Now that we have reviewed the basics that define what composes a cluster within the virtual environment, we need to look further into the security of the cluster elements. In our definitions of threat, vulnerability, and fault from Chapter 1, "What Is a Security Threat?" we know that any failure of a node within a cluster should be considered from a security perspective. Although some failures are easy to track to the root cause, that is not always the case. That is when a security analysis of a fault should be performed in conjunction with normal fault determination.
Clusters are one way to mitigate possible failures by either rapidly booting virtual machines or transferring the load from busy systems to less used systems. Business continuity and failover are part of any security architecture because they are employed to mitigate the unknown problems that occur within the data center. The goal is to keep systems running.
Process accounting has always been just one part of security research and should remain so within the virtual world. Process accounting is the gathering of data about all processes running within your VMs and virtualization hosts (which include the VMs). Such data would be the length of time a process took to run, which CPUs and other devices were in use, and so on. With clusters of virtualization servers, process accounting needs to now include full virtual machine data and not just the single process running. The performance data stored by the virtual center could be an invaluable research tool that could lead to recognizing a security issue. This illustrates the importance of gathering baseline data. The tool often used to gather this data will be the vm-support command for each virtualization host, or you can export diagnostic data when using the VIC.
Clifford Stoll wrote about his research into computer espionage within the book Cuckoo's Egg (New York: Pocket Books, 1990). In this real-life story, a $0.75 accounting discrepancy on a time-share system led to the capture of a worldwide computer espionage ring. This one discrepancy shows that something apparently minor could be the tip of the iceberg. This is an important point, and a good illustration. If you don't have an idea of what your baseline is and how this compares with current data, you will never know there was a security problem.
Printed with permission from Prentice Hall. Copyright 2009. VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment by Edward L. Haletky. For more information about this title and other similar books, please visit InformIT.com.