Security Watch

Virtualize This

Test networks on Microsoft Virtual Server 2005 beta.

Today, I can conceal a complete computer in the pockets of my baggy jeans and carry a complete network in a laptop case. Life just doesn't get any better than this.

I love the freedom of traveling about unencumbered. When I need basic computing power, I bring it along in a PDA. But when I need more than word processing and e-mail, I grab my high-powered laptop. I've got Microsoft Virtual PC on board and can boot up a complete Active Directory network that includes Exchange, IAS, a Certification Authority and just about anything else I might want to play with or demo. The limitation at this point is memory. Still, I can have four or five machines in my network, and when I want to, can even set up an ISA server and simulate an Internet-DMZ-private network scenario. It's a great tool for looking at defensive strategies or demoing secure access. Who'd have thought I'd be able to park a fully-functioning network on the tray table of my airplane seat?

You can join in the fun, but other than satisfying your geekoid desires to play in a virtual sandbox, what else can you do? Running a network in virtual machines on top of Windows XP is fun; what if you need a more production-oriented playground?

Grab yourself a copy of the Microsoft Virtual Server 2005 beta, slap it on a Windows Server 2003 box and jump into the future today. Virtual Server 2005 provides a more powerful environment for virtualization. Basically, like the PC version, virtual server allows you to use software to partition a single computer into multiple environments. Use it as a test network for development or patching. Use it to host those NT 4.0-based applications you're not ready to migrate to Windows 2003 yet or don't want to waste the power of a modern hardware platform on. With virtual server you can host several legacy systems. Use it to do a lot in a little space and reduce the overhead of maintaining many hardware systems.

So, how is this a good thing for security? For one thing, you can sandbox the operations away from your production network. You can also easily test new patches, new configuration recommendations and new security products in an inexpensive, risk-free environment. Set up a virtual system that mirrors your production environment and have at it. Turn off the virtual servers, and at your discretion, save the new configuration or return to the system state you had when you booted the virtual machine. When you're ready, take the same steps in your production network. Virtual server's another tool you can use for production.

Don't forget, however, what a great tool it can be for training, learning and experimentation. Nervous about rolling out PKI? A little leery of radical Group Policy-initiated security changes? Concerned about adding new products to your stable infrastructure? Lack the money to duplicate your production environment? Just want to get some hands-on for things you don't see and do every day? Need to be able to work things out while you're on the road? All of these things are also great reasons for taking the opportunity now to test virtual server. If you like it, you'll have the data you need to justify its purchase later on. If you don't, there's still time to tell Microsoft why.

To apply for beta participation, go to: http://www.microsoft.com/windowsserversystem/virtualserver/default.mspx and follow the link.

One caveat: You must have the appropriate licenses for every virtual server you load in the Virtual Server 2005 beta.

About the Author

Roberta Bragg, MCSE: Security, CISSP, Security+, and Microsoft MVP is a Redmond contributing editor and the owner of Have Computer Will Travel Inc., an independent firm specializing in information security and operating systems. She's series editor for Osborne/McGraw-Hill's Hardening series, books that instruct you on how to secure your networks before you are hacked, and author of the first book in the series, Hardening Windows Systems.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.