rvlsoft - Fotolia

What kind of VM management software can improve security?

Some products are better suited to ensuring your virtual infrastructure stays secure and up to date.

There are several different ways to look at this question, but let's consider just a few potential issues. First, any management tools -- regardless of the purpose -- should be virtualization-aware. Older legacy tools may not "see" virtual machines, networks and configurations. You can't manage what you can't see, and this opens the door to overlooked, unpatched or poorly-configured assets that are vulnerable to attack. In many cases, dedicated VM management software can help ensure an environment is secure.

While it's hard to imagine any major management tool that is not virtualization-aware today, some smaller organizations slow to adopt or expand virtualization deployment may still rely on legacy tools, or are simply unfamiliar with the management software's virtualization capabilities. Start by evaluating the management tools you are currently using and determine whether an upgrade or additional training is necessary to support a virtual environment -- perhaps a new tool set is required.

From a security perspective, ensure that your antimalware, host intrusion detection or prevention tools, host firewalls and other tools are suited for virtualized environments. This usually includes optimizations to allow the software to run within host or guest VMs with minimal footprint or performance impact. These tools are increasingly deployed as virtual appliances -- dedicated VMs -- instead of added to individual VMs.

It's particularly important for virtualization-aware management tools to support tasks such as asset tracking, inventory control and change management. For example, VM management software must be able to keep track of operating system versions running in the host and guest VMs, alert administrators when updates and security patches are available, initiate the process of patch testing and deployment, log changes, and update the asset/change control system accordingly.

Finally, evaluate the VM migration tools. Migration tools support virtualization by nature, but it's important to consider the way such tools transfer network, storage and other configuration settings which inevitably must change as a VM is moved between physical servers. If the migration tool fails to transfer all configuration settings to a destination server, it is possible that the VM might be left vulnerable to attack. For example, if the VM uses a VPN, but a migration moves the VM out of a VPN, it is possible that the VM and its network traffic might be vulnerable after the migration is completed.

Although organizations often focus on security tools and posture -- especially in a dynamic virtualized data center -- the reality is that people can still be the biggest security threat. Malicious or careless users, misconfigured systems, weak access control policies, poor change management practices, and phishing or other social engineering can conspire to compromise even the best security tools. Clear policies, ongoing user education and comprehensive VM management software must work together to secure virtual data centers.

Next Steps

VM management software that can help plan for growth

Improving the performance of virtualization management tools

Guide to VM and cloud management tools

Dig Deeper on Virtual machine monitoring, troubleshooting and alerting