2010 Prediction: Pete Privateer, Reflex Systems
Virtualization Management and Security - the Key to a Fully Virtualized Datacenter
All of us are familiar with the benefits of virtualization. Consolidating servers and/or desktops saves on capital costs such as hardware and operating expenses, including cooling and electricity. Virtualization can also reduce people costs by simplifying and automating many routine management tasks. There is plenty of empirical evidence that demonstrates dramatic cost reductions with virtualization. One large financial institution has documented $125M in capital expense and operating cost savings in just a two year period. So if the technology is proven and the cost benefits unequivocal, then why are so few data centers fully virtualized?
Recent surveys indicate performance and scalability are key technical concerns to deploying more applications on a virtual platform. However these surveys also show that main operational inhibitor is the ability to secure and manage the virtual infrastructure to the same standards that we have achieved in the physical environment. Unless we can satisfy application owners as well as internal and external auditors that they will have the same level of performance, control and compliance in the virtual world as they now have in the physical one, the goal of a fully virtualized datacenter will be hard to achieve.
Today the virtualization paradigm is at a crossroads. So far the vast majority of applications running in the virtual infrastructure are less critical applications such as test/development, email, Web servers, etc. To fully realize the benefits of virtualization we now must move our most sensitive and “mission critical” applications to the virtual platform.
By definition these types of applications have well defined policies for management and security. Sensitive applications (and their server, network and data storage infrastructure) must be isolated from other less sensitive applications. Virtual servers, networks, and data stores must be protected from internal and external threats in a verifiable and auditable way. Configuration changes must be closely monitored and clear protocols must be enforced before changes to the environment can take place. Performance SLA’s must be monitored and strictly adhered to. Compliance with internal and external standards and processes must be closely watched and audited.
In today’s physical datacenter we have a host of security and management tools at our disposal to monitor and enforce our organization’s standards, policies and procedures. Enterprise Systems Management (ESM) products as well as firewalls, intrusion prevention systems (IPS), VLANs, and other technologies are widely used and well proven. They may not be perfect, but we have come to accept and rely on them.
Some will argue that these tools can be easily extended into the virtual world. However that viewpoint overlooks the many fundamental differences between the virtual datacenter and the physical one. Managing and securing the virtual datacenter requires a different approach and new technologies.
What is so different in the virtual world from the physical one? After all, a Windows server is the same in either environment right? While the a virtual machine running Windows Server may appear the same as a physical machine running the same operating system, there are profound differences.
