StoneBlog.stonesoft.com

…to experience StoneGate at best in your virtual infrastructure!

After the large success of previous version, here’s the update featuring:

• StoneGate Management Center version 5.04
• StoneGate Firewall/VPN version 5.04
• StoneGate IPS version 5.0.2
• StoneGate SSL VPN version 1.3.2

in a ready-made configuration according to following schema:

The system includes virtual machine compatible with the newest version of VMware virtualization systems (Virtual Machines version 7) like vSphere, VMware Server 2.0.x and VMware workstation 6.5 and later.

You can find more details and download links here.

Network Security. Virtualized

written by RoarinPenguin - 656 views \\ tags: svdk, virtual demo kit, virtual playground, Virtualization

vSphere or VMware ESX 4.0 introduced a number of interesting features, among which the possibility to upgrade your virtual hardware to version 7 from version 4 (that was default in previous ESX 3.x world).

This upgrade, achieved right clicking on the virtual machine in VI Client and select “Upgrade Virtual Hardware”, will inject cool steroids in your virtual machine (but makes it also not backward compatible with VI 3.x anymore).

A positive side effect of such steroids is the ability to increase the number of NICs in your VM as shown below.

Continue reading »

written by RoarinPenguin - 716 views \\ tags: ESX 4, stonegate, virtual appliance, Virtualization, vsphere

Virtual environments are easy to manage in many ways. However, the easiness will bring up some threats that do not exist in physical environments as such. For example, it is not that simple task to take an internal server out from one rack, move it to another rack dedicated for the public Web servers, and plug it into the same DMZ network segment with them. At least you have time to think what you are doing while going through all those steps. Also, such an operation will not go unnoticed by others working in the same machine room with you. In a virtual environment, a server can be destroyed or moved to a wrong network segment within few seconds (by a mistake or in purpose) while your colleagues are working in the same room with their workstations.

As long as human being is involved in the administration processes, there is no way to prevent this kind of mistakes to happen. But the question is how you can detect and possibly minimize the effects of the mistakes.

Continue reading »

written by pentti - 767 views \\ tags: security management, security threat, Virtualization

I’ve been there, back home now, just want to share some thoughts with you.

First, VMware CEO Paul Maritz talked about the vCloud and officially announced the new name for the upcoming VI4: vSphere.

Second, they announced lots of cool’n’sexy things, making people feeling like they’re Back to the Future (like they did last year).

Third, for first time they started speaking seriously about security by stating the concern that security in virtualization projects should and must not be an afterthought.

IMHO, security was bit of left aside last year, when VMware started a foggy VMSafe initiative just to generate hype but with no real focus on it, leaving people with some psychological doubts in starting serious virtual datacenter projects.

As said in a previous post, customers so far have mainly consolidated servers without going really in datacenter virtualization, mainly fearing that one way or another the virtual networking infrastructure could be seriously compromised, hacked or exploited.
We have seen this concern even this year, when people visiting our booth was asking what they could do to implement virtualization security in a) a fashion they know and b) in a manageable way.
Especially considering that since

• virtual datacenter does not happen in a day or two and
• complete virtualization is hard to achieve,

networks are likely to be “hybrid” (physical and virtualized) for a while…

They have been pleased in seeing the pragmatic approach of Stonesoft concerning virtualization security:

• today, you can immediately implement security as part of your virtualization project, transposing “traditional network segmentation” model into virtualized environment with StoneGate Firewall and IPS Virtual Appliances
• Stonesoft is actively following virtualized security evolution (like VMSafe initiative) to eventually leverage technological benefits it might generate
• today we deliver smooth and consistent unified management of both physical and virtualized security engines, thanks to the power of SMC (StoneGate Management Center), minimizing cost of administration and impact on resources

What about you? Been at VMWorld? Concerned about virtualization security? What do you think of our approach? We’d like to hear from you…

written by RoarinPenguin - 873 views \\ tags: Security, Virtualization, vmworld 2009

Greetings from our little nice booth sur la Côte d’Azur!

We are waiting for you to visit us, talk about Virtualization Security and show you our powerful yet simple solutions to secure your virtual information flow.

See you there… at booth 76!

written by RoarinPenguin - 657 views \\ tags: cannes, Virtualization, vmware, vmworld

The most common motivation for a virtualization project is cost saving coming from server consolidation. Like the term indicates, the server consolidation is typically managed by server administrators, who may be a separate group of people from the IT security team. This may lead into a situation that the security is not an integral part of the design.

When the security is an afterthought, the solution may become more complex than necessary. And because simplicity is one of the main security principles, the complex solution will further decrease the security by increasing possibilities for configuration mistakes. Like Gartner’s report shows, more than 99% of security breaches are caused by misconfigurations [1]. Maintaining an unnecessarily complex environment will inevitably lead into additional misconfigurations, i.e.  into additional security breaches.

Continue reading »

written by pentti - 4,181 views \\ tags: security threat, Virtualization

Typically, the virtualization starts from the most internal network segments. Later on, the technology is expanded closer to the perimeter that is facing the partners and/or the public Internet. When virtualizing the internal servers only, it is often thought that there is no need to have any additional security solutions deployed specifically for that environment. Isn’t there already a firewall in the perimeter protecting unauthorized connection attempts coming from the public networks? In addition to the Internet firewall, the organization may even have another set of firewalls to separate each organization unit. There are also multiple IPS appliances deployed all over the network to provide additional layer of protection. Furthermore, the same servers in the physical network were not segmented either, nor was there any dedicated IPS systems between the hosts, so why would we bother to do it in the virtual environment either?

Continue reading »

written by pentti - 2,948 views \\ tags: layered security, security threat, Virtualization

I like to move it,move it
She likes to move it,move it
He likes to move it,move it
You like to (“move it”)

This is the smash hit of Madagascar, where funny lemurs were singing and dancing… well, given the potential and features of VMware technology this could easily become the catchphrase of Virtual Datacenter managers very soon.

This page contains links to a 5 minutes movie to show how smoothly Virtual Appliance Clustering is working in VMWare ESX Virtual Infrastructure, offering maximum compatibility with VMotion.

The tested setup is the one reported below:

And for those who want the full 15 MB Flash version, right-click here and choose “Save as…”

Or if you want to see it bigger (will open up a new browser windows), click here.

written by RoarinPenguin - 912 views \\ tags: clustering, firewall, Virtualization, vmotion

“Virtualization is both an opportunity and a threat,” says Patrick Lin, senior director of product management for VMWare [http://www.darkreading.com/document.asp?doc_id=117908]. Thanks to the great and visible marketing efforts, the opportunities are quite well understood and there is more and more organizations enjoying the opportunities and benefits the virtualization provides. However, only minority of those organizations knows and understands all the security threats it comes with. And even if some of the threats have been understood, they may have been accepted as such during the risk analysis phase because of not knowing how to solve them, or they have been solved with an unnecessarily complex security solution, which brings up new security threats itself.

Continue reading »

written by pentti - 1,000 views \\ tags: security threat, Virtualization

I’m telling you what happened today to me with a StoneGate Management Center I’m using in a test lab.

The SMC is installed onto a CentOS Virtual Machine in VMware ESXi virtualized environment on a multiGB RAM machine.

SMC was starting to show some limits in terms of memory, since when I installed it I gave to VM 1 GB and started working, and Working, and WORKING on it

Easy solution: power off the linux box, raise the memory assigned to it up to 2 GB, boot it again. The problem is that you need to reconfigure the underlying java environment to allow StoneGate service to use more memory.

Luckily Stonesoft R&D thought even to this case: it was enough to run <StoneGate_install_dir>/bin/install/AutoAssignHeap.sh > /dev/null
to have the system automatically reconfiguring services according to how much memory I do have available.

It runs silently, but you can check the results, for instance, by checking the parameter
MANAGEMENT_MAX_MEMORY_IN_MB
in <StoneGate_install_dir>/data/SGConfiguration.txt

Cool, isn’t it?

written by RoarinPenguin - 589 views \\ tags: memory management, SMC, tips, Virtualization