Virtual server policy is key to mitigating systems vulnerabilities

Indeed, there already has been a lot of press concerning the threats represented by the spread of virtualized devices. You can count on a lot more as pundits, vendors and the media crank up the panic rhetoric. As a result, new products targeted at the spread of virtualization, its management and application are flooding the market. Let's examine virtualization fears that may be justified.

More on virtualization in the data center: Managing server virtualization complexity Data center consolidation, virtualization: Ultra-dense server deployments  Virtualization in the data center fast guide

Virtualization layers pose concern
There is no doubt that some potential pitfalls exist in the implementation of virtual servers. The virtualization layer is, in reality, another operating system. And, as such, it is vulnerable to attacks. Furthermore, virtualization in the data center (except for mainframes) is relatively new. This means it has not been subjected to and hardened against serious attacks. However, vendors are aware of the potential problem and are working hard to identify and harden their products.

Common sense tells data center managers to monitor and attentively manage vendor alerts, warnings and updates. Care will have to be taken to assure the integrity and robustness of the partitioning and separation protecting user space. At risk is an attack against the host operating system by the client operating system. Again, the vendors are working here to build internal protections (e.g. software firewalls.) There are other specialized attacks to worry about, but we feel the real threat comes from another source.

Nothing like the real thing . . . for security
The biggest threat of virtual servers comes from their most significant advantage. Because they are not physical machines, they cannot be secured the same way. Asset tracking, maintenance, configuration control, security and compliance all require special consideration, handling and processes.

Virtual device operational and compliance management is multi-faceted. Some aspects are traditional, such as management of the actual virtualization process, while others are new. For example, virtualization requires management to assure detailed configuration tracking of virtual machines that may have been removed from service. VMs may need protection against re-infection by activation of a long-ago retired virtual machine whose inheritance line was infected with a serious virus.

Understanding and managing virtual servers
This all sounds serious -- and it is. But data center operations can take steps to prepare, protect and manage its obligations with respect to virtual servers. First and foremost, understand the current state of virtualization in your data center. How many virtual servers are in your environment? How they are being used/maintained/operated, etc.

Think about and prepare policies and supporting processes for authorizing, creating, maintaining, configuring, provisioning, tracking, retiring and re-activating virtualized servers. Outline how long should a virtual server operate, under what conditions is it retired, who is responsible for enforcing the policy, where and how do you retain configuration and provisioning records on retired machines for compliance, for example. Furthermore, what are the compliance requirements for virtualized servers?

Lastly, start learning about the issues for managing virtualized servers not simply for operational issues like performance, priority, configuration, etc. but review and understand the issues we've just discussed. Of course, you should look to your major vendor partners like IBM, VMware, BMC, etc but don't forget emerging players like Embotics Corporation (www.embotics.com). They offer a portfolio of solutions to maintain oversight and manage operation of VMs as well as providing thought leadership about the problems around retiring VMs.

Comments? Questions? Disagreements? Corrections? Send your thoughts and comments to Richard Ptak

ABOUT THE AUTHOR: Richard Ptak is an analyst with Ptak, Noel & Associates. He has over 30 years experience in systems product management.

Rate this Tip To rate tips, you must be a member of SearchDataCenter.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Data center server virtualization,   Data center operations management,   Server virtualization,   Systems Management Tips,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Data center server virtualization Application performance monitoring firm targets cloud computing How will KVM virtualization affect RHEL Xen users? County government makes business case to update PA-RISC servers Server hardware cost comparison: Is virtualization cheaper? Reporter's notebook on AFCOM Data Center World: Day two U.S. versus global data center trends: IT priorities vary Users buying, configuring servers for virtualization Blade server popularity cools Xen vs. KVM: Verdict still out on dueling hypervisors What does the future hold for Oracle's virtualization acquisitions? Systems Management Tips Server hardware cost comparison: Is virtualization cheaper? Check server specs before upgrading your operating system Comparing Unix versions: AIX, HP-UX and Solaris What does the future hold for Oracle's virtualization acquisitions? Top 50 universal Unix commands Lower disaster recovery costs with open source replication tools Choosing the best x86 server for your data center Capacity planning tools tutorial for Linux and Unix A look at Linux interoperability to date: Microsoft and Novell leading the pack Using z10 HiperDispatch for vertical CPU management RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary unified computing system (UCS)  (SearchDataCenter.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.