Article Options
Transforming IT Blog
Join us in the Transforming IT HP Blog where we will discuss reinventing IT to overcome obstacles and take advantage of Instant on Enterprise opportunities.

Part 1/ VM Image Lifecycle: Enable 5 Key Security Processes to Protect a Converged Cloud

TS_Guest| July 12, 2012 - last edited August 17, 2012
Post a Comment
0

 

 

By Jan De Clercq

 

To secure a converged cloud, begin with the virtual machines (VMs) provisioned within the cloud. A converged cloud environment commonly uses virtualization and virtual machines (VMs). In the context of cloud computing security, the term VM applies to both VM images and VM instances. A VM instance is an operational copy of a VM image.

 
To assure VM security—namely confidentiality, integrity and availability protection—during the VM lifecycle, you should use secure virtual machine (VM) lifecycle management to provide security services. Secure VM lifecycle management can be split into a set of key stages and functions for both the VM image and the VM instance.

The stages and functions of a VM image lifecycle are:

  1. VM image creation. A VM image must be secure by default. It must be created using a secure VM development process where the necessary hardening and configuration settings are defined and applied to a “standard” VM image.

  2. VM image storage. VM image storage securely stores the VM image, providing sufficient confidentiality, integrity, and availability protection, and assures that only authorized users can access the VM image from storage.

  3. VM image patching. VM image patching assures that VM images contain the latest patches and security fixes to remain protected from vulnerabilities and threats.

  4. VM image backup and restore. VM image backup and restore assures that VM images are maintained and can remain operational even in the event of a failure or natural disaster.

  5. VM image deletion. VM image deletion assures that VM images are properly deleted from storage and that no traces are left. It requires access control mechanisms to authorize VM deletion as well as secure deletion controls, such as zeroing and wiping solutions.

 

The stages and functions of a VM instance lifecycle are:

  1. VM provisioning and de-provisioning. VM provisioning and de-provisioning automates the instantiation (from a VM image) and removal of an operational VM instance. It also provides lifecycle tracking, which maintains a log of all actions that occur during the life of a VM, including traces of all VM-related administrative and configuration actions.

    VMs must be provisioned to a Virtual Machine Manager (VMM) instance in a secure way. This requires proper access control to decide who is authorized to provision a certain VM to a VMM, and it also affects secure communication and auditing (activity monitoring) controls. This applies to VM de-provisioning, too.

  2. VM operation. VM instances must be used and managed in a secure way. This has implications for all actors using the VM instance. It requires access control and secure communication mechanisms. In a multi-tenant cloud environment, it’s important to have proper security isolation between the VMs of different tenants.

  3. VM migration. VM migration occurs when a VM is manually or automatically moved between different VMMs that are part of the same or different cloud platforms. Migration must be done over secure communication channels and can only be executed after the person or service initiating the migration has been properly authenticated and authorized.

  4. VM archiving. VM archiving is used to maintain a copy of a VM image that is not in use on a storage platform. It can be subjected to Information Lifecycle Management (ILM) policies and retention requirements. VM archiving requires access control mechanisms to initiate archiving and authorize access to archiving storage providers; secure backup and recovery to make sure the archive is effectively maintained even in the event of a failure or disaster; and secure archival storage to ensure the archive provides confidentiality and integrity protection, which is typically achieved using encryption and integration protection mechanisms.

 

Secure Virtual Machine Image and Instance Lifecycle Management.jpg

Secure Virtual Machine Image and Instance Lifecycle Management

 

This is the second article in my "Cloud Security" series. These are de links to the rest of installments:

  1. (Previous article) NEW Cloud Security Series:  Enable 5 Key Security Processes to Protect a Converged Cloud (link)
  2. Part 2/Service Aggregation and Cloud Bursting:  Enable 5 Key Security Processes to Protect a Converged Cloud (link)
  3. Part 3/Secure Virtual Machine Lifecycle Management: Enable 5 Key Security Processes to Protect a Converged Cloud (link)
  4. Part 4/Secure Universal Remote Access: Enable 5 Key Security Processes to Protect a Converged Cloud (link)
  5. Part 5/Secure Federated Identity Management: Enable 5 Key Security Processes to Protect a Converged Cloud (link)


Additional resources:


 

 

 

Jan De Clercq_2012.jpgJan De Clercq is a solution architect with HP's worldwide HP Technology Consulting IT assurance portfolio team. He focuses on cloud security, identity and access management, mobility security, and security for Microsoft platforms and solutions.

Tags: cloud computing| Cloud Services| Discover 2012| ESSN| HPTS| View All (6)
Labels: Discover 2012| ESSN| HP Cloud Services| HP Partners| HP ServiceONE| HPTS
Labels:
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
 
Search
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About the Author
  • More than 30 years in Sales and Marketing in IT services business. Currently managing global campaigns for Datacenter Care.
  • I’m a Global Strategist, a certified (PMI) Project Manager, specializing in business to IT alignment, agility consulting, Infrastructure Transformation and Strategic Architecture for Big Data, Mobility, Private Cloud, Unified Communications and Collaboration. I drive the strategy, vision and content of strategic consulting services in the Big Data IT Infrastructure services area at HP. As part of this, I meet with senior level customers to understand their challenges, conduct workshops to determine future vision and roadmaps as well as presenting at industry and analyst events.
  • Andre is a Senior Solutions Architect specialising in enterprise infrastructure consulting with particular focus on enterprise storage, server virtualisation, cloud computing, and IT to Business translation. Andre also holds University degree's in Information Technology and Business and Administration majoring in Strategic and Organisational Management
  • Craig Partridge is the WW strategy lead for HP Technology Services Networking group. His role now covers strategy for consulting, professional and support services. The major areas of focus are Mobility, UC, Cloud Networking and IPv6. All aligned to core HP networking solutions - simplified, secure, optimized and available.
  • Don has held roles with the business and marketing of consulting for HP. Currently he supports HP's Client and Microsoft Solutions and the emerging Mobility Consulting services. He holds a MBA from UCLA's Anderson School.
  • Hande has been with HP for over 10 years and held key consulting business and marketing roles based in New York and Boston US. Currently, she is the WW marketing lead for Cloud and Converged Infrastructure Consulting Services for HP Technology Consulting and living In Istanbul with her family. Hande enjoys spending time with friends, traveling, skiing and reading. Hande holds a M.B.A degree from Bentley College, MA.
  • Having joined HP in 2003 Ian Jagger is the world-wide marketing and program manager for HP Technology Consulting's Strategic Consulting Services, Critical Facilities Services and Energy and Sustainability Management Services, as well as emerging IT services Prior to his current role, he served as the HP Services Marketing Manager for Central and Eastern Europe, Middle East and Africa, having joined HP in a similar role in the Middle East. Prior to HP Jagger had a 15 year international sales career, culminating in being Sales and Marketing Director for Steelcase Inc addressing Northern Europe before focusing more specifically on marketing. His initial focus was consultancy and interim marketing management, primarily for small to mid-sized customers based or looking to expand in the Middle Eastern region. Immediately prior to joining HP he was a strategic marketing consultant addressing investment targets for a technology fund. Born in Rochdale, United Kingdom, Jagger holds an honors bachelor of science degree in economics and a degree in social psychology from Loughborough University, England. He also holds a Masters Diploma in Marketing from the Chartered Institute of Marketing, is a Member of the Chartered Institute of Marketing and a Chartered Marketer. He has one daughter and lives in Cary, North Carolina.
  • Jordan Lee has over twenty years of consulting and industry experience, helping some of the world’s largest firms craft and implement their business and IT strategies. His priority is to advise Hewlett-Packard clients how to best prepare for and take full advantage of the dramatic shifts in the IT economy taking place today. Over his career, Mr. Lee has held executive positions both in industry and consulting organizations, where he has provided consulting to some of the largest firms in the US. Over the years, he has helped his clients redesign business processes and organizations, and implement strategic IT programs around ERP, System Integration, Business Intelligence, and IT Infrastructure.
  • Jordan owns the worldwide mobility portfolio for TS Network Consulting and is a OneHP Mobility ambassador. His expertise centers on client and applications virtualization and enterprise mobility management technologies.
  • Eduardo Zepeda, WW TS Social Media Program Manager & Internal Communications for WW Technology Services Blogging on behalf of HP Technology Services (TS_Guest)
  • Ken Larson has over 30 years of experience in Information Technology aligning business to technology. As an Enterprise Architect, he has delivered many successful architecture related services across business and government sectors in manufacturing, insurance, banking, oil, utilities, US state and federal governments. He is certified in TOGAF and IT Service Management.
  • Laura Cunningham is a CPA and business consultant with HP Technology Services Consulting. She helps CIOs and their teams bridge the gap between what the CIO wants and what the CFO requires by building a comprehensive business case that can withstand financial scrutiny.
  • Broad mix of experiences developed in more than 20 years of technology-driven innovation. Fascinated by changes triggered by mix of behavior, needs and technology. Bachelor in Theoretical Physics.
  • Patrick Lownds is a Senior Technology Consultant and is involved in designing and delivering both Client Virtualization and Cloud Computing solutions in the datacenter. Patrick co-authored “Mastering Hyper-V Deployment
  • I've been working in HP since 2007 like IT agent, developer, Web designer and then like Web Project Manager
  • I work with HP customers to help them create business value with strategic service management. I am a senior ITIL examiner and I have written many ITIL books and pocket guides. Find out more at www.hp.com/go/stuartrance or Follow me on Twitter @StuartRance
  • I’m a Global Chief Engineer certified Exchange Architect and Master (MCA and MCM), specializing in Messaging, Mobility, Private Cloud, Unified Communications and Collaboration. This relates to all work to coordinate sales, pursuit and delivery readiness in all services that relate to HP's portfolio around Microsoft Exchange. Includes internal readiness as well as external events, analyst briefings. With 25+ year’s experience in the industry. Thomas has been involved with Microsoft products since 1993. Specialties: - Architecting complex public and private Cloud solutions for Exchange, SharePoint and Lync in standard, dedicated or hybrid scenarios. - Lead the HP specialists team unit to win and acheive our business targets and budget - Drive HP's Exchange Services for Private Cloud - Working with partners, vendors and internal teams to align, expand and grow HP's strategy.
  • Tom Clement has over 30 years experience in the areas of adult learning, secondary education, and leadership development. During this time Tom has been a consistent champion of “non-traditional” training delivery methods, including blended learning, virtual delivery (self paced and instructor led), the use of training games and simulations, and experiential learning. Tom has spent the past 25 years of his career at Hewlett Packard, focused most recently on HP’s global Virtualization, Cloud, and Converged Infrastructure customer training programs. Tom manages the strategic direction and overall performance of these training programs, ensuring these worldwide programs help HP’s customers capitalize on the business opportunities made available by IT advancements in each of these subject areas. Tom and his global teammates utilize best in class instructors, course content and supporting equipment infrastructure to deliver these training programs to HP’s customers. The team prides itself on providing the Virtualization, Cloud, and Converged Infrastructure content customers need when and where they need it, anywhere in the world. Tom is based in the Washington, DC suburbs and can be reached at tom.clement@hp.com.
  • Tari is a Distinguished Technologist with 30 years of IT and cyber security experience. He is dual board certified in information security/business continuity and is responsible for a wide range of management and technology consulting services encompassing information security, disaster recovery, privacy, and risk management. His problem-solving skills, knowledge of various technology platforms, compliance statutes, industries, as well as his experience in deploying defense-in-depth and InfoSec Program solution architectures is commonly applied when advising CIOs/CISOs as well as leveraged in numerous HP client engagements throughout the world. Tari has designed, built, and managed some of the world’s largest InfoSec programs allowing them to defend against even the most aggressive attackers.
  • I provide technical consulting services at all phases including analysis, planning, design and implementation. I have a wide range of experience in WAN and LAN technologies, as well as providing security solutions and deploying operating system infrastructure. Besides working directly with clients to deploy technology in their data centers, I also find myself architecting or discussing solutions with a business’s chief information officer, helping to lay out a roadmap for the coming years.
  • Bill is the Principal Data Center Energy Technologist for HP Technology Services. Kosik is a licensed professional engineer, LEED Accredited Professional, a Certified Energy Manager, and a Building Energy Modeling Professional. He is responsible for research and implementation of sustainable, energy-efficient, and environmentally responsible design strategies for data centers. He is currently a subject matter expert for the USGBC on the new LEED Data Centers, the EPA/DOE on unification of energy metrics, and the Green Grid on responding to the EPA’s Energy Star for Data Centers program. He has an engineering degree from the University of Illinois at Urbana-Champaign.
Follow Us