***
< [Home](https://github.com/SeanOhAileasa) | [README](https://github.com/SeanOhAileasa/asp-virtualization-security/blob/main/README.md) >

## CompTIA CASP+
###### Topic: ``Virtualization Security``
***

Course material for the ``CompTIA CASP+`` certification.

Securing today's enterprise computing environments means understanding how virtualization is used. 

Organizations must consider how to secure virtualization solutions used both on-premises and in the cloud.

Will identify various types of virtualization solutions such as network virtualization, operating system virtualization, desktop, and app virtualization. 

Distinguish the difference between type 1 and type 2 hypervisors.

Focus on virtualization security and how to deploy virtual machines on-premises.

Lastly, explore how to work with application containers. 

> Objectives

- identify various types of virtualization solutions


- distinguish the difference between type 1 and type 2 hypervisors


- harden virtualization environments


- create an on-premises Windows virtual machine


- create an on-premises Linux virtual machine


- enable encryption for a VMware Workstation virtual machine


- recognize how application containers work


- download and run a simple Docker container


- deploy a container registry in the cloud


- deploy an application container in the cloud

<a id="top"></a>
***
## Table of Contents
***

### [Types of Virtualization](#A) <br/><br/> 

<hr width=50%;>

### [Hypervisors](#B) <br/><br/> 

<hr width=50%;>

### [Virtualization Security](#C) <br/><br/> 

<hr width=50%;>

### [Deploying Windows Virtual Machines](#D) <br/><br/> 

<hr width=50%;>

### [Deploying Linux Virtual Machines](#E) <br/><br/> 

<hr width=50%;>

### [Encrypting Virtual Machines](#F) <br/><br/> 

<hr width=50%;>

### [Application Containers](#G) <br/><br/> 

<hr width=50%;>

### [Working with Docker Desktop](#H) <br/><br/> 

<hr width=50%;>

### [Creating a Container Registry](#I) <br/><br/> 

<hr width=50%;>

### [Deploying an Application Container](#J) <br/><br/> 

<hr width=50%;>

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="A"></a>
***
### Types of Virtualization
***

Virtualization is a big part of any enterprise computing environment these days, whether that virtualization takes place on-premises or in the cloud. 

The first thing we're going to do is talk about a couple of different types of virtualization - we can have IT service or app isolation - that means we might have virtual machines or databases, or specific applications that are virtualized.

The great thing about this at the application or virtual machine level is that we have portability. Specifically, with virtual machines which run on hypervisor operating systems, portability means we can move the virtual machine around on top of different hypervisor hosts to run that virtual machine operating system. 

The other great thing about virtualization is that it lends itself to rapid provisioning and deprovisioning. It's very quick to provision a new virtual machine for example, from a virtual machine image, or from a virtual machine template that has all the instructions required to build that virtual machine. Deprovisioning is quick because all we're really doing is deleting a software configuration.

![image.png](attachment:image.png)

Virtualization is really nothing new, it's been around for many decades. 

It really stems from 1970s, specifically with mainframe computing where we have centralized mainframes, at the time that were very expensive, and had very limited access for groups of users, and so what came as a result of this was time-sharing. 

Time-sharing allowed multiple concurrent users to access the mainframe, and so the mainframe operating system had to support isolation. It virtualized different sessions all running on the same hardware at the same time.

Now that's not quite exactly how modern hypervisors work, but we can see where it stems from, so back in the day, for example, users might be using IBM 3270 terminals in a business environment which connected to IBM mainframes. On the home user front, it would have allowed access using early modems or from universities or research facilities, also using modems, into the mainframe computing environment. 

![image.png](attachment:image.png)

These days, one type of virtualization is Networking Virtualization - one form of this is software-defined networking, otherwise called SDN, of which there are a couple of different types. 

Open SDN uses open-source, nonproprietary protocols such as OpenFlow to support SDN (defined soon), whereas a hybrid SDN uses traditional configurations, meaning that we would manually connect to and configure physical network infrastructure devices, but as well, we would use software-defined network configurations. 

Where SDN overlay means that we are using SDN software to manage and configure underlying physical network devices, so software-defined networking then really means that we are hiding the underlying network configuration complexities of specific devices from different vendors, such as Cisco versus Juniper routers or security appliances. 

The benefit of SDN then is that for the configurator or the administrator, it provides a consistent GUI or CLI, even API access to underlying network infrastructure equipment, so if you want to configure a virtual network in the cloud for example, you don't have to know how to configure a VLAN on a Cisco switch - instead, the cloud provider uses an SDN overlay to make that much easier to work with.

![image.png](attachment:image.png)

The next type of virtualization is Operating System Virtualization, which most administrators are probably familiar with. 

This means that what we're doing is running an entire operating system within a virtual machine or a VM. It thinks it's running on actual hardware, but it's not, and that OS at the software level could be MacOS-based or Linux or Unix-based, and of course, Windows Client or Server-based. 

The benefit of OS virtualization then is that we can increase data center server density. What this means is that instead of having a single network operating system running on a physical server, we can have multiple virtual machine guests running on a single piece of server hardware, so we can have more servers in a data center because multiple VMs can run on individual server hardware.

It also means overall we get better bang for our buck, better overall hardware utilization. This is because if you map out a physical server's utilization over time, it's probably not being used at its full potential or full capacity, for example, a physical file server might run on average at 60 or 65% utilization overall, we're talking CPU, RAM, disk I/O. Whereas if that were a hypervisor, so the same physical server's running a hypervisor operating system, it could potentially run multiple virtual machines, some virtual machines are busy at some times and then they have idle time, and the same would go for other virtual machines running on that same host. Overall, you get a better utilization of the hardware. 

![image.png](attachment:image.png)

The next type of virtualization is Desktop Virtualization, which is also called Virtual Desktop Infrastructure, or VDI. In this particular screenshot, we are looking at Azure Windows Virtual Desktop:

![image.png](attachment:image.png)

What this means is that clients could use a web browser to access a desktop operating system over a network such as those running in the cloud, in this case with Azure Windows Virtual Desktop, so when they sign in, it looks like they're running a full Windows desktop within the web browser, when in fact, it's running remotely on a server in a data center somewhere else.

> Application Virtualization

This means that we can have a virtual app that runs on a device, but it's not actually installed on that device as it traditionally would be, so the device then would need some kind of app virtualization client to allow virtual apps to work on the device, and the configuration can also include any required config files or libraries used by that app.

> Application Containers

The next variation on this would be - this is a hot topic these days, with Application containers we're really talking about all of the files required for the app to run being stored within the container boundaries. 

Similar to a virtual machine boundary, but the difference is that a virtual machine contains an entire operating system and an Application container doesn't - just contains app files. However, in order to run a container, you have to have a host that has a container engine that's capable of running containers, such as Docker.

![image.png](attachment:image.png)

< [Table of Contents](#top) | [References](#references) >
<a id="B"></a>
***
### Hypervisors
***

< [Table of Contents](#top) | [References](#references) >
<a id="C"></a>
***
### Virtualization Security
***

< [Table of Contents](#top) | [References](#references) >
<a id="D"></a>
***
### Deploying Windows Virtual Machines
***

< [Table of Contents](#top) | [References](#references) >
<a id="E"></a>
***
### Deploying Linux Virtual Machines
***

< [Table of Contents](#top) | [References](#references) >
<a id="F"></a>
***
### Encrypting Virtual Machines
***

< [Table of Contents](#top) | [References](#references) >
<a id="G"></a>
***
### Application Containers
***

< [Table of Contents](#top) | [References](#references) >
<a id="H"></a>
***
### Working with Docker Desktop
***

< [Table of Contents](#top) | [References](#references) >
<a id="I"></a>
***
### Creating a Container Registry
***

< [Table of Contents](#top) | [References](#references) >
<a id="J"></a>
***
### Deploying an Application Container
***

***
## END

< [Table of Contents](#top) >
<a id="references"></a>
***
## References
***

skillsoft, "Virtualization Security," [skillsoft.com](https://web.archive.org/web/20221102151824/https://www.skillsoft.com/get-free-trial), n.d..

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="appendix"></a>
***
## Appendix
***

***
## END

In [1]:
from IPython.display import display,HTML
display(HTML("<style>.container { width:100% !important; }</style>"))

# END JUPYTER NOTEBOOK