Virtual infrastructure management challenges: VM sprawl and security

Virtual infrastructure management involves the concerted use of automation, monitoring and management tools to keep hardware and software running effectively.

Virtualization allows virtual machines (VMs) to run on any virtualized server hardware in any suitable rack or blade chassis, where administrators could easily identify the email server or locate mission-critical database servers. The hypervisor's ability to disconnect the software and hardware creates virtual infrastructure management challenges, making it more difficult for IT administrators to monitor the resource demands of VMs, gauge their performance and perform capacity planning in a timely manner.

These virtual infrastructure management challenges only worsen as VMs proliferate across the enterprise. Organizations routinely use software tools to identify, evaluate and monitor the server resources available in the virtualized data center.

Management challenges of a virtual data center
Virtualization brings a number of benefits to the enterprise, but it also brings a new set of challenges for administrators to manage.

More on virtualization management The tips in this guide were originally published in the Virtual Data Center e-zine. Virtual infrastructure management challenges: VM sprawl and security Evaluating virtualization management software Installing virtualization management tools: Best practices Virtualized management: Choosing the right tools Virtual test environment brings management challenges

 One of these virtual infrastructure management challenges is tracking physical machines and VMs. In a physical environment, it's easy to locate a physical server, identify its application and measure its performance.

Virtual environments combine numerous VMs onto a single server and usually allow them to migrate between servers as needed. Consequently, administrators may have difficulty identifying the underlying server running a given VM and may be even more pressed to locate resource allocation problems.

The free migration of VMs can also pose a sever virtualization security threat and weaken an organization's compliance posture. Traditional security relies on network traffic that passes through a switch as it passes between servers. With virtualization, the traffic exchanged between VMs on the same physical server is often overlooked, raising an important new concern for security professionals.

"You only see what's coming into the box," said Pete Sclafani, co-founder and vice president of strategy at 6connect Inc., a managed service provider in San Jose, Calif. "Someone could easily have hacked one of the other virtual machines and is now tunneling in using different attack methods … but you can't see that."

Virtual infrastructure management and VM sprawl
Even moving VMs between different servers can introduce security vulnerabilities that must be addressed.

Administrators also face the challenge of VM sprawl -- the unchecked proliferation of virtual machines across the enterprise. It can be extremely cumbersome to justify, track and manage VM lifecycles manually. Sprawl is further exacerbated by weak or unclear licensing policies, which can potentially expose a company to financial and legal penalties if operating system and application licensing is left unmanaged.

"A virtual CPU isn't the physical CPU anymore," said Bob Plankers, technology consultant and blogger for The Lone Sysadmin.

Every time a VM is created, there's an incremental cost for the operating system license, management tools and backup agents, among other management challenges, he said.

In today's data centers, the number of VMs appearing is simply outstripping the ability of administrators to manage them properly and efficiently. To counter these challenges, administrators rely on a rich suite of features found in virtual infrastructure management tools.

For example, tools can provide infrastructure features, like resource and capacity management, VM lifecycle management and automated or policy-based VM migration, remote access and performance monitoring. They can often handle administrative processes, such as service provisioning, access and policy management, usage reporting, nondisruptive virtual backup/disaster recovery capabilities and patch management.

Some tools even have self-service features that allow users to handle simple tasks themselves and free up administrators to deal with bigger virtual infrastructure management challenges. Other tools can help manage VM images, reducing the number of different VM images available and speeding the creation of new standardized VMs.

About the author
Stephen J. Bigelow, a senior technology writer in the Data Center and Virtualization Group at TechTarget Inc., has more than 15 years of technical writing experience in the PC/ technology industry. He holds a bachelor of science in electrical engineering, along with CompTIA A+ and Network+ certifications, and has written hundreds of articles and more than 15 feature books on computer troubleshooting, including Bigelow's PC Hardware Desk Reference and Bigelow's PC Hardware Annoyances. Contact him at sbigelow@techtarget.com.

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.