With virtualization being the trend du jour, the prevailing wisdom dictates that transforming everything that is physical into a virtual model is based on sound economic judgment. While the economic benefits of virtualization are virtually (pun intended !) unassailable, there is definitely some thought that needs to be focused on how today’s physical world can interplay with a virtual one. Let’s take the case of security. For years, the traditional data center firewall vendors – Juniper included – have been offering faster and faster hardware gear to keep up with the feeds and speeds of the data center. In addition some hardware vendors have proffered up a virtualized instance of their physical firewalls. There is also a new category of hypervisor based security that has emerged over the last couple of years for securing inter-VM traffic. Not to be outdone, the virtualization infrastructure vendors are drawing up boundaries of security zones that encompass compute, storage and web tiers and calling this the new security boundary, within which traditional security paradigms like firewalls, intrusion prevention systems etc. can reside protecting each of these confines. What is sorely missing in these various individualized security offerings is a coordinated way to offer protection that is holistic yet uncomplicated and addresses real world needs. For instance, most data center customers today have physical security hardware investments and a degree of server virtualization. If they now decide to purchase virtual firewall licenses and hypervisor based security – how then do these three security investments – physical, hypervisor and virtual -- play together? For the outside-in threats, does the physical security have the capability to scale? For the inter-VM threats that are detected by the hypervisor firewall, does the physical security device need to be made aware of the same? Does east-west traffic between server boundaries need to be secured by physical, virtual or hypervisor firewalls, or all of the above? Does the new security boundary that is being defined by the virtualization infrastructure vendors cause security sprawl by having security functions instantiated in each virtual boundary rather than consolidated at the edge in a physical instantiation?
In order to win business, vendors must leverage their customers’ investment in physical firewalls by coupling them with newer security solutions that server virtualization demands to provide a total solution that builds on both physical and virtual security.
Discussing a wide range of topics impacting enterprises and
data center security.