Virtualizing Business Critical Applications – A Reference Architecture

In The ROI for Server Virtualization with Business Critical Applications, we showed an example of how the savings from server (specifically core) consolidation might not be as large when one is virtualizing business critical applications (where the physical servers were appropriately sized in the first place) is it is with tactical applications (where the one server per application resulted in massive over-provisioning). At the end of that analysis we also pointed out that the business critical case did not include the other “extra” products that would need to be a part of a business critical application virtualization project. This post proposes a reference architecture for the entire suite of solutions that will be required to virtualize business critical applications. We are going to build this example around VMware vSphere as VMware has the broadest level of third party support in terms of vendors who provide the solutions required to fulfill the requirements of the reference architecture.

The Virtualization Platform

While Citrix and Microsoft both offer robust virtualization platforms, it is clear that VMware holds a commanding lead both in terms of product functionality and enterprise installations. Therefore we will use VMware vSphere as the example virtualization platform.

Any project to virtualize a business critical application has to start with a robust virtualization platform. If we take vSphere as an example we can see that the vSphere platform contains a variety of extremely important features. Perhaps the most critical set of features are the API’s into the vSphere system. VMSafe provides a low level interface directly into the hypervisor for robust security and configuration management. The vStorage API’s allow storage vendors to provide their unique features in support of vSphere, and also provide a mechanism for monitoring vendors to asses the performance of the storage subsystem. The VMware vSwitch includes an interface to a mirror (or spanned) port that allows vendors to see and assess the performance of all of the network traffic in a VMware host. Finally the vCenter API’s provide basic resource utilization statistics at a host and guest level (data that is used by every monitoring vendor that supports vSphere). The vSphere platform also contains a variety of valuable features beyond the hypervisor itself. These include HA, FT, VMotion, DRS, DPM, Host Profiles, and Update Management.

The VMware vSphere Virtualization Platform

VMware vSphere Virtualization Platform

Beyond the Platform – The Virtualization Management Layer

However even if you have VMware vSphere Enterprise Plus, there are still a wide variety of functions that need to be performed that are outside of the scope of the virtualization platform itself. VMware itself recognizes this and has stated that it views virtualization as a catalyst that creates a requirement for a new management stack. Those functions can be grouped into Security Management, Configuration Management, Service and Capacity Management, Provisioning and Lifecycle Management, and Backup and Recovery as shown in the diagram below.

Reference Architecture for Virtualizing Business Critical Applications

Virtualization Management Reference Architecture

Security Management

Virtualization Security is a complex topic involving many dimensions and processes. This subject is discussed in detail in our Virtualization Security Section, and is also covered in Edward Haletky’s white paper, End to End Virtualization Security. Suffice it to say that any virtualization environment that houses business critical applications and data must be protected with access controls that only allow the right people to access the right information, and that detect and prevent a wide variety of threats and attacks from occurring. It is also the case that just securing the virtualization layer itself is insufficient, as the physical environment that supports the virtualization platform must be secured in a manner integrated with the security of the virtualization layer. VMware does a great job of making the interface (VMSafe) available that allows for this functionality to be created, but it exists only in third party solutions and is not available directly from VMware itself.

Configuration Management

Virtualization creates an entire new set of configuration parameters that need to be managed, and also transforms previously dedicated and static systems into members of a shared and dynamic environment. This creates a new set of configuration management issues starting with the question of who is allowed to change the configuration of what, and ending with needing a process that ensures that the required configuration for an application follows that application around as it (and the guests that contain it) are moved from host to host. Configuration changes (especially inadvertent ones) are the single most common cause of application outages and performance issues, so it is essential that a robust ability to manage and assure configuration integrity be a part of any project to virtualize business critical applications. This topic is covered in detail in the Virtualization Management section of this site, as well as in the Virtualization Management White Paper.

Service and Capacity Management

This covers a broad range of essential monitoring and management functions including capacity management, monitoring resource utilization in the environment, understanding the response time of the virtual infrastructure as work is requested of it, monitoring applications performance in a virtualization aware manner, and finally automating the distribution of the workloads to ensure that the most important applications deliver the required levels of service to their users. This topic is covered in detail in the Virtualization Performance Management section of this site as well as in the Virtualization Performance Management White Paper.

Provisioning and Lifecycle Management

This also covers a broad range of functions including detailed discovery of exactly what is going on in the environment and how it is configured, putting in place policies that govern who can do what, and how the virtual environments are configured at every layer, providing control functions that ensure that these polices are automatically enforced, applying the roles and the policies to the provisioning process so that new VM’s can be rapidly provisioned according to job function and rules set up for the intended use of the VM, and finally providing a self-service framework that allows for a service catalog to be layered on top of the virtualized environment. This topic is covered in detail in the Virtualization Management section of this site, as well as in the Virtualization Management White Paper.

Backup and Recovery

This covers the questions of backing up the data in the virtual environment, the hosts and the guests. This is an especially challenging problem due to the rapidly changing and dynamic nature of virtualized environments. It also includes the question of how to restore both portions of the environment (a single host, guest or application) and the ability to restore the entire environment in the case of disastrous failure or unavailability of and entire data center. This topic is covered in detail in the Virtualization Backup and Recovery section of this site.


Virtualization Security, Configuration Management, Service and Capacity Management, Provisioning and Lifecycle Management, and Backup/Recovery are essential functions that must be added to a virtualization platform when virtualizing business critical applications. VMware vSphere is clearly the market leading and most robust virtualization platform – and clearly the virtualization platform most suitable as the foundation of a virtualization system designed to support business critical applications. However, the virtualization platform must be complemented with third party solutions in these areas in order to create a system that can truly support business critical applications in an effective manner.