The Virtualization Practice

Cloud and hosting providers are aggressively investing in new Intel Xeon servers that can have as many as 32 cores per server (4 processors with 8 cores per server). Some of this investment is in response to current demand for actual capacity from customers. Some of it is investing ahead of the curve so that the cloud vendor is properly positioned when the demand arrives. The growth and the hype in the cloud is such that there is highly likely to be an overbuild of capacity at some point and then a crash and a period of consolidation – just as there was with ASP’s and the .com companies.

When you read books on virtualization, cloud computing, security, or software product sheets a common word that shows up is Policy. Tools often claim to implement Policy, while books urge you to read or write your Policy. But what does Policy imply?

Webster (webster.com) defines policy as:

1 a : prudence or wisdom in the management of affairs b : management or procedure based primarily on material interest
2 a : a definite course or method of action selected from among alternatives and in light of given conditions to guide and determine present and future decisions b : a high-level overall plan embracing the general goals and acceptable procedures especially of a governmental body

When you read policy in product literature and books we are looking at definition number 2 and often a over b. But what does this mean to those who administer and run virtual environments or make use of cloud services?

Unless you have been on vacation or hiding under a rock then you have heard the latest buzz in the industry that vSphere 4.1 has been released. There have been a lot of blog posts on the topic already. You can find one example here, here and what we at virtualizationpractice.com posted here. The thing I want to hit on for this post is the fact that this release will be the last release for full version of ESX. Moving forward on any new releases of ESX will be strictly ESXi. Anyone that knows me over the years knows that I have not really been a big fan of getting rid of the full version ESX Server. Call me old school and the fact that I have spent a great deal of time developing the automation used in the environments that I have supported over the years and have been really happy with what I was able to accomplish via kickstart and bash.

The ROI for Server Virtualization with Business Critical Applications

The ROI from virtualizing tactical applications is driving by the consolidation in the number of physical servers needed once tactical workloads are virtualized. However, when virtualizing Tier 1 or business critical applications, it is likely that significant consolidation in the number of cores per workload is not possible – leading to the requirement to find a new way to cost justify these projects.

vSphere 4.1 Released – More Dynamic Resource Load Balancing

With the release of vSphere 4.1, VMware has added to their Dynamic Resource Load Balancing (DRLB) suite of tools that I hinted at in my post on Dynamic Resource Load Balancing that I wrote last week as well as providing new memory over commit and other functionality. In essence, vSphere 4.1 is more than a point release, this update includes many features that aid in security, reliability, and is a direct response to customer requests.

Encryption is important, encryption within a VM even more important. But the question is how to do this securely without allowing the encryption keys to be seen by an administrator of the virtual environment and that supports vMotion or LiveMigration. The solution is per VM encrypted memory, but something more robust that makes use of hardware, out of band key exchange, and supports vMotion or LiveMigration.

During the Virtualization Security Podcast on 7/8, Vizioncore’s Thomas Bryant joined us to discuss the state of virtualization backup security and forensic use of such backups. In the world of virtualization, backups are performed mostly by 4 distinct vendors: VMware Data Recovery (VDR) and VMware Consolidated Backup (VCB), Vizioncore vRanger, Veeam, and PHD Virtual Backup for vSphere. Each of these provide the most basic of security capabilities:

* Encrypted tunnels for data movement (SSL)
* Encryption of the backup

But in the increasing global nature of businesses and the difference in privacy laws between townships, states, and the need for Secure Multi-Tenancy, backup companies fall short with their products while making it increasing harder to use backups as a source of forensically sound data.