December 17, 2008, 9:56 PM — Unlike most technologies that go through a rigorous inspection and validation process, server virtualization for the most part, snuck in the back door of the data center while no one was looking as an operations tool generating a significant ROI through the savings associated with server consolidation.
But server virtualization is a technology that impacts pretty much all aspects of a data center, and it's only now that some of these impacts are being felt. This is a three part article that looks at the impact of server virtualization on data center management, security and compliance and suggests corresponding best practices to combat these issues.
Differences between physical and virtual servers and what this means for the data center
A virtual server is not the same as a physical one. While it is true that they share a lot of the same management requirements (configuration, updating, performance optimization etc.), there are also some significant differences which include:
- Identity – Server identity has traditionally been associated in some way to the server physicality, making it relatively easy to identify a specific server uniquely. But, when you can create 30 exact copies of a physical server at the click of a mouse, this identity breaks down. In most cases, virtual machines are identified simply by an assigned name, which may have nothing to do with the actual application or function.
- Mobility – Unlike their physical counterparts, virtualized servers are designed to be mobile. They can be moved easily either through manual or system action.
- Status – Physical servers are generally powered on, unless down for maintenance. Virtualized servers, on the other hand, move easily from online to offline to suspended as required.
- Lifecycle – Physical servers generally have lifecycles measured in years. Virtualized servers can have lifecycles measured in minutes.
At first glance, these differences may not look very significant, but when they all have an impact when it comes to management, control and auditability.
Impact on the data center
A data center manager I was talking to described the impact of virtualization as having the same affect on data center control systems as wireless networking had on the perimeter. And once I had thought about this a little I realized that this is not a bad analogy.
Most data centers have well established processes and procedures for deploying new servers.
But, when a new server is deployed with the click of a mouse, conceptually to any server that can be seen on the network, those existing (and frequently manual) control systems can be easily circumvented and are therefore not as reliable or auditable as they were.
This effect is usually multiplied if more than one group is responsible for deploying VMs.
And like wireless networks, virtualization can also ignore deployment controls, as well as internal “walls†between things like development and production or the various security zones that have been established within the data center.
Management Systems
This effect is compounded by the inability of traditional data center management systems to monitor and control servers in the virtual world. Most traditional management systems were built using basic assumptions around server identity, operational states and immobility, and they simply do not work well in the virtual world.
Unfortunately, the management tools provided by the virtualization platforms do not help much here as they all tend to be are more focused on facilitating the deployment of virtual servers than the management or control of them. This means that reports can be difficult to obtain and tracking virtual machines across multiple management consoles can be difficult if not impossible.
In the physical data center, installing a new server or moving it around was a controlled exercise involving multiple teams, including network, application, storage and security folks.
Virtual servers, however, can be created and moved at the click of a mouse. Versions of applications and operating systems can be saved for later use, taken off line or even be re-created, with little relative effort, and potentially even less control.
Manual all the way
The lack of management functionality provided by the virtualization platform vendors also includes automation. There is very little automation built into the management platforms, which significantly increases the amount of manual activity and decisions taken by IT staff.
Any manual process is not only more error prone, but also frequently more difficult to audit. This lack of automation also increases the skill and experience requirements for IT virtualization administrators, and there is a significant shortage of qualified personnel for these spots.
Overall impact
Virtual servers are different from physical servers, and these differences have a significant impact on the data center. Existing control systems and processes can be compromised, while at the same time the traditional management tools are not very effective.
The inherent mobility of virtual machines, while extremely valuable, can inadvertently contravene compliance regulations. However, while the management tools provided by the virtualization platform vendors, are excellent at deployment, they are not so good at the ongoing management and control of the environment, making tracking, visibility and reporting difficult.
The virtual world has more manual processes which can be error prone and also difficult to audit. All of which adds up to the introduction of new compliance and governance risk into the data center.
The next article in this series will build on this examination of the impacts of server virtualization on the data center by looking at the new security issues raised by this technology. This will be followed by the final article in the series, pulling everything together and introducing best practices for the management and control of this critical infrastructure.
Part 2: New security issues raised by server virtualization
Part 3: Best practices for controlling and managing virtual machines
