IBM recently made available another Blueprint of my authorship: Securing KVM guests and the host system.
The text, which also has a PDF version, brings a couple of steps and some discussion around the theme of KVM Security for the Red Hat Enterprise Linux running on IBM System x with Virtualization capability. Those include remote management aspects, host and guest security, a few suggestions for auditing and why not some image-at-rest cryptography?
The complete index follows:
- Securing KVM guests and the host system
- Secured KVM remote management
- Setting up secure remote management
- Remote management using SSH tunnels
- Remote management using SASL authentication and encryption
- Remote management using TLS
- Guest virtual network isolation options
- Network port sharing with Ethernet bridges
- Network port sharing using 802.1q VLANs
- Auditing the KVM virtualization host and guests
- Audit rules file
- KVM guest image encryption
- Using encryption in KVM guest images
- Migrating existing guests to encrypted storage
- Installing a new KVM guest
- Storing encrypted guest images
- Appendix A. Sample audit rules file
- Appendix B. Troubleshooting
Feedback, comments, corrections and suggestions are welcome as always, and we now have a way to provide them directly in the text. Questions can be answered in the developerWorks Linux Security Community Forum.