Skip navigation

Is hypervisor based server virtualization basically a “useful” tactical consolidation “play” or does it form the basis for much more? For several years, server virtualization has been used with good success by many organizations to consolidate legacy workloads as well as to cost-effectively provision test and development virtual machines (VMs). During the same timeframe, there has been significant discussion pertaining to “the datacenter of the future” – a centrally managed “dynamic” datacenter where resources will be dynamically assigned “on demand” to workloads in an agile manner thereby allowing the datacenter operations teams to quickly adapt to fluctuating demands for compute resources. So, “where is the connection?” you ask.


The recently concluded VMworld 2007 may offer some hints. At that conference, VMware Chief Scientist, Dr. Mendel Rosenblum, demonstrated some key capabilities that show where compute virtualization is headed in its evolution to becoming the “datacenter operating system” of the future. Dr. Rosenblum demonstrated “storage live migration” and “lockstep VMs”. Transparent migration of storage “owned” by a VMs from one disk (LUN) to another (potentially on a different storage frame) without impacting application availability was demonstrated in the first demo. He also demonstrated the ability to transparently failover an executing VM to a “secondary” VM – on another host - that has been executing in lockstep with the primary VM! If you did not have a chance to see Dr. Rosenblum’s keynote, a webcast is still accessible here.


Per the VMworld demonstrations mentioned above, the hypervisor based virtualization capability and upcoming hardware assists for virtualization in combination with a “compute virtualization manager” that collectively enable policy-based management of the datacenter including virtualization hosts, VMs, storage is well on its way to evolving to the dynamic “Datacenter OS” of the future. This powerful Datacenter OS of the future – evolved from today’s “tactical” virtualization capabilities - will dynamically manage compute, memory, power, storage and network resources of the Datacenter in an automated, highly efficient manner. Pre-packaged applications in portable VMs will be landed on these dynamic datacenters in a flexible and agile manner.


While the hypervisor based virtualization based evolutionary path may not be applicable to highly specialized datacenters (e.g., HPC), its applicability to Business computing environments is clear. Am I oversimplifying and underestimating the technical challenges (security and scaling to name a few) along this evolutionary path? Probably. Am I glossing over the organizational and business process related challenges? Almost certainly. On the other hand, are all the major building blocks like efficient hypervisors, virtualization hardware assists, VM live migration, storage live migration, power management, record and replay, lockstep VMs…) successfully prototyped or better (in production)? The answer is an emphatic “Yes”. Do you agree or do you forsee insurmountable barriers that will thwart attempts to evolve the virtualization capabilities of today into the dynamic data-center of the future along the lines suggested by the ground-breaking capabilities demonstrated at VMworld? Either way, I’d really like to hear your perspective.

To defeat cyber attacks, we must first understand their characteristics and how they come about. Deconstructing threats is a way of comprehending the factors which drive information security strategy. Without understanding the nature of attacks, an organization is destined to thrash about trying to effect change, only addressing symptoms and oblivious to the root causes of the problems.


In the Beginning

The most important aspect to comprehend is all malicious security threats and attacks begin with a person who has an objective. This represents the attacker, or sometimes referred to as the ‘[Threat Agent|d-1151]'. Make no mistake, a virus is not the attacker. The author and implementer of the virus is the attacker. Eliminating a virus is a short term solution to the symptom of the problem, leaving the threat agent to find another method to achieve their objectives.

Threat agents are people and therefore driven by human nature. People compelled to expend energy manifesting in an attack on your organization have some desired outcome, a goal in mind. Their objective may be vague or precise, motivated by passion or logic, it may be inspired by emotional, intellectual, or economic needs. Their actions may target you directly or your organization may simply be caught in their sweeping net of activity. The permutations are mind boggling, especially when you take into account attackers include trusted persons intimately associated with the organization. Most importantly, they are thinking opponents who may plan, react, adapt, weigh options, and make decisions necessary to achieve their objective. Security success is heavily dependent on never losing sight of this key perspective. Attacks and threat agents are irrevocably tied together.

Building a Model

So if you have an attacker and their objective, the only component missing is the means for this person to achieve their goal. This path is the method. In reality, it most likely is a number of methods which are evaluated and one or more eventually employed. The term ‘vulnerability' is a catch-all phrase attached to express these methods. The term itself is far too broad to be meaningful. Anything can be a ‘vulnerability', including a security control itself. If you have a deadbolt on your door and someone kicks it in, an expert may declare the deadbolt is the vulnerability. Somewhat absurd, which is why I personally dislike using the term. So don't expect to see that word much from here forward.


What do methods look like? It depends on the attacker, what opportunities are available to them, and their objectives. If an attacker is seeking personal satisfaction through ego gratification of power, they may decide to employ a Denial of Service attack to show they can affect a target network. An accounts payable employee may secretly use their legitimate access to issue checks to collaborators for their personal financial gain. Again, the possibilities and permutations are as vast and varying as the people involved.


Threat Model

This basic model is straightforward. A threat agent, willing to effort an attack, has an objective in mind and selects one or more methods to succeed. Once committed, they initiate their plans and the game begins. Defenders may put up obstacles, close possible methods and the attacker, if still motivated, will respond.


Threat Model 6.bmp

Defeating the Attack

The game continues until the attacker succeeds, the attacker is removed or demoralized, the methods are rendered ineffective, or the objective is removed. Removing the attacker is a good but very difficult prospect, usually involving some type of law enforcement. More often the attacker is demoralized by making the prospect of achieving their objective very costly, so they either give up or move to an easier target.


Prevention activities are heavily weighted toward closing the most likely methods. A good strategy, which scales across many different attackers, but the simple fact is an attacker only needs one winning method to triumph. Much of the efforts to close different paths to the objective are intended to make it progressively more difficult for attackers to succeed. Not every path or vulnerability (ugg, hate that word) must be eliminated, only the ones which the attackers are willing to effort. The more inconvenient and inhospitable the environment is for the attacker, the better it is for the defending organization.


Lastly, removing the objective from temptation makes an attack pointless. The famous bank robber Will Sutton purportedly replied to the question "why do you rob banks?" with "because that's where the money is". The same no-nonsense principle applies to information security. Take away the objective, and the very reason for the attack is undermined.


Understanding the characteristics of attacks is paramount to good security strategy. It helps clear the fog of effectiveness and provides a perspective on how attacks can be stopped in a coordinated manner.

We wanted to determine whether the adoption of the new Intel 45nm process technology could deliver additional benefits to our data center strategy: Improving virtualization performance while reducing power consumption.  Intel IT is using server virtualization to substantially reduce costs associated with underutilized servers such as higher capital, support, maintenance,power and cooling. Watch this video for the recent testing parameters and results found by Rob Carpenter.

For the full details behind the tests and results, read the white paper  45nm Quad-Core Processors for Energy Efficiency

Let us know how you think the 45nm processors would benefit your data center strategy.

Additional white papers on testing we did on the 45nm processors:

Chip Design using 45nm Quad-Core Xeon Processors

Accelerating EDA Application Performance with 45nm Quad-Core Processors

To read the predecessor to the 45nm testing done on the 65nm quad-core, see Rob's blog with video white paper

The specified item was not found.

The full paperComparing Multi-Core Processors for Server Virtualization

Lastly, a tribute to Rob Carpenter.  Without his work, none of this would be possible: Fond Stories Over Coffee:  The Passing of a Friend

Ethics represent the very cornerstone by which any security organization is built. Without them, a security team is doomed. They will not be respected only feared, they will not be supported only ridiculed or ignored. It is a downward spiral of failure for security organizations practicing unethical behaviors. Management and customers will lose faith, leading to a loss of funding, access and representation. Resources, tools, and overall capability will diminish, leading to loss of effectiveness and value, further advancing the loss of faith by management and customers. Concealment, inconsistency, indifference, or treading in the gray areas of ethics is just prolonging the inevitable trip on the downward slide to defeat. So how can it be, many security professionals have a casual attitude and apathetic commitment toward ethics?


I have been reading some disturbing stories about security professionals being unethical and in some cases fired or arrested for their activities. They stories aren't hard to find. Trusted security people breaking into systems and networks, deciding not to report criminal activities, or ignoring inappropriate activities to avoid complications are common examples of poor ethos. People violating policies they are employed to enforce and uphold is downright despicable. In many cases, what are worse are the comments left by readers, condoning inconsistent behaviors on behalf of security. Comments like "pick your battles", "follow your conscience", or you should only be ethical if others are, is very upsetting.






Reader Beware

I am a fanatic about ethics. I firmly believe ethics, following a code of conduct, is the foundation of every professional security organization. Without consistent ethical behavior, a security team is destined for failure, will open the organization to increased liability and sour future investments in security.



Okay, let me be the first to admit, I have it easy. The security professionals I have the pleasure to know and work closely with are of the highest moral caliber. I am fortunate to work in an organization which embraces the principles of ethics. We derive our support from the corporate principles which are ingrained within the company as a whole and are driven out to all corners. My company (I am a shareholder too) spends time to train, discuss, and reinforce ethics with all employees.



I support ethics in all vocations, but some are more important than others. Security personnel must be held to a higher standard, just as judges and law enforcement must be viewed as incorruptible. Ethics must also reign supreme in financial and medical industries as well. Nothing less is acceptable. We too, as security professionals, should be put under the microscope and make firm commitments to consistency and the highest level of behavior. Our organizations place trust and faith that we will be honest, capable, and perform our duty in an unwavering manner.




Intel's Security Operations Center - Code of Conduct

When I spun up Intel's Security Operations Center, every employee was trained on ethics and we developed a Code of Conduct to insure the expectations were clear and as a team we would all conduct ourselves in a conservative manner.


Intel's Security Operations Center - Code of Conduct

1. Provide diligent and competent service to principals

  • Provide timely, professional, and productive response to our customers, peers, vendors, business partners, and management

  • Act honestly, justly, responsibly, and legally

  • Act impartially to all groups, persons, and organizations


2. Protect and conserve Intel property, resources, and reputation

  • Preserve and protect the value of corporate systems, applications, and information

  • Operate fully within the law, observe corporate policy, and align efforts with standard operating procedures

  • Disclose waste, fraud, abuse, and corruption to appropriate management or oversight bodies


3. Promote and preserve company trust and confidence of the team

  • Take care not to injure the reputation of the team through malice or indifference

  • Be truthful and accurate in representation and all communications

  • Respect the trust, access, authority, and privileges the company grants you

  • Promote, comply, and reinforce company security policies, procedures, and intentions

  • Avoid conflicts of interest or the appearance thereof






Everyone is ethical, right?

Ever ask somebody if they are a good person or ethical? I will bet you will hear some variation of the same answer, "yes. Of course I am!". How many people openly admit or believe they are not ethical? So are you? Yea, exactly what I thought you would say.



So, Mr/Ms Ethical, you wouldn't be averse to answering a few ethics related questions? These are a subset of questions I ask when delivering the ethics class to our Security Operations Center. They should be easy for an ethical security minded professional such as yourself...


  • 1. You are conducting a confidential investigation of Employee ‘A'. An employee outside the team, asks "Are you investigating Employee ‘A'?"

     You Answer:
     A. Yes, we are
     B. No, we are not
     C. Maybe
     D. I'm not sure/I don't know
     E. Other: _____

  • 2. Policy prohibits any team member from installing software on Server ‘A'. In an emergency situation, senior management instructs you to install a critical piece of software on Server ‘A' to benefit the company.

     You cite policy and:
     A. Install the software
     B. Refuse to install the software
     C. Document the request and install the software
     D. Document the request and refuse to install the software

  • 3. You are aware state law prohibits any team member from removing software on Server ‘A'. In an emergency situation, your management instructs you to delete a critical piece of software on Server ‘A'.

     You cite state law and:
     A. Delete the software
     B. Refuse to delete the software
     C. Document the request and delete the software
     D. Document the request and refuse to remove the software

  • 4. Your manager instructs you to do something which is contrary to normal operating procedures. What do you do?

     You cite the normal operating procedures and:
     A. Do what is asked and report the incident to senior management
     B. Refuse to do what is asked and report the incident to senior management
     C. Document the request and do what is asked
     D. Document the request, refuse to do what is asked, and report the incident to senior management


Life is vague. Ethics don't need to be.

We all find ourselves in unique circumstances which are complicated and tricky. Applying a code of conduct illuminates the right ethical path. Allowance of ‘flexible ethics' and ‘gray area' practices are ultimately self destructive and leads to instability and demise. Make a stand.




So what are the answers to the above questions? Well, as we all indicated we are ethical, their really is no need for me to provide the answers. We all know them.

In this videocast, I talk about some of the key tools used at Intel to understand current and future risks and threats (including secret agents!)


Some links to additional information are below...



What are the tools you use in managing risks? Are they off-the-shelf or developed internally?  And do you ever get to wear a tux while at work?


Here are some links for more information:


My presentation on corporate infosec Wargaming for the upcoming Intel Premier IT Professional (IPIP) events:

Security Wargarming Best Practices


Our Threat Agent Library is available for anyone to use.  A whitepaper describing it is here:

Threat Agent Library Helps Identify Information Security Risks


Matthew Rosenquist's latest blog on security is a great discussion about Security in Depth:

Defense in Depth Information Security Strategy

On Friday, November 2nd, 2007, our friend and colleague, Rob Carpenter, passed away suddenly.  He was an incredible man, father and friend. His work with pre-testing and validation of new technologies for the Intel data centers will continue to live on.  In fact, he had just filmed a follow-up video blog Intel IT 45nm test results on the Wednesday before his passing. With the permission of his family, we have posted the video  He was passionate about his work and sharing his knowledge with others.


It may be out of the ordinary for one to find eulogies in a community sharing IT best practices, but Rob was and is a part of our community....the fabric of who we are.  In honor and memory of Rob, I am republishing, with permission, some stories from his son Justin. Rob didn't want a formal memorial service, instead he requested that he be remembered with "fond stories over coffee with friends."  Grab a cup of coffee.......


"My earliest clear memories of him are from the early days of his private law practice, and his postdoctorate work in applied mathematics on the side, in his early thirties. He was just as amazing then, brilliant, twenty years ahead of his market (already thinking about standardization of computer networks and how one scheduled protocols in a protocol-heterogeneous environment where "pipe is pipe and traffic is traffic," before many families even had microcomputers), His excitement and sincere enthusiasm was infectious, his integrity was already the stuff of legend, and he was never content to rest his mind.


Even at the time of his death, he was working on numerous projects with Intel, and at the same time, teaching a course at Berkeley's College of Divinity School of the Pacific in Benedictine contemplative meditation, serving as a volunteer subject matter expert in HAM and emergency radio technology, applying to be an oblate (layman participant in a Christian monastary, often part-time on weekends), avidly pursuing semi-professional photography as a hobby and passion, beginning to pen a second book unifying Christianity and Buddhism meditative traditions, and regularly conversing with me about my in-progress graduate work in the epistemology of mathematics. He never needed to read the texts I read; he simply asked for a two-sentence summary of their arguments, and could immediately form better arguments than the authors themselves.


When I was four years old, I asked him what he was teaching in the evenings to take him away from Mom and I during cartoon time in the evenings, and he explained that it was applied math for physics. I blinked, and said with a mumble that I didn't think I could do anything that hard, and he looked very surprised, sat me down at the dining room table, and proceeded to teach me algebra, basic trigonometry and the principles of calculus in two amazing hours. We started doing lessons instead of after-dinner TV, and by the end of the semester, he gave me one of the tests (no doubt simplified a bit) from his class. I passed it (with I believe an 89), and he said to me very seriously, "Justin, NEVER say that you can't do something that seems hard. You can do just about anything if you really try. I want you to promise me that you're not going to avoid doing things that look hard at first." I promised him that I wouldn't, and I find myself repeating that promise often, as the many grim realities of the current situation set in.


His courage was amazing. During early 1995, our family was under a standing death threat from two different crime syndicates due to my father's diligence as district attorney in prosecuting the people responsible for drug trafficking to New York through a Palenville airstrip. He never showed stress, never changed his routine beyond asking for a police escort at times. He'd sit calmly, albeit away from windows, with his ubiquitous glass of caffeine-free Diet Coke, and conversed with us from a room away. The conversations were like any other evening, just a little louder.


I learned yesterday, after speaking to some of his friends in law enforcement in New York, that the situation was much more serious than I ever realized, and that he had a strong reason to believe that his life was very much in danger that evening. As we sat and nibbled dinner in two rooms, our house was under armed guard. My mother and I never knew. You could never judge the severity of a problem by my father's composure, as it never faltered.


It has been difficult to explain to people why there is no memorial service or funeral planned. My father held a memorial service for my mother, but asked that he simply be cremated and scattered without ceremony. When I asked him about the needs of the living to gather and remember, he suggested that those who wished to remember him, as best I can remember the quote, "go out for coffee, or pie, or breakfast, and come together as the living in a moment of life." He explained that he did not want people in mourning clothes, with their eyes held low, listening to somber songs in a rented space -- that the way to remember life was by imitating life, not by entering the atmosphere and mood of death.


And so, there will not be one memorial service for my father, but many. There are moments of silence in Mt. Tremper where he attended the monastery, and a dinner in New York this weekend to toast, quote, "the finest district attorney the state has ever seen." There will be tears shared among his many friends at several Intel sites, and fond stories of him at the next Sierra Foothills ARC brunch. In Tampa, there has been a memorial every time I've opened my mouth to speak in the last five days.


There could be no one memorial large enough to encompass even most of the lives he touched, nor could even his closest fifty friends attend one, no matter where it was held. I considered holding one despite his wishes -- I am certain he would have understood the need of the living to mourn -- but I realized that his life was too big to bring into a room, or even a small concert hall. He had close, dear, personal friends in several countries and nearly every state, and every one of them was touched by his presence and would feel the need to be there. Robert Edmund Carpenter, the man so loved that his memorial service required an event space the size of the internet.


There will be many memorials, you see. Every time you and others sit and remember him to one another, tell stories about his life, be they funny or amazing, every time you remember something he told you, or share him as an example to others, you are celebrating his life. Every time there is pain, or better yet, a happy anecdote to share, we can come together and share it -- and you will hear, first- or second-hand, the anecdotes of others passed on for sharing.


This is, I think, why he wanted it this way. No one is left out, no one is "unable to make it," no one is forgotten, and the memorial takes as long as it needs to, for every story to be told, for everyone to be a part of it. When I think about it this way, I think he really had the right idea, and though I cannot imagine being even a pale shadow of the man he was, when I pass, I hope to be remembered the same way, through fond stories over coffee when I'm remembered now and then"

In this podcast Intel's Malcolm Harkins and HP's Manny Novoa chat about the latest issues in security technologies, notably the emergence of hardware assisted virtualization.


With the emergence of software virtualization technologies, allowing for multiple OS's to be run on a single system, Manny and Malcom postulate security risks at the software layer. They discuss how hardware assisted virtualization can establish the management of platform controls and protection of keys at the hardware level, reducing the risk of virtualization systems being maliciously compromised.


They also discuss coping with zero-day threats and the benefits of automated management of PC fleets



Filter Blog

By date: By tag: