Gartner Blog Network

Free Virtualization Security Stuff

by Neil MacDonald  |  March 28, 2009  |  1 Comment

In this tough economic environment, we are always on the lookout for opportunities to do more with less. In my last post, I pointed you to two free tools to help locate rogue SharePoint sites. Keeping with the theme, here’s some free tools for virtualization security.

There are multiple security issues that need to at least considered before undertaking a widespread virtualization initiative. Of the dozens of best practices for securing virtualization, a foundational best practice is to define your own standard(s) for secure configuration of the layer of virtualization software (the hypervisor and the virtual machine monitor) and regularly ensure that the virtualization layer is configured according to your standards.

At least two vendors are providing some capabilities to do this at no cost for VMware’s ESX: Tripwire’s ConfigCheck (Tripwire is best known for file integrity monitoring, but also has configuration management capabilities) and Configuresoft’s Compliance Checker for VMware ESX.

Free is not a sustainable business model, so there are some limitations to the tools. For example, limiting the number of servers scanned or limiting scans to compare against just the VMware or Center for Internet Security hardening guidelines (the idea is to get you to upgrade to an enterprise version where you can expand and modify the configuration definitions).

Of course, doing nothing is also free, but like any enterprise IT platform, we have a responsibility to make sure the virtualization platform has a configuration and vulnerability management process defined and followed.

If you are checking configurations manually or not at all, free tools are a good way to get started.

Category: virtualization-security  

Tags: reducing-cost  virtualization-security  vmware  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Thoughts on Free Virtualization Security Stuff

  1. brad says:

    A really interesting green computer technology I found is desktop virtualization. It’s where multiple people can use the same computer at the same time each with their own monitor, mouse and keyboard. This saves a lot of electricity and e-waste. A company called Userful recently set a virtualization world record by delivering over 350,000 virtual desktops to schools in Brazil. They have a free 2-user version for home use too. Check it out:

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.