Questions? Contact Us

 

Latest News

Featured News & Events

Securing Xen in a Distributed Environment

Xen is one of the newest virtualization platforms available that can securely run multiple virtual guest servers, each running its own operating system, on a single physical system with close to native performance.  It is available on many Linux platforms as an open source application and directly from XenSource Inc. 



With the advent of multiple core processors and Xen, it is possible to virtualize an entire data center and fit 50 or more independent servers into one Xen server.  There are a number of third-party tools or known as management consoles have been developed to facilitate the common tasks of administering a Xen host, such as configuring, starting, monitoring and stopping of Xen guests. Examples include Enomalism, Xen Tools, Google's Ganeti, MLN, HyperVM, FluidVM, ConVirt (formerly XenMan) and Red Hat's Virtual Machine Manager, virt-manager.  Unfortunately, all of them fall short in one area or another in a distributed, secure and automated environment.

I will not get into how each of these management programs work but with few exceptions, they require complex installations into the Domain-0 or privileged domain and require incoming connections to it, or require a local desktop tool.  While this is convenient, it is not completely secure and can potentially lead to vulnerabilities.  If Domain-0 is ever compromised, all other guest domains running in it are vulnerable as well.  As a basic for security, the following should be required:

  1. Run the smallest number of necessary services on Domain-0.

  2. Use a firewall to restrict the traffic Domain-0.

  3. Do not allow users to access Domain-0.

  4. Do not allow any incoming connections to Domain-0.

So, How do you manage a Xen server remotely if you cannot directly access Domain-0 you say?  The answer is almost too simple, Domain-0 will use outgoing connections to a remote server.  This not only allows the server to be more secure, it can potentially reduce memory and load requirements of the management domain.

Currently, we have working scripts that can provision and manage guest domains as well as send statistics to a remote server.  These scripts are only just beginning but are currently working in a production environment.  Each are released using GPL licensing in hopes that others will gain some use and provide feedback so we can make managing xen servers easier and more secure.

Act Now To Prevent Data Breaches
OpenSSL Vulnerability

Related Posts

 

Tag Cloud

vps Email follow.The HIPAA Privacy Rule credit cards stolen ZZ Servers Co-Founder Domani Names kerio physical security BSides Presentation amazon ec2 Web Hosting Business Solutions information technology ipad log files Online Business PCI IT Solutions Xen Accountability Act cybersecurity ICANN Payment Card Industry HIPAA solutions physical dsbl credit card payment business solutions computer networks Interworx-CP mail server search PCI Compliance windows 7 cyber monitoring black friday IT security Car Hacking members area caller-id pci complliant hosting eCommerce Solutions Server Mangement cell phone email IT solutions Ubuntu protect data TiaraCon motivation Sysadmin Debian employee training DEF CON phishing PCI Service Provider Internet Corporation Medical Records apache blackberry Cybersecurity Business Solutions compliant hosting Health Care Cybersecurity INFOSEC Healthcare Records Zendzian TLS small business David Zendzian data protection Hosting lamp data privacy Positive Customer Impact anti virus IT Services HIPAA Las Vegas Control Panel HIPPA HIPAA Solutions Internet spf infrastructure cyber monday PCI DSS 3.2 hosting control panel spam compliance cloud infrastructure management PCI Audit Cybersecurity Hackers two factor authentication Security logical security education shared folders Health Insurance Portability Information Technology HIDS embedded GDPR DRP Firetalk IT services spoofing security openssl Compliance bash credit card PCI Solutions Alarm Cloud Computing security circles recovering data IT Geekend safe computing shared server eCommerce healthcare solutions Business Planning Shmoocon Continuous Monitoring National Cyber Security Awareness Month VPS Servers Announcement assesment QSA Linux businesses data breach Credit Cards support arduino health care providers multi-factor authentication Scalable Redundant Cloud Infrastructure social engineering personal information Disaster Recovery Plan InterWorx World Backup Day smartphone ZZ Servers sender policy exchange malicious software business community backup solutions OSSEC phishing attacks activesync Home Depot Breach Medical Solutions cloud cyber liability insurance cli shared secure hosting Internet infrastructure PCI Data Security Standards business Credit Card Security computer security CentOs password PCI Hosting permissions cyber cyber protection PCI compliance teensy cyber security Reports intrusion detection Small Business command line trends passwords vulnerability scanning email accounts Windows SSL change Vulnerability qsa network computing in the cloud Assigned Names Charleston video dss iphone vyatta router firewall filter security PCI HIPAA business solitions shared hosting