Designing a virtual environment

The differences in hypervisors have now been explained and some of the benefits of a virtual environment explored. These new tools, while very flexible and powerful, can also present challenges to the security team if the environment is not well designed and manageable.

Virtual machines are isolated both from the physical host computer and each other for the most part. It is important to remember that most of the physical resources are shared even though there is a separation between the virtual machines. You should take advantage of the physical capabilities of the hypervisor and add additional NICs, separate your storage, and use the snapshot and backup features of the hypervisor. If you properly allocate your physical resources, you can create a robust and secure environment for your virtual infrastructure.

The virtual infrastructure is very similar to a physical infrastructure in what can be done. It is possible to connect virtual machines to internal switches, physical NIC bonds or teams, VLANs, and internal and external storage. These features allow you to design and connect the different virtual machines to the necessary resources and still maintain your security design.