Managing Virtual Systems

---

• CCSP outlines 4 components:
  1. Installation and configuration of management tools
     • provide control of VMs and help management plane handle resource demands
     • creates a new attack surface, though
  2. Security configuration requirements specific to virtual hardware:
     • Network configurations
       • virtual firewalls, switches, etc.
       • virtual VLANs
       • NIC teaming
       • network path redundancy
     • Storage
       • allocated as need or provisioned upfront
       • encrypt storage space
     • Memory
       • can be allocated directly or as needed
       • dedicated memory improves security but increases costs
     • CPU
       • often shared in a virtual environment
       • dedicating cores or entire CPUs help reduce risk
         • higher cost
  3. Installation of guest OS virtualization toolsets
     • e.g., VMware Tools, Amazon’s paravirtual drivers
     • add functionality by connecting to the underlying virtualization host
     • helps map storage and support improved networking, video output, sound, or input capabilities
  4. Configuring host and guest OS backup and restore functions
     • VMs can be backed up via snapshots
       • capture point-in-time configurations, memory state, disk images, and settings
       • can be restored as needed
       • can be used to build baseline instances