Story # 3 “Problems with virtual machines” (from “5 stories about information security”)
We continue a series of posts in which we talk about problems that an IT specialist may encounter in the absence of suitable tools for monitoring and auditing changes in various IT infrastructure platforms.
The first two stories you can read here and here .
And now the third story, "Problems with virtual machines . "
')
That the day was clearly not set, it becomes clear when the performance monitoring system begins to send you alarm messages via email and SMS. Even worse, when it turns out that the subject of these disturbing notifications is the infrastructure of the organization’s key virtual machine.
John met all of his six fellow administrators who had rushed to the data center for the sole purpose: to find out why the monitoring system informed them that the 4 main virtual host servers were literally melted with overload. Four administrators connected to various consoles of host servers, and the remaining three tried to figure out what was going on through the monitoring software.
“Why are there two hundred virtual machines here?” Kate asked in horror.
“I have only a hundred and fifty,” said John, staring in amazement at the incredible number of running virtual machines. - And the memory is overloaded six times! I have no idea why all these cars are here, ”he added. And he began to stop the virtual machines, the purpose of which did not know, trying to get a response from the server.
“According to the data, they have been here for quite some time, but it looks like they were all started just a couple of minutes ago. Do they all work on Windows 7? - asked another administrator. “When did these servers become part of the virtual infrastructure?”
“Yes, never! Shouted John. - Virtual servers are running only here. But this is our Exchange server, unfortunately. Now everyone is cut off from email. ”
“No one also has access to corporate applications,” Juan said, looking at the console. - On this host, hundreds of extra virtual machines, and they all do not respond. I try to stop them, but nothing happens. ”
A couple of hours later, when the work of the hosts was established, the administrators discussed what had happened. “Where do all these cars come from? - started the discussion, John. Everyone shook their heads; nobody knew that. “Can't you find this in the magazines?” The movement was repeated. “We need to find out who had permissions to create virtual machines, and talk with each of them.”
“No one confesses,” said Juan. “They know that it is their fault.”
“What else can we do? The leadership requires an answer, and nothing else to talk with everyone - and this, by the way, more than 60 people - we cannot offer. ” Yes, the week is still the same ...
They needed a solution that would allow log auditing on these virtual hosts. A centralized, unified log that could quickly show who created hundreds of virtual machines on these hosts, and, just as importantly, who launched them almost simultaneously.
NetWrix has programs for monitoring and auditing changes to the virtual infrastructure. You can get acquainted with them here (VMware Change Reporter) and here (Change Reporter
for System Center Virtual Machine Manager)
But what is really interesting is what solutions do you know or use in your work to audit changes in virtual environments ?
The first two stories you can read here and here .
And now the third story, "Problems with virtual machines . "
')
That the day was clearly not set, it becomes clear when the performance monitoring system begins to send you alarm messages via email and SMS. Even worse, when it turns out that the subject of these disturbing notifications is the infrastructure of the organization’s key virtual machine.
John met all of his six fellow administrators who had rushed to the data center for the sole purpose: to find out why the monitoring system informed them that the 4 main virtual host servers were literally melted with overload. Four administrators connected to various consoles of host servers, and the remaining three tried to figure out what was going on through the monitoring software.
“Why are there two hundred virtual machines here?” Kate asked in horror.
“I have only a hundred and fifty,” said John, staring in amazement at the incredible number of running virtual machines. - And the memory is overloaded six times! I have no idea why all these cars are here, ”he added. And he began to stop the virtual machines, the purpose of which did not know, trying to get a response from the server.
“According to the data, they have been here for quite some time, but it looks like they were all started just a couple of minutes ago. Do they all work on Windows 7? - asked another administrator. “When did these servers become part of the virtual infrastructure?”
“Yes, never! Shouted John. - Virtual servers are running only here. But this is our Exchange server, unfortunately. Now everyone is cut off from email. ”
“No one also has access to corporate applications,” Juan said, looking at the console. - On this host, hundreds of extra virtual machines, and they all do not respond. I try to stop them, but nothing happens. ”
A couple of hours later, when the work of the hosts was established, the administrators discussed what had happened. “Where do all these cars come from? - started the discussion, John. Everyone shook their heads; nobody knew that. “Can't you find this in the magazines?” The movement was repeated. “We need to find out who had permissions to create virtual machines, and talk with each of them.”
“No one confesses,” said Juan. “They know that it is their fault.”
“What else can we do? The leadership requires an answer, and nothing else to talk with everyone - and this, by the way, more than 60 people - we cannot offer. ” Yes, the week is still the same ...
They needed a solution that would allow log auditing on these virtual hosts. A centralized, unified log that could quickly show who created hundreds of virtual machines on these hosts, and, just as importantly, who launched them almost simultaneously.
NetWrix has programs for monitoring and auditing changes to the virtual infrastructure. You can get acquainted with them here (VMware Change Reporter) and here (Change Reporter
for System Center Virtual Machine Manager)
But what is really interesting is what solutions do you know or use in your work to audit changes in virtual environments ?
Source: https://habr.com/ru/post/141395/
All Articles