By Julia Anderson, assistant site editor
The flexibility associated with a virtualized infrastructure helps decrease hardware costs and provides multiple options to provision and configure hosts, virtual machines and clusters. This same flexibility gives admins many options to architect virtual network security strategies, but provides just as many opportunities for failure and corrupted communications.
Identity authentication and management are growing concerns among IT pros as they virtualize workloads and manage complex virtual infrastructures. VMware has sought to address these concerns by adding more identity-management tools and applications and expanding the use of digital certificates. The goal is increased security and productivity, easier network management and more reliable monitoring, without high costs or redundant effort.
Case in point: the new Single Sign-On (SSO) feature in vSphere 5.1, which is a required component for upgrading to the latest version of the hypervisor. SSO acts as an authentication broker and a security token exchange. It provides more secure access to vSphere products than a password security vault, for example, which offers a superficial remedy for cumbersome authentication policies and lack of system integration. Unfortunately, VMware users have found SSO rife with errors, preventing many from completing the vSphere upgrade.
VMware has rolled out SSO troubleshooting and vSphere 5.1 deployment resources, but the vendor has yet to see significant adoption numbers.
Before your data center faces a network security breach, read up on VMware identity authentication and management methods.
Table of contents:
Replacing self-signed SSL certificates to improve ESXi security
VMware's default, self-signed Secure Socket Layer (SSL) certificates only ensure data encryption within a private network. But for many organizations, communication extends beyond this. Traffic is often sent across the Internet when establishing a remote-management session with a vSphere infrastructure. By importing certificates from trusted third parties, however, you can improve ESXi security.
How to steal a VM and its data in three easy steps
Because virtual machines (VMs) are encapsulated into single virtual disk files that reside on a virtual host server, anyone with the appropriate access could steal them and all associated data in a matter of minutes. Once you learn the two main ways to access the virtual disk (.vmdk) file of a VM, you'll be better equipped to safeguard against them. But you must also remember your security measures must span multiple layers, and that any weakness along the way could compromise virtual data security.
SSO patch, SSL documentation aim to assuage vSphere 5 identity authentication concerns
Failure scenarios and log-in problems plagued vSphere 5.1's SSO feature, which, in reality, should have acted as a security token and provided easier access to vSphere components such as vCenter Server and Orchestrator upon successful login. The errors had prevented many customers from upgrading. VMware has since issued an SSO patch to combat the problems, but the SSL documentation released with the patch actually sheds light on previously undocumented problems.
VMware vCenter Ops Manager identifies real-world problems
Changes to virtual networks often create problems; IT admins have all but come to a consensus that virtual infrastructure performance tools are a worthwhile investment. VMware's vCenter Operations Manager detects and resolves root causes of infrastructure problems, and creates extensive statistical analysis over time to determine what is and isn't normal. The recently launched vCenter Ops 5.6 allows for more integration with VMware Configuration Manager and automates the process of tracking and correlating changes to problems, which could be a deciding factor for some admins still on the fence.
Top five VMware network performance tips
In larger virtual infrastructures, VMs can affect each other's performance by stretching and placing strain on bandwidth. To optimize VMware network performance, there are several steps admins can take short of an upgrade. Simply adjusting certain network settings as the number of VMs and consolidation ratios increase will ensure all VMs receive a fair share of bandwidth.
More virtual network security links
How VMware Site Recovery Manager can help you
The not-so-new vSphere5 (Networking)
Avoid the defaults when configuring VMware vSwitch security
A guide to best practices in virtual network security
How to protect VMs, VMkernel and your network with VMware ESXi
Nine ways to achieve solid VMware View security