Data Center Virtualization Benefits and the Security Challenge


Virtualization – Concept of a Software Defined Datacenter

Virtualization, the act of creating a virtual version of a device or resource (such as a server, storage device, network or even an operating system) has recently spawned the concept of a Software Defined Datacenter (SDDC). By leveraging SDDC, organizations are optimizing hardware, minimizing capital expenditures by using fewer physical servers, decreasing the time it takes to deploy new applications, and lowering power and cooling expenses in an effort to avoid common virtualization security issues. Even more, virtual resources can be moved across physical data center locations extremely quickly and easily.

Data Center Virtualization Benefits

With data center virtualization, organizations can dynamically allocate workloads from their private cloud to a public cloud.  In doing so, enterprises ensure a robust computing environment for their users and pay only for increased capacity when and for how long it’s needed—rather than building (and spending) for maximum capacity.

If you take a moment to ponder the many advantages of being able to dynamically move computing resources between physical locations as part of a SDDC, you may begin to wonder, “Hey, wait a minute, what about my routing? Won’t IP addresses and gateways need to change?”  This is where Software Defined Networking (SDN) and Network Functions Virtualization (NFV) come into play.

Software Defined Networking and Security

SDN essentially abstracts the control and forwarding functions from individual networking components to a centralized point of control, creating an API-like interface to the network— allowing traffic control and forwarding decisions to be scripted and programmed.  This can be powerful method for ensuring that traffic forwarding is based on multiple factors at the time the forwarding decision is being made.

NFV essentially virtualizes the networking hardware allowing enterprises to replace specialized hardware (routers/switches) with commodity hardware and rely on hypervisors to virtualize the networking hardware.  NFV looks to offer users the same type of benefits that can be found with server virtualization, such as optimized hardware, lowered IT costs, reduced requirements for utilizing specialized hardware, and so on.
Many security vendors have been embracing data center virtualization. At a minimum, they simply converted their appliances to virtual instances, allowing customers to save money by not purchasing specialized hardware.  More importantly, they are modifying their security services to operate at the hypervisor layer—offering scalability for the VMs being hosted.  This allows security to be applied consistently across VMs without the need for agents on the VMs themselves. Additionally, by virtualizing network sensors (e.g. IPS) users are given the same protections that are available on the physical LAN, and can provide a combined view of both virtual and physical assets—offering greater security flexibility, incident response, and ultimately security intelligence.

Virtualization is a powerful, exciting force in IT, allowing companies new ways of maximizing their IT spending.  However, with virtualization comes new security challenges that need to be addressed in order to adequately protect critical company data.  Fortunately, with SDN and NFV capabilities, enhanced security intelligence will help to close the security gap across physical and virtual IT assets.