Executive Viewpoint: Pete Privateer, Reflex Systems By Pete Privateer published: Monday, December 08 2008
Virtualization: Déjà vu All Over
Again?
Have you
ever noticed that Information technology seems to go through cycles? In each cycle we seem to reinvent the same
computing paradigms from previous eras.
Most of you will find it hard to believe, but when I started college in
1972 there were only a handful of full sized computers in the entire state of
Florida. They were room sized machines
that took 3 inch water pipes to cool them.
Computers were so rare and expensive, few could afford their own. Therefore universities and large corporations
had to share them. Every computing cycle
on these early machines was precious and not a CPU second was wasted.
IBM
developed an operating system for its mainframes which made sharing computing
resources common place. It was at first called
OS/VS1 which stood for "operating system/virtual storage". Later operating systems for IBM's system 370
mainframes came to be known as OS/VS2, which later evolved into OS/MVS (Multiple
Virtual Storage) by the mid 70's. By the early 80's the mainframe operating
systems allowed you to partition a single mainframe or group of mainframes into
many logical partitions (LPARS in the vernacular of the time) each running its
own version of the operating system. A partition
would operate like a virtual computer, each one dedicated to a specific program,
individual user or task. Even as
mainframe computers became more ubiquitous and individual corporations could afford
their own machines, OS/MVS enabled them to run many jobs simultaneously squeezing
every drop of processing power out of the CPU.
Although the
first IBM personal computer hit the market in 1981, it wasn't until the late
80's that 2nd generation X86-class PC's started to be used for more
than word processing or manipulating spread sheets. PC's began to run less critical applications (email,
scheduling, project management, etc.) or to provide a front end for established
mainframe applications. Mainframes were
still the processing and data storage backbone of the enterprise, but by the
early 90's the "client/server" computing began to replace the mainframe computing
model - the hallmark of data centers for
the past 30 years.
To provide
the equivalent horsepower to the mainframe we chained 100's or even 1000's of PC's
(which we called servers) together to
create "farms" of x86 PC's. Eventually the
mainframe gave way to rooms full of individual computers each dedicated to a
specific task or application. Of course
by the mid ‘90s the Internet had changed the way we think about networks and
computing. By the middle of this decade server
farms were support Web-based applications as well as more conventional
client/server applications. However the
servers were still running as individual computers.
Sometime in
the last couple of years it dawned on us that these thousands of servers had
vast amounts of processing power that was highly underutilized (only 5-15% in
most cases). Powerful chips,
multitasking operating systems, and high speed network connections led to CPU's
being able to do their job with plenty of time left over. Even with all this extra capacity we were
constantly adding new servers when more processing power was needed. Eventually we began to run out of rack space
to add new servers. Worst yet, the server
farms were generating more heat than we could remove from the data center. In some cases we were simply running out of the
electrical power to turn on a new server.
It was time to bring back an old idea from the 70' and 80's - virtualization.
Using a
layer called a "hypervisor", which abstracts the server operating systems, we
can now partition physical servers into multiple virtual computers - sound
familiar? Now server CPU cycles can be efficiently
utilized to support shared applications (60-80% instead of 5-15%). With
more efficient use of severs we can dramatically reduce the number of servers
needed, which in turn reduces heat and power requirements while dramatically
reducing the manpower required to manage the data center. In fact, with virtualization, a data center
full of X86 computers can now be viewed on single monolithic source of
processing power partitioned into many virtual machines. Add to this the trend towards virtualizing
the desktop and we have come full circle back to centralized computers
connected to remote terminals. Déjà vu
all over again.
As we
approach the end of the decade, virtualization is proving to be the next major paradigm
shift in enterprise computing. Instead
of racks upon racks of individual servers, each one dedicated to a specific
task, we will have an "on demand" pool of processing power that can be shared
across applications and services. This
will fundamentally change the way we organize, manage and control the next
generation data center. In fact, the
only thing slowing down this transformation is the tools necessary to manage
and secure a virtual infrastructure.
No matter
what computing platform you are using, computers do not manage or secure themselves. In the mainframe era a host of software tools
evolved to manage everything from storage and scheduling, to performance and
security. Of course the mainframe vendors
supplied some of these tools, but innovative start-up companies came up with
newer and better ways to manage data center operations. Companies like Computer Associates, Legent,
Sterling Software and BMC built very successful businesses out of providing 3rd
party management and security tools for IBM mainframe environments.
One of the
early obstacles to moving mission critical applications to a client/server
platform was the tools to manage and secure the environment. Mainframe
management and security tools from companies like IBM, BMC and CA were simply
not designed to for a distributed, heterogeneous client/server environment. Anyone ever try to use IBM's RACF to secure
a client/server platform?
A few management
and security tools for client/server were developed by the platform vendors -
Microsoft, Novell, IBM, Sun, HP etc.
However most management and security tools were provided early on by
start-ups like Tivoli, Legato, OpenVision, Patrol, Platinum, AXENT, ISS,
Security Dynamics, and many others. Of
course most of these early stage companies were eventually acquired by established
systems management companies; IBM acquired Tivoli, EMC acquired Legato, BMC
acquired Patrol, CA acquired Platinum, Symantec acquired AXENT and so on. Today
those companies supply the bulk of client/server and Web management tools.
Now we face
a similar challenge in managing and securing the new virtual computing
paradigm. Organizations hesitate to move
mission critical applications to a virtualized infrastructure because they lack
the visibility, management and security software necessary to see, understand
and control increasingly complex virtual environments. Security professionals are reluctant to
sign-off on virtualization projects because the tools from the virtualization
platform vendors (VMware, Microsoft, Citrix, etc.) cannot adequately monitor or
protect a virtualized environment. Likewise auditors and compliance officers often slow down the migration
of mission critical applications to virtualization because existing tools give
them little visibility into the virtualized world.
Just like
mainframe management tools could not be used to manage client/server and Web
environments, existing management tools from the big systems management vendors
cannot adequately manage the virtualized data center. Client/server management tools revolve around
physical server or physical network. They
can't understand a world where servers, switches and networks can pop up at the
click of a mouse. They do not understand
things like running applications moving seamlessly from one physical server to
another. Client/server management tools cannot grasp an
environment where servers, storage, and networks can be dynamically managed as
a single pool of resources.
As in the
early days of mainframe and client/server computing, the virtualization
platform vendors will supply some of the key management and security
tools. But history has shown us that
systems management is not the forte of the platform vendors. Otherwise all of our management and security
tools would have come from IBM, Sun, HP, Novell, and Microsoft and there would
be no third-party management and security companies.
To fully
realize the promise of virtualization, IT organizations need a new breed of
management and security tools which understand and take advantage of virtualization's
unique requirements and capabilities. Purpose-built
virtualization management and security tools will enable next generation data
centers to enforce IT policies, ensure compliance with government mandates, and
manage and protect virtual servers, desktops, and networks across VMware,
Microsoft and Citrix platforms.
Over the next few years most
of the really ground-breaking tools will undoubtedly be built by a new crop of
innovative, early-stage companies which have the vision and creativity to chart
new territory and help transform enterprise computing.
Related Links:
Reflex Systems
All Executive Viewpoint Articles
Pete Privateer joined Reflex Systems with more than
twenty-five years of senior leadership experience in the industry. Privateer
previously held executive positions at many security technology companies. He
was vice president of sales, for the ISS division of IBM and senior vice
president of worldwide marketing and product management for ISS prior to its
acquisition by IBM. He served as president and CEO at Intrusic, a
venture-backed Internet security software/appliance company and Pelican
Security, where he was responsible for overall strategy and operations of the
company. As co-founder and senior vice president of operations for Axent
Technologies, one of the first Internet security software companies, he
successfully helped lead the company from start-up to successful IPO prior to
its sale to Symantec.
|
