UNIT IV CLOUD MANAGEMENT, STORAGE AND SECURITY 8

Resource Provisioning and Methods – Cloud Management Products – Cloud Storage – Provisioning Cloud
Storage – Managed and Unmanaged Cloud Storage – Cloud Security Overview – Cloud Security Challenges –
Security Architecture design – Virtual Machine Security – Application Security –Data Security

4.1Resource Provisioning (Providing) and Platform Deployment

There are techniques to provision computer resources or VMs. Parallelism isexploited

at the cluster node level.
Provisioning of Compute Resources (VMs)
 Providers supply cloud services by signing SLAs with end users.
 The SLAs must specify resources such as
 CPU
 Memory
 Bandwidth
Users can use these for a preset (fixed) period.
 Under provisioning of resources will lead to broken SLAs and penalties.
 Over provisioning of resources will lead to resource underutilization, and consequently,
a decrease in revenue for the provider.
 Provisioning of resources to users is a challenging problem. The difficulty comes from
the following
o Unpredictability of consumer demand
o Software and hardware failures
o Heterogeneity of services
 o Power management
o Conflict in signed SLAs between consumers and service providers.

4.1.1 Provisioning Methods

Three cases of static cloud resource provisioning policies are considered.
Static cloud resource provisioning
case (a)
 over provisioning(Providing) with the peak load causes heavy resource waste (shaded
area).

case (b)

Under provisioning of resources results in losses by both user and provider. Users have paid for
the demand (the shaded area above the capacity) is not used by users.
 case (c)
Declining in user demand results in worse resource waste.

Constant provisioning
□ Fixed capacity to a declining user demand could result in even worse resource waste.
□ The user may give up the service by canceling the demand, resulting in reduced revenue
for the provider.
□ Both the user and provider may be losers in resource provisioning without elasticity.
Resource-provisioning methods are
 Demand-driven method - Provides static resources and has been used in grid computing
 Event-driven method - Based on predicted workload by time.
 Popularity-Driven Resource Provisioning – Based on Internet traffic monitored

4.1.2 Demand Driven Methods

 Provides Static resources
 This method adds or removes nodes (VM) based on the current utilization(Use) level of
the allocated resources.
 When a resource has surpassed (exceeded) a threshold (Upperlimit) for a certain amount
of time, the scheme increases the resource (nodes) based on demand.
 When a resource is below a threshold for a certain amount of time, then resources could
be decreased accordingly.
 This method is easy to implement.
 The scheme does not work out properly if the workload changes abruptly.
4.1.3 Event-Driven Resource Provisioning
 This scheme adds or removes machine instances based on a specific time event.
 The scheme works better for seasonal or predicted events such as Christmastime in the
West and the Lunar New Year in the East.
 During these events, the number of users grows before the event period and thendecreases
during the event period. This scheme anticipates peak traffic before it happens.
 The method results in a minimal loss of QoS, if the event is predicted correctly

4.1.4 Popularity-Driven Resource Provisioning

 Internet searches for popularity of certain applications and allocates resources by
popularity demand.
  This scheme has a minimal loss of QoS, if the predicted popularity is correct.
 Resources may be wasted if traffic does not occur as expected.
 Again, the scheme has a minimal loss of QoS, if the predicted popularity is correct.
 Resources may be wasted if traffic does not occur as expected.

4.1.5 Dynamic Resource Deployment

 The cloud uses VMs as building blocks to create an execution environment across
multiple resource sites.
 Dynamic resource deployment can be implemented to achieve scalability in performance.
 Peering arrangements established between gateways enable the allocation of resources
from multiple grids to establish the execution environment.
 Dynamic resource deployment can be implemented to achieve scalability in performance.
 InterGrid is used for interconnecting distributed computing infrastructures.
 InterGrid provides an execution environment on top of the interconnected infrastructures.
 IGG(InterGridGateway) allocates resources from an
Organization’s local cluster (Or)
Cloud provider.
□ Under peak demands, IGG interacts with another IGG that can allocate resources from a
cloud computing provider.
□ Component called the DVE manager performs resource allocation and management.
□ Intergrid gateway (IGG) allocates resources from a local cluster three steps:
(1) Requesting the VMs(Resources)
(2) Enacting (Validate) the leases
(3) Deploying (install) the VMs as requested.

Fig: Cloud resource deployment using an IGG (intergrid gateway) to allocate the VMs
from a Local cluster to interact with the IGG of a public cloud provider.
□ Under peak demand, this IGG interacts with another IGG that can allocate resources from
a cloud computing provider.
□ A grid has predefined peering arrangements with other grids, which the IGG manages.
□ Through multiple IGGs, the system coordinates the use of InterGrid resources.
□ An IGG is aware of the peering terms with other grids, selects suitable grids that can
provide the required resources, and replies to requests from other IGGs.
□ Request redirection policies determine which peering grid InterGrid selects to process a
request and a price for which that grid will perform the task.
□ An IGG can also allocate resources from a cloud provider.
□ The InterGrid allocates and provides a distributed virtual environment (DVE).
 □ This is a virtual cluster of VMs that runs isolated from other virtual clusters.
□ A component called the DVE manager performs resource allocation and management on
behalf of specific user applications.
□ The core component of the IGG is a scheduler for implementing provisioning policies
and peering with other gateways.
□ The communication component provides an asynchronous message-passing mechanism.

4.1.6 Provisioning of Storage Resources

 Storage layer is built on top of the physical or virtual servers.
 Data is stored in the clusters of the cloud provider.
 The service can be accessed anywhere in the world.
□ Eg:
 E-mail system might have millions of users and each user can have thousands of e-mails
and consume multiple gigabytes of disk space.
 Web searching application.
 To store huge amount of information solid-state drives are used instead of hard disk
drives
In storage technologies, hard disk drives may be augmented (increased) with solid-state drives in
the future.

4.2 Virtual Machine Creation and Management

The managers provide a public API for users to submit and control the VMs
.
Fig. Virtual Machine Creation and Management

Independent Service Management:

 Independent services request facilities to execute many unrelated tasks.
 Commonly, the APIs provided are some web services that the developer can use
conveniently.

Running Third-Party Applications

 Cloud platforms have to provide support for building applications that are constructed by
third-party
application providers or programmers.

 The APIs are often in the form of services.

 Web service application engines are often used by programmers for building applications.
 The web browsers are the user interface for end users.

Virtual Machine Manager

The manager manage VMs deployed on a set of physical resources
  VIEs(Virtual Infrastructure Engine) can create and stop VMs on a physical cluster
 Users submit VMs on physical machines using different kinds of hypervisors
 To deploy a VM, the manager needs to use its template.
 Virtual Machine Templates contains a description for a VM with the following static
information:
o The number of cores or processors to be assigned to the VM
o The amount of memory the VM requires
o The kernel used to boot the VM’s operating system.
o The price per hour of using a VM
 OAR/Kadeploy is a deployment tool
 API(Application Programming Interface) - An API is a software intermediary that
makes it possible for application programs to interact with each other and share data

Virtual Machine Templates

 A VM template is analogous to a computer’s configuration and contains a description
for a VM with the following static information:
 The number of cores or processors to be assigned to the VM
 The amount of memory the VM requires
 The kernel used to boot the VM’s operating system
 The disk image containing the VM’s file system
 The price per hour of using a VM

Distributed VM Management
 A distributed VM manager makes requests for VMs and queries their status.
 This manager requests VMs from the gateway on behalf of the user application.
 The manager obtains the list of requested VMs from the gateway.
 This list contains a tuple of public IP/private IP addresses for each VM with Secure
Shell (SSH) tunnels.
4.2 Security
 Virtual machines from multiple organizations have to be co-located on the same physical
server in order to maximize the efficiencies of virtualization.

 Cloud service providers must learn from the managed service provider (MSP) model and
ensure that their customers' applications and data are secure if they hope to retain their
customer base and competitiveness.
 Cloud environment should be free from abuses, cheating, hacking, viruses, rumors, and
privacy and copyright violations.

4.2.1 Cloud Security Challenges

 In cloud model users lose control over physical security.
 In a public cloud, users are sharing computing resources with other companies.
 When users share the environment in the cloud, it results in data at risk of seizure
(attack).
 Storage services provided by one cloud vendor may be incompatible with anothervendor’s
services; this results in unable to move from one to the other.
 Vendors create ―sticky services‖.
 Sticky services are the services which makes end user, in difficulty while transporting
from one cloud vendor to another.

Example: Amazon’s ―Simple Storage Service‖ [S3] is incompatible with IBM’s Blue Cloud, or
Google, or Dell).
 Customers want their data encrypted while data is at rest (data stored) in the cloud
vendor’s storage pool.
 Data integrity means ensuring that data is identically maintained during any operation
(such as transfer, storage, or retrieval).
 Data integrity is assurance that the data is consistent and correct.
 One of the key challenges in cloud computing is data-level security.
 It is difficult for a customer to find where its data resides on a network controlled by its
provider.
 Some countries have strict limits on what data about its citizens can be stored and for
how long.
 Banking regulators require that customers’ financial data remain in their home country.
 Security managers will need to pay particular attention to systems that contain critical data
such as corporate financial information.
 Outsourcing (giving rights to third party) loses control over data and not a good idea from
a security perspective.
 Security managers have to interact with company’s legal staff to ensure that appropriate
contract terms are in place to protect corporate data.
 Cloud-based services will result in many mobile IT users accessing business data and
services without traversing the corporate network.
 This will increase the need for enterprises to place security controls between mobile users
and cloud-based services.
 Placing large amounts of sensitive data in a globally accessible cloud leaves organizations
open to large distributed threats—attackers no longer have to come onto thepremises to
steal data, and they can find it all in the one "virtual" location.
 Virtualization efficiencies in the cloud require virtual machines from multiple
organizations to be collocated on the same physical resources.
 Although traditional data center security still applies in the cloud environment, physical
segregation and hardware-based security cannot protect against attacks between virtual
machines on the same server.
 The dynamic and fluid nature of virtual machines will make it difficult to maintain the
consistency of security and ensure the auditability of records.
 The ease of cloning and distribution between physical servers could result in the
propagation of configuration errors and other vulnerabilities.
 Localized virtual machines and physical servers use the same operating systems as well as
enterprise and web applications in a cloud server environment, increasing the threat of an
attacker or malware exploiting vulnerabilities in these systems and applications remotely.
 Virtual machines are vulnerable as they move between the private cloud and the public
cloud.
 Operating system and application files are on a shared physical infrastructure in a
virtualized cloud environment and require system, file, and activity monitoring to provide
 confidence and auditable proof to enterprise customers that their resources have not been
compromised or tampered with.
 The Intrusion Detection System(IDS) and Intrusion Prevention Systems(IPS) detects
malicious activity at virtual machine level.
 The co-location of multiple virtual machines increases the threat from attacker.
 If Virtual machines and physical machine use the same operating systems in a cloud
environment, increases the threat from an attacker.
 A fully or partially shared cloud environment is expected to have a greater attack than
own resources environment.
 Virtual machines must be self-defending.
 Cloud computing provider is in-charge of customer data security and privacy.

4.2.2 Software as a Service Security (Or) Data Security (Or) Application Security (Or)
Virtual Machine Security.

Cloud computing models of the future will likely combine the use of SaaS (and other
XaaS's as appropriate), utility computing, and Web 2.0 collaboration technologies to leverage the
Internet to satisfy their customers' needs. New business models being developed as a result of the
move to cloud computing are creating not only new technologies and business operational
processes but also new security requirements and challenges
 Fig: Evolution of Cloud Services

SaaS plays the dominant cloud service model and this is the area where the most critical need for
security practices are required
Security issues that are discussed with cloud-computing vendor:
1. Privileged user access—Inquire about who has specialized access to data, and about the
hiring and management of such administrators.
2. Regulatory compliance—Make sure that the vendor is willing to undergo external audits
and/or security certifications.
3. Data location—Does the provider allow for any control over the location of data?
4. Data segregation—Make sure that encryption is available at all stages, and that these
encryption schemes were designed and tested by experienced professionals.
5. Recovery—Find out what will happen to data in the case of a disaster. Do they offer complete
restoration? If so, how long would that take?
6. Investigative support—Does the vendor have the ability to investigate any inappropriate or
illegal activity?
7. Long-term viability—What will happen to data if the company goes out of business? How
will data be returned, and in what format?
The security practices for the SaaS environment are as follows:
Security Management (People)
 One of the most important actions for a security team is to develop a formal charter for
the security organization and program.
 This will foster a shared vision among the team of what security leadership is driving
toward and expects, and will also foster "ownership" in the success of the collective team.
 The charter should be aligned with the strategic plan of the organization or company the
security team works for.

Define Data Security.

The ultimate challenge in cloud computing is data-level security, and sensitive data is the domain of the
enterprise, not the cloud computing provider. Security will need to move to the data level so that enterprises can
be sure their data is protected wherever it goes.
Define Application Security.
Application security is one of the critical success factors for a world-class SaaS company. This is where the
security features and requirements are defined and application security test results are reviewed. Application
security processes, secure coding guidelines, training, and testing scripts and tools are typically a collaborative
effort between the security and the development teams.
Define Virtual Machine Security.
virtual machine security, which connects the machine back to the mother ship, has some advantages in that the
security software can be put into a single software agent that provides for consistent control and management
throughout the cloud while integrating seamlessly back into existing security infrastructure investments,
providing economies of scale, deployment, and cost savings for both the service provider and the enterprise.

Data Security
The challenge in cloud computing is data-level security.
Security to data is given by
Encrypting the data
Permitting only specified users to access the data.
Restricting the data not to cross the countries border.
For example, with data-level security, the enterprise can specify that this data is not allowed togo
outside of the India.

Application Security
This is collaborative effort between the security and product development team.
Application security processes
o Secure coding guidelines
o Training
o Testing scripts
o Tools
Penetration Testing is done to a System or application.
Penetration Testing is defined as a type of Security Testing used to test the insecure areas of
the system or application.
 The goal of this testing is to find all the security vulnerabilities that are present in the system
being tested.
SaaS providers should secure their web applications by following Open Web Application
Security Project (OWASP) guidelines for secure application development, by locking down
ports and unnecessary commands

4.3 Virtual Machine Security

In the cloud environment, physical servers are consolidated (combined) to multiple virtual
machine instances.
Following are deployed on virtual machines to ensure security
Firewalls
Intrusion detection and prevention
Integrity monitoring
Log inspection
Virtual servers have security requirements identical to those of physical servers. The same
applies to the applications and services they host. Virtualization provides security benefits: each
virtual machine has a private security context, potentially with separate authentication and
authorization rules, and with separate process, name and file system spaces. Deploying
applications onto separate virtual machines provides better security control compared to running
multiple applications on the same host operating system: penetrating one virtual machine's OS
doesn't necessarily compromise workload and data residing in other virtual machines. Nonetheless,
some practices should be kept in mind to prevent virtualization from introducing security
vulnerabilities.
One aspect is physical security. Virtual infrastructure is not as 'visible' as physical
infrastructure: there is no sticky label on a virtual machine to indicate its purpose and security
classification. If a datacenter identifies servers with extremely high security requirements, and
physically isolates them in a locked room or cage to prevent tampering or theft of data, then the
physical machines hosting their virtualized workloads should be isolated in a similar way. Even
without secured areas, many institutions keep workloads of different security classes on different
servers. Those same isolation rules apply for virtual machines. Care should be taken to ensure
that the protected virtual machines are not migrated to a server in a less secure location. In the
context of Oracle VM, this implies maintaining separate server pools, each with their own group
of servers.
These rules of isolation should also be applied to networking: there are no color coded
network cables to help staff identify and isolate different routes, segments and types network traffic
to and from virtual machines or between them. There are no visual indicators that help ensure that
application, management, and backup traffic are kept separate. Rather than plug network cables
into different physical interfaces and switches, the Oracle VM administrator must ensure that the
virtual network interfaces are connected to separate virtual networks. Specifically, use VLANs to
isolate virtual machines from one another, and assign virtual networks for virtual machine traffic
to different physical interfaces from those used for management, storage or backup. These can all
be controled from the Oracle VM Manager user interface. Ensure that secure live migration is
selected to guarantee that virtual machine memory data is not sent acrossthe wire unencrypted.
Additional care must be given to virtual machine disk images. In most cases the virtual
disks are made available over the network for migration and failover purposes. In many cases they
are files, which could easily be copied and stolen if the security of network storage is compromised.
Therefore it is essential to lock down the NAS or SAN environments and prevent unauthorized
access. An intruder with root access to a workstation on the storage network could mount storage
assets and copy or alter their contents. Use a separate network for transmission between the storage
servers and the Oracle VM hosts to ensure its traffic is not made public and subject to being
snooped. Make sure that unauthorized individuals are not permitted to log into the Oracle VM
Servers, as that would give them access to the guests' virtual disk images, and potentially much
more.
All of these steps require controlling access to the Oracle VM Manager and Oracle VM
Server domain 0 instances. Network access to these hosts should be on a private network, and the
user accounts able to log into any of the servers in the Oracle VM environment should be
rigorously controlled, and limited to the smallest possible number of individuals.
  Cloud service providers must learn from the managed service provider (MSP) model and
ensure that their customers' applications and data are secure if they hope to retain their
customer base and competitiveness.
 Cloud environment should be free from abuses, cheating, hacking, viruses, rumors, and
privacy and copyright violations.

4.2.1 Cloud Security Challenges

 In cloud model users lose control over physical security.
 In a public cloud, users are sharing computing resources with other companies.
 When users share the environment in the cloud, it results in data at risk of seizure
(attack).
 Storage services provided by one cloud vendor may be incompatible with anothervendor’s
services; this results in unable to move from one to the other.
 Vendors create ―sticky services.
 Sticky services are the services which makes end user, in difficulty while transporting
from one cloud vendor to another.

Example: Amazon’s ―Simple Storage Service‖ [S3] is incompatible with IBM’s Blue Cloud, or
Google, or Dell).
 Customers want their data encrypted while data is at rest (data stored) in the cloud
vendor’s storage pool.
 Data integrity means ensuring that data is identically maintained during any operation
(such as transfer, storage, or retrieval).
 Data integrity is assurance that the data is consistent and correct.
 One of the key challenges in cloud computing is data-level security.
 It is difficult for a customer to find where its data resides on a network controlled by its
provider.
 Some countries have strict limits on what data about its citizens can be stored and for
how long.
 Banking regulators require that customers’ financial data remain in their home country.
 Security managers will need to pay particular attention to systems that contain critical data
such as corporate financial information.
 Outsourcing (giving rights to third party) loses control over data and not a good idea from
a security perspective.
 Security managers have to interact with company’s legal staff to ensure that appropriate
contract terms are in place to protect corporate data.
 Cloud-based services will result in many mobile IT users accessing business data and
services without traversing the corporate network.
 This will increase the need for enterprises to place security controls between mobile users
and cloud-based services.
 Placing large amounts of sensitive data in a globally accessible cloud leaves organizations
open to large distributed threats—attackers no longer have to come onto thepremises to
steal data, and they can find it all in the one "virtual" location.
 Virtualization efficiencies in the cloud require virtual machines from multiple
organizations to be collocated on the same physical resources.
 Although traditional data center security still applies in the cloud environment, physical
segregation and hardware-based security cannot protect against attacks between virtual
machines on the same server.
 The dynamic and fluid nature of virtual machines will make it difficult to maintain the
consistency of security and ensure the auditability of records.
 The ease of cloning and distribution between physical servers could result in the
propagation of configuration errors and other vulnerabilities.
 Localized virtual machines and physical servers use the same operating systems as well as
enterprise and web applications in a cloud server environment, increasing the threat of an
attacker or malware exploiting vulnerabilities in these systems and applications remotely.
 Virtual machines are vulnerable as they move between the private cloud and the public
cloud.
 Operating system and application files are on a shared physical infrastructure in a
virtualized cloud environment and require system, file, and activity monitoring to provide
 confidence and auditable proof to enterprise customers that their resources have not been
compromised or tampered with.
 The Intrusion Detection System(IDS) and Intrusion Prevention Systems(IPS) detects
malicious activity at virtual machine level.
 The co-location of multiple virtual machines increases the threat from attacker.
 If Virtual machines and physical machine use the same operating systems in a cloud
environment, increases the threat from an attacker.
 A fully or partially shared cloud environment is expected to have a greater attack than
own resources environment.
 Virtual machines must be self-defending.
 Cloud computing provider is incharge of customer data security and privacy.

4.2.2 Software as a Service Security (Or) Data Security (Or) Application Security (Or)
Virtual Machine Security.

Cloud computing models of the future will likely combine the use of SaaS (and other
XaaS's as appropriate), utility computing, and Web 2.0 collaboration technologies to leverage the
Internet to satisfy their customers' needs. New business models being developed as a result of the
move to cloudcomputing are creating not only new technologies and business operational
processes but also newsecurity requirements and challenges
 Fig: Evolution of Cloud Services

SaaS plays the dominant cloud service model and this is the area where the most critical need for
security practices are required
Security issues that are discussed with cloud-computing vendor:
1. Privileged user access—Inquire about who has specialized access to data, and about the
hiring and management of such administrators.
2. Regulatory compliance—Make sure that the vendor is willing to undergo external audits
and/or security certifications.
3. Data location—Does the provider allow for any control over the location of data?
4. Data segregation—Make sure that encryption is available at all stages, and that these
encryption schemes were designed and tested by experienced professionals.
5. Recovery—Find out what will happen to data in the case of a disaster. Do they offer complete
restoration? If so, how long would that take?
6. Investigative support—Does the vendor have the ability to investigate any inappropriate or
illegal activity?
7. Long-term viability—What will happen to data if the company goes out of business? How
will data be returned, and in what format?
The security practices for the SaaS environment are as follows:
Security Management (People)
 One of the most important actions for a security team is to develop a formal charter for
the security organization and program.
 This will foster a shared vision among the team of what security leadership is driving
toward and expects, and will also foster "ownership" in the success of the collective team.
 The charter should be aligned with the strategic plan of the organization or company the
security team works for.
Data Security
The challenge in cloud computing is data-level security.
Security to data is given by
Encrypting the data
Permitting only specified users to access the data.
Restricting the data not to cross the countries border.
For example, with data-level security, the enterprise can specify that this data is not allowed togo
outside of the India.
Application Security
This is collaborative effort between the security and product development team.
Application security processes
o Secure coding guidelines
o Training
o Testing scripts
o Tools
Penetration Testing is done to a System or application.
Penetration Testing is defined as a type of Security Testing used to test the insecure areas of
the system or application.
 The goal of this testing is to find all the security vulnerabilities that are present in the system
being tested.
SaaS providers should secure their web applications by following Open Web Application
Security Project (OWASP) guidelines for secure application development, by locking down
ports and unnecessary commands

4.3 Virtual Machine Security

In the cloud environment, physical servers are consolidated (combined) to multiple virtual
machine instances.
Following are deployed on virtual machines to ensure security
Firewalls
Intrusion detection and prevention
Integrity monitoring
Log inspection
Virtual servers have security requirements identical to those of physical servers. The same
applies to the applications and services they host. Virtualization provides security benefits: each
virtual machine has a private security context, potentially with separate authentication and
authorization rules, and with separate process, name and file system spaces. Deploying
applications onto separate virtual machines provides better security control compared to running
multiple applications on the same host operating system: penetrating one virtual machine's OS
doesn't necessarily compromise workload and data residing in other virtual machines. Nonetheless,
some practices should be kept in mind to prevent virtualization from introducing security
vulnerabilities.
One aspect is physical security. Virtual infrastructure is not as 'visible' as physical
infrastructure: there is no sticky label on a virtual machine to indicate its purpose and security
classification. If a datacenter identifies servers with extremely high security requirements, and
physically isolates them in a locked room or cage to prevent tampering or theft of data, then the
physical machines hosting their virtualized workloads should be isolated in a similar way. Even
without secured areas, many institutions keep workloads of different security classes on different
servers. Those same isolation rules apply for virtual machines. Care should be taken to ensure
that the protected virtual machines are not migrated to a server in a less secure
location. In the context of Oracle VM, this implies maintaining separate server
pools, each with their own group of servers.
These rules of isolation should also be applied to networking: there are
no color coded network cables to help staff identify and isolate different routes,
segments and types network traffic to and from virtual machines or between
them. There are no visual indicators that help ensure that application,
management, and backup traffic are kept separate. Rather than plug network
cables into different physical interfaces and switches, the Oracle VM
administrator must ensure that the virtual network interfaces are connected to
separate virtual networks. Specifically,use VLANs to isolate virtual machines
from one another, and assign virtual networks for virtual machine traffic to
different physical interfaces from those used for management, storage or
backup. These can all be controled from the Oracle VM Manager user interface.
Ensure that secure live migration is selected to guarantee that virtual machine
memory data is not sent acrossthe wire unencrypted.
Additional care must be given to virtual machine disk images. In most
cases the virtual disks are made available over the network for migration and
failover purposes. In many cases they are files, which could easily be copied and
stolen if the security of network storage is compromised. Therefore it is essential
to lock down the NAS or SAN environments and prevent unauthorized access.
An intruder with root access to a workstation on the storage network could
mount storage assets and copy or alter their contents. Use a separate network for
transmission between the storage servers and the Oracle VM hosts to ensure its
traffic is not made public and subject to being snooped. Make sure that
unauthorized individuals are not permitted to log into the Oracle VM Servers,
as that would give them access to the guests' virtual disk images, and potentially
much more.
All of these steps require controlling access to the Oracle VM Manager
and Oracle VM Server domain 0 instances. Network access to these hosts should
be on a private network, and theuser accounts able to log into any of the servers
in the Oracle VM environment should be rigorously controlled, and limited to
the smallest possible number of individuals.