Speaking at VMworld 2007, which took place Sept, 11-13 in San Francisco, VMware Inc. Product Marketing Manager Mark Chuang and Marketing Manager Steven Gross led a session titled "Dispelling Virtualization Myths," which tackled issues such as virtualization's readiness for production systems, independent software vendor (ISV) licensing policies and security.
And while the session made some persuasive arguments for those delving into virtualization, it may have given important security concerns short shrift. Indeed, the session may signal a broader tendency on the part of industry players to underplay security concerns in virtual environments.
Virtualization for mission-critical apps
Speakers first addressed the perennial myth that it isn't safe to virtualize mission-critical applications and presented several case studies of successful production virtualization deployments.
Over the past four years, for example, Milwaukee-based Johnson Controls Inc. has used virtual machines (VMs) for "almost everything" including its Microsoft SQL database, EMC Corp.'s Documentum, and Active Directory, according to the Palo Alto, Calif.-based VMware.
Johnson Controls identified 180 servers that were candidates for virtualization, and anytime IT requests a new workload, the company automatically looks to virtual machines instead of physical servers. In each case, IT has to make the case for acquiring a physical machine, VMware reports.
Another company with a "virtual first" policy is T-Systems Enterprise Services GmbH, which is headquartered in Frankfurt, Germany. The company runs all its mission-critical applications, including those from SAP, Microsoft Corp. Exchange, Siebel and Lotus Notes, on virtual machines.
Recently, the company redesigned one of its global infrastructures to reduce costs and discovered that its hardware utilization rates were poor, said Reiner K-H. Muenkel, head of SAP consulting at T-Systems.
T-Systems opted for virtualization to increase utilization, reduce costs and add flexibility to its data center operations.
"By virtualizing, we are able to move applications between data centers for disaster recovery without any downtime for users," Muenkel said. "It provides a more stable environment. If your company is driven by business, you need flexibility, so you have to do virtualization."
T-Systems now has some 450 virtual machines running on 60 physical servers: 60% are Intel-based x86 servers, and 70% run Windows; the rest run Linux.
Analyst Chris Wolf of Midvale, Utah-based Burton Group said that from a reliability standpoint, running applications on a VM may be even more secure than running them on a dedicated physical machine. Applications that do not natively support clustering can fail over to another server as part of a virtual machine via VMware HA, and adding replication software such as that offered by SteelEyeTechnology Inc. makes the process even easier, since it can trigger failover based on application failures, Burton said.
ISV licensing and support policies
One area of contention is that of ISV's licensing policies in virtual environments, but it's also a myth to say that these issues are reason enough not to use virtualization, said Gross.
"Companies are achieving high ROI with virtualization, even with current ISV policies," Gross said.
But analyst Gordon Haff of Nashua, N.H.-based Illuminata Inc. said "Software licensing for virtualized environments is still a work in progress. There will be some cases where licensing can dramatically reduce costs, but those cases are decidedly in the minority."
A CPU-based licensing model, which charges for the use of each processor socket for each application that runs on it, no matter how little of that portion of the processor is used, strikes many technologists as problematic, said session speakers.
Meanwhile, some companies are adapting their licensing policies to virtual environments. BEA Systems Inc., for example, changed from per CPU to an instance-based pricing model for its WebLogic Server Virtual Edition Java EE environment recently. An instance is a copy of WebLogic Server running in its own Java virtual machine.
Microsoft has also changed its licensing policy to a per-instance basis, and Wolf said he expects other to follow.
More than server consolidation
The session addressed a third "myth": that server consolidation is the main reason to use virtualization.
"When virtualization was born, consolidation was certainly considered a main use, but thousands of organizations are already beyond that [and moving] to disaster recovery and other purposes," said VMware's Chuang. San Jose, Calif.-based
Wyse Technology Inc., for instance, virtualized its servers to improve its uptime and disaster recovery capabilities. The thin-client computing company had six- to eight-year-old hardware and experienced hardware failures at least once a month. The failures required about 416 hours per year of unplanned downtime and 144 hours of weekend time spent on maintenance, with little to no advance notice when a hardware failure was going to occur, according to VMware.
Wyse Technology implemented VMware Virtual Infrastructure 3 with high availability and other automation tools to allow virtual machine failover. Using VMware, the company hasn't seen a moment of unplanned downtime in the past 18 months and did 7,000 live migrations, Wyse reports.
Are virtual environments secure?
VMware also aimed to dispel the notion that virtual machines are inherently less secure than physical ones, though understandably, skepticism remains rampant.
Gross advised session attendees that "robust virtualization products" and proper IT processes can make virtual machines just as secure as physical machines. "Thousands of customers use virtual machines, including defense and security agencies, which required the VMs to pass security audits. There are ongoing threat modeling, auditing, and code review by third-party security consulting companies" to prove the environments are secure, Gross said.
VMware ESX Server was designed from the ground up, with strict VM isolation in the CPU, including VM memory and I/O isolation, according to VMware.
IT processes to ensure security include isolating all management interfaces and applying guest OS security. VMware also advises enabling and utilizing only the most necessary features and strictly separating and limiting administrative capabilities.
Some security resources include VMware Infrastructure 3 Security Hardening, Managing VMware VirtualCenter Roles and Permissions, STIG (Secure Technology Implementation Guide), and the Center for Internet Security, or CIS.
But Gross may have presented only part of the virtualization security story, analysts said. "One significant issue with virtual machine security is with virtual switch isolation," said Burton Group's Wolf. "The current all-or-nothing approach to making a virtual switch 'promiscuous' in order to connect it to an IDS/IPS is not favorable to security."
For example, "if you connect an IDS appliance to a virtual switch in promiscuous mode," Burton said, "not only can the IDS capture all of the traffic traversing the switch, but every other VM on the same virtual switch in promiscuous mode could capture each other's traffic as well." Users should be aware of this and work around it.
(Following publication of this article, VMware clarified a solution to this problem.)
Also, virtual machines are secure only if the underlying host platform is secure. "A virtual machine running in Virtual PC or VMware Player on an unmanaged OS should not be considered secure. A key logger on the unmanaged system/OS could intercept keystrokes intended for the VM," Wolf said. "This is why it's so beneficial for a VM to reside in a hypervisor that runs on server hardware."
Illuminata's Haff added that hypervisors are no more or less secure than your average operating system.
"Because the [VMware] hypervisor is effectively an operating system, there are certainly security concerns to address, especially given the hypervisor's highly privileged location in the system," Haff said. "But individual operating systems share many of these same issues [root exploits, etc.] to an even greater degree given that they tend to be larger and more general-purpose. In short, hypervisors don't make security concerns go away, but they don't really raise major new issues either."
Let us know what you think about the story; email Bridget Botelho, News Writer.
Also, check out our news blog at serverspecs.blogs.techtarget.com.