Expert Opinions

"While enterprises are eager to realize the benefits of virtualization—network managers still hold valid concerns about the security of these networks. The Montego HyperSwitch is a powerful solution to the virtual security problem that will appeal strongly to our customers who seek a comprehensive offering for improved visibility, policy enforcement and ironclad security for their virtual environments"

— Sean Shea, Expert Server Group

What Problem Montego Solves

Problem Overview

Virtual Machines within enterprise server environments began to gain popularity in 2005 and quickly started to become a standard in the way companies deploy servers and applications. In order to deploy these servers within a virtual environment, a virtual network needed to be formed and as a result companies such as VMWare created a resource called a Virtual Switch. The purpose of the Virtual Switch was to provide network connectivity within the Virtual Environment so that virtual machines and applications could communicate within the virtual network as well as to the physical network.

This concept of a Virtual Network introduced a number of problems as it related to security within virtual environments due to only having virtual switching technology within the environment and not security technologies. Unlike physical networks that have switches with ACL’s, Firewalls, Anti-Virus Gateways, or intrusion prevention devices, the Virtual Network was very wide open. The Virtual Security Switch concept is one where switching and security have joined forces so that security controls could be placed within the virtual switch and provide per port inspection and isolation within the virtual environment. This concept allowed security to get as close as possible to the end points that it intends to protect without having to reside on the end points (Host Based on Virtual Machines) themselves.

Problem Example

Because Virtual Machines are essentially operating systems & applications packaged into a single file called disk images they have now become more mobile. For the first time in history servers can be moved around, exchanged and file shared just like MP3 files shared on the Peer to Peer networks. Administrators can now download pre-installed virtual servers via the internet to speed up the deployment time of new servers. No longer is it required for an administrator to go through the lengthy software installation process, because these virtual disk images have pre-installed operating systems and applications. They are in a sense, Virtual Appliances.

This mobility of server images has now created the potential problem that entire servers can become infected and passed around in the wild. Imagine downloading the latest Fedora Linux Server from a web site like ThoughtPolice.co.uk, installing it in your virtual environment and later learning that there was a Trojan on that server that later took down your virtual network. This could be catastrophic. There is obviously the trust factor that now needs to be taken in account for when downloading virtual server images. But who do you trust? Do you trust downloading an image from VMWare’s Virtual Market Place? Do you trust installing one that the previous IT Manager within your company created?

Montego Solution

Montego has created a Virtual Security Switch called the Hyper Switch. The Virtual Security Switch concept is one that monitors your trust decision by providing isolation and security monitoring between virtual machines. A Virtual Security Switch can isolate VM’s from each other, restrict what types of communication are allowed between each other as well as assist in monitoring the spread of malicious content or denial of service attacks.

Search

Expert Opinions

What Problem Montego Solves

Problem Overview

Problem Example

Montego Solution