Email this Article Email   

CHIPS Articles: NIST Updates Pub for Server Virtualization Security

NIST Updates Pub for Server Virtualization Security
By CHIPS Magazine - June 7, 2018
Server virtualization is now ubiquitous across most organizations β€” a critical part of their enterprise IT infrastructure for data centers and cloud services. Virtual servers reduce the physical space required for physical servers and power usage β€” and offer better utilization of hardware resources. The core software used for server virtualization, the hypervisor, directly provides CPU and memory virtualization, NIST said in a release June 7.

β€œThe hypervisor platform is a collection of software modules that provide virtualization of hardware resources, such as CPU, memory, network, and storage, and enables computing stacks, (operating systems and application programs) called virtual machines (VMs) to run on a single physical host,” NIST explained.

The hypervisor platform may also have the functionality to define a network within a single physical host to enable communication among the VMs resident on that host, as well as with physical and virtual machines outside the host. The hypervisor facilitates access to physical resources, provides run time isolation among resident VMs, and enables a virtual network that provides a communication flow among the VMs and between the VMs and external network.

To ensure security, NIST published a revision of Special Publication (SP) 800-125A, now titled Security Recommendations for Server-based Hypervisor Platforms, which was originally published earlier this year. SP 800-125A Revision 1 adds security recommendations for technologies, such as device passthrough and self-virtualizing devices, that are used for deploying virtualized servers for high performance applications. The recommendations in the revision relate to safeguarding the secure execution of baseline functions of the hypervisor and ensuring they are agnostic to the hypervisor architecture. These recommendations are exclusively to be used for a hypervisor deployed for server virtualization and not for other use cases such as embedded systems and desktops, NIST said.

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer