When asked how virtual server management differs from managing a traditional, physical data center, IT directors...
point to changes in policies surrounding provisioning, chargeback, security and skills.
Sure, many tasks remain the same in a virtualized environment: patching, resource allocation, server provisioning and others. But the way IT addresses such tasks involves a mind-set change and a different approach.
Virtualization changes "every management procedure you have on the book," from patching and backup to disaster recovery, said Christopher Steffen, principal technical architect at Kroll Factual Data, a subsidiary of risk consultancy Kroll in Loveland, Colo.
Provisioning a virtual machine (VM) takes considerably less time than provisioning a physical server, for instance, but it can also throw a monkey wrench into how companies are used to charging business departments for services rendered.
"Some companies have chargeback systems that are 15 years old that don't work when you are trying to figure out how to charge [a business department] for using a tenth of a server that takes 15 minutes to set up," Steffen said.
Chargeback models for a virtual environment were a hot topic of debate at last week's VMworld in San Francisco, he said. "People are trying to figure out new chargeback models because the ones they use now are for physical provisioning and don't work in a virtual environment: First, there's the purchase of a new server that is not always a factor anymore, then the man-hours -- say three to four for provisioning -- and then another 30 minutes each for installation and patch management. That is all shortened down significantly," Steffen said.
And there is no virtual server management tool that factors in this paradigm shift for chargeback models. Yet this lack of insight into actual virtualization costs is holding up some companies' adoption of a virtualization strategy, he said.
Since virtual machines are so easy to set up, CIOs can lose sight of the actual cost of provisioning VMs, said Felipe Rodriguez, a senior network architect at Vitas Healthcare Corp. , a Miami-based hospice care provider. Vitas used VMware Inc. technology to create 450 VMs and then virtualize about 50 desktops for a proof of concept.
Using a cloud computing service, however, could create transparency from a spend standpoint, he said. "When you move to a cloud model, you can pay on a per-storage or per-VM basis," Rodriguez said. "I think having this kind of visibility will force people to rethink how they provision VMs because [this payment model] has a straight financial impact, whereas today when you provision a VM, you deal with paying for storage when it runs out."
New security management risks?
Virtualization and cloud vendors often play down the need for increased security management, but in reality the shared resources model could pose more risks and put you more under the microscope of regulators.
"The government is playing a part in setting new standards for shared resources," Rodriguez said. "We are a health care company, so we need to look at how well we manage data security in a virtual environment and when using shared resources because HIPAA may play a role in what we can and cannot do in that environment."
Security should be segregated into two separate camps in a virtual environment, recommends Nelson Ruest, who co-wrote Virtualization: A Beginner's Guide. With the introduction of virtualization, the data center becomes two separate networks: one is the resource pool, where all the physical devices reside such as network switches, servers and storage containers that should be managed by IT staff traditionally in charge of hardware. Their role is to make sure the VMs have the resources they need to operate. The second network is a virtual service-offering network -- the services that now run in virtual machines instead of physical servers such as email or collaboration tools, he said.
"Resource pool security has to be segregated from the virtual service offerings because you don't want end users interacting with or having access to the resource pool," he said. "And if you don't have the staff for both of the networks, then you need to make your staff aware of the different [administration] hats they need to wear, including using different [access] accounts for the different networks."
A management change for the better
One of the biggest obstacles that comes with virtualization management is overcoming IT staffers' resistance to change.
Billy Rials, IT director with the county of Rankin, Mississippi, said it will take time before his staff accepts that a VM is not something that can be physically managed.
"When we have a problem with a server, [someone on the staff] says to me, 'Tell me where it is and I'll fix it. I'll go and reboot it or take out the hard drive,' " said Rials, who is responsible for managing the IT needs of seven cities. "I direct them to a console to makes changes to a VM, but they still want to know where the VM is."
And that is still proving to be tricky when it comes to virtual server management . How do you troubleshoot a VM when it floats around day to day based on available resources? "You need to find it first, and it's not as easy to find as a physical server is," he said.
It will only be a matter of time before his staff realizes the benefit of using a virtualization management console -- in this case the Citrix XenCenter management console, which lets Rials add a CPU, replace network cards, reboot, shut down, add memory to the storage pool or perform backup and recovery. "Anything you want to do on a physical server you can do through the console," he said.
It's not so much that virtualization adds a new management layer, but it does require you to change the way you do things.
Mark Bowker, an analyst at The Enterprise Strategy Group Inc. in Milford, Mass., said organizations should buy a new set of management tools for a virtual environment . "With a physical server, it's simple: You can walk over to it and log on to it, but within a virtual environment you suddenly have to become a detective … Where is that VM? What network is it on? What storage is it using? Is that VM offline?"
At Kroll Factual Data, IT has integrated tools traditionally used to manage physical servers, such as Microsoft System Center Configuration Manager and Operations Manager with Virtual Machine Manager to manage its physical and virtual devices from the same management console. This gives Kroll the ability to track VMs and the resources tied to those VMs, Steffen said.
Patch management in a virtual environment is actually easier than in a traditional environment, but it requires a different approach that IT has to learn. To patch a server before virtualization, IT has to evaluate the patch to see if it works, then test it in a development and quality assurance environment , then put it into production for provisioning. Now Steffen patches a single VM image to the host VM without having to bring a machine down.
"It's not so much that virtualization adds a new management layer, but it does require you to change the way you do things," Steffen said. "What you get in return is a much more stable environment that brings you closer to the five-nine [uptime] environment that everyone is trying to get to."
Let us know what you think about the story; email: Christina Torode, Senior News Writer