A cloud is typically a “multi-tenant” hosting infrastructure where the owners of the virtual machines in the IaaS are customers of the hosting provider. This might be a private implementation in a corporation, government agency, or university. It might be a hosting company (such as Rackspace) selling capacity to anyone with Internet access and a credit card.
I worked in the hosting biz for 3 years using virtualisation for IaaS. When I was asked about it, I told people that:
- No customer/tenant could trust any other customer/tenant
- I (the hosting company) could not trust any customer/tenant
- Some of the customers/tenants favoured convenience over security, or they were complete and utter morons
- I didn’t know them from Adam and they could have been up to no good
Trustworthy isolation was critical, and the virtualisation being used had to be rock solid. I could not risk one tenant getting access to another, and I absolutely in any circumstance could never let them near the infrastructure.
Long story short: A hacker can craft a VMDK descriptor file, upload it to a cloud (a feature that is offered for migration), and configure that descriptor file to load VMware ESXi system files directly into the virtual machine. They successfully tested this on ESX 5.0, loading the /etc/shadow file, which according to nixCraft:
… stores actual password in encrypted format for user’s account with additional properties related to user password i.e. it stores secure user account information
Woops! That sounds like a file you don’t want to be making readily available. Remember: this was a “hosting customer” that uploaded a VM as a guest, fired up the VM, and gained access to the usernames/passwords of the host. They also got access to other files such as system logs.
They then went on to gain access to all physical hard drives on the host. You have to be kidding me!!!!!
So if you are a company setting up a cloud with VM upload/migration features, and basic security is important, then don’t use vSphere 5.0.