Over a million developers have joined DZone.

How safe is my Windows Azure virtual machine?

· Cloud Zone

Download the Essential Cloud Buyer’s Guide to learn important factors to consider before selecting a provider as well as buying criteria to help you make the best decision for your infrastructure needs, brought to you in partnership with Internap.

 In Saint Louis a couple of weeks ago at our Windows AzureIT Camp, Joe asked me this question:

“When dealing with virtual machines and cloud for R&D. If during the process of researching you happen to download a contaminated file, can that file do harm to the actual machine that you are running? Wouldn't that file be saved on the parent machine in order to be accessed on the virtual machine?”

What Joe was concerned about was whether or not the virtualization host is vulnerable from something bad happening in the virtual machine.  If a virtual machine gets compromised and some harmful or malicious (likely both) files get saved on the virtual machine’s hard disk, isn’t that file also a threat to the virtualization host on which it’s running?

The short answer: No.

The longer answer: Not really, no

Remember that, when using virtualization, whether it’s vSphere, Hyper-V, or some other solution, typically a virtual machine’s operating system disk is really just a file as far as the host hypervisor and operating system is concerned.  That .vmdk or .vhd file is sitting in storage, and its contents are only being used by the virtual machine.  So even if that VM installs something bad, the host on which it is running won’t ordinarily know or care about it.

Can the host operating system get at the files within the VM’s disk?  Yes, there are ways to do that when you’re running your own virtualization.  But you have to go out of your way to do that, and only when the virtual machine isn’t currently using the disk. 

The same holds true for any interactions between the VM and other computers; virtual or physical.  You treat the VM as just another machine that needs to be networked and protected. 

If the malicious file gets saved on an SMB file share, or some other networked storage that is shared, then of course other machines may be exposed to it.  Here is where Windows Azure actually gives you better protection of the platform.  While a local virtualization host might also share access to that same compromised storage, in Windows Azure there is no way for the virtualization hosts to interact with a virtual machine’s data in any way.  Period.

For the security minded among us, I highly recommend you bookmark this page: The Windows Azure Trust Center.  This is where you’ll find our documented security practices, privacy rules, compliance standards, and so on.

The Cloud Zone is brought to you in partnership with Internap. Read Bare-Metal Cloud 101 to learn about bare-metal cloud and how it has emerged as a way to complement virtualized services.


Published at DZone with permission of Kevin Remde, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}