Motivation for the Project

IT-infrastructures have already become highly complex in small and mid-sized companies (SMCs). Aside from the various types of computers (desktop computers, laptops, servers, ...), periphery (i.e. multifunctional printers) and functional network components (routers, switches, …), the complexity is continuing to grow as a result of different security components (firewalls, intrusion detection, …). Often the effects of changes to such infrastructures can only be seen once they have been implemented, and the integration of new security components often requires the integration of new hardware as well as the restructuring of the network topology, which has to be implemented without a clear idea of what effects may ensue.

Furthermore, the security of individual components for the integration of business topologies in accordance with the BSI IT- basic protection and ISO 27001, which enable the establishment and use of an ISMS (information-security-management-system), is not a simple pursuit - especially in connection other components. This security is, however, essential for conformance and compliance with regulatory requirements like Basel II. Since more and more SMCs have to exhibit a profound IT risk management, it must be possible to prove that their IT infrastructure has sufficient security mechanisms (protection against viruses, access control, protection of access privilege data, IT emergency planning and regulation).

Since small and mid-sized companies can provide limited personnel resources and know-how for operative IT management, the use with IT infrastructures must be made easier for them. On the one hand, this would be guaranteed via the visualization and simulation of IT infrastructures; on the other, it would come through the realization of an SMC appropriate presentation and operability of the resulting security functionality. Therefore, the goal of Project VISA is to simplify and support the management of IT infrastructures, especially the security components, by using virtualization technology. This support is based on two core technologies:

  1. Simulation and evaluation of the entire IT infrastructure in virtual realms,
  2. Realization of security applications as virtual components, so-called virtual security appliances (VSAs).

Through the VISA framework, the tailor-made, simplified use of security applications based on VSAs will become possible. By thoroughly emulating the IT infrastructures, parameters relevant to business as well as VSAs’ integration points can be identified, and their use can be tested in the virtual realm. Successful VSAs are then able to be put to use directly without making changes in the existing infrastructure. Combining the modeling and formal description of infrastructures as well as evaluating them in virtual realms by using various, defined criteria will enable SMCs to estimate the costs and characteristics of each IT investment better and keep their security risks lower.