Virtualization is a technique that attempts to reduce costs on hardware by minimizing the quantity of physical machines in a way of creating the virtualized environment. For practical purposes, there is no difference whether the server is physical or virtual, as the same services are used, and information is shared within the available server disk space. However, in the virtualized environment, there are not many servers in existence, but the advantages of such environments are growing. According to Li & Mohammed (2008), the virtualization technique is used to separate physical resources, making them available to “virtual machines” that can be used remotely. Server capacities are shared within more powerful logical machines, so that to reach productive effects.
Information technology has brought many useful and interesting things to the life of modern society. Every day, resourceful and talented people are coming up with more and more use of computers as an effective tool of production, entertainment and collaboration. A variety of different hardware and software, technology and services allow to improve the daily convenience and speed of information. However, it is harder and harder to distinguish from the useful flow of technologies and learn how to use them to maximum advantage. Virtualization product is something easy to use, in fact, having a more complex or a completely different structure, different from that which is perceived when working with an object. In other words, there is a separation of presentation from the sale of anything. In computer technology, the term “virtualization” is usually understood as an abstraction of computing resources and provide the user with a system that “encapsulates” (hides) one’s own implementation. Simply put, the user works with the most convenient way for a representation of the object, and it does not matter how the object is arranged in reality.
The term “virtualization” in computer technology appeared in the sixties of the last century, along with the term “virtual machine” means a product virtualization software and hardware platform, while virtualization has been rather interesting technical boon than a promising technology. Developments in the field of virtualization in the sixties and seventies were carried out only by IBM. With the advent of the computer IBM M44 / 44X experimental system paging, was first used the term “virtual machine» (virtual machine), which replaced the earlier term “pseudo machine» (pseudo machine). Then IBM mainframe series System 360/370, you can use virtual machines to save previous versions of operating systems. Until the end of the nineties IBM has not hesitated to use this novel technology seriously. However, in the nineties there became apparent prospects an approach of virtualization with increasing hardware capacities as personal computers and server solutions, will soon have the opportunity to use multiple virtual machines on a single physical platform. System that provides hardware resources and software is called the host (host), and simulated her system – guest (guest). To guests could operate stably on the platform of the host system, it is necessary that the software and hardware of the host is strong enough to provide the necessary set of interfaces for access to its resources. There are several types of virtualization platforms, each of which carried out its approach to the concept of “virtualization.” Types of virtualization platforms depend on the extent to which the simulation is carried out hardware. There is still no uniform agreement about the terms in the field of virtualization, so some of these more types of virtualization may differ from those that provide other sources.
The information for this thesis will be collected exclusively from the trusted sources, such as scientific journals, monographs, business reports. All of them are internationally accepted and well-structured, bearing good ideas that will be very useful for this research. Recently written, sources provide necessary information and deliver useful data. The literature review consists of 25 pages, so that the readers of this thesis can get the idea of virtualization in various aspects.
The research procedure will take place on two important aspects: theoretical and practical. The theoretical part of this thesis will include deep analysis of the trusted sources of information (journal articles, dissertations, monographs, researches) that are related to the virtualization technique in different contexts, and particularly in its relation to business. The second part of this research was related to practical application. The aim is to measure risks at testing security by means of vulnerability assessment with the help of X-Scan tool.
The data for this study will be collected within the vulnerability tests in an objective assessment, according to the means of the quantitative research. The vulnerability tests will be performed with the help of virtualized DMZs, in order to assess risks according to the justified deployment scenarios. The vulnerability assessment tools provide the author with an opportunity to justify the results of this research by means of using objective means within the deductive quantitative method. The degree of security was tested in the virtualized environment within the DMZ designs, from high to lower levels of security.
Virtualization is the process that is initially aimed at reducing costs on hardware, using it as much as it possible by sharing resources virtually between differently located servers. The historic background, usage, and the essence of virtualization have tended to change. As the technology grows and advanced features are implemented in practice, more options will be highlighted to administrators. Due to the opening of the more cost saving methods, virtualization projects will allow for the development of the future perspectives.
The web resource “Virtualize Your IT Infrastructure” created by the VMWare Company provides developers with numerous ideas of capability of using products for virtualization. Comparatively, the other hypervisors (Hyper-V, KVM), the advantages of VMWare’s ESX / ESXi should be pointed out, due to their practical use for many advanced developers (Virtualize your IT infrastructure, 2012).
Many contemporary researchers have dedicated their works to the definition, the essence and the future of virtualization, due to its perspectives in the modern world. This process is related to the numerous changes, both with software and hardware issues, when reducing costs are a necessity for business purposes. Developers realize that virtualization should help business owners to reduce costs that may incur in light of the many necessities they are faced with, promote products and services, and work out the ways of improving storage databases and data processing. Virtualization simplifies and reduces the use of resources, and with the help of the existing hardware it will be possible to operate with much more processes, in a way of sharing hardware resources among several remote servers. In this way, businesses can reduce costs, and developers will find their data more secure, performing complex tasks with the help of simple methods.
In the spotlight of the modern perspective, many researchers agree that virtualization is a part of the sustained global process, where new trends are developing to the new horizons. Currently, the process of virtualization is the one moving forward from the small market niche to the extended big markets, where small, medium and large businesses operate with virtualization as an effective instrument of improving their communication both within a company and with customers. Practically, virtualization is a technique that is run by virtual machines that are coordinated by a hypervisor. Virtualization can be organized on many platforms, including VMWare, Microsoft. Therefore, this process is regarded as the one that helps to reduce costs on the hardware significantly. Virtual environment helps to operate with the large amounts of data, getting them secured, and run the limited number of application to get benefits for the company. From the modern perspective, virtualization is a part of globalization trends that are developing across countries and borders. IT intensive organization started to use virtualization as a way to improve their businesses not that recently, however, the companies can get even more benefits by means of setting up the cloud environment. Working in a cloud is an effective way to manage data, communicate with employees, and since virtualization is in run, companies may expect the increased rate of efficiency of their businesses.
Virtualization is a process that is commonly employed within large companies that are developing their businesses in the spotlight of modern IT techniques. In IT intensive organizations, virtualization plays a key role in establishing important benefits, including setting up cloud computing technology that can easily help in using the hardware. Employers will be able to use computers with greater ease, no matter the device they are using within the organization. The background and the essence of the virtualization technique is a very important procedure that should be performed by experienced professional IT specialists who can set it up within a limited timeframe.
In the modern context, virtualization really matters for developing business. This process is not limited by setting up activities, as virtualization predetermines the development, since the technique is implemented within an organization. IT specialists are also required when computers are integrated within an operational system. Regular maintenance of virtual servers is essential, for security risks are still notable even after virtualization, like hacker attacks and threats of data loss.
Virtualization technique is a simple step on the way of success of organizations. However, this simplicity goes along with security risks that should be dealt with if businesses like to develop their activities in the IT manner. It is important to take risks into serious consideration, if business owners are to realize their influence on the data management. IT intensive organizations have specific features since they have to operate with large amounts of customer, supplier, and HR data daily. This requires paying careful attention to details. If used properly, integrated with the whole OS, an organization can gain even more benefits than they initially expected prior to implementing such a technology. Virtualization provides companies with a number of benefits that are useful both economically and logically. If the technology is implemented, it will impact the company’s business operations, their funds, finance and costs drastically. Therefore, researchers define it as a technique of great importance that can help to reduce costs on hardware, as software can run in a virtual environment via sharing the hardware resources on several computers. For example, an organization may work with 3-5 computers instead of joining 10 or more machines in a network. Saving costs on hardware will help to develop other activities that require financial investment.
The process of virtualization is related to such technologies as cloud computing. Although some people might think that having a private server and using the cloud computing technology is enough for their business, the cloud-computing technology is just an element of virtualization environment. Can this technology happen without virtualization? Yes, but it would be costly to implement such a decision into practical results. The difference between t cloud-computing and virtualization get green. Virtualization is just an element of cloud-computing, and combining these two technologies will help clients to develop business features within a virtualized server.
Cloud computing is both a methodology and technology. None of the single elements can be substituted for, having an effect on others. The whole IT infrastructure is the single structural element, and it can be administered and monitored within a cloud. Private cloud computing is not centered only on virtualization, but it uses the facilities and features of it, in order to reap as much of the benefits from it as it possible. When compared to the single cloud computing within the physical server environment that is too costly, virtualization helps to reduce costs that would otherwise be spent in vain.
Some studies in IT are dedicated to so-called “green IT,” a useful technology in ecological and global aspects. In this context, virtualization is regarded as a “green” technology that offers benefits concerning the means of implementation, reduction costs within the reduction of the amounts of energy, saving the hardware from the often use, and reduction of the carbon use. These advantages are considered among the many priorities within the virtualization environment. The companies where virtualization is in greatest use, can not only save costs on cloud-computing and other technologies implementation, but can also contribute to the “green effect” in the global context. Therefore, virtualization “helps organizations to be perceived as greener and socially responsible corporate entities” (Chitnis, 2011, p.31). The greener effect helps to improve the image features of the organization in relation to PR methods.
A great number of studies are dedicated to virtualization, in relation to two major technologies, including physical and virtual servers. Researchers have been trying to find out how these technologies are correlated and related. The variety of aspects is addressed in researchers with the single core interest that are performance trade-offs in both physical and virtual environments. In some studies, it was found out that a significant fluctuation in the level of performance in the virtual and the physical server environments are present. It was denoted that companies with physical servers were 50% to 100% efficient in terms of performance, in comparison to the virtualized servers (Jung, Bae & Soh, 2011). In some studies, the benefits of the virtualization were found in relation to performance, when it was stated that it is dependent on the adjustable virtualization techniques or architectures, for in the variety of virtualization platforms exhibited, there is also a variety of efficiency and performance levels. The researchers (Jung, Bae & Soh, 2001; Prakash, Anala & Shobha, 2011; Ali & Meghanathan, 2011) also pointed out that the performance and efficiency of the virtualized server environments are greatly dependent on the number of virtualized operating systems (OS) used on a single virtual platform, irrespectively of type. The efficiency of the management in the data centers may increase significantly; however, the related issues in performance in the virtualization should be taken seriously, for the SLAs in the business purposes are usually mandatory in the maintenance. In relation to this requirement, it should be taken into a serious consideration that the comparison of physical server and virtual server technologies provides researchers with the opinion that that virtual servers are more efficient in performance issues, in comparison to the physical ones (Wood et. al., 2009). The researchers also managed to find that with good planning and proper implementation, the approach to virtualization and the virtualized servers improve the viewpoint of computing infrastructures about their facilitating in the innovative computing in relation to the cloud environments. This point of view should be taken for granted without any compromising in the performance so that the virtualization techniques can gain more popularity within the data centers, as well as in the field of the developed approaches to the cloud computing technology (Bento & Bento, 2011; Praveen & Vijayrajan, 2011; Berl et. al., 2010; Singh & Jangwal, 2012). The approaches to deployment scenarios within the process of virtualization may vary, but any one of them will help in developing changes in the server virtualization to achieve the effect of benefits; and as for the total integrated virtualized infrastructure within the cloud based scenarios, the performance issues will improve, when virtualization is applied by deployment scenarios (Wood et. al., 2009; Kumar & Petal, 2012). The issues of server consolidation can possibly emerge as a sort of blessing for each of the data centers when using performance tuning with a priority on the implementation of the virtual server infrastructure (Uddin & Rahman, 2010). In addition, it is undisputable that virtualization significantly facilitates cloud computing abilities in relation to a server; thus, the availability of server capacities with the availability of the network increase to well-defined levels to reach the robustness of the data servers (Foster, Kesselman & Tuecke, 2001; Kumar & Petal, 2012; Berl et. al., 2010; Singh & Jangwal, 2012). From the point of view of performance, the success in the implementation of the virtualized environment may depend on a great number of subsequent factors, the most crucial of which the researchers are trying to study as the most appropriate for the virtualization (Uddin & Rahman, 2011). A cloud computing environment is an unavoidable part in the computing infrastructure, being in turn facilitated with virtualization. In relation to the virtual servers performance, there is an integral concern concerning the load balancing as a core processing aspect of the problem (Bhaskar, Deepu & Shylaja, 2012; Sapuntzakis et. al., 2002; Barham et. al., 2003).
Only the best writers
24/7 Live Support
Among the significant aspects in the process of streamlining in the virtualization platforms are the aspects of the virtual servers security. In the deployment scenarios of virtualization, the total infrastructure needs to be considered along with the viewpoint of performance, in the context of security viewpoint (Solms, Chaudhuri & Chaudhuri, 2011). If the deployment scenario is implemented in relation of the cloud computing technology and methodology, the approach to the load balance in the virtualized processing environment as part of the great number of servers facilitating the virtualization to speed the performance should be taken into a serious consideration (Kizza, 2012). The virtualized machines performances cannot be considered as inferior in comparison to the servers of physical nature. Therefore, virtualization is a more environmentally friendly technology than the technology of using physical servers to create the cloud-computing environment (Dawson, 2008). That is why virtualization as a technology should be considered in the context of the adaptation to the commercial use.
Spiegel (cited in Scroggins, 2013) states the benefits of virtualization in a broader context than the other researchers: “Application virtualization is the new fancy trendy name for server-based computing. However, instead of installing applications on desktops, the applications are installed in a server farm for secure, remote access. Server virtualization allows you to take multiple physical servers and create the same number of virtual servers, or “machines,” on one host physical server” (p. 1). This statement proves that structural peculiarities of the virtualization technique are simple, but in any case they play a very important role for setting up all elements in the right way, since the server is virtualized, or just the process is on the stage of implementing. Business gets benefits from applications within the process of server virtualization in its development. This statement is supported by researchers who develop the idea of centralizing servers and setting applications via hypervisors. Servers may also run virtual server products, like, for example, VMWare’s ESXi that adds values in support of the ROI for business purposes. The advantages of those things are the following:
Nowadays, many companies dedicate physical and financial efforts to implement virtualization to adjust it to the current purposes in order to improve the business experiences developing perspectives. Therefore, in the light of the modern worldview globalization has been spreading rapidly all over the world. Nowadays, even more options exist to be chosen for the virtualization in IT departments than it was in the past. For example, many companies are ready to apply in use such software as Virtual Iron, Software Inc’s XenSource Inc’s open-source applications, VMware Inc’s and Microsoft Corp’s Virtual Server products in order to improve their experience to get benefits for business aimed to success. However, for those who are new to this field of study, it comes difficult to get started. Hassell (cited in Scroggins, 2013) provides a broad overview to highlight the topic of how to launch applications for virtualization, and how to deal with cases that may happen, including errors and misuse. Many options are available regarding this matter, and the researcher gives it a try to describe some of the available options for developing and launching software for the virtualization, analyzing some of the available examples, depicting the known implementation phases. With the help of his experience in this field, it is possible to reach good results, when implementing virtualization to practice.
Practically, it is easier to be operated with a limited number of hardware than with 10 or 20 physical servers. Virtualization reduces not only costs, but it reduces time to operate with machines. However, this process includes working at powerful applications that may increase the rate of efficiency. In the modern context, it means that developing useful application may lead to more independence in decision making, increasing efficiency and profits of the company.
When running applications within the virtualized environment, virtual servers take an active part in this process. However, virtualization does not mean that the work is done for people, as if they have no more need to operate with this environment. The difficulty in operating may lead to the data loss and significant loss of customers. Therefore, when servers are virtualized, the more efforts should be done in order to get the system secured from threats, hacker attacks, and possibility of the data loss. Since the OS is secured, there is no more worry about any of such consequences.
Benefits of virtualization go close along with threats. However, when all features of this valuable technique are weighed, advantages of virtualization are more than disadvantages. Implementing virtualization in a practical context within a concrete organization always requires time and efforts. Experts should be aware to taking all the serious issues into consideration so that to minimize threats and maximize benefits.
The most important benefit of the virtualization is rather reducing the maintenance costs than reducing hardware costs. In addition, many researchers agree that virtualization helps to reduce the number of personnel in a company. Since it is done, paying salary costs are reduced significantly. Machines are operating with large amounts of data within one virtualized server. Therefore, there is no need to get more personnel involved in the working process, since virtual machines are able to do important work.
However, reducing in the maintenance costs should be compensated by organizing security activities in order to protect the OS from the hacker attacks and threats. Installing Antivirus application from the third party developers is possible, but may lead to a sort of dependence from such products that should be updated from time to time. Another effective solution is developing a security application by means of efforts of the company. It will provide a company with even more benefits that can be adjusted to the modern perspectives. Experienced developers may create a well-structured and planned application in order to get the system secured from a large number of threats. The benefits of such a step cannot be regarded apart from the process of isolation within the virtualization technique. Some of the contemporary researchers highlighted such perspectives in their own way.
For instance, according to Appandi (2006), the process of “zoning” is a great benefit of virtualization, as it helps to create particular zones within the hardware. Virtualization supports multifunctional software with a single physical system, and servers may be consolidated into virtual machines on scale-out architecture and within the process of virtualization. In the opinion of Appandi (2006), isolation is a significant benefit of virtualization. Virtual machines and the host machines are isolated from each other. Therefore, a crash of a virtual machine will not lead to a crash of other machines. In virtual machines, data does not leak, and all applications are connected within the only configured connections in a network.
After the analysis of literature, the following benefits of virtualization regarding the green IT were found:
The benefits of virtualization are not only related to creating the green IT environment and reducing costs of energy bills, but it also makes the process of creating the cloud computing environment much easier, so that all of the parts of this issue are included to create facilities for the productive work of all workers, especially for system administrators. Administrative functions for the virtualized servers can be performed more efficiently, so that all rules are followed in order to manipulate both with hardware and software crashes. These issues are provided in relation to the management of resources that should be used more efficiently in the context of virtualized environment. The benefits of virtualization should be taken into a serious consideration, as some of them should be considered in the distinct relation to weaknesses and threats, particularly with security issues.
Schultz (2009) regards the first stages, present issues, and future perspectives of virtualization. The researcher suggests that having information about virtualization, and when formulating a single view / profile, by “bringing together information stored in multiple repositories”, it is possible to reach a brand-new stage in the further development of this process, aimed focusing on the maximal usage of hardware and saving costs on its development and renovation. Virtualizing the workspace within an organization is the logical step to accomplish this. When the leading enterprises strive toward virtualization as a means of maximizing success, the companies are focused on developing within virtualization projects of the current-generation. In this context, researchers seek to find out more about the virtual server environment, the processes of integrating virtualization in servers, storages and networks, extending the process of virtualization to the desktops. Schultz (2009) regards previous changes in technology of virtualization as an initial key to creating reports by means of helping to describe these processes in details and shapes and finding out in the context of “where did we come from” significant perspective. In addition, Schultz (2009) suggests a sense of future, in which this technology can move leading and average companies forward, particularly when analyzing the essence of the desktop virtualization.
Norall (2007) also notes the advantages of storage virtualization. For instance, he suggests that some created storage pools that consist of physical disks in the variety of arrays, the services provided by storage virtualization are placed in the wide range of issues. They can be identified in an adjustable way. In the context of the basic volume management, even including LUN creating, along with volume striping and grouping, the data can be protected from risks of disaster recovery functions, including mirroring and snapshots. That is why solutions within the virtualization can be widely used as the central control points to enforce storages in management policies in order to achieve higher SLAs rates. Regarding this aspect, Norall (2007) highlights many aspects of the process of virtualization in the context of various technologies.
Other researchers focused on the financial benefits virtualization brings with its implementation for big and small companies. For instance, Peggy (2007) connects virtualization with hardware cost savings, when analyzing three major key areas of potential benefit: time, space, and money. The researcher suggests that “fewer systems deployed results in lower capital costs” (Peggy, 2007). The author discusses the main issue in this regard, such as lowering costs via virtualization. In his opinion, it is the main aspect that contributes to the advantages of virtualization.
Kontzer (cited in Scroggins, 2013) goes into detail with a history in the projected future for this technology, suggesting that over a decade has passed since VMware presented the first kind of software enabling x86 virtualization. This issue belongs to the long-term potential perspectives of virtualization. The growth of data in IT environments is regarded one of such initial aspects to implement virtualization practically. However, Kontzer (cited in Scroggins, 2013) does not explore much the origin and reasons of the implementation of virtualization and its use in many big and small businesses, but instead how the IT industry was growing along with the growth of virtualization there, and which factors influenced companies to invest in the technology of virtualization.
Kovar (cited in Scroggins, 2013) give the answers to such questions, showing that the technology of virtualization is growing rapidly by means of the available forces and instruments that are widely present in the global world. In the opinion of the researcher, the study of the implementation of the virtualization and related problems should be provided in the frames of the current measure of the growth of interests among companies involved in this process. Some researchers try to find out the most important ways to clarify this problem. For instance, Kovar (cited in Scroggins, 2013) suggests that the growth factor is the most applicable to measure and quantify the benefits of virtualization for big and small businesses.
Yoshida (cited in Scroggins, 2013) reveals that the storage virtualization was initially aimed to address the overall virtualization processes, included in the storage-area network (SAN). According to the researcher, this statement is clear “because the SAN sat between the storage and servers and would cause the least disruption to these systems”. In any case, nearly a decade passed, and this approach was not kindly taken off, as the IT industry accepted server virtualization as widely popular. In Yoshida’s opinion, the real breakthrough came, when researchers realized “the ability to virtualize physical logical unit numbers (LUNs) without the need to remap them by using a virtualization technique based on storage control units” (cited in Scorggins, 2013). Therefore, storage virtualization is simple to implement, and there should be no issues when running applications within the virtualized environment In the context of this approach, there should be taken into a serious consideration that virtualization is not the ever-lasting process of setting up many application in the environment. Being controlled by a hypervisor, virtual machines use the given capacity within the environment, and since the capacity is enough, machines are operating very well. However, there should be enough space for operations that are run by the available instruments and applications. The fact is known too much of applications lead to crashes and instability in an OS, therefore their quantity must be limited in order to preserve the stable work in the system. It largely depends on the deployment scenario wihin the virtualized environment.
Kennedy (2007) provides some solutions to issues for the desktop deployment. The researcher states that “virtualization is not just for the datacenter”, however, it leaves “an indelible mark on client computing. The idea behind application virtualization is to eliminate many of the support-draining configuration problems that plague conventional desktop implementations” (par. 2). The researcher hopes that in the nearest future, companies will open horizons to the new perspectives of the desktop virtualization, getting many benefits for business purposes.
Select the type of assignment
Provide explicit guidelines
Enjoy your free time while our professionals work on your project
Get an original work
Hsieh (cited in Scroggins, 2013) develops a strategy that stands as a key to every virtualization project. In his opinion, virtualization is one of the most important information technologies nowadays. However, its implementation involves still some uncertainty, possibility of failure. As for the experience in managing VMware products in several companies, it was reported with illustrated examples about increasing chances to implement virtualization projects successfully.
Although there are significant benefits and advantages, virtualization brings with it risks and threats to virtualized environments. Of course, cloud computing and green IT are the most significant benefits every organization should take into consideration when deciding to switch resources to the virtualized environment. However, the desire to modernize in the context of globalization is too high to notice the risks and threats virtualizations may bring. Such risks may be of the serious nature, so they can cause significant data loss and drawbacks in work of application software due to the multifunctional nature of the virtualized environment.
Security in administration and control is related to the ability of VMs to operate with security drawbacks in isolation, reducing the amounts of risks and security threats. In this case, security policies can be easily distributed through user interfaces, minimizing the activity of threats. Thus, the significant benefit of virtualization should be regarded in relation to the server, software and hardware consolidation leading to reduce costs, using less amounts of energy. Energy efficiency is a so-called “green effect” of virtualization that can bring the most of benefits. Moreover, within the virtualized environment, it becomes possible to run different OS, and consider various changes in deployment scenarios, in accordance to the current needs of the company. Some researchers (Campbell and Jeronimo, 2006; Gardner, 2009; Robb, 2008) study these issues in the context of security threats that can be considered the most important risks of implementing virtualization
Security issues are the most crucial in the process of virtualization, so they should be taken into a serious consideration before making a decision to convert all of the hardware into the frames of the virtualized environment. Within the security matters, after the study of literature, the following issues should be taken into consideration: 1) security and administrative control; 2) network security; 3) logical access to the virtualized environment; 4) change control; 5) physical security, and 6) management and monitoring for the security issues and threats that may happen in the virtualized environment. These are the main objectives that should be followed in relation to the security in the virtualized environment.
Every virtualized environment may suffer from drawbacks in security in the form of hackers, malware, software draws and drawbacks, administrator misconfigurations, and dissatisfied employees. Within VM and host OSs, as well as within the infrastructure of the data center, there is always the potential for common computer-aided hacker attacks (Gregg, 2009; Haletky, 2010; Harris, 2010). It is not by chance that researchers are focused on threats and drawbacks of the virtualization, as getting the system secured will help keep everything under control.
Some other researchers suggest a positive framework for security features. If threats and risks of implementation the virtualization are properly identified, there is a chance to discuss the strengths of virtualization security. If security features can be easily mitigated without the need of supplemental security control, these can be treated as positive security features of the virtualization. Some of the examples of positive features of virtualization are suggested in The Virtualization Solution (Cohen, 2010). According to Cohen (2010), the most significant security issue related to virtualization is the ability to separate environments from one another. This means that if crashes happen in one environment, it does not automatically affect the other environments. The ability of virtualization to isolate different environments is security strength. The virtualized environments include the ability to mitigate system risks and security threats, in order to easily operate within operational systems.
When analyzing the amount of literature for virtualization security, it was found that researchers are focused both on threats and strengths of this process. The critical content is related to the following areas: green IT; virtualization and the hardware; reduced costs for business purposes; the developed information security. In addition, Haletky (2010) points out that “virtualization is redefining the charter of security and causes us to think within the context of solving enterprise architecture and business problems” (p. xvi). In this study, the researcher explores a variety of security issues, in reference to the special virtualization brandings, and some nonserver technologies such as storage virtualization. The attacks are explored in the context of the virtualization-specific architectures in the network, in an aspect that hardens the procedures in virtualization methods. Peles (2008) explores the broader security benefits of virtualization that even exceed the green IT issues). The green IT issues are related to the positive ecological environment. Security issues are not focused on caring about the environment, but instead deal with risks which, if not properly mitigated, may cause serious problems within an organization, leading to data loss and the loss of customers. Since the security risks are identified, they can be easily mitigated and managed with the help of special software, along with saving on hardware costs. Any successful company regarded as IT intensive should have the resources to set up secure shields against hacker attacks and security threats that may cause system crashes and data loss.
Security risks in virtualization are very important problem that can be solved by means of modern techniques known by professional IT specialists. System administrators should be ready to resolve issues with security; for example, by means of using firewalls, clearing browser cache, and setting up antivirus software with regular updates. All these means are essential, as they can help defend against hacker attacks and system threats. Preventing data loss and system crash are the most important functions of the antivirus software. Of course, securing the system requires a lot of care, attention and financial assistance from a company. Security financial assistance depends on decisions from the owners of the company. Since they are effective leaders, security risks are mitigated and managed properly. Any IT intensive organization should follow security rules, meeting the needs of customers, securing their data easily with antivirus software and IT specialists who know perfectly the construction of the system and the essence of virtualization.
Virtualization is of great benefit to contemporary life, as this type of using hardware, utilizing it, and saving costs associated with modernization physical servers is very popular nowadays. Virtualization is used in order to achieve success in business, if it is an IT based organization. The other fields of implementation may be related to higher education, science, health care, and the mobile communication industry. Many companies use virtualization technology in order to get benefits and preferences, as saving costs on serving the environment leads to growing success of the company in business activities.
In real life, virtualization may be implemented not only on several PCs, but also on smartphones. Mobile phones, smartphones, or any connected wireless device may be included in the virtualized environment, since they have the required capabilities. The hypervisor is used to separate the hardware and the software, creating the set environment. Virtual machines may be run on tablets, smartphones, netbook, and even on cheap Android smartphone devices. It provides an opportunity to get involved to the process at low costs, since the hypervisor allows the benefits of running the software on the hardware that is included in the environment.
Nowadays, many consumers have two mobile phones, – one for personal use and other for business use. Mobile virtualization allows their phones to support multiple domains/OSs, when using the same hardware. Therefore, enterprise IT department may securely manage and administrate one of the domains in a virtual machine, while mobile operators may manage the other, also in a VM. Mobile virtualization can be securely implemented on single-core, as well as on multi-core mobile devices. And although some processors do not support virtualization, the majority of them do. Virtualization helps to run applications in the environment securely and brings benefits to the customers. Mobile virtualization is a well-designed instrument used to meets the needs of clients.
Advances in modern technologies have led to the development of virtualization techniques in many fields, and from the initial niche market it has reached the mainstream, as technology develops in the right way, so that nowadays we can see the virtualized environment in different contexts, as it even covers unexpected areas for its exposure. And although some of the researchers point out that virtualization has drawbacks in security risks caused by confidentiality drawbacks and hacker attacks, all of them agree that this technique opens up opportunities for development in small, medium and large businesses. Schultz (2009) forecasts the future of virtualization, analyzing its perspectives from the roots in the past, developing them to the present, and building to future horizons. The researcher states that with information virtualization, an enterprise manages to assemble a single view of a client by means of bringing together information that is stored in multiple repositories. The workspace virtualizing is the next step. The researcher is focused on further steps in the process of virtualization, discussing the opportunities of “the virtual server environment, integrating virtualization across servers, storage and the network, extending virtualization to the desktop” (Schultz, 2009, p. 1). This type of virtualization is one of the most significant benefits, considering the view of Violino (2009), who emphasizes not only the crucial aspects of virtualization, but places this technique into frames of the disaster recovery, linking these both techniques. The researcher points out to the fact that real life organizations should embrace benefits from consolidating “servers, reducing energy consumption in the data center, and increasing business agility”. However, the virtualization technique in many cases goes far beyond the server. Although it give an opportunity to backup data when it is needed urgently.
According to Scroggins (2013), “Any company currently using physical servers can benefit from the cost savings and management simplification of a virtualized server environment”, as the well-planned virtualization “allows for the maximizing of hardware through the sharing of resources” (p. 2). However, virtualization covers even more fields where it can be implemented easy and cheap.
When it comes to science, virtualization is one of the most effective ways to manage the IT environment, providing experiments, storing the data securely, recovering databases cheaply. Research activities of the scientists can be easily shared in a virtualized environment, receiving benefits and trying best to obtain results. Experts in biology, medicine, chemistry, ecological studies and many other fields may benefit from work in the virtualized environment. The reason for implementing virtualization is simple – effective research work requires storing huge amounts of data, and system crashes are a potential threat due to hacker attacks and many other issues that may happen for various serious. For example, data loss may be caused unintentionally, even if the system is managed by highly educated and experienced professionals. The virtualized environment is designed to meet the needs, specifically when the system recovery is required after the databases crash. Operating with a great amount of data is a good choice when virtualization is implemented in the system design. Virtual machines are run by hypervisors that are responsible for the proper system work. Research institutions may consider the real benefits from implementing the virtualization due to its system integrity, risks mitigation, regular updates across different, but consolidate virtual machines that use the shared hardware capacity (Gardner, 2009; Strom, 2008) in order to save costs for the hardware.
Virtualization is of good use for higher education; for example, in college libraries. Virtual machines run on a hypervisor can create a positive environment for the studying process, facilitating the work of librarians. In addition, databases can be extended and filled with books, mp3 files, and video files in order to help students during the learning process. For example, virtualization can be useful for creating the virtual environment for the distance learning. Course literature, news, and any other important educating information can be easily placed into the virtual environment, students can pass tests online, listen to mp3 files, watch videos that are exclusively uploaded for the teaching purposes on servers in accordance with copyright law. Gadia (2009) goes behind this, pointing out that virtualization is of much use to create a cloud environment, when people can work in a cloud, without the need of extra physical hardware, when it should be ordinary used in order to create work dashboards, accounts, etc.
Operating system virtualization for the last three or four years is very well progressed, both technologically and in terms of marketing. On the one hand, the use of virtualization products has become much easier, they are more robust and functional, and with another – there were a lot of interesting new applications of virtual machines. The scope of virtualization can be defined by following use virtualization products: 1. Server consolidation. Virtualization allows migrating from these physical servers to virtual ones and placing them all on the same physical server, increasing its load up to 60-80 percent, and thereby improving the utilization of equipment that allows you to save on hardware, maintenance and electricity. 2. Development and testing of applications. Set of virtualization products allow you to run several operating systems simultaneously, allowing developers and software testers to test their applications on different platforms and configurations. As a convenient means to create a “snapshot” of the current state of the system with one mouse click and the same simple recovery from this condition, allow you to create test environments for different configurations, which greatly improve the speed and quality of development. 3. Business use. This use of virtual machines is the most extensive and creative. To him belongs all that you may need in everyday handling IT-resources in the business. For example, on the basis of virtual machines can easily create backups of workstations and servers (just copying the folder) to build systems that provide minimal recovery time, and so on.
Using virtual desktops. With the advent of virtual machines will be pointless to do yourself workstation tying it to the hardware. Now create one virtual machine with your work or home environment, you can use it on any other computer. You can also use ready-made templates of virtual machines (Virtual Appliances), which solve a specific task (such as an application server). The concept of the use of virtual desktops can be implemented on the basis of the host servers to run on them roaming desktop users (something like mainframes). In the future, desktop users may not synchronize data with a laptop. This use provides the ability to create secure user workstations that can be used, for example, to demonstrate the capabilities of the program to the customer. According to Scroggins (2013), virtualization “has a direct application to business, strategic planning, and IT in general since this technology is rapidly permeating through the environments of IT departments and businesses around the world.” Using virtual machines is in fact only their scope at the moment, over time; of course, there will be new ways to make virtual machines to work in various sectors of IT. Nowadays IT-infrastructure virtualization projects are actively implemented by many leading companies engaged in system integration. Vendors of different virtualization platforms are ready to provide information on successful projects for the implementation of virtual infrastructure in major banks, industrial companies, hospitals and educational institutions. Many advantages of virtualization operating systems allow companies to save on maintenance, personnel, hardware, ensuring uptime, data replication and disaster recovery. Also virtualization market is becoming crowded with powerful management tools, migration and support for virtual infrastructures, allowing taking advantage of the most complete virtualization.
Research of any kind requires relevant information including facts, charts, graphs, figures. All these are used to justify and support the relevant data in order to get the appropriate research results. Experienced researchers suggest two main research methods that are widely used. The aim of this chapter is to choose the research method that will be best compatible to research design. It will be chosen according to the suggested research question.
The choice is between qualitative or quantitative research methodologies. The latter was ultimately selected as a proper methodology for the study. The advantage of the quantitative method is that it is a deductive approach that is designed to test a hypothesis or a research question in a theoretical aspect, by means of following the model of natural science. The effectiveness of this model is that it is measurable and objective and the research question for this study will be tested objectively, without any consideration of qualitative factors. As Sibandha (2009) points out “quantitative research focuses on gathering numerical data and generalizing it across groups of people”. This research will be aimed at gathering similar variables that will be compared while other constant variables will be kept constant to meet the needs of this study, giving answers to research questions, according to the research design.
The methodology design was chosen to answer the research questions, according to virtual secure DMZ deployment scenario. The variety of DMZ designs was tested in modifications in the context of network vulnerability. According to Geer & Harthorne (2002), there are three major types of methodology design that may be used in order to uncover the results. The first is black-box testing, in which the testers are not familiar with a system or network they test, and they have no prior proper information before they start testing. White-box testing predetermines the knowledge the testers have prior they start testing process. Finally, the grey-box testing methodology design requires at least partial knowledge about a system or a network prior to the testing process.
Since the author of this study was the person involved in experimental tests, and he had important information about the network and system to test in the setting of virtualization, the white-box testing methodology design was used. The scope of this research is limited to the assessment of vulnerability in some phases of white-box testing.
This thesis consists of the introduction, body, and conclusion. In the introduction, the virtualization technique is defined and research questions and sub-questions are stated. The body includes the literature review, methodology, identifying security risks, risks assessment, and the advantages of virtualization for big, medium and small businesses. The conclusions present information for the future perspectives of virtualization technique in relevance to the IT intensive organizations.
The information for this thesis was collected exclusively from the trusted sources, such as scientific journals, monographs, business reports. All of them are internationally accepted and well-structured, bearing good ideas that were very useful for this research. Recently written, they provide necessary information and deliver useful data. The literature review consists of 25 pages, so that the readers of this thesis can get the idea of virtualization in various aspects.
The research procedure took on two important aspects: theoretical and practical. The theoretical part of this thesis included deep analysis of the trusted sources of information (journal articles, dissertations, monographs, researches) that are related to the virtualization technique in different contexts, and particularly in its relation to business. The second part of this research was related to practical application. It was aimed at testing security risks by means of vulnerability assessment with the help of X-Scan tool.
The data for this study was collected within the vulnerability tests in an objective assessment, according to the means of the quantitative research. The vulnerability tests were performed with the help of virtualized DMZs, in order to assess risks according to the justified deployment scenarios. The vulnerability assessment tools provide the author with an opportunity to justify the results of this research by means of using objective means within the deductive quantitative method. The degree of security was tested in the virtualized environment within the DMZ designs, from high to lower levels of security.
The expected results of this study are related to building new strategies of risk mitigation that deal with security threats and risks within the virtualized environments. Mitigation strategies may help to achieve the high level of security, avoiding threats and hacker attacks, in order to improve the virtualized environment.
In the context of this research, the answers to the questions mentioned above will be essential to the choice of this technology and its implementation within a concrete IT intensive organization. The answers will also help to identify the role of virtualization in the process of development in the large, small and medium business categories.
According to this scenario, some RSPS Ltd employee tries to get access to rspstest.com that is hosted on the server of rspsweb01. It is a web server of RSPS Ltd’s of the FTP kind. Rspsweb01is logically located within the DMZ operated network. The data flow that is necessary to reach the web server in order to present a requested page. The process can be illustrated in the following process:
In this DMZ design, physical ESXi servers were logically separated by the physical firewalls. This type of design is regarded as the least complex. The DMZ can be divided into the variety of security trust zones that consist of physical firewalls located between all physical ESXi server clusters. The virtual server machines being parts of external trust zones are stored on the same ESXi servers being separated from internal trust zones by means of physical firewalls. Accordingly, the virtual machines, parts of internal trust zones stay separated by means of the physical firewalls located on the same typically physical ESXi servers.
If the data are not properly secured, privacy and confidentiality risks can become a threat after the virtualization technique is implemented to the existing hardware. If the secure SSL protocol is not used when transferring data, it may lead to privacy and confidentiality risks within the virtualized environment. Data loss and stolen by the third party is possible if the OS is not secured in the cloud environment.
Security risks in the virtualized environment may range from small, moderate to serious. System configurations allow for measuring risks in order to mitigate and manage them properly. The main security risks are related to unexpected hacker attacks and data loss. The first risks may lead to the complete crash of the system, and as for the data loss, it can lead to the loss of customers. Both types of security risks are serious loss for business as they may decrease profits in IT intensive organizations. Therefore, threats should be identified and measured, according to the security policy of the company.
The known threats in the virtualized environment are related to intentional hacker activities and unintentional data loss. Specifically, the risks may be related to the malware, DoS attacks, viruses, Trojan Horses, etc. The risks of privacy and confidentiality can be very serious and may cause the loss of data and customers. Sometimes, the data can be stolen by competitors in order to develop their business perspective in the spotlight of competitive advantages. Threats of data loss should be taken into serious consideration, specifically in relevance to their significant for the built database of customers within the IT intensive organizations. Threats and security risks should be minimized, effectively managed and mitigated.
Common hacker attacks are aimed at intruding the server to prevent it from serving the web-site. Hacker attacks are always serious and the most common methods among hackers are:
From the perspective of security risks assessment, some vulnerability assessment tools in this research were used to get data generated in relevance to a chosen virtual DMZ design, as well as for the physical logically described DMZ design. These vulnerability assessment tools were placed outside the researched network. All the traffic that was generated with the help of these tools was used to simulate Internet users, i.e. according to the scenario, in moving from outside the network. The researched web server “rspsweb01”, when hosting the web site “www.rspstest.com”, with its IP address 192.168.7.115, was identified as the target server to analyze the rate of weakness in the studied design. Accordingly, 6 host parameters served as the benchmark to compare the results collected by the tools of the chosen DMZ design.
The following sub-sections of this chapter will present the analysis of data for each assessment tool within the chosen DMZ design. The process of data analysis was done by means of comparing the results delivered by all vulnerability assessment tools, and later included to the benchmark matrix.
In the process of data collection, assessment tools used in this research detected the unexpected values expressed in some vulnerability parameters. As the mentioned values appeared frequently in the data analysis, we briefly explained them and presented them in Table 5.1 prior to carrying on with the results presentation.
The security assessment tool was targeted in the host as “rspsweb01” in the DMZ design five times. This fact enabled the author of the research to build the strategy of an average output for all security risks discovered by means of the tools that helped to remove all inconsistencies during the data collection process.
Partially collapsed DMZ having physical trust zones included. The security of the chosen network was analyzed with the help of X-Scan software. It gave correct results in relevance of security assessment.
UDP port 53and TCP port 80 were regarded as actual open ports within the stated server rspsweb01. The software of X-Scan could accurately detect both of them as open ports. It also detected 192.168.7.115 to be the correct web server’s IP address, and it detected rspstest.com to be the host name, as well as Windows NT x.x the software considered as the OS for this web server. X-Scan failed to detect the MAC address of the server, i.e. 00-0c-29-88-0e-48. Although X-Scan had no success in detecting the DNS service on this server; this tool could correctly detect the enabled manually HTTP service. X-Scan detected route results that were not as accurate when compared with the results of the actual active routes for the server. Moreover, this tool could not detect any firewalls to protect the direct connection to the web server. The diagram to show the level of vulnerability and security risks detected by X-Scan.
The presented results depicted show that the largest vulnerability that may lead to potentially dangerous penetration is open ports. The rate of vulnerability for the X-Scan for open ports is level 4. This identified vulnerability level is related to the clear detection of the web server route that is 3.5 on the diagram scale. X-Scan managed to discover the route to this web server, however the values were not be completely accurate.
The yellow bars show the possible detection of the OS fingerprints, proving that the enabled server services are moderately vulnerable to security risks. The level of server vulnerability was detected to be in the range of 2 to 3. The tools of X-Scan failed to detect a chosen MAC address or any firewall protection in the server.
Therefore, the vulnerability level for MAC OS address and the firewall detection, according to X-Scan was measured to be below 2.
Risk security and vulnerability levels within a partially collapsed DMZ, with physical trust zones included, in detection by X-Scan. In this assessment diagram, in the open ports the routes to the web server were detected as the most vulnerable values and were detected in red. Accordingly, the OS Finger Prints and other services were identified as having an intermediate level of risk and vulnerability and were marked in yellow. The MAC OS address and firewalls did not indicate security threats or any security risks, and were marked in green.
In this sub-section, the key findings of this research within the frames of the chosen virtual DMZ design are presented. The data were analyzed in the context of the research question and sub-questions: “What effect can the use of Virtualization have on IT intensive organizations?”; “How can an organization benefit from using Virtualization compared to other solutions?”;” What are possible issues that occur with Virtualization?”;” What are VMware Virtualization security risks and how must they be handled?” The discussion was provided in this context that was primary aimed at identifying security risks and learning how to mitigate and manage them within an IT intensive organization, addressing primary research questions in regard to the chosen virtual DMZ design that will be discussed in more details in order to answer research questions and develop the key findings for the future perspectives, when providing further research on this matter.
The chosen design of a partially collapsed DMZ predetermined the separation of the identified trust zones by means of two physical logically oriented firewalls. In opposing to the traditional design with the only presented difference of the chosen design, it is used that instead of traditional deploying, the physical logically oriented servers in each available service within the DMZ, this design is of much benefit in the process of virtualization. Engineers can deploy virtual machines, adjusting them for the hosting services that are publically available like web- and mail servers, as well as FTP servers within the DMZs. Such virtual machines with their hosts can be separated into various security trust zones with the help of physical firewalls. VMs can have specific configurations normally in order to egress or ingress traffic when permitting it, discarding or blocking TCP/IP particular services in the DMZ or within the network. Available necessary ports can be easily opened within the firewalls being configured and mapped in forward to a specific IP address that allows for access to the special services that are mentioned above. The level of security in such system design can be determined by means of the level of protection with the help of inspection algorithms, according to the firewalls settings. In this case, virtualization should be regarded as a technology that empowers the systems and networks engineers, encouraging them to utilize the existing hardware resources thoughtfully and efficiently. In this respect, the deployment is secure within the chosen design of the partially collapsed DMZ with the physical logically oriented trust zones included.
In spite of the risks related to the implementing the virtualization technology to practice, the new technology has many advantages that should be taken into consideration after assessing the risks. Serious security threats and risks may be mitigated if a company plans carefully for such issues. However, the benefits of implementing the virtualization technology is of more advantages, according to which small, medium or large businesses can make decisions in its favor. Virtualization is not a new fashionable trend; however, it could lead companies to save significant costs if it is implemented with care and necessity. In this section, the benefits of virtualization for small, medium and large businesses will be discussed. Some features will be common, and some will differ. However, the number of benefits increases when it comes to larger businesses, and virtualization opens perspectives for the companies in the new horizons.
Implementing virtualization is beneficial for small business for several reasons:
There are no major differences between implementing virtualization in small and medium businesses. However, when implementing the server virtualization for the purposes of the large business, the advantages are more traceable.
Large business is characterized by a number of risks; however, the number of opportunities in virtualization includes:
This work is dedicated to studying virtualization in the context of risks, threats and benefits for IT intensive organizations. The introduction provided the definition and background on virtualization. The body of the paper presented the key concepts of the methodology, research procedure, design, results and risks assessments, as well as the relevant information related to advantages of the virtualization for small, medium and big business. Security risks for virtualization were illustrated with the help of the example of partially collapsed DMZ. Accordingly, open ports and routes are the most vulnerable compared to other components of the system (the example – Mac OS). The process of testing security risks that are present in the virtual environment, can be managed by means of defense strategies such as security in the clouds and work space, implementing secure strategies (setting up antivirus programs), hiring professional IT specialists and system administrators, etc. Security risks for this field were evaluated by the X-Scan tool as moderate. However, mitigation and defense strategies are essential in order to get OS secured from crashes, since threats and hacker attacks.
In spite of the security issues, virtualization is a very perspective technique that in the future will hopefully be widespread, specifically in the big business environment. Particularly, it would be useful to implement virtualization technique in public libraries, health care institutions, governmental branches, and courts. Such initiatives are useful, but require grants in order to be implemented. However, the future development of virtualization will go along with creating superpower virtual machines that can be used by big research institutions in order to collect and analyze huge amounts of data for providing experiments in ecology, biology, the aerospace industry, and engineering,. The technique would be useful in future.
It was found out that the success of virtualization depends on the successful implementation of the deployment scenario. With the help of the hypervisor, it is possible to reach success, when following the procedure correctly. In some cases, virtualization fails because of threats and drawbacks in OS. However, advantages of the successfully implemented virtualization technique are what can be considered as the main benefit for an IT intensive organization. Globally, this technique allows using resources efficiently, considering side effects modern hardware has on the nature. The green IT effects of virtualization are known by energy and hardware efficiency.