S 2.446 Separation of administrative tasks for virtualisation servers
Initiation responsibility: Head of IT, IT Security Officer
Implementation responsibility: Administrator
For virtualisation infrastructures, there are other administrative tasks in computer centre operations in addition to the usual roles and administrative tasks (see S 2.38 Division of administrator roles).
The particularity of the administrator role in a virtual infrastructure is that they may potentially have very extensive power over the virtual IT systems operated in the virtual infrastructure. This includes that they
- have the control over the emulated hardware equipment,
- can connect the virtual IT systems to networks,
- can assign storage resources from the storage network to the virtual IT systems and
- usually have access to the consoles of the virtual IT systems.
Dividing the administrator role allows mutual control of the different administrator groups in specialised computer centre operations.
Thus, administrator roles assigning a selection of rights to certain user groups in the virtual infrastructure can be defined with some virtualisation products such as Citrix XENCenter, Microsoft System Center Virtual Machine Manager or VMware vSphere. Here, certain user groups can, for example, be prevented from exporting virtual IT systems from the virtual infrastructure. Moreover, authorisations to switch on and off virtual IT systems or to generate snapshots can be granted or revoked.
It must be checked whether dividing the administrator roles is necessary for the IT system to be operated virtually. For example, this can be the case if a certain administrator group is not be granted an authorisation for the assignment of networks for a virtual IT system with higher protection requirements regarding confidentiality.
If the division of administrator roles is required, the definition of corresponding administrator roles must be used for the virtualisation infrastructure. Several virtualisation products do not offer such an option. In this case, it must be checked whether it is sufficient to only divide administrator roles organisationally, i.e. by means of a policy.
Review questions:
- Was it checked if a division of administrator roles is required for the virtual infrastructure?
- Was the division of administrator roles, if necessary, implemented organisationally or, if possible, using the technical means of the virtualisation product?