Security
Gartner’s Rasit argues that, generally, security is quite high in the virtual world as there is nothing that inherently makes VMs less secure than their physical counterparts. However, issues can arise when moving VMs between physical servers.
“Within a firewall VMs are as secure as moving a physical server from one location to another,” he says. “But when you are moving from one data centre or from one country to another then all the LAN and WAN management around security has to be in place.
“If you are looking at Cloud bursting — moving your virtual machine out to a Cloud provider — then there are additional security considerations as it's not just lines of code but your data too which is being moved to a third party.”
CA’s A/NZ director, solution sales, Peter Sharples, says security is an issue when it comes to access — making sure a person is authenticated before letting them change and add VMs in the virtual environment. The other areas to consider are the potential risk of a ‘horizontal attack’.
“We’re yet to see it in Australia, but it is where someone hacks the hypervisor management solution and therefore, gains access to all the VMs in that horizontal environment,” he says.
IBRS’ McIsaac says that when it comes to managing antiviruses, the way to go about removing your security product from running in the operating system and instead, put it into a separate VM which then inspects all other VMs running on a physical server.
“That… solves problems with contention as now you have single instance of your antivirus, instead of one for each virtual machine,” he says. “However, many people do segregation of workloads via the network: A demiliterised zone versus an internal zone.
“But, if you throw everything on one box, where did your network go? Well, it’s inside your Intel box. So where did your firewalls and demiliterised zone go? People haven’t come to grips with that.”
Performance, capacity, storage
CA’s Sharples says while server virtualization has made the provisioning of infrastructure much quicker, what it hasn’t done is speed up the manual processes — order requisition, asset management and configuration management — associated with infrastructure provision. As a result, the performance and overall benefits of virtualization can suffer or stall.
“Understanding that and automating those simple, repetitive tasks like change management and request management as much as is practical is important,” he says. “But, the key to success is to understand your processes. It is pointless automating a bad process as you will just get a bad outcome more quickly.”
On top of processes, IT managers also need to understand the physical capacity of their data centre and how it relates to the provisioning of virtual machines. In other words, capacity management.
“Is over-provisioning hurting performance or is under-provisioning and wasting assets because they are under-utilised?” he says. “You also need to understand how that relates back to the performance of your critical business systems. Do you have the confidence your virtual platform will support end-business performance?”
IBRS’ McIsaac argues that the major issue is less a performance one and more about the way cutting down physical hardware can hurt your risk mitigation strategies.
“Capacity management is much more of an issue today, as if you have a problem it’s not just going to impact one box, one application and one set of users; it will potentially impact everybody, as they could be all on the same piece of infrastructure,” he says. “When you do have a problem, it tends to be far, far greater.”
That being said, having a large number of VMs on a single piece of physical hardware can place a high load on your storage when it comes to backing up your data.
“You will need to recognise that if you move your physical instances to virtual machines, you will at some stage need to revisit you backup as you do have the issue of resource contention,” McIsaac says. “Many people don’t review their backups that often; their view is: How can I make this as simple as to deal with as possible rather than thinking about the fact they may have to recover them at some stage.”
Gartner’s Rasit says a lot of organisations often find that when they move to a virtual infrastructure, they have to build a SAN architecture to gain a more rapid response from their storage via a ‘boot-from-SAN’ functionality.
“NAS is good for low-level low frequency storage but with virtual world, you need faster access,” he says. “Close management of storage is important, as if it you don't look after your storage utilisation [rates] usually go down.”
Skills
Lastly, moving to a virtual environment can have a significant impact on the organisational structure of an IT department, IDC senior analyst, Trevor Clarke, says.
Consequently, ensuring you have the right skills internally, or adequate support from an integration partner, to roll out a virtual environment is critical. It’s a position the National Museum of Australia’s manager, information technology & services, Chris Gill, couldn’t agree with more.
“We’ve had fantastic assistance from what we call an IT infrastructure architect, who helped us progress to where we are today,” he says. “You need someone who is totally across how the resources are allocated in a particular environment, know what that capacity is for expansion as needed, and also an awareness of capacity requirements over coming years so that the environment has the capacity to meet needs over the coming three years.
“If you do bring it a partner, it should particularly be a partner of VMware’s or someone who has that expertise and has strong support from VMware or EMC. I wouldn’t just rely on one individual but an organisation with additional resources to assist as needed.”