Book Reviews: Information Security Books and Product Reviews – Microsoft Virtualization

Book Title:   Microsoft Virtualization

Author(s): Thomas Olzak, Jason Boomer, Robert M Keefer, James Sabovik

Publisher: Elsevier Inc. & Syngress

Date of Publishing: May 2010

ISBN(13): 9781597494311

Price (UK&US price – full price, not discounted price): £30.99,   $49.95

URL of Amazon UK web page:  Microsoft Virtualization: The Complete Solution

URL of Amazon UK (Kindle) web page:  Microsoft Virtualization: The Complete Solution: Master Microsoft Server, Application, Presentation, and Desktop Virtualization

URL of Amazon US web page:  Microsoft Virtualization: Master Microsoft Server, Desktop, Application, and Presentation Virtualization

URL of Amazon US (Kindle) web page:  Microsoft Virtualization: The Complete Solution: Master Microsoft Server, Application, Presentation, and Desktop Virtualization

I have been involved in security for over 30 years, starting in physical security and then moving into IT Security. Having been involved in security testing from both a physical and logical perspective, I have been involved in a number of Virtualization Projects, including the migration of a large number of servers to a virtual platform.The book consists of 477 pages comprising of 15 chapters and provides a good logical flow starting with an excellent explanation on Virtualisation. It then goes on to explain Server virtualisation, Application virtualisation, then ending with Desktop virtualisation. The book is not a security book but provides a step-by-step guide on implementing virtualisation, which could be used from small to large deployments. The book provides screenshots that guide the reader through the set-up process and offers advice on different configurations depending on the requirements. The recommendations on creating templates and the physical-to-virtual migrations are very good and even though the book is more of a step-by-step guide it is well worth reading, as it would allow an organisation to plan a sound strategy for implementing Hyper-V. The book does not detail much in the way of security advice but does have sections on securing and monitoring a virtual environment and also describes Virtual Machine Manager, which is key in the implementing a security Hyper-V environment. It also discusses the Server Core version that is a non-GUI installation, which provides better security, as it is a minimum build with on trusted services and drivers loaded. This reduces the attack surface and with the added recommendation of using approved and trusted templates for the Guest Machines allows for improved security.It provides a good overview of the Virtualisation and Dynamic data centres, which in turn could be used to develop business cases for implementing not only server virtualisation but also application and desktop virtualisation. There are some key messages around strategies and scenarios for anyone looking to virtualise an environment. The step-by-step guide does not quite fall into the category of a “Dummies Guide” but certainly provides good guidance and would assist an engineer to implement Hyper-V; especially networking as one of the key areas. The Appendices offer case studies, as well as a section on the Windows 2008 R2 Delta Changes: very useful for professionals that have been involved in previous versions.

This book should be read by engineers wishing to implement a virtual environment, IT Leaders looking to reduce costs (they would only need the first few chapters as after that it becomes an installation guide) and security professionals looking to provide some assurance that the risks in implementing virtualisation are not entirely different and that a security Hypervisor provides no additional risks.

The book offers a good description of virtualisation with the Microsoft product set and the guest operating systems that are supported on Hyper-V. It also promotes the thought process around the benefits of Application and Desktop virtualisation.

Marks: 4 out of 5
****