Managing multi-hypervisor environments can be a challenging task. Not only do you have two or more hypervisors...
to oversee, but you also have anywhere from one to several management tools to deal with. To wrangle all of these platforms into a usable system, you must establish standard policies and procedures.
Part one of this two-part series discusses why you might need multiple hypervisors and how adopting that kind of environment could benefit you. So, now, we'll look at day two. What happens after you make the decision and deploy the software? The process of shifting from the design aspect to the engineering and operational aspects encompasses a number of things.
For simplicity sake, let's start with managing multi-hypervisor environments and securing them. Management covers a lot more than expected because you have two systems for the same purpose, which is an unusual situation to be in. Often, you have a single system or vendor for each data center function, so you must approach management differently.
Choose management tools based on workloads
One of the first things IT administrators want to jump into are the available management tools, which is important, but you have fundamental questions to ask first: Where is the workload you want to work with? Is it in Hyper-V or VMware? Where the workload resides drives the tools you can use, but it also complicates the process because you need to figure out where everything is. A single-pane-of-glass management tool is wishful thinking in the best of environments, but in an environment that's split, it's not a realistic option.
The ideal situation is a front-end application that knows where all of your workloads are and points you to the correct tools. Something like that might exist with inventory tracking tools and other asset management tools, but you have to keep them up to date. VM sprawl is already an issue for many environments, and this isn't going to make it better. This is an ideal time to look into automation and scripts that can run without intervention to keep your inventory locations up to date in a webpage or other type of portal.
Work with multiple management tools
One of the challenges of a multi-hypervisor environment is the sheer number of tools you might use. VMware, Hyper-V and KVM all have robust vendors and communities around them that develop tools for managing multi-hypervisor environments and securing them. The challenge isn't just about working with these tools, as many of them have similar forms and functions; it's about all of them being in one location. This means multiple installations, configurations and headaches as you try to balance everything you need. Luckily, you can avoid all that by using dedicated VM management desktops.
Don't overlook the fact that you're working with virtual environments; you don't have to install the tools you need on your desktop and laptop, which would require you to drag them around with you everywhere. Placing these tools on dedicated VMs means you can freeze them to prevent changes that could break the tools, snapshot them and even back them up. You can also clone them for additional deployments. This doesn't cut down on the number of tools, but it does enable you to group them and ensure they're available when you need them.
Secure a multi-hypervisor environment
Once you're able to locate and manage your environments, the next big challenge is securing them. It's not that one environment is easier or harder to secure; it's just that how you do it will most likely be different. The steps, software and reporting involved can vary greatly. This means you can't simply compare the security level and settings from one hypervisor to the next, as that can create gaps in your overall security. Rather than looking at security from a product-specific standpoint, approach it generally, and use a standard for each of your environments.
What this means is that certain security aspects can then be viewed across multiple hypervisors a bit easier. For example, if you want to encrypt vMotion or Live Motion network traffic, it's rather easy to do in both VMware and Microsoft but can be a bit more challenging in KVM. So, on your security checklist, list VM traffic encrypted as a selection for each environment. This enables you to ask the same question for each environment and gives you both the positives and negatives for each. Not only does that help to guide your security as you see where you might be stronger or weaker, it helps in the placement of the workloads based on risk. This also enables you the chance to revisit each environment as part of auditing and update the information as new features become available for that hypervisor.
Focus on flexibility and comprehensive training
Multiple hypervisors in a single data center enable you to take advantage of the strengths of each hypervisor and balance overall costs. Managing multi-hypervisor environments and securing them aren't about finding the right tool; in fact, single-use tools that can manage both hypervisors often have excessive limitations on specific tools for each environment. It's about keeping the tools and procedures flexible enough to adjust as you move from workload to workload and hypervisor to hypervisor.
The same also goes for you. If you specialize in VMware, you should go to Hyper-V training. This isn't about just having a working knowledge and being OK with it; you must be comfortable using both hypervisors without missing a beat. If you can do that, then managing a multi-hypervisor environment is just like managing any other environment.