Supporting Virtualisation and Linux Security
Cambridge, UK | 10 December 2014
The Campus Best Practice team have been extremely busy and have prepared a range of new and updated best practice guides to help NRENs and Campus IT teams keep their infrastructure secure and up to date.
In particular their recent efforts have focused on helping secure Linux systems and supporting the growing field of virtualised network devices.
Linux is an increasingly popular choice for an operating system in a server environment. The granularity and flexibility of settings, high performance, reliability and security are some of its comparative advantages over other operating systems. The vast majority of services that academic institutions provide to their users are hosted on servers running the Linux operating system. Due to infrastructure limitations, one sever often hosts several services, which adds to the challenge of protecting the Linux server. System administrators are expected to protect the server from potentially malicious activities that could jeopardise or compromise the provision of services.
However, the protection of a Linux server is not a one-time effort, but a lasting process that continues as long as the server is in use. The Campus Best Practice teams, led by AMRES, have produced a simple to use guide to help campus IT teams ensure their Linux infrastructure is as secure as possible.
IT infrastructures have changed significantly in the last few years, particularly in the area of virtualisation of server systems. This area is already relatively stable, but in recent times; virtualisation has also begun to penetrate into the area of network infrastructure.
Of course network infrastructure as a whole cannot be virtualised to the same extent as server systems, because it includes the physical part of the data centres themselves. Despite this, we can find applications that can be suitably virtualised as a whole or in part.
This document, produced by CESNET, describes the benefits of virtualisation, but also looks at the disadvantages – when it is better not to use virtualisation. Included here are the requirements for virtual infrastructure, since the network devices used here have slightly different requirements to classical virtual servers in terms of network integration.
The guide also considers the question of what parts of the infrastructure are suitable for virtualisation and what parts are not, and outlines the benefits of virtualisation which are in cost-reduction and increased scalability of the infrastructure deployed.
This is an invaluable resource for any team considering network device virtualisation within their infrastructure. Both these Campus Best Practice Documents and many more new and updated guides can be downloaded from the Campus Best Practice Knowledge Base.