SAVE – Security audits of heterogeneous virtual environments
This project performs configuration audits of heterogeneous virtual infrastructures. This includes storage, networks, and virtual machines on multiple types of hosts.
Our system discovers the actual detailed configuration of virtual systems and displays the logical layout, i.e., what network security zones exist and which virtual machine is connected to which networks and storage volumes.
We furthermore audit whether VM network monitoring tools (such as emerging tools from ISS) are correctly set up on each host. Our objective is to perform automatic validation of a virtual data center configuration against given security policies and best practices.
The main benefits of this project are
- Transparency of the configuration of virtual environments (machines, networks, storage),
- Detection of misconfiguration of virtual infrastructures,
- Discovery and display of internal configuration of different hypervisors,
- Composition/stitching into overall configuration data for virtual data centers, and
- Validation against given best practices.