Virtualization usually challenges the IT silos in enterprise shops. In fact, I’ve come to learn that the corporate IT silos -- such as the networking, storage and server teams -- actually
Organizing IT departments into silos is largely a relic from the days of managing physical infrastructures. The first wave of virtualization left legacy IT silos largely unchallenged. But, as more organizations look to the cloud, it seems likely that many CIOs will question whether the old ways of managing physical infrastructures still have a role in cloud-enabled data centers.
Even if companies are just beginning their journey to the cloud, it’s not too early to transition away from rigid IT silos. The following steps will foster a new level of communication and openness in IT departments, with the end goal of improving data center efficiency and productivity.
Step 1: Open up the virtualization layer
In the short term, I believe that the existing IT silos need access to the virtual infrastructure components. This access should reflect the existing demarcation of roles and responsibilities.
That said, you shouldn’t necessarily give the network and storage admins full rights to the virtualization-management layer. But you should, at least, provide visibility into how the virtual infrastructure consumes the physical resources.
Most virtualization-management systems, such as VMware’s vCenter, allow for this type of delegation. VCenter has built-in role-based access controls (RBAC), and you can create custom roles by merely copying and tailoring the default ones. At the very least, storage and network teams should have access to the network and storage components to feel more engaged with the platform that utilizes their layers.
Additionally, I think that the virtualization-management layer could be the new home for all IT administration. That means gradually weaning these siloed IT teams off their preferred management systems and command-line tools. You can view this process as consolidating and collapsing the management tools into a single interface, where possible.
Step 2: Adopt new ways of doing things
Vendors continually release products that greatly improve data center processes. For example, I recommend using storage plug-ins, if you aren’t already doing so. Dell, EMC and NetApp have software that extends the functionality of the VMware vSphere Client.
These plug-ins allow the administrator to provision new LUNs or volumes as well as and have them mounted and accessible to ESX hosts within a cluster. They can also clone new VMs more efficiently than the conventional templates found within vCenter.
This functionality is especially useful with virtual desktops, where many mainstream storage vendors create pools of desktops using their own internal cloning tools. These vendor-generated pools often scale better than VMware’s Linked Clones, and they enable customers to escape the eight-node limit for hosts in the cluster.
Finally, these tools frequently allow for the management of storage-vendor snapshots from the vSphere Client. From there, administrators can mount snapshots and restore VMs, based on the parameters defined by the storage vendors. With this capability, users are no longer limited to the vSphere’s built-in snapshots functionality.
But the real benefit of these plug-ins is a more natural and efficient provisioning process and consumption of resources. These tools consolidate the IT silos’ different management interfaces.
Step 3: Security changes that improve data center efficiency
For far too long, IT pros use security concerns -- real or fictitious -- as a way to block changes or improvements. There could be many reasons behind this behavior, such as fear of change or a threat to job security. Regardless, these actions may block the adoption of new security tools, which are necessary to protect against new types of threats.
Recently, I’ve worked with VMware vShield. More specifically, I’ve used the Endpoint functionality, which removes the need to install antivirus agents into the guest operating system. Endpoint also offloads the CPU load generated by AV scans to a central-management console and ancillary virtual appliances, which are responsible for securing each VM on the ESX hosts. Overall, it’s incredibly easy to set up and configure. And the ease of administration is as much a selling point as lowering the CPU’s load.
Of course, vShield detractors will point out that there are existing security technologies that perform some of the product suite’s work already. That’s true. And if you’re miles away from 100% virtualization, you need security tools that work in the physical layer.
But I’ll wager that some companies continue to deploy legacy security tools, because new ones represent a threat to someone’s role and job security. These, new security tools pose a risk to the old ways of doing things. So don’t be surprised if you see some opposition in their adoption.
But virtualization security tools, like vShield, can help in break down the walls between the virtual and physical worlds. Security professionals should be actively encouraged to manage the virtual security tools. That way, the security silo guys get on board, and their focus shifts to where security is consumed: at the virtual machine.
These suggestions are just some of the ways in which IT departments can streamline operations and eliminate IT silos. But, as you will see in the next installment, IT departments and organization can only do so much. They need vendors to tailor products to this new way of thinking and working.