In my last article, I had written about the “The Sometimes Fun, But Scary, Risks Of VM Administrator Access” and the sometimes startling amount of access to systems and data that the VM administrator has. As Mike Poor from Intelguardians put it…
“virtualization does wonders to solve the IT asset management problem, but creates some huge nightmares for the data containment problem. We both agreed that when dealing with sensitive systems and data, partitioning data to separate ESX clusters with no shared access makes a lot of sense.”
Continuing this line of thinking made me realize the breadth of skills required for effective VM administration, and makes me question the notion that Mark Gaydos wrote that “The VM Virtualization Administrator is Dead: Long Live Virtualization!” As a commenter wrote,
[And then] There are still some struggles that we have with the other (sub)departments…network guys don’t understand why we want multiple 10G channels into the blade chassis (”It’s only got 14 blades…why do you need that much bandwidth?” “Ummm, because there’s actually > 170 virtual servers running in there, and they all use the network…”), and the storage team doesn’t understand why iSCSI doesn’t work for everything all the time (”but [insert document here] says that iSCSI is cheaper and faster for VMware…we’ll just give you some LUNs, you don’t need an aggregate to yourself…”, ugh).
It’s not just that VM admins will need to interface with storage folks. The VM admin suddenly find themselves owning an incredibly high number of automated controls that are critical to achieving both IT operational and security objectives. To do this job right, we’re talking about someone who can span the boundaries of being an enterprise architect, storage, a security architect, a VM administrator, as well a security reviewer. (i.e., “Hey, I need to deploy this new application over the weekend that Marketing needs. Can you help me with this VLAN and open up a firewall port?”)
The last example about the firewall ports needing to be opened used to be clearly an information security responsibility. In the virtualized world, we can only hope that the person responding to the request will be information security – because the decisions they make surely will have information security implications.
To make good decisions, they must create appropriate trust boundaries, ensure separation of duty, do VLAN administration, as well as understand the security implications of certain types of changes. This is on top of having to deal with all the operational messiness of dealing with capacity, hardware dependencies, etc.
Is it realistic for anyone to make all these decisions and do all this work without the help of information security? Is it realistic that everyone in the organization can make well-informed decisions around VM and VMM issues without a VM domain expert? In my opinion, both seem very unlikely!
“Can you please add a VLAN and open up a firewall port for me? Oh, and by the way, I need it by Monday. The Marketing folks already scheduled the promotional print ad to run in the Sunday newspapers…”