Virtualization challenges: Security, storage and VM sprawl

The deeper you get into a virtualization project, the more challenges you face. Virtualization security and backup management are some of the most common.

Advanced virtualization deployments quickly expand beyond servers to storage, security and networking. This complexity

raises new virtualization challenges that can stop projects in their tracks.

One of the biggest benefits of virtualization is the ability to quickly and easily provision new virtual machines (VMs). But with this great power comes great responsibility. If you allow anybody to create a VM for any purpose, you’ll soon run into VM sprawl -- an over-proliferation of VMs that take up space and drain resources.

This problem is one of the most common virtualization challenges. As such, there are many accepted best practices and technologies available to help control VM sprawl. It’s a must to have strong policies in place to dictate who can create VMs (and for what reasons).

Many administrators keep inventory of their physical servers with manually updated spreadsheets, but virtual infrastructures are so dynamic that this approach is nearly impossible. As a result, some organizations turn to virtualization lifecycle management tools, which can help enforce VM-provisioning policies and keep track of VMs and their resource usage.

Virtualization storage challenges

Managing backups and storage are two other major virtualization challenges. In TechTarget’s “Virtualization Decisions 2010 Purchasing Intentions Survey,” 32% of VMware users and 36% of Microsoft Hyper-V users said backing up VM data is one of their most challenging systems management functions. And 43% of virtualization users overall wish for better backup capabilities in future platform releases.

Why are backups so important in a virtual infrastructure? Through the hypervisor, server virtualization converts everything in a VM -- the operating system, applications and settings -- into a single file. (VMware uses the virtual machine disk [VMDK] format; Microsoft uses the virtual hard drive [VHD] format.) The repercussions of losing a file in a traditional, physical infrastructure can be bad, but a lost or corrupted VM file can bring mission-critical tasks to a grinding halt.

There are many third-party products that address virtualization backup concerns, and platform vendors are adding more features as well. With the 2009 release of vSphere 4, VMware introduced vStorage APIs, which offer more direct integration with backup systems than VMware Consolidate Backup.  Additionally, Microsoft released Hyper-V R2 with Cluster Shared Volumes, which lets admins store multiple VMs on a single logical unit number.

Backing up large virtual disk files also increases storage demands, which can compound costs unexpectedly.

Virtualization security challenges

In the early stages of virtualization implementations, many organizations handled physical and virtual security separately. That’s OK, because these virtual environments are usually reserved for test and development or pilot server consolidation projects, which have minimal interaction with the rest of the IT infrastructure.

As virtualization becomes more integral to organizations, it’s not only inefficient to treat physical and virtual security separately, but it can actually make your infrastructure less secure. The server virtualization security market is adjusting to this change, as larger companies have acquired many niche virtualization security vendors.

The traditional security concern regarding virtualization is the “more eggs in one basket” argument. As you consolidate more OSes, applications and data on one physical server, you run the risk of losing more critical systems should that server become compromised. Attackers can also use VMs to access storage networks or steal entire VMs more easily than they could steal physical servers.

To mitigate these concerns, pay close attention to the design and configuration of your storage and networking infrastructure. Without proper segmentation, attackers can use vulnerabilities in your storage and networking to access not only your VMs but your hypervisor and host resources.

This was first published in January 2011

Dig deeper on Virtualization security and patch management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchVMware

SearchWindowsServer

SearchCloudComputing

SearchVirtualDesktop

SearchDataCenter

Close