For organizations, the cloud’s per-use approach provides tangible relief from hardware or software investments by offering a pay-for-service model. The benefits include greater resource access, dynamic scaling, and improved costs, along with the ease of automated management for resources and performance. Companies adopt cloud computing to reduce infrastructure overhead, adjust service levels to meet changing needs, and to quickly deliver applications. However, with these advantages come certain limitations, especially in relation to security.
Multi-tenant infrastructures typically offer scaled performance and services based on shared resources, including databases, other applications, and OSs. For some organizations, this leaves them open to a variety of threats both from inside the firewall, as in the case of a private cloud, and from outside.
One example of a company that employs a comprehensive open source solution is cloud provider Colosseum Online. The company uses both Red Hat Enterprise Virtualization (RHEV) and RHEL KVM not only for its core infrastructure, but also for its cloud platform, which offers IaaS and other services. RHEV enables the Colosseum IT team to migrate all workloads and specific hypervisors offline for software or hardware updates. Such control extends to security patches, bug fixes, and related updates. It represents a degree of security management and granularity unique to KVM.
The high performance critical to cloud environments and achieved by open source is due to the fact that KVM leverages Linux to handle high I/O rates. Since it’s built into Linux, KVM utilizes many of the OS performance and security capabilities.
When it comes to virtualized environments, such as clouds, that contain multiple tenants, the KVM hypervisor provides a level of protection comparable to proprietary technologies. Security takes place at three different levels: the Linux kernel (SELinux), the network filtering level, and hardware isolation.
In the past, open source solutions lacked a compelling management model with efficient enterprise-level security. However, along with innovations, such as multi-core CPU technology, open source development via online communities and support from Open Virtual Alliance (OVA), KVM now offers distinct benefits.
For example, the oVirt project provides advanced capabilities for open source virtualization management, including high availability, live migration, storage management, and system scheduling. These features, along with high performance and security, make open source KVM a technology of choice as more data centers are increasingly mixed open/proprietary environments.
Reproduced from Global Knowledge white paper: KVM Security in the Cloud: A Choice That Matters.