Protecting the “Last Mile” of Virtualized Infrastructure
The telecommunications network operators refer to the final leg of the connection to end-users as the “last mile”. While fiber may run close by, completing that last mile has been a challenge and elusive. The same can be said for organizations leveraging virtualization. Those “last mile” goals, or more accurately stated, driving virtualization to that last 20% of their infrastructure, have for a variety of reasons been difficult to achieve.
What’s holding back the progress? Virtualizing the servers and applications that run the company intranet with the cafeteria menu and company picnic schedule was a no brainer. For the really critical resources that run the business the security and operational risks have been higher. Take for instance an organization’s Active Directory domain controllers. AD domain controllers are the keys to the kingdom with a store of critical user and system credentials that if compromised, would provide an attacker a goldmine to work with. Additionally, with everything from printers to the ability of individual users to even login to the network depending upon the availability of domain controllers, if those systems are down not much gets done in the organization. VMware provides information to help organizations work through virtualizing their Active Directory Domain Controllers here. There they note the risk commenting, “The virtualization of domain controllers comes under scrutiny because of the perceived ease with which a virtual domain controller can be moved or migrated and its virtual hard disk copied. The ability to gain access to a vCenter Server or a VMware ESXi host to the level that allows a malicious user to control a virtualized domain controller exposes a larger issue with infrastructure security.”
One of our customers recently pushed through this “last mile” and identified virtualization of their AD domain controllers as a huge “last mile” opportunity. Yes they were concerned about the potential security risk, but domain controllers have relatively low sustained performance requirements and can leverage the resource pooling that virtualization can provide. But particularly when virtualized, these domain controllers must be secure and protected, again a concern that holds many organizations back from tackling their last 20% and recognizing further cost advantages.
In this case the benefit from migrating their domain controllers to virtualized instances was huge. In doing so, a server infrastructure refresh was achieved with a significant cost savings. The saving came from increasing virtual machine density and eliminating dedicated hardware needed for their security requirements for isolation and protection. In order to achieve this cost savings, they were not willing to forgo the security controls and protection required for such critical resources. They chose to encrypt the virtual machine images running their domain controllers, protecting those system images and the sensitive data and accounts within them, greatly enhancing their security posture while enabling the considerable benefits of virtualization.
HyTrust’s cloud security platform enabled them to pursue virtualization of key resources that in the past had been out of reach due to operational and security concerns, knocking down some of the final obstacles in their last mile while simultaneously allowing them to recognize significant cost reductions. Every organization may not be ready to migrate their domain controllers or other mission critical resources yet, but most have something they would like to virtualize but have been held back over security and operational risk concerns.
Looking for ways to bridge the last mile in your organization? We’d like to hear about your challenges and discuss some options that may help you achieve some of those goals. Let’s talk.