Getting Real About Virtual Environments

There are few technologies that have the potential or ability to change the dynamics of an industry in such a way that it becomes a standard component of modern life. Decades ago, flying cross-country or across oceans changed the way people viewed transportation and opened up a new world of travel.

In the computing world, a dramatic shift is also taking place, enabling a new way in which IT departments manage services. Enterprises worldwide are embracing a flexible, digital work style that enables businesses to remain competitive in a global environment. This means collaborating across time zones and from any location. These trends place increasing pressure on IT departments to deliver connected capabilities, speedy access, and mobility. These changes require much more nimble capabilities for adapting IT infrastructure to meet the needs of business. As a result, more companies are turning to the new technology of virtualization.

Virtualization makes it easy to create infrastructure on demand - enabling a much faster response to the changing needs of today's business. It gives administrators the advantage of managing pooled resources across the enterprise. Virtualization gives developers a way to create test configurations, then destroy them and start over, without the procurement time and expense of building a dedicated test system, and without disrupting primary operating systems. Server virtualization alone has the potential to bring a new level of availability to business-critical applications that is more affordable and less complex to set up than the traditional methods. Virtualization techniques can extend to networks, storage, operating systems, applications, and laptop or server hardware, allowing better leverage of infrastructure investments.

Virtualization compels every vendor in the IT stack to consider how this new technology will affect products. A recent survey indicated that 70% percent of IT managers plan to implement server virtualization during the next year.

Other key technology initiatives will also have their roots in virtualization, including blade servers, remote services based on virtual machines, and virtual desktops. You will see a virtual machine stored as an image in a single file, and emailed offsite to another location or computer.

ADDITIONAL TECHNOLOGY BENEFITS

While IT managers are seeing virtualization as a way to better deploy resources, there are several other benefits to the technology as well:

Disaster recovery is an issue that keeps many IT managers up at night. Virtualization may help them sleep a bit better by providing an instant fail-over plan through disruptive events.

Every manager knows that pain of the procurement process to purchase a new physical server. Virtualization can make it so that in many cases, they won't have to buy a new server. They can manage several virtual machines from a single management console.

Many IT experts are seeing "green" with virtual computing, in more ways than one. Virtualization gives you more computing capability without adding hardware, which contributes to environmental, disposal and landfill problems. Virtual activity can add up to substantial savings on infrastructure, facilities, power and cooling. In other words, you can get a lot of bang for the buck in a virtual environment.

Supporting legacy systems can be expensive when you have to dedicate resources to do so. Virtualization can enable applications written on older operating platforms to be supported without having to revise code.

BE PHYSICALLY AND VIRTUALLY AWARE

While virtualization's new dynamic capabilities offer increased opportunity, they also bring new management challenges.

Andi Mann, research director at Enterprise Management Associates, has stated that while virtualization brings real benefits to business users, it can cause issues, especially for organizations that do not implement policy-based management tools to administer this new environment. While virtualization makes it easier than ever to create new servers and other infrastructure components, it also makes it easier than ever for people to introduce risk into the enterprise. This is because new virtual systems are created, used, and de-provisioned - all within a short period of time, making control difficult in these instant environments. These are the key problems associated with virtual environments:

Circumvention of IT processes and procedures is more likely, resulting in unauthorized, unplanned change, which can lead to system failures and downtime. Additionally, the ease of deploying virtual systems increases the risk that personnel will deploy untested, unauthorized, or non-compliant infrastructure without IT knowing about it.

Monitoring and reporting on the configuration and compliance status of a virtual machine that no longer exists can be enormously challenging. Virtualization increases this risk because it makes it easier to deploy systems temporarily to meet peak demands, and then deactivate virtual systems when the peak subsides.

Security is of greater concern, as virtualization creates more point of entry and more interconnection complexity.

"VM sprawl" is also a serious issue. Sprawl is when any number of unknown and unauthorized partitions might be operating outside policies and processes, and outside the ability of tools used to manage virtual machines. A single change on an unknown partition can snowball into a major security vulnerability to the entire data center. This phenomenon is further complicated when deployed systems begin to drift from known and trusted states, increasing the complexity of managing large numbers of systems and maintaining accountability to configuration standards.

In addition, IT organizations should not make the mistake of using different tools for physical and virtual environments. This can result in duplicate or competing processes for managing resources, adding layers of complexity to the infrastructure as a whole.

Industry experts agree that virtualization without good management is more dangerous than not using virtualization in the first place. That's why IT organizations need a cohesive strategy that ensures consistency, compliance, and manageability is maintained, across both the physical and virtual environments.

ELIMINATING UNAUTHORIZED CHANGE AND ASSESSING COMPLIANCE

In order for this new virtualization technology to be as successful and secure as the physical environment, it is important for IT organizations to implement change control processes and policies that eliminate unauthorized change. However, it is one thing to expect change control and another to enforce it. That's why organizations are turning to configuration audit and control solutions.

Configuration audit and control software can automatically detect all change and report any unauthorized change, giving managers the ability to quickly remediate the unauthorized change. It is through the detection and reporting capabilities that organizations can enforce change control policies, by proving what changed and who changed it.

A configuration audit and control solution that offers coverage across the breadth and depth of the IT stack can also be used to enforce change control processes across the hypervisor (virtual machine monitor and orchestrator). Integrated configuration audit and control capabilities give IT organizations the ability to track the state of all elements of the virtual environments, and detect all changes made within those environments, across every point of entry. These changes can then be tested for policy compliance and trigger escalations when processes are circumvented, systems become non-compliant, or unauthorized change occurs.

For auditing purposes, a configuration audit and control solution that offers configuration assessment can report when new instances are created, what state they were in while they were in active use, whether they were compliant or not, and also provide a complete audit trail of changes made to the virtual instance. And this historical record is stored separate from the virtual machines so it is available even after the virtual machine ceases to exist.

From a security perspective, all systems - virtual or not - must be managed to conform to the enterprise's security policies and standards. Configuration assessment capabilities can enable the continuous assessment of the state of your virtual systems against internal and external security standards and guidelines. When any of your systems drift from you policies, you will know so you can manage the risk rather than be blind-sided by it.

ARE YOU READY FOR A VIRTUAL WORLD?

To ensure virtualization is a success, it is vital that IT organizations get real about its risks and implement detective controls to mitigate those risks. Some basic questions you can ask to assess your readiness to manage virtual environments include:

How will you monitor and report on the state of your physical and virtual systems environments?

How will you systematically assess the state of your virtual environment for compliance to internal, external and/or regulatory requirements for change and configuration management?

How will you hold staff accountable - using fact-based reporting - to ensure that they cannot circumvent processes, policies or tools without your knowledge?

How will you track the deployment of new virtual machines and ensure that all VM's are appropriately configured, tested, and supportable within your environment?

How will you integrate these capabilities into your day-to-day processes so that you can efficiently and effectively manage VM's on an ongoing basis?

A robust configuration audit and control solution provides automated change detection throughout the virtual environment - from server to kernel to virtual partitions. Enforcing change and configuration management policies and processes is the only way of ensuring a known and operationally compliant state within the data center, thereby increasing the integrity, service delivery and availability of virtual infrastructure. ENS