Virtualization
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Let's begin by talking about virtualization.
00:00
Now, earlier we talked about virtualization,
00:00
but we want to beef up
00:00
the content on a couple of areas that are
00:00
going to get some new focus on the updated exam.
00:00
I want to talk a little bit about the idea of
00:00
a virtual desktop infrastructure and
00:00
the capability that that gives us to run thin clients.
00:00
It's very desirable to have thin clients.
00:00
What this idea comes from is it
00:00
comes from back in
00:00
the days when we had mainframe computers.
00:00
An organization would spend a lot of money and put
00:00
a lot of resources into this giant, massive mainframe.
00:00
Then everybody would connect into
00:00
the mainframe from their terminals on their desktops.
00:00
There was no processing capability.
00:00
The downside of that was I'm not really doing
00:00
anything locally and then the upside of that was,
00:00
hey, I'm not really doing anything locally.
00:00
What that means is that
00:00
local computer doesn't have to constantly be updated,
00:00
it doesn't have to have new hardware,
00:00
it doesn't have to get patched.
00:00
When I have a thin client,
00:00
it runs the most basic hardware,
00:00
basic operating system,
00:00
and we're not loading up
00:00
all these tools and all these services on the local PC.
00:00
That lets us get away with connecting
00:00
into our environment with a very cheap system.
00:00
If I'm making decisions for an organization,
00:00
thin clients are great
00:00
because that saves me a lot of money.
00:00
We still have to have all this processing capability.
00:00
It has to happen.
00:00
If it's not happening locally,
00:00
then the question is, where is it happening?
00:00
Well, we're going to be connecting
00:00
into a virtual machine.
00:00
We're going to use some protocol like RDP.
00:00
If you remember, remote desktop protocol
00:00
allows me to access
00:00
another system as if I'm sitting there,
00:00
as if I'm locally in front of the system.
00:00
I'm using my computer to run a program on the server.
00:00
Now, actually what's happening
00:00
is rather than me just running individual programs,
00:00
what I'm doing is I'm connecting to
00:00
a virtual machine on another server.
00:00
My client loads the VM image and there will be
00:00
different VM images for
00:00
different end user work stations
00:00
or different categories of systems.
00:00
When my computer boots up as the user,
00:00
I'll choose the correct image I want to boot to.
00:00
Then I'm loading basically
00:00
a virtual machine that's actually
00:00
residing on another server.
00:00
All the processing is happening on that server.
00:00
As a matter of fact, this is a good way also to
00:00
make sure a consistency of image.
00:00
You configure your image and it's sometimes
00:00
called the golden image because that's
00:00
the image that we boot to and we
00:00
continue to return to this golden image.
00:00
As a user, I go in and I can make
00:00
any configuration changes I want in a minute.
00:00
But each time I reboot,
00:00
I go back to the golden image
00:00
from the VM, if that makes sense.
00:00
We don't have to worry about users adding things,
00:00
removing things that are critical.
00:00
It's all taken care of each time they
00:00
boot because they are loading the golden image again.
00:00
It's very helpful from that standpoint as well.
00:00
Now, the user data,
00:00
so it's not going to save your configuration changes,
00:00
but the user data is going to be
00:00
stored as part of a network profile.
00:00
I don't know if you've worked a lot with profiles.
00:00
If you go more specifically into a course with,
00:00
like Active Directory for
00:00
Windows or any of the directory services,
00:00
they'll talk about user profiles.
00:00
But much like it sounds like,
00:00
a user profile is linked to
00:00
each individual user and it has
00:00
a collection of their preferences,
00:00
their settings and so
00:00
user data is saved as part of that profile.
00:00
That profile can be
00:00
accessed from anywhere on the network,
00:00
so that gives us a lot of flexibility.
00:00
Now, the downside here is of course,
00:00
if I have to boot to VM located on another server,
00:00
if that server fails,
00:00
then I really can't access the network.
00:00
I really can't do the work that I need.
00:00
We have a lot of pressure on
00:00
the server that's providing the VMs,
00:00
which means of course,
00:00
we need to focus on redundancy and
00:00
high availability just because of
00:00
the negative impact if that server were not available.
00:00
Now, along the same lines,
00:00
we also have application virtualization.
00:00
Now, this
00:00
requires less infrastructure than virtual desktops.
00:00
This is something we're basically,
00:00
I don't know if everyone here,
00:00
I'm sure not everyone, but some
00:00
>> of you probably have been
00:00
>> around since the time when we used terminal services.
00:00
Terminal services release the predecessor to
00:00
application virtualization. You know how we are.
00:00
We like to take an idea, polish it up,
00:00
give it a fancy new name,
00:00
and then teach it as something totally
00:00
different in class after class.
00:00
That's just how IT works.
00:00
If we don't have any exciting changes to make,
00:00
we'll make up something to change.
00:00
Application virtualization is
00:00
an extension of terminal services.
00:00
What that means is I have my local computer,
00:00
I'm accessing an application on a remote server,
00:00
and the application's running on that server.
00:00
Now it's different from the virtual desktop because
00:00
I'm not loading a virtual machine from another server.
00:00
I'm simply on my laptop,
00:00
on my end user workstation, whatever it is.
00:00
I have all my files here,
00:00
but a specific application,
00:00
I'm running off the server.
00:00
The big benefit that
00:00
this gives me is it gives me isolation.
00:00
For instance, let me back up and
00:00
say it certainly lets me have a thinner client.
00:00
That's one of the benefits we talked about a minute ago.
00:00
But another benefit is that it gives me isolation.
00:00
Sometimes certain applications don't play well together.
00:00
As a matter of fact, a lot of times,
00:00
if you're using multiple versions of the same product,
00:00
like I might use Office 2016 and Office 2020,
00:00
I may need them both to run for whatever reason.
00:00
Maybe there's a capability in 2020 that I need,
00:00
but still something in 2016 I need.
00:00
That's one of the common reasons we
00:00
do application virtualizations and
00:00
so I can install one file
00:00
locally and access
00:00
the other file through application virtualization.
00:00
Or I could run both files on separate virtualized apps.
00:00
Virtualization is virtualization.
00:00
Its primary design was to allow
00:00
isolation and separation often
00:00
for processes that need their own space,
00:00
need their own resources,
00:00
need their own environment.
00:00
It's true of the virtual desktop infrastructure,
00:00
it's true of application virtualization.
00:00
Then also we have
00:00
container virtualization or containerization.
00:00
I think that's a great word.
00:00
Container virtualization again, extends on these ideas.
00:00
This is very common or comparable to the VDI,
00:00
the virtual desktop infrastructure,
00:00
except this is more an idea based on partitioning.
00:00
If you haven't been around,
00:00
you probably haven't had a lot of
00:00
exposure to needing to partition a hard disk,
00:00
for instance, multiple places and for multiple reasons.
00:00
The idea, this is in
00:00
some ways better than a virtual machine
00:00
because I may have partitions or
00:00
containers with certain files,
00:00
certain instances of applications,
00:00
and yet they're all running in
00:00
the same environment as
00:00
opposed to in different virtual machines.
00:00
They're all using the same resources,
00:00
whereas I don't actually have to
00:00
load a virtual machine to make this happen.
00:00
If you've got three different virtual machines
00:00
running on a system,
00:00
that takes up a lot of resources.
00:00
Even before you do the things that
00:00
you wanted to do in the first place,
00:00
you have to set up multiple virtual machines,
00:00
that's very resource intensive.
00:00
But here we can create
00:00
containers which are very comparable
00:00
to a partition in which these apps can run independently.
00:00
We can in all those apps share one set of
00:00
resources instead of having to allocate
00:00
resources to multiple virtual machines.
00:00
We basically have several different ways
00:00
of creating that virtualized environment.
00:00
But they're all for the purpose of being able to have
00:00
the capability to run applications in
00:00
such a way that they don't interfere with each other.
00:00
Then the last thing I wanted to talk about
00:00
is I wanted to talk about a security issue
00:00
that comes up in
00:00
virtual environments and one
00:00
that's getting more and more significant,
00:00
as we're more and more dependent on
00:00
Cloud service providers and on virtualization.
00:00
It's called VM escape.
00:00
I just mentioned how important it is that
00:00
virtualization gives us isolation.
00:00
That's the whole reason we virtualize an environment.
00:00
I need to be truly separate.
00:00
Now, the problem with VM escape is that there's
00:00
certain malware that is designed to
00:00
sniff out other virtual machines on the same host.
00:00
The point is to be able to exit one VM and
00:00
jump over either to
00:00
the host system or to another virtual machine.
00:00
Now of course, that's
00:00
counter to what a virtual machine should do.
00:00
But remember, any time that we
00:00
have multiple virtual machines
00:00
running on the same physical machine,
00:00
there's always the potential.
00:00
Virtualization is great.
00:00
I don't have to have a separate physical machine
00:00
for these different services.
00:00
But if you put all the services
00:00
running on the same system,
00:00
you have multi-tenancy,
00:00
which means I have multiple guests on the same system.
00:00
We've got to be very careful.
00:00
This is a major concern when it comes to talking about
00:00
Cloud security because I
00:00
may have access to Cloud based resources,
00:00
but that Cloud service provider has
00:00
probably leased that same physical server to
00:00
10 other clients and we're all on the same system,
00:00
albeit we have different VMs.
00:00
VM escape would allow something from
00:00
another organization potentially to
00:00
spread to something that would infect my organization.
00:00
Obviously, this is a big problem.
00:00
The key here is to make sure the hypervisor is patched.
00:00
Make sure the hypervisor is up to date,
00:00
that we show due diligence and ensure that
00:00
the hypervisor is it's
00:00
the heart and soul of virtualization.
00:00
In order to protect our VMs,
00:00
we have to protect the hypervisor.
Up Next
Similar Content
