54 Eleventh Hour Security : Exam SY0-201 Study Guide separate VLAN to improve performance and security. The iSCSI pro- tocol can take advantage of Jumbo Frames on an Ethernet network. This feature must be supported by the network switch before it can be used. It is also recommended that an iSCSI HBA be used instead of a normal server NIC. Because of the ability to transfer data over a nor- mal network, security is built into the protocols. Challenge Handshake Authentication Protocol (CHAP) is a protocol that is used to authen- ticate the connection and is based upon sharing a security key that is similar to a password. Network Attached Storage: This type of storage is similar to the SAN except it uses normal server NICs and a protocol called Network File System (NFS). This type of shared storage was originally developed for sharing files to individual computers by allowing the storage to be mapped to the local system as a local disk drive. The transfer of data is limited to the speed of the network. As you can see it is very easy to start using multiple NICs in a virtualized infra- structure. Planning the implementation and leveraging the features of the hypervisor will help you maintain the security policies while still providing a robust and flexible virtual environment. SYSTEM VIRTUALIZATION Every hypervisor has tools for performing the virtualization of both existing systems as well as new systems. However, while these functions all look a bit different, the functionality is common across all of the major hypervisors. Each hypervisor may even have its own file format for the virtual systems. Some will read the different virtual file systems, whereas others may even use other for- mat directly in some instances. When a virtual machine is created there are at least two files created, a con- figuration file and a virtual hard drive. The format of the configuration file may vary from one hypervisor to the next, but it contains similar information--the location of the virtual hard drive, the name of the virtual machine, the amount of memory allocated to the virtual machine, the number of virtual NICs, and any other virtual hardware or connections for this specific virtual machine . The virtual disk file is where the operating system and data files are stored for the virtual machines. Depending on the specific features of the hypervisor, this file may be created all at once, a 20 GB file, or it may be allocated for the speci- fied size and created in 2 GB chunks. This makes the virtual hard disk much faster to create and does not use any space that it really doesn't need. This saves storage space but still makes the operating system believe it has full access to the allocated storage. Creating virtual machines can be done in one of two ways: physical to virtual conversion and creating a new system.