As organizations the world over adopt the latest hot technology — virtualization
— security threat concerns may be overlooked. As it happens, virtualization brings with it a unique set of security challenges, since organizations must integrate server, storage and networking priority and security policies as they go about optimizing application performance and operating costs. Policies and best practices must be set in place so that virtual machines serving the enterprise or other organization are able to enforce such things as “the principle of least privilege” (also known as “the principle of minimal privilege” and “the principle of least authority” it requires that in a particular abstraction layer of a computing environment every module — such as a process, a user or a program on the basis of the layer we are considering — must be able to access only such information and resources that are necessary to its legitimate purpose) and can leverage intrusion prevention and network access control.
That’s why Enterasys (
News -
Alert) Networks Inc. (www.enterasys.com) recently announced the Enterasys Secure Networks for Virtual Data Centers solution, which assures the connectivity and compliance of virtualized computing and storage. As more organizations adopt virtualization technologies to reduce equipment, energy and cooling costs in data centers, Enterasys addresses the security, management and operations challenges these new data center technologies introduce. The “Triple A.” Authentication, Authorization and Audit requirements for security compliance are still essential when optimizing a data center. Enterasys Secure Networks for Virtual Data Centers provides a way to sense and automatically respond to the dynamic mobility of virtual machines, enforce network access control policies, and comply with internal, industry or government regulations.
Trenton Waterhouse, Vice President of Marketing at Enterasys, says, “As organizations continue to adopt virtualization for computing as well as storage, you’ll see that a particular application will move or migrate dynamically to the data center. For regulatory compliance reasons you need to be able to provide an audit trail of those moves. So what we do, essentially, is this: no matter where that virtual machine is, we will associate some security and some QoS
priority privileges with it. We perform this without the organization having to do any reconfiguration every time there’s a dynamic move out or change from the virtual server. We can keep up with all that automatically and supply the audit trail.”
“There’s also a network access control angle to this,” continues Waterhouse. “There’s a fundamental need to ensure that only the right people have access to the right information at the right time and from the right location. Yes, time and location can be variable in that equation as well. From the network perspective, we provide an additional layer of security such that we prevent the ‘bad bits’ from getting to the server and storage infrastructure in the first place. So now you don’t need to rely as much on systems security or storage security, because the network is now providing a protection layer.”
“When a user authenticates on the network,” says Waterhouse, “they’re using RADIUS or any LDAP-based directory server. Those authentication methods are essentially how we know that we’ve got the right user. Where we bring in the additional context of time and location is our own network access control technology. For example, if you are the CEO, you get the CEO privileges. But if we notice that it’s 3 a.m. and the alleged CEO is entering the network from the Cayman Islands, perhaps that’s not an appropriate time or an appropriate location for the CEO to be accessing these resources. So we’ll either create a security alert or deny the connection, depending on how you’ve configured the system.”
Key building blocks of the Enterasys Secure Virtual Data Center include:
--Security-enabled infrastructure using Matrix N-Series flow-based switches and Matrix X-Series high performance routers, providing top-of-rack, end-of-row, and network core connectivity with capacity of more than 1,000 Gigabit Ethernet
or 256 Ten Gigabit Ethernet connections per rack. The Enterasys Matrix N-Series switches and Matrix X-Series routers have an architecture with no single point of failure. The Enterasys flow-based switching enables bandwidth aggregation and dynamic load-balancing across multi-homed connections to each physical server to ensure availability in the event of network, device or link failure; and on-demand provisioning of additional capacity. In the event of physical server or virtual machine failure, Enterasys Secure Networks support virtual machine mobility without requiring manual reconfiguration of the network or interrupting user access to information.
--Advanced Dragon security applications for intrusion detection/prevention, network access control and security information management to automate compliance audits and reporting.
--Centralized visibility and control through NetSight management applications that enforce role-based policies and automate corrective actions.
You can schedule a live demo of Enterasys Secure Networks for Virtual Data Centers capabilities at
www.enterasys.com/demo.
TMCnet LOGIN
Webinars
