Professional Documents
Culture Documents
Paper 2
Standards
In late 2007, the Distributed Management Task Force, Inc. (DMTF)
created an open standard for system virtualization management. According
to Winston Bumpus, the current president of DMTF, the organization aims to
simplify and provide ease-of-use for the virtual environment by creating an
industry standard for system virtualization management. The organizations
role extends to ensure the success of the standard. The standard recognizes
the supported virtualization management capabilities including the discovery
of virtual computer systems, the management of virtual computer system
lifecycles, the control of virtual resources, and the monitoring of virtual
systems. The DMTF initiated the availability of the Open Virtualization Format
(OVF) standard for delivering VMs, and the new Virtualization Management
Initiative (VMAN).
OVF is a virtualization platformindependent.
It supports a full range of current virtual hard disks and is extensible to
deal with future formats. OVF is not reliant on the use of any specific host
platform, virtualization platform, or guest operating system.
Niranjana.S.Karandikar
MSC II
Paper 2
The OVF format was developed to deal with the shortcomings of other
file formats. For example, the Virtual Machine Disk Format (VMDK) encodes a
single VM virtual disk without including any information about the virtual
hardware of a machine. OVF provides a complete specification of the VM,
including a list of required virtual disks and the required virtual hardware
configuration.
In addition, OVF is a portable format that allows deployment of any
supporting hypervisor.
The management lifecycle of a virtual environment is addressed in
DMTFs VMAN. According to the standard description provided at
www.dmtf.org, VMANs Open Virtualization Format (OVF) specification
provides a standard format for packaging VMs and applications for
deployment across all virtualization platforms. The VMAN initiative has
provided the industry with a standardized approach to VM:
Deployment
Discovery and inventory
Lifecycle management
Creation, deletion, and modification
Health and performance monitoring
Compliance
The rapid increase in the use of virtualization had made it almost a
mainstream technology. Not only it is found in the enterprise environments, it
is also found on portable devices and handhelds. VMs are very flexible. They
can be created, moved, and destroyed in a manner similar to a Word
document. If an organization is good with classification and tracking of its
physical assets, the transition to tracking virtual assets will become a bit
easier.
PCI DSS and Virtualization
PCI DSS and Virtualization make a good combination as
environment.
The PCI Security Standards Council (SSC) is international.
Niranjana.S.Karandikar
MSC II
Paper 2
In late 2008, VMware Inc. announced that it has joined the PCI SSC to
incorporate awareness of virtualization into forthcoming versions of PCI
regulations because PCI DSS does not address virtualization. VMwares
involvement is intended to show how certain regulations might need to be
adapted to take advantage of virtualization. The company also launched the
VMware Compliance Center, a Web site dedicated to educating merchants
and auditors about compliance in virtualized environments.
There are four simple principles associated with the use of virtualization in
cardholder data environments:
a. If virtualization technologies are used in a cardholder data environment,
PCI DSS requirements apply to those virtualization technologies.
b. Virtualization technology introduces new risks that may not be relevant to
other technologies, and that must be assessed when adopting virtualization
in cardholder data environments.
c. Implementations of virtual technologies can vary greatly, and entities will
need to perform a thorough discovery to identify and document the unique
characteristics of their particular virtualized implementation, including all
interactions with payment transaction processes and payment card data.
Niranjana.S.Karandikar
MSC II
Paper 2
Niranjana.S.Karandikar
MSC II
Paper 2
Niranjana.S.Karandikar
MSC II
Paper 2
Niranjana.S.Karandikar
MSC II
Paper 2
Niranjana.S.Karandikar
MSC II
Paper 2
References:
Virtualization_InfoSupp_v2.pdf
Virtualization and Forensics By Diane Barrett, Greg Kipper
Virtualization Security Protecting virtualized environment By Dave Shackleford
http://searchvmware.techtarget.com/How-PCI-DSS-20-affectsvirtualization-compliance
Niranjana.S.Karandikar