Thursday, June 21, 2012

Inter VM NSM

Cloud is everywhere now, and I have been playing with OpenVSwitch for a while, it looks like a critical solution to provide network security monitoring to virtualization technology. If you want to know more about OpenVSwitch, information can be found in the website below -

http://openvswitch.org

The OpenVSwitch is not just a virtual switch, it offers many network traffic monitoring features such as span, rspan, netflow and sflow, I have tried out many features in OpenVSwitch and they are useful depending on your monitoring need.

Traditional network traffic monitoring is not going to help here, you can't simply deploy a network tap or port mirroring to monitor the traffic in the cloud server farms, of course you can still monitor when the virtual machines are talking to outside world, however you can't really see the conversation between virtual machines. For example, when vm1 performs network scanning on other virtual machines in the same cloud server.

More thoughts need to be put into cloud network security monitoring since it becomes a trend and widely used in enterprise world, I have encountered couple of times where performing forensics operation is much harder in the cloud.

OpenVSwitch seems to be promising, hopefully with the inclusion of OpenVSwitch in Linux 3.3 kernel, it will become more popular and widely used.

http://blog.sflow.com/2012/03/linux-33-released.html

Cheers ;]