1. Field of the Invention
The present invention relates to management of security services within a virtual execution environment (VEE), and more particularly, to dedication of one or more VEEs for administration and management of security services for remote users.
2. Background Art
Security services for computer systems are typically implemented by firewalls located on the edge of a LAN. The same set of security services is provided for all of the computer systems “behind” the firewall. Another typical implementation of security services is to have a security application such as anti-virus or spam filtering executed on each of the computer systems.
Computer systems, such as those that run server processes, typically have a set of services (sometimes called “daemons”) that are used for servicing user requests and operating system requests. These services can be dedicated to servicing requests from external anonymous users, for example, a WWW service or an anonymous FTP service. They can also be used for servicing requests from authorized users, such as FTP service and email service POP3/IMAP4 (Post Office Protocol 3/Internet Message Access Protocol (version 4)).
Such services are typically launched as one or more operating system processes/threads and “live” within operating system space, which includes within it a common object name space. Examples of such types of objects with operating system-wide names or identifiers include process identification (PID), file names, named pipes, TCP port IDs, etc. Each service, upon request and when available, receives appropriate resources from the operating system, which it then uses to service user requests.
For management (administration) of these services, typically a system administrator, who can enter appropriate operating system commands, and who can monitor the state of the operating system and the services, is required. A particular case of a system administrator is an operator, who is typically allowed only a highly restricted subset of functions—for example, checking server statistics, management of print queues, etc.
The cost of a system administrator for the owner of such a system (e.g., a data center) is often a substantial part of the total cost of ownership (TCO). Easing the burden on such a system operator and enabling a substantial commonality of his activities is an important issue in software development for data center administration.
The job of an administrator, as it relates to administrative services, often includes not just direct commands to the computer system for performance of specific actions, but also involves certain “indirect” operations. Examples of such indirect operations include assurance of an appropriate level of security, verification of system state, backing up data and creation of backup databases, provision of new servers and services, load balancing, etc. Attempts to ease the burden on the operator for providing such functions take several forms. For example, the use of Virtual Private Servers (VPSs) allows at least some commonality among the various server processes running within the computer system, and also allows commonality in their instantiation and configuration. Usually VPSs are installed with mass administration tools, for example, VIRTUOZZO VPS (available from SWSOFT Inc., www.SWSOFT.com) has a set of special scripts, command line and Graphical User Interface utilities for such a purpose.
The problem of administration of a large set of services and servers for many users is widely known, especially to administrators of web hosting companies and data centers. Each routine operation often requires expensive manual operations, and, when handling thousands of users even on a single hardware box with a single operating system, each simple operation, which should be performed hundreds and thousands of times, becomes very expensive. Unification and simplification of mass operations therefore can result in a significant economical benefit.
Another ever-present problem is assuring a level of safety and security of the services provided to the users. For example, authentication of users and user login verification has to occur within a safe environment. Any failures and crashes of services for one user should not affect services for other users, and should not affect overall system security.
Another approach is sometimes referred to as Embedded IT solution technology (http:**www.intel.com/technology/itj/2006/v10i3/4-models/10-authors.htm), enabled through the use of Intel Virtualization Technology (VT) or software emulation mode to implement VM support. It performs client isolation and uses a Recovery (CIR) usage model that emphasizes isolating manageability and security services in a virtual manageability appliance. IT departments thus benefit from the ability to isolate key services from end-user access.
The concept of a so-called “sandbox” is one conventional solution. For example, in the UNIX environment, it is common to place the FTP services for anonymous users within a “sand box.” In that case, even if an intruder manages to gain access to that particular server and “breaks it,” then his malicious activities still occur within the sand box (a secure environment), and the intruder cannot gain access to any critical system data in this fashion.
Additionally, there may be issues with execution of non-standard operations. One type of such non-standard operations is “dangerous” operations that can result in an unpredictable state of the system. Examples include remote services reboot and remote firewall configuration operation. In the case of remote services reboot, should that process fail to reboot and reinitialize the appropriate server process properly, the only recourse available to an administrator of that particular process (for example, to a remote VPS administrator) is to request expensive manual intervention from the system administrator. In the case of remote firewall configuration, the person configuring the firewall could accidentally mis-configure it in such a manner that even the administrator or operator of such a firewall is himself blocked from any further access through the firewall. This results in a server process or a VPS, that is “empty,” i.e., running “normally,” but is in reality useless, because it is inaccessible.
Other non-standard operations include organization of services providing name-based hosting for web users, where a number of virtual web servers share the same IP address with a single logical instance of the webserver. Other services include security services.
Accordingly, what is needed is a system and method for providing a more secure and more reliable mechanism for managing administration of security services in a multi-server environment, as well as a way to simplify mass management of security implementations.