posted

1 Comment

Hi!

I’m happy to announce the availability of a whitepaper that I had been working on much of the past year. Since I joined VMware back in January of 2013, an almost weekly request was for a whitepaper that help IT team explain the security of the VMware vSphere hypervisor, a.k.a. ESXi, to a security professional.

Frequently, the IT folks would encounter statements like “How can we trust the hypervisor?” or “I’ve heard of this  VM Escape thing, what’s to stop a VM from corrupting or attacking the hypervisor?”. Yes, I know, to many of you that’s “so 2008” but in actuality, it’s an almost weekly question that still comes up!

So I set out not to just address those types of questions but to also cover, at a high level, the typical questions a security person would ask of their IT person. This is the whitepaper that you, as an IT professional, can hand to your security team and say “Go read this first, then let’s have an informed conversation”.

The topics covered in the paper are:

  • Secure Virtual Machine Isolation in Virtualization
  • Network Isolation
  • Virtualized Storage
  • Secure Management
  • Platform Integrity Protection
  • VMware’s Secure Development Lifecycle

Finding the right level of detail to go into a paper like this is always a challenge. The paper, at 25 pages, is meant as an overview to a specific audience, the security professional. In order to keep the paper at a reasonable length, some deep dive content is referenced in existing materials. On the last page is a list of 19 references that I used in producing the paper.

It’s my hope that this paper helps foster an understanding of the technologies involved and where to be concentrating your security energies. Hint: Good Operational Hygiene! Doing things at scale means you need to be WAY better at operational security!

Please leave your feedback here or send it to me in email. (mfoley@vmware) I look forward to hearing if this paper is useful to you. You can find the whitepaper on the VMware Tech Resources page and directly here.

Thanks for reading!

mike

About the Author

Mike Foley

Mike Foley is a Senior Technical Marketing Architect at VMware. His primary focus is on security of the core platform, vSphere. His primary goal is to help IT/VI Admins build more secure platforms that stand up to scrutiny from security teams with the least impact to IT Operations. Mike is also the current author of the vSphere Security Configuration (formerly Hardening) Guide. Previously, Mike was on the evangelist team at RSA where he concentrated on virtualization and cloud security and contributed as a member of the product architect team. Mike has a personal blog at https://yelof.com and contributes to the VMware vSphere and Security blogs as well. Follow him at @vSphereSecurity on Twitter