Tag Archives: kvm

My talk for LinuxCon Brazil 2010 (KVM Security)

I’m back from LinuxCon Brazil 2010. After spending two entire days off-line (interesting experience btw), I can finally upload the slide deck for my talk, “KVM Security – Where Are We At, Where Are We Going”, as promised.

I can’t spend time reporting on the event right now, so I’ll just summarize that it was in my opinion the best Linux-related even we had down here so far, with some good talks from both local and foreigner guys.

The funniest part, however, was seeing Linus having it’s own Justin Bieber moment, with girls freaking out and everything šŸ˜‰

Thanks for everyone who attended. I hope we can all meet again next year for an even better event.

PS.: I ended-up canceling the Linux Professional Development BoF, due to confusions with scheduling and a couple of other things – Sorry for everyone who planned to attend, but keep in touch (comment here or email me at klaus@klauskiwi.com) – I still have the idea of at least mapping the Linux professional development industry here in Brazil. We need better know each other, really!

-Klaus

ApresentaĆ§Ć£o FISL 11: SeguranƧa em VirtualizaĆ§Ć£o utilizando o KVM

Abaixo estĆ” o link para o PDF da minha apresentaĆ§Ć£o utilizada no FISL 11 sobre “SeguranƧa em VirtualizaĆ§Ć£o utilizando o KVM”.

Lembrando que eu devo abordar novamente este tĆ³pico na LinuxCon Brasil 2010, que acontecerĆ” dia 31 de Agosto e 1Ā° de Setembro deste ano – fique ligado na programaĆ§Ć£o. Aproveito tambĆ©m para adiantar que eu devo conduzir um “Encontro de desenvolvedores profissionais de Linux” na mesma LinuxCon Brasil 2010. DeverĆ” ser uma oportunidade para encontrar colegas das vĆ”rias empresas que trabalham direamente com desenvolvimento do Sistema Operacional Linux, e debater sobre o mercado de trabalho, educaĆ§Ć£o, e realizaƧƵes. Entre em contato (klaus arroba klauskiwi.com) ou deixe um comentĆ”rio se estiver interessado neste mini-summit.

ComentĆ”rios, correƧƵes e dĆŗvidas sĆ£o sempre bem-vindas!

-Klaus

ApresentaĆ§Ć£o em PDF: SegurancaKVM-Oo.org

New Blueprint available: Securing KVM guests and the host system

IBM recently made available another Blueprint of my authorship: Securing KVM guests and the host system.

The text, which also has a PDF version, brings a couple of steps and some discussion around the theme of KVM Security for the Red Hat Enterprise Linux running on IBM System x with Virtualization capability. Those include remote management aspects, host and guest security, a few suggestions for auditing and why not some image-at-rest cryptography?

The complete index follows:

  • Introduction
  • Securing KVM guests and the host system
    • Secured KVM remote management
    • Setting up secure remote management
    • Remote management using SSH tunnels
    • Remote management using SASL authentication and encryption
    • Remote management using TLS
  • Guest virtual network isolation options
    • Network port sharing with Ethernet bridges
    • Network port sharing using 802.1q VLANs
  • Auditing the KVM virtualization host and guests
    • Audit rules file
  • KVM guest image encryption
    • Using encryption in KVM guest images
    • Migrating existing guests to encrypted storage
    • Installing a new KVM guest
    • Storing encrypted guest images
  • Appendix A. Sample audit rules file
  • Appendix B. Troubleshooting

Feedback, comments, corrections and suggestions are welcome as always, and we now have a way to provide them directly in the text. Questions can be answered in the developerWorks Linux Security Community Forum.