VMware虚拟化技术详解课案.ppt

* 虚拟化 VMSafe announced earlier in 2008, is a set of APIs that enable protection of VMs by a protection engine that : Works with the hypervisor to inspect a VM’s mem, cpu and storage from a higher privilege point Is isolated from the malware Covers all aspects of security – not limited to network or host. 虚拟化 VMSafe based products from our security partner ecosystem will work with 虚拟化 vSphere? editions to provide higher levels of security than even physical systems. A number of partners have demo-ed prototypes of products that use VMSAfe to protect their environments. MORE DETAIL Security solutions have an inherent problem. Protection engines are running in the same context as the malware they are protecting against and as a result, malware is able to subvert these engines by simply using the same hooks into the system as the protection engine. Worse, with Longhorn and Vista, Microsoft has enabled Patchguard, effectively eliminating the kernel hooks available to both the security solutions and the malware. While this helps, it doesn’t change the fact that malware and rootkits still exist and can run in those environments. The context that these security solutions need to protect against is also not limited to one set of interactions (e.g. attacks from the network and from spyware and from rootkits). Even those solutions that are in a safe context (outside the OS), they can’t see information from other contexts (e.g. network protection has no host visibility). Security API’s built into the hypervisor allow for 2 key advantages: Better Context – Provide protection from outside the OS, from a trusted context New Capabilities – now they can view all interactions and contexts Now, new security solutions can be developed and integrated within the 虚拟化 virtual infrastructure and we can protect the VM by inspection of virtual components (CPU, Memory, Network and Storage). Provides complete integration with VMotion, Storage VMotion, HA, etc. for any new security solution