Virtualisation - the big picture
Virtualisation - the big picture
The IT industry is often guilty of talking-up new technologies and emerging trends so insistently and exclusively that to the untrained eye it might look like everyone's singing from the same hymn sheet.
The truth in most cases, though, is that there's a distinct disconnect between the cutting edge technology vendors love to focus on and what most companies are working with. No-where is this more true than in the virtualisation space.
In reality, only 36 per cent of North American businesses have virtualised their servers (according to VMware research) and the figure drops to around a quarter when we talk exclusively about customers who are benefiting from more advanced features.
Many are still at the start of their journey, which involves taking what they have in the physical world and literally virtualising it. This physical-to-virtual (P2V) process allows firms to keep their IT systems the same, with the obvious addition of the virtual hardware layer, and can still help generate decent operational cost savings.
However, it's a far cry from the kind of advanced dynamic workload management trumpeted by VMware – so if organisations want to step up to this next level and generate much greater efficiencies, they need to rethink and re-architect.
A more mature virtual environment will allow admins to manage IT workloads in a more dynamic manner, switching virtual machines (VMs) on and off according to where they're needed, generating new VMs if required and supporting disaster recovery via virtual load balancing and failover between hypervisors or data centres.
Now, larger firms may be looking to do all of this in a private cloud scenario while their smaller counterparts may find a public or hybrid environment financially more suitable, but both need to approach security from a new mindset. Put simply, security can no longer be tacked on as an after-thought, it must be embedded deep inside and tied into your virtualisation management software.
IT managers who try to force traditional network security tools such as firewalls and intrusion detection systems (IDS) to protect the virtual space will find they not only fail to fully protect their virtual environment but also causes severe performance problems.
Traditional, resource-heavy AV clients, for example, will slow systems down to a standstill if applied to each virtual machine in a scenario where VM densities have grown into the hundreds of machines.
Security needs to be agile and not just virtualisation aware, but designed for a virtualised environment from the ground up, with the ability to spot VM-VM attacks which can spread quickly and undetected through a virtual environment.
It needs to automatically protect each VM as it comes back online and create a secure wrapper which will protect the machine as it travels from one hypervisor to the next and out into the public cloud. This is essential given the nature of targeted attacks these days which typically breach the perimeter then bounce around inside the network laterally looking for the information they need.
A security system which enables VMs to be effectively self-defending gives administrators peace of mind as they can effectively treat their cloud provider like the public internet; no matter what in-built protection that provider offers, the IT manager can start from the assumption that every other VM in the infrastructure is compromised.
It enables firms to put higher security workloads in the public cloud, benefiting from the proven cost and efficiency gains of doing so, and of course also allows for the mixing of low and high security workloads in private clouds.
Every organisation is different, which means every journey and every end goal will be different. What's most important when starting down the road from P2V to something more comprehensive is that you appreciate early on that security in this new environment means something very different to what has gone before.
Be fully informed, work out where you want to end up and make sure its architected and budgeted in from the start to avoid any nasty surprises down the line.
Andy Dancer is chief technology officer EMEA at Trend Micro