Page 33 - Cyber Warnings
P. 33
These storms can cause significant performance hits on each host, which causes the VMs to slow
down if they are contending for memory, CPU, network bandwidth, or disk throughput. IT
departments can orchestrate the scanning order of the VMs to avoid this, or find a solution that is
optimized for virtualized environments, leveraging technologies like change block tracking (CBT) so
that only parts of the disk that are active are scanned. By minimizing the scanning surface, the
operation happens much faster, so the performance hit can be significantly reduced. This even
allows some datacenters to run more virtual machines on each host, reducing their overall costs.
Protect the Computing Resources
There are many different kinds of threats that will consume memory or CPU cycles in order to slow
down your virtual machines. One of the best approaches to applying this third layer of protection is
to enable resource throttling, also known as Quality of Service. This will ensure that each VM gets
a guaranteed minimum amount of computing resources, yet does not exceed a maximum amount,
so as to not negatively impact the performance of other VMs on that host.
Another best practice is to utilize an agentless solution, so nothing has to be installed inside the
virtual machine. Not only will each VM be consuming fewer resources, you are also removing the
risk of a virus being injected into memory while it is being booted. Moreover you eliminate the need
for the administrator to access the guest operating system, preventing a malicious user from
installing malware or accessing confidential customer information. Using this strategy, not only will
you achieve better security, but you will meet more compliance regulations and standards.
Conclusion
As virtualization and cloud computing becomes more popular, the need to protect the virtual
infrastructure and meet the unique challenges of its dynamic systems becomes critical. For the
security professional that wants to succeed in this space, use the proactive approach to security
that is founded on the essential 3-layer method of protection: protecting the network; protect the
disk; protect the computing resources; and this will lead the way toward a more secure future.
About the Author
Symon Perriman is 5nine Software’s VP of Business Development and a
Microsoft MVP specializing in virtualization. Previously he was Microsoft's
Senior Technical Evangelist and worldwide technical lead covering
infrastructure, management and cloud. He has trained millions of IT
Professionals, holds several patents and dozens of industry certifications,
and in 2013 he co-authored "Introduction to System Center 2012 R2 for IT
Professionals" (Microsoft Press). Symon also serves as a technical advisor
for several startups, including System Center solutions provider
ScorchCenter LLC.
33 Cyber Warnings E-Magazine – January 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
