Envelope information on a virtual machine has come up a lot lately, not least of all after my presentation this week on Cloud Forensics Trends at the HTCIA International Conference.

The cool thing about a virtual system powered down or hibernated, dormant, etc. is that it has an envelope of metadata that forms an audit trail separate from the system. Take the OVF standard, for example. If the envelope were to include information about the status of the enclosed virtual system, such as the last time it was booted, the hypervisor it was running on, its device list, the current software/patch level…then it would provide more security information and control than a physical system which is “dark” when powered down.

This insight into off-line systems becomes really important in environments that have zones of online systems, such as multiple time zones. A company that spans America and Australia that must assess its systems at opposite times of day can read the envelope of offline systems to know their overall status. It also means systems can be easily identified and moved to a different zone for maintenance or containment before they are powered on again. Complex asset management systems can become simple queries of a virtual system envelope.

OVF is expected to evolve. It may eventually incorporate things like service levels and external configuration dependencies (e.g. network performance, state and security settings) that cloud providers crave for automation but, based on recent meetings with NIST and DMTF, it also is possible that it will evolve controls for virtual systems to be better than what we have used for physical systems.

OVF Envelope: