Managing Virtualization: The Art of War

By Anil Desai
published: Monday, July 14 2008

"The direct use of force is such a poor solution to any problem, it is generally employed only by small children and large nations." - David Friedman

Make no mistakes, my friends. Virtualization technology is serious business. The stakes are high and the stakeholders are highly-motivated. War is a dirty word, and we did not choose this situation. However, today, we are called upon to defend ourselves against a vicious and unforeseen onslaught of virtual machines. They have attacked from every direction, and we now find ourselves in the middle of a battle for control. These once gentle automatons now threaten our very way of life within the IT department. Their unmanaged proliferation must be stopped here and now.

This will not be an easy fight, so heed these words carefully. The fate of entire data centers hangs in the balance, and mismanagement of one or a few VMs could tip the balance in favor of the enemy. But rest assured, my friends: There is hope, if only we allow cooler heads to prevail. Batten down the hatches, up the irons, release the Jolt! Cola, and prepare for Managing Virtualization: The Art of War.

Call of Duty: Rapid Deployment

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin

On the modern battlefield, efficiency and agility are vital to the success of our initiatives. However, we must retain control of the situation. No longer can we quickly and recklessly deploy new VMs in response to user requests. Rather, we must carefully consider users' requirements. Friends, I ask you to question your decisions. Always act for the good of the data center as a whole. Do we really need a whole new VM (complete with guest OS, applications, and security updates), just to host a new web site? Is an entire VM required to host a new database for a small application? Or is there a better, more efficient way? Often, existing physical and virtual servers will meet the needs far more efficiently than that of virtualization. Let's make careful use of our precious data center resources.

Wisdom: While timeliness is the key to victory, one must exercise restraint to ensure prolonged peace in the data center.

We Have Met the Enemy and He Is Us: Reining in IT

"War is too serious a matter to entrust to military men." - Georges Clemenceau

Far be it from me to question the loyalties of the many thousands of our own troops who fight tirelessly in the trenches every day. They give freely of their time and sanity to ensure that users' needs are met. But, friends (and though it pains me to say so), I believe that we must ensure order and discipline within the data center. No longer will systems administrators be allowed to haphazardly deploy VMs with nary a care for IT policies and management practices. New deployments must begin with business and technical approvals. Front-line soldiers must verify that their guest operating systems and deployments have been verified. These systems must meet security policy standards and comply with regulatory requirements.

Wisdom: True military success starts from internal discipline. It is only through rigorous quality controls that order can be maintained.

Tapping the Reserves

No one can predict the future, and it's likely that we'll need to adapt quickly to changing business and technical requirements. In order to defend out IT interests, we must keep VMs ready for deployment. When the need arises, we should be able to tap into a Virtual Machine Library to access pre-defined, approved, base images for new guest operating systems. These standard VMs must meet the needs of the vast majority of new deployments. They should be equipped with the latest security patches, updates, and settings. The quality of their preparedness will greatly reduce deployment times and configuration management headaches.

Wisdom: A fool is he who wastes all of his resources in minor skirmishes. When faced with seemingly insurmountable odds, commanders must call upon a ready pool of willing soldiers.

Sweeping Up the Survivors...

"In peace the sons bury their fathers, but in war the fathers bury their sons." - Croesus

No VM lives forever. We all suffer from a finite lifetime and, it may be said, that as soon we're born, we're dying. In war, it is inevitable that a few of our sisters and brothers will fall in the line of duty. Some might be removed from active duty, while others will pay a much higher price. Such is the cruel fate of the best-intentioned VMs. We must recognize that VMs often outlive their usefulness. They are created and deployed for a specific purpose. And, when that purpose has been met or the requirement no longer exists, we must remove them from active duty. This will free up resources for a new guard - a generation of VMs that is consistently aligned with business requirements.

Wisdom: He who retires from the battlefield in good time clears the battlefield for a fresh set of soldiers.

Reconnaissance and Surveillance: Stay Informed

"Eternal vigilance is the price of liberty." - Wendell Phillips

The cost of data center freedom is constant oversight. In order to ensure that the entire environment remains under control, we must constantly monitor all VMs. While we can rely on standard enterprise management tools for some of this work, we must have VM specialists for other situations. For example, covert operations personnel will be required to detect VMs that are powered off or that are disconnected from standard networks. These VMs must be removed from active duty, or they must be sufficiently patched before they enter live production environments. Anything less and we run the risk of serious breaches in security and configuration management protocols.

On the battlefield, accurate and timely communications are critical. Many types of issues can be resolved automatically. For example, a virtualization management product can reconfigure memory settings for a VM or migrate it to another host server whenever specific performance thresholds are exceeded. Of course, some decisions will require manual judgment: In those cases, commanders must setup automated alerts and notifications. Unrecognized VMs, for example, might be quarantined until an authorized systems administrator can decide whether it should be taken prisoner.

Wisdom: He who cannot see the battlefield cannot effectively manage his forces. Timely and accurate intelligence is the key to prevailing in combat.

Situation Report: Executive Summary

"Better to die on one's feet than to live on one's knees." - (Numerous sources)

The times might look bleak, as we find ourselves under siege by the rapid proliferation of unmanaged virtual machines. But the situation is far from hopeless. By controlling VM deployments, verifying security configurations, and continuously monitoring the entire data center battlefield, I know we can prevail. Remember, we created these VMs, and we have the ability to manage them. Who's with me?

"The real and lasting victories are those of peace, and not of war." - Ralph Waldo Emerson

Anil Desai is an independent consultant based in Austin, TX. He specializes in evaluating, implementing, and managing solutions based on Microsoft technologies. He has worked extensively with Microsoft's Server products and the .NET development platform and has managed environments that support thousands of virtual machines. Anil is an MCITP, MCSE, MCSD, MCDBA, and a Microsoft MVP (Windows Server – Management Infrastructure).

Anil is the author of numerous technical books focusing on the Windows Server Platform, Virtualization, Active Directory, SQL Server, and IT management. He has made dozens of conference presentations and is also a frequent contributor to online and print publications. For more information, please see http://AnilDesai.net, or e-mail This e-mail address is being protected from spam bots, you need JavaScript enabled to view it .

[ Back ]