“One significant issue with virtual machine security is with virtual switch isolation,” said Burton Group’s Wolf.”The current all-or-nothing approach to making a virtual switch ‘promiscuous’ in order to connect it to an IDS/IPS is not favorable to security.”
For example, “if you connect an IDS appliance to a virtual switch inpromiscuous mode,” Burton said, “not only can the IDS capture all of the traffic traversing the switch, but every other VM on the same virtual switch in promiscuous mode could capture each other’s traffic as well. “Users should be aware of this and work around it.”
Next week, I’ll be attending VMworld 2007, the virtualization community’s annual conference. Actually I won’t be the only one given that more than 10,000 people are attending this year! Furthermore, famous people are keynoting:
- Diane Greene, VMware’s CEO
- Mendel Rosenblum, VMware’s Chief Scientist
- John T. Chambers, Cisco Systems, Inc.
- Patrick Gelsinger, Intel Corporation
- Hector de J. Ruiz, AMD
This year, I’ll be giving two talks: “Fast and Easy Disk Workload Characterization on VMware ESX Server” and “ESX Storage Performance – A Scalability Study”.