Virtualisation seems like the solution to managing IT systems, but what are its faults?

• Article 18 of 33
• SC Magazine, October 2009
• View the original article online

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | All 6 Pages

Managing systems easily and getting the most out of them is the holy grail of an IT department. “There has to be a better way” is a thought that has crossed the minds of most IT managers at some point – whether when it's having to apply patches to 10,000 desktops, or working out an easy way for users to access their files on a dozen different storage systems.

Virtualisation is a technology that seems to offer a way to attain this goal. This adds an extra software layer, a ‘hypervisor', which mimics hardware. It runs on the ‘host' and creates a virtual environment, typically called a ‘guest'. Virtualised environments offer many management advantages, which differ according to what is being virtualised.

Although almost anything can be virtualised, there are four main types: server, desktop, storage and network.

Server virtualisation enables one server to pretend to be many. Most servers use only five per cent of their resources at any one time, so it's possible to get better usage out of it by running several servers on it within guest environments. It can enable apps or configs to be moved from machine to machine according to the resources available, changes in demand or for disaster recovery, without having to worry about driver compatibility et al.

Desktop virtualisation can enable servers to pretend to be desktops, so they can be accessed from anywhere, on any low-spec device. The data, apps and OS remain on the server, where they are manageable and safe, since only screen updates need be sent to the devices.

Virtualised storage enables disparate storage units to appear to be single units or a single unit to appear to be many. This can lead to better use of resources by filling up storage systems, or splitting up data if necessary. It can also be used in information lifecycle management, moving rarely accessed data to different media or slower networks – although to end-users it appears the same as before.

Lastly, network virtualisation can combine discrete networks in single networks or separate a network to create different virtual networks. This enables easy reconfiguration and reduced numbers of devices and infrastructure.

But there's no such thing as a free lunch, and anything that offers such capabilities is going to need managing itself. The introduction of another layer of software, the hypervisor, also provides a possible source of instability. There's the vexing question of security – is this going to lead to more, fewer or simply different security problems?

“Overall, virtualisation increases some risks and decreases others, but I'm not sure the balance changes much,” says James Rendell, a technical manager at IBM. “Much of good security policy and practice translates very well.”

On the surface, virtualisation can appear to offer the solution to some security problems. Abstracting the software being run into a new environment makes it hard for an attacker to access the host environment directly, for example. If applications are separated off from one server, but then run in separate virtual servers, it's harder for a compromise in one application to allow access to another application. It's also easier to set up a defence perimeter around one server running ten virtual servers than to set up a perimeter around ten real servers – or one running 1,000 virtualised desktop PCs. Traffic between virtual servers on the same physical server can't be eavesdropped. Also, patch management is easier if you only have to patch one master virtual machine (VM).

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | All 6 Pages