April 26, 2012 at 14:04History No. 3 “Problems with virtual machines” (from “5 stories about information security”)
We continue a series of posts in which we talk about the problems that an IT specialist may encounter in the absence of suitable tools for monitoring and auditing changes in various IT infrastructure platforms.
You can read the first two stories here and here .
And now the third story, “Problems with virtual machines . ”
That the day was clearly not set, it becomes clear when the performance monitoring system begins to send you alarm messages by e-mail and SMS. Even worse, when it turns out that the subject of these alarm notifications is the infrastructure of the organization’s key virtual machine.
John met all six of his fellow administrators, rushing to the data center for one single purpose: to find out why the monitoring system informed them that the 4 main virtual host servers literally melted from congestion. Four administrators connected to various host server consoles, and the remaining three tried to figure out what was happening through the monitoring software.
“Why are there two hundred virtual machines here?” Kate asked in horror.
“I only have one hundred and fifty,” said John, staring in astonishment at the incredible amount of running virtual machines. - And the memory is overloaded six times! I don’t even have a clue why all these cars are here, ”he added. And he began to stop virtual machines, the purpose of which he did not know, trying to get a response from the server.
“Judging by the data, they have been here for a long time, but it looks like they all were launched just a couple of minutes ago. Do they all work on Windows 7? Asked another administrator. “When did these servers become part of the virtual infrastructure?”
“Never! Cried John. - Virtual servers are only launched here. But this is our Exchange server, unfortunately. Now everything is cut off from email. ”
“No one also has access to corporate applications,” Juan snapped, looking at the console. “There are a hundred extra virtual machines on this host, and all of them are not responding.” I try to stop them, but nothing happens. ”
A couple of hours later, when the hosts were established, the administrators discussed what had happened. “Where did all these cars come from?” - John began the discussion. Everyone shook their heads; nobody knew that. “Can't you find this in magazines?” The movement was repeated. “We need to find out who had permission to create virtual machines and talk to each of them.”
“No one admits,” Juan said. “They know it's their fault.”
“What else can we do? "The leadership requires an answer, and nothing else but how to communicate with everyone - and this, by the way, is more than 60 people - we can not offer." Yes, the week is still that ...
They needed a solution that would enable audit logs on these virtual hosts. A centralized, integrated magazine that could quickly show who created hundreds of virtual machines on these hosts, and, just as important, who launched them almost simultaneously.
NetWrix has programs for monitoring and auditing virtual infrastructure changes. You can familiarize yourself with them here (VMware Change Reporter) and here (Change Reporter
for System Center Virtual Machine Manager)
But what is really interesting is what solutions you know or use in your work in order to audit changes in virtual environments ?
You can read the first two stories here and here .
And now the third story, “Problems with virtual machines . ”
That the day was clearly not set, it becomes clear when the performance monitoring system begins to send you alarm messages by e-mail and SMS. Even worse, when it turns out that the subject of these alarm notifications is the infrastructure of the organization’s key virtual machine.
John met all six of his fellow administrators, rushing to the data center for one single purpose: to find out why the monitoring system informed them that the 4 main virtual host servers literally melted from congestion. Four administrators connected to various host server consoles, and the remaining three tried to figure out what was happening through the monitoring software.
“Why are there two hundred virtual machines here?” Kate asked in horror.
“I only have one hundred and fifty,” said John, staring in astonishment at the incredible amount of running virtual machines. - And the memory is overloaded six times! I don’t even have a clue why all these cars are here, ”he added. And he began to stop virtual machines, the purpose of which he did not know, trying to get a response from the server.
“Judging by the data, they have been here for a long time, but it looks like they all were launched just a couple of minutes ago. Do they all work on Windows 7? Asked another administrator. “When did these servers become part of the virtual infrastructure?”
“Never! Cried John. - Virtual servers are only launched here. But this is our Exchange server, unfortunately. Now everything is cut off from email. ”
“No one also has access to corporate applications,” Juan snapped, looking at the console. “There are a hundred extra virtual machines on this host, and all of them are not responding.” I try to stop them, but nothing happens. ”
A couple of hours later, when the hosts were established, the administrators discussed what had happened. “Where did all these cars come from?” - John began the discussion. Everyone shook their heads; nobody knew that. “Can't you find this in magazines?” The movement was repeated. “We need to find out who had permission to create virtual machines and talk to each of them.”
“No one admits,” Juan said. “They know it's their fault.”
“What else can we do? "The leadership requires an answer, and nothing else but how to communicate with everyone - and this, by the way, is more than 60 people - we can not offer." Yes, the week is still that ...
They needed a solution that would enable audit logs on these virtual hosts. A centralized, integrated magazine that could quickly show who created hundreds of virtual machines on these hosts, and, just as important, who launched them almost simultaneously.
NetWrix has programs for monitoring and auditing virtual infrastructure changes. You can familiarize yourself with them here (VMware Change Reporter) and here (Change Reporter
for System Center Virtual Machine Manager)
But what is really interesting is what solutions you know or use in your work in order to audit changes in virtual environments ?