Virtualization is about lying
by Hu Yoshida on Sep 2, 2007
Eric Hibbard, the plain speaking Chair of the SNIA Security Technical Work Group, often says that Virtualization is about lying and security is about understanding the truth. I prefer to say that virtualization simplifies management and improves efficiency by masking the underlying physical complexity.
Eric also makes the point that if you are going to lie, you better be in position to know the truth as well. I whole heartedly agree with him there. That is why it is important to do your storage virtualization where you are also working with the truth and the only place to do that is in the storage control unit, not in the storage network. If you are virtualizing storage in the storage network, creating virtual volumes with mapping tables, while the real volumes, cache slots and track tables reside in the storage array, you have a disconnect and a potential for a security disaster, i.e., the loss or compromise of data..
A recent Computerworld article, “Virtualization stretching IT security pressures”raises the warning that server virtualization technology, which allows multiple operating systems to run different applications on a single computer, makes corporate systems far more vulnerable to hackers. Storage virtualization which enables multiple host systems to share the same storage resources also has similar security exposures, especially storage virtualization which resides in a network, since the use of a network opens up a whole new layer of attack points.
Virtualization in a storage controller is not dependent on a Network for connectivity. The USP V control unit can attach directly over any combination of its 256 FC ports. Other storage systems are limited to 64 FC ports or less. When we do connect to a network for increased connectivity, we give each host that shares the same physical storage port, its own private virtual port with a dedicated address space, which we call a Host Storage Domain. This means that multiple Host Connections which are defined by FC World Wide Names can share the same physical port for better utilization and management, but they can not see each others data. No other storage vendor provides this type of security for safe multi-tenancy. Virtualization in the network can not enforce this type of partitioning since it has no control of the storage ports, cache slots and track tables in the storage array.
Another security concern is denial of service or degradation of services. You want to protect against rogue storage users who don’t play well with others. This may be a data base user who decides to do a data base reorganization and ripples through the cache denying cache access to another host who may be trying to process a time critical application on the same storage array. With the USP V we can create dynamic partitions that limit the use of shared resources like cache. You can also give more cache and higher port priority to critical applications during their peak periods. We call this logical partitioning and are in the process of getting Common Criteria Certification which will assure users that there will be no data leakage between partitions and no escalation of management privileges between partitions.
All these features are security features that were architected into the USP V virtualization platform from the beginning. You can not add this with a software wrapper around existing architectures and you can not add these features on to appliances, or switch ports that reside in the network, far removed from the storage ports and cache of a physical storage array. .
The SNIA Security Technical work group is drafting a document on Best Current Practices for storage security. While these BCPs don’t dive into specific implementations of storage virtualization, they cover categories like, event logging, secure back up and replication, Trusted and Reliable infrastructure, management interfaces, access controls and privileges, etc. It represents the best collective thinking of the security experts in SNIA and is a work in process. It is well worth a read if you are responsible for defining storage security practices for your organization. With Sarbanes Oxley, there have been several instances where IT people were fired after an audit because they did not have a documented security plan. The Security BCPs will help you draft a solid security plan, and help you keep your data secure. You can down load it from the SNIA website if you are a SNIA member. If you are not a member, I encourage you to join and contribute to efforts like this…
I really appreciate your thoughts on Virtualization. Wish more industry titans would blog their thoughts on technology. Thank you. Go Hitachi! (BTW, my first two camcorders were Hitachis– VHS-C models from the 80′s.)