The virtualization concept has taken on a life of its own. Beyond the server, vendors are now touting products for virtualizing any and every layer of the infrastructure: Network, storage, desktop, application, database, user interface — even security and mobility.
This technology explosion makes sense. Although enterprises gain incremental benefits from applying virtualization in one area, they gain much more by using it across every tier of the IT infrastructure.
“It’s very difficult to apply virtualization to one part of your infrastructure unless you apply it to many or most parts of your infrastructure,” says Andreas Antonopolous, senior vice-president of Nemertes Research.
“If you decouple some of your resources from the physical, yet they interact with other resources that are coupled to the physical, it lessens the benefits you achieve.”
Antonopolous offers the example of implementing server virtualization without network or storage virtualization. “Some of the biggest benefits you get from server virtualization, like the ability to boot a given server in a different data centre for disaster-recovery purposes, you can only do if your storage is virtualized and you have a [storage area network] replicated between the two sites. Once you have those pieces in place, the benefits from server virtualization become huge.”
The problem is that not all virtualization technologies are equally mature. Whereas server virtualization seems to have hit its stride, other areas are not as far along, especially in the management and security realms. And getting the various virtualized pieces to work together cohesively can be a big challenge.
VIRTUAL FRAUDS
Watch for application vendors that say their applications are “virtualization-ready.” Application vendors have been known to overplay the virtualization card, says Paul Winkeler, founder of PBnJ Solutions, an IT consulting firm.
“Application vendors realize customers are thinking about virtualization, so they will happily say their app runs fine in virtualized environments,” Winkeler says. “But that’s the whole idea behind virtualization — the application can’t tell whether or not it’s virtualized. So they’re not saying anything.”
Be on the look out for application vendors that say their isolation tools are virtualization. “Some application vendors use the term virtualization, when they are really just isolating,” says Andy Gerringer, senior network administrator at Alamance Regional Medical Centre, in Burlington, N.C.
“To isolate an application means that files are still installed and simply redirected or shielded from the operating system. That’s not virtualization,” he says.
Baptist Healthcare System in Louisville, Ky., has struggled with this challenge firsthand. It uses VMware’s ESX Server to consolidate as many as five Citrix servers onto one hardware box. It then lays Softricity’s SoftGrid on top of the Citrix servers to isolate each application and deliver them to users on the fly in real time.
“So now we have multiple points of virtualization. We have SoftGrid on top of Citrix, running on top of ESX,” says Tom Taylor, corporate manager for client/server infrastructure at the hospital group. “That’s all running on [virtual LANs] and connected through a VPN and running on a SAN.”
For the most part, the architecture works well and runs smoothly, Taylor says. But when performance issues crop up, pinpointing the problem through all those layers of virtualization is difficult. “It’s been a struggle eating that layer cake, if you will,” he says.
“The drawback to virtualization is added complexity. If all these different layers are virtualized, and there’s a problem, who owns it? Ultimately, it falls on the poor guy putting it into the enterprise, and in my environment, that’s me. It’s my responsibility to work with the vendors to find root causes, and when you’re dealing with all these different layers, it’s complex and it’s frustrating.”
SECURITY ISSUES
Beyond such complexity, there also are problems implementing virtualization in an environment in which not all layers are virtualization-ready. This is especially true for security, which Antonopolous calls a virtualization laggard.
“Virtualized servers rely on security resources that are usually tied very absolutely to the physical through the IP address, thereby creating problems,” he says. “If you have a firewall that says IP address A can talk to IP address B, but both of those IP addresses are virtualized and both of the servers behind them are virtualized, yet that firewall still assumes a static association, it makes it difficult to move resources around. It makes it harder to manage the infrastructure.”
This is especially problematic when users look to virtualize a typical three-tier architecture consisting of a Web server, application server and database server. In traditional environments, the Web server might be on the DMZ, separated from the application server and database server on the internal network by firewalls. But once the servers are virtualized and consolidated onto one large blade server, for example, the idea of the physical DMZ and perimeter goes away.
“You should have firewalls between the servers, but you can’t physically put a firewall there, because they’re all running on the same blade frame,” Antonopolous says. “You should be able to logically put a firewall between them, but you don’t have security virtualization software to do that.”
Today, companies can implement virtualization across the IT infrastructure without management and security headaches by sticking to standards and designing with regard to overall business objectives. Wachovia Bank in Charlotte, N.C., is one such user. The bank used DataSynapse’s GridServer as the basis for its enterprise-wide grid computing architecture. From there, it implemented DataSynapse’s FabricServer to virtualize its Java applications, enabling it to reduce overall hardware and programming costs, resulting in seven-digit savings annually and at least a 300 per cent ROI.
Wachovia looks at virtualization not as a tactic but as an overall business strategy, says Tony Bishop, the bank’s senior vice-president and director of product management.
Bishop says he doesn’t get caught up in specifics such as server or storage virtualization. Instead, he says, the bank aims to virtualize demand and supply across the whole infrastructure, building what he calls a service-oriented infrastructure.
“Demand virtualization is at run-time when [a user or system] says, ‘Do this for me; calculate this for me; fetch this for me; look this up for me,’” Bishop says. “On the supply side, you need virtualization to give you the flexibility and control to abstract and alleviate any constraints of a hard-wired environment, so it lets you move stuff around and adjust, allocate or partition things based on efficiencies at run-time.”
FabricServer is the broker between the virtualized supply-and-demand environments, he says.
“FabricServer deals with the execution,” he says. “It recognizes who I am, what kind of service level I’m supposed to get and what kind of priority, and it gives me the right resources to fulfill that.”
Cummings is a freelance writer in North Andover, Mass. She can be reached at [email protected].
Quicklink 072136
***
FAQ on virtualization
What is virtualization?
Virtualization is software that separates a run-time process from the underlying infrastructure that supports the process. Se
