in development now. Large companies have embarked on ambitious big data projects and many smaller organisations have started collecting and collating what data they can. This is leading to a growing need for data storage systems and analytics tools today.

If your business is not paying attention to the current changes in IoE technology and looking at what it means to your industry whether you are in retail sales, manufacturing, primary industry or consulting services there are changes coming to technology in the IoE that will change the way your industry thinks and works. You don’t want to be the only farmer who still waters the whole crop because you don’t have sensors telling you which third of the crop is dry.

We will post more updates on how IoE is affecting local business but in the meantime stay alert, not alarmed, at the IoE changes in your industry.

Systemnet launches Veeam Back-up Solution

Backup

Systemnet is pleased to advise that we have moved to the next generation back-up software for clients with virtual servers, and specifically, those clients who use VMWare and Hyper-V. Veeam has the following advantages compared with other back-up solutions:

  • 50x times faster off-site back-ups with built in WAN Acceleration. This means that we get your images to our server much faster.
  • Advanced monitoring and reporting functionality.
  • Built-in de-duplication, “forever incremental”, meaning that the off-site disk rotation is no longer required.
  • Granular restoration of SQL databases & Exchange mailboxes.
  • Faster and more reliable VM (Virtual Machine) recovery reduces the recovery window significantly.
  • Agent-less install reduces the load on your servers.
  • 2 in 1 backup and replication – replicate on-site for high availability and off-site for disaster recovery and business continuity. Includes failover and fail-back

This table illustrates Veeam’s advantages compared with it’s competitors.
Veeam-Comparison

Disaster recovery and business continuity is vitally important for any business. If you would like information regarding our backup-up solutions, please email sales@sn.com.au