rvlsoft - Fotolia
There are several different ways to look at this question, but let's consider just a few potential issues. First, any management tools -- regardless of the purpose -- should be virtualization-aware. Older legacy tools may not "see" virtual machines, networks and configurations. You can't manage what you can't see, and this opens the door to overlooked, unpatched or poorly-configured assets that are vulnerable to attack. In many cases, dedicated VM management software can help ensure an environment is secure.
While it's hard to imagine any major management tool that is not virtualization-aware today, some smaller organizations slow to adopt or expand virtualization deployment may still rely on legacy tools, or are simply unfamiliar with the management software's virtualization capabilities. Start by evaluating the management tools you are currently using and determine whether an upgrade or additional training is necessary to support a virtual environment -- perhaps a new tool set is required.
From a security perspective, ensure that your antimalware, host intrusion detection or prevention tools, host firewalls and other tools are suited for virtualized environments. This usually includes optimizations to allow the software to run within host or guest VMs with minimal footprint or performance impact. These tools are increasingly deployed as virtual appliances -- dedicated VMs -- instead of added to individual VMs.
It's particularly important for virtualization-aware management tools to support tasks such as asset tracking, inventory control and change management. For example, VM management software must be able to keep track of operating system versions running in the host and guest VMs, alert administrators when updates and security patches are available, initiate the process of patch testing and deployment, log changes, and update the asset/change control system accordingly.
Finally, evaluate the VM migration tools. Migration tools support virtualization by nature, but it's important to consider the way such tools transfer network, storage and other configuration settings which inevitably must change as a VM is moved between physical servers. If the migration tool fails to transfer all configuration settings to a destination server, it is possible that the VM might be left vulnerable to attack. For example, if the VM uses a VPN, but a migration moves the VM out of a VPN, it is possible that the VM and its network traffic might be vulnerable after the migration is completed.
Although organizations often focus on security tools and posture -- especially in a dynamic virtualized data center -- the reality is that people can still be the biggest security threat. Malicious or careless users, misconfigured systems, weak access control policies, poor change management practices, and phishing or other social engineering can conspire to compromise even the best security tools. Clear policies, ongoing user education and comprehensive VM management software must work together to secure virtual data centers.
VM management software that can help plan for growth
Improving the performance of virtualization management tools
Guide to VM and cloud management tools
Dig Deeper on Virtual machine monitoring, troubleshooting and alerting
Related Q&A from Stephen J. Bigelow
Get to know VMware vSphere's Admission Control tool and use it to reserve the resources necessary for VM failover with cluster resource calculations ... Continue Reading
Use heartbeats, VM monitoring and application monitoring to fully examine the causes of VM unresponsiveness. Adjust sensitivity levels to focus on ... Continue Reading
Combine Distributed Resource Scheduler and vSphere High Availability to design balanced failover clusters. Pay attention to affinity rules, which can... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.