Tag Archives: virtualization

New Blueprint available: Securing KVM guests and the host system

IBM recently made available another Blueprint of my authorship: Securing KVM guests and the host system.

The text, which also has a PDF version, brings a couple of steps and some discussion around the theme of KVM Security for the Red Hat Enterprise Linux running on IBM System x with Virtualization capability. Those include remote management aspects, host and guest security, a few suggestions for auditing and why not some image-at-rest cryptography?

The complete index follows:

  • Introduction
  • Securing KVM guests and the host system
    • Secured KVM remote management
    • Setting up secure remote management
    • Remote management using SSH tunnels
    • Remote management using SASL authentication and encryption
    • Remote management using TLS
  • Guest virtual network isolation options
    • Network port sharing with Ethernet bridges
    • Network port sharing using 802.1q VLANs
  • Auditing the KVM virtualization host and guests
    • Audit rules file
  • KVM guest image encryption
    • Using encryption in KVM guest images
    • Migrating existing guests to encrypted storage
    • Installing a new KVM guest
    • Storing encrypted guest images
  • Appendix A. Sample audit rules file
  • Appendix B. Troubleshooting

Feedback, comments, corrections and suggestions are welcome as always, and we now have a way to provide them directly in the text. Questions can be answered in the developerWorks Linux Security Community Forum.