Book Image

VMware vCloud Security

Book Image

VMware vCloud Security

Overview of this book

Security is a major concern, in particular now that everything is moving to the cloud. A private cloud is a cloud computing platform built on your own hardware and software. The alternative is to deploy the services you need on a public cloud infrastructure provided by an external supplier such as Amazon Web Services, Rackspace Cloud, or HP Public Cloud. While a public cloud can afford greater flexibility, a private cloud gives you the advantage of greater control over the entire stack. "VMware vCloud Security" focuses on some critical security risks, such as the application level firewall and firewall zone, virus and malware attacks on cloud virtual machines, and data security compliance on any VMware vCloud-based private cloud. Security administrators sometimes deploy its components incorrectly, or sometimes cannot see the broader picture and where the vCloud security products fit in. This book is focused on solving those problems using VMware vCloud and the vCloud Networking and Security product suite, which includes vCloud Networking and Security App, vShield Endpoint, and vCloud Networking and Security Data Security. Ensuring the security and compliance of any applications, especially those that are business critical, is a crucial step in your journey to the cloud. You will be introduced to security roles in VMware vCloud Director, integration of LDAP Servers with vCloud, and security hardening of vCloud Director. We'll then walk through a hypervisor-based firewall that protects applications in the virtual datacenter from network-based attacks. We'll create access control policies based on logical constructs such as VMware vCenter Server containers and VMware vCloud Networking and Security security groups but not just physical constructs, such as IP addresses. You'll learn about the architecture of EPSEC and how to implement it. Finally, we will understand how to define data security policies, run scans, and analyze results.
Table of Contents (13 chapters)
VMware vCloud Security
Credits
Foreword
About the Author
Acknowledgement
About the Reviewers
www.PacktPub.com
Preface
Index

Auditing and logging


One of the most important factors for the overall system security is to record and monitor the activities of the users. The organization maintains their compliance with rules by maintaining an audit log of significant activities. Using audit logs, an organization verifies and detects any violations and initiates remediation activities.

Audit logs can also help the organization in detecting attempts, whether successful or not, to gain illegitimate access to the system, probe its information, or disrupt its operation.

VMware vCloud Director includes the following two types of logs:

  • Diagnostic logs that are maintained in each cell's log directory. You can export it to a centralized Syslog server as well

  • Audit logs that are maintained in the database, and optionally, in a Syslog server

As a vCloud system administrator, you can view the system log to monitor system-level tasks that are in progress. Also, you can find and troubleshoot failed tasks as well. You can also analyze vCloud Director logs to monitor vCloud Director cells.

As a vCloud organization administrator, you can view the log for an organization to monitor organization-level tasks that are in progress. In addition, you can find and troubleshoot failed tasks.

So essentially, we are talking about system-level and organization-level tasks.

vCloud Director provides logging information for each cloud cell in the system. You can view the logs to monitor your cells and to troubleshoot issues.

You can find the logs for a cell at /opt/vmware/cloud-director/logs.

The following table shows the log names and their purposes:

Log name

What the log shows

cell.log

The console output from the vCloud Director cell

vcloud-container-debug.log

Debug-level log messages from the cell

vcloud-container-info.log

Warnings or errors encountered by the cell

vmware-vcd-watchdog.log

When the cell crashed, restarted, and so on

diagnostics.log

Diagnostics information (but this first needs to be enabled in the local logging configuration)

YYYY_MM_DD.request.log

HTTP request logs in the Apache common log format

Apart from the diagnostics logs in the vCloud Director, you have audit logs mentioned in the preceding table as well. However, by default, these files are not forwarded to the centralized logging server. You have to manually configure the vCloud cell to forward these to the centralized logging server.

It is recommended that you configure this option for the following reasons:

  • It allows audit logs from all the cells to be viewed together at a central location at the same time.

  • Database logs are not retained after 90 days, but logs transmitted via Syslog can be retained as long as desired.

  • It protects the audit logs from loss on the local system due to failure, lack of disk space, compromise, and so on.

  • Supports forensics operations in the face of problems as those listed previously.

  • Logging to a remote system, instead of the system the cell is deployed on; provides data integrity by inhibiting tampering. Even if the cell is compromised, it does not necessarily enable access to or alteration of the audit log.

  • For enabling a centralized Syslog server in vCloud Director 5.1, follow this knowledge base article from VMware, http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1026815.