 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
April, 2008
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
A letter from the executive officeThe move to mission-driven virtualization
IT management is still mired in routine. Driving innovation is CIOs' third most important priority for 2008 according to the Financial Times, but research shows that many groups are still stuck in day to day management of legacy systems, upgrades, bugs, patches and fixes. And that's not the end of the challenges. Driven by the popularity of consumer devices, technology continues to become fragmented, and the resulting device proliferation has extended the technology reach of the enterprise, intentionally or not. It's not surprising that the IT department's ability to keep up and contribute strategically to the corporation is stretched in the face of such a massive agenda. Here's the reality: Resources aren't being used effectively:
In effect:
Is virtualization the silver bullet? Nothing is. But the reality is that virtualization can contribute to the enterprise in a number of strategic ways: maximizing efficiency and resources, from people and power consumption to computing equipment and bandwidth. As well, the way in which virtualization is deployed means that it has significant potential as a key element in business continuity and disaster recovery planning. In this issue of Impact, we'll look at how enterprises are turning to virtualization to solve the problem of maintenance, management and expansion, how virtualization models can be optimized with the addition of additional technologies like runbook automation, and some ways to assess the potential effects of virtualization in your enterprise. The resources we offer you include:
Bell can help you understand how your current virtualization strategy can be optimized evaluate a platform shift and understand how virtualization could affect your resource planning, data centre, IT cycles or budget. Our professional services team is waiting to hear from you. Click here to have a Bell representative contact you for an overview or an audit on your environment. As always, we welcome your feedback on the tools and resources we offer you in Impact and on any other aspect of our services. Best regards, Stéphane Boisvert President, Bell Enterprise ... Virtualization resource centre
Bell white paper Virtualization: Navigating the road to IT optimization If there was a new approach that could make your enterprise more responsive and flexible while achieving significant cost reductions, would you embrace it? That approach is virtualization, and for the majority of Canadian enterprises in 2008 the answer is a resounding 'YES'. Whether you are just beginning to evaluate your options, or you have already virtualized parts of your IT infrastructure, the rapid evolution of the industry is presenting IT leaders with a potentially confusing range of approaches, solutions and new challenges. Peter Cresswell and Tim Fischer are virtualization experts at Bell. In their white paper, "Virtualization: Navigating the road to IT optimization" they survey the opportunities and choices available today, and based on their experience in helping customers acquire and implement different technologies, they provide recommendations that will help you get to the solution you need. Topics covered include:
Download the white paper! this valuable resource and find out how your organization can choose the right path towards virtualization. Enterprise virtualization requirements assessment tool Considering virtualization? The benefits are significant, and answering the questions in this assessment tool will provide you with a virtualization diagnosis to get you started. From determining your objectives and your IT infrastructure strategy to business continuity implications and resource considerations, this tool will help you understand what you need to consider before planning your virtualization project. Download the assessment tool! ... Discussion with an expertExpert Q&A: Peter Cresswell identifies what you need to know about virtualization
Peter: Virtualization is not a new idea. We've been virtualizing computer systems at a commercial level since the 1960s. What's grabbed everyone's attention is virtualization coming to the x86 architectures, and the new possibilities for application delivery and storage solutions. This is timely because IT professionals are facing multiple challenges right now, working to adopt new technologies, manage space and utilization requirements and comply with a myriad of regulations. At the same time, user communities are demanding quicker and more flexible access to the information that drives business, and the tools that make it happen – applications. They want all of this anytime, anywhere, on any device, and it all needs to be secure. Virtualization can help with all of this. Impact: What are the benefits an organization can expect from adopting virtualization? Peter: That's a core question. The immediate paybacks are the cost savings associated with running less hardware, albeit more highly configured, in a consolidated virtual environment. These savings exist, as do acquisition savings, along with the ongoing cost savings from space, power and HVAC. However these are short term benefits, to fully realize the benefits of virtualization, organizations need to look beyond the immediate numbers to how they can use the capabilities afforded them by a virtualized architecture to do new things, and old things in new ways. Impact: Can you expand on that? Peter: Definitely. We've developed the Bell virtual enterprise framework (BVEF), and a key element of that vision is that the central benefit of virtualization is the flexibility it brings to IT organizations. New systems can be implemented more quickly, and changes can be made with fewer inter-system impacts. In addition, virtualization enables organizations with high labour costs to schedule work in business hours allowing work to take place in a more planned structure. Virtualization allows organizations to become more efficient in delivering solutions to internal customers. These benefits are harder, but not impossible, to quantify and will have real impacts on the bottom line of organizations. Impact: One of the key perceived benefits for CIOs and senior IT managers is that a well-deployed virtualization infrastructure could allow them to do more with less people. Is this the case? Peter: Rolling out a virtualized IT infrastructure for HR cost savings alone may not be a reasonable expectation. In the dozens of virtualization projects we have conducted for our clients, we have found that deployments do help IT departments achieve greater freedom from maintenance and routine tasks, which typically occupy the majority of any IT departments' resources. It's true that an effective virtualization rollout will include the necessary tools and management infrastructure that free people and technology from routine tasks to focus on projects that will advance the IT goals of the enterprise. But that's just part of the picture of how organizations can benefit. Impact: How is virtualization playing a role in the drive to “anywhere, anytime, any device” user access? Peter: At the access and application layers of the BVEF, virtualization allows us to move out of the paradigm of deploying fixed solutions to clients on fixed replacement cycles to a model which delivers applications from data centres in a shared, virtual and/or streamed environment. This is enabled by ever-improving connectivity options and speeds. All of this means you deliver the full application solution your users need to their access device on demand – within appropriate security restrictions of course. Impact: Can you expand on the security implications? Peter: While virtualization enables increasingly flexible and responsive organizations, security must remain a core consideration of your virtualization solutions. IT departments are responsible for ensuring the timely delivery of information to their users, but must be mindful of compliance, SOX, privacy and continuity issues. That's why the underlying layer of the BVEF is security – we draw upon our expertise to build it into virtual solutions. Impact: There is a lot of focus right now on virtualization enabling enterprises' business continuity planning. How exactly does virtualization relate to BCP? Peter: Virtualization enables new technical solutions for business continuity to be seamlessly implemented as part of an organization's IT framework. With hardware becoming a resource to which OS and applications are streamed from files, it is now easier to move those files around the architecture to enable fail-over, high availability and extra capacity. Once you have virtualization capability, you have a business continuity layer that's baked in to the architecture. Then you still need to understand how to build the infrastructure both for virtual production and failure scenarios. Impact: Can we assume that enterprises will begin to use virtualization as part of their business continuity strategy? Peter: Certainly. I think we will see enterprises leverage virtualization initiatives to drive business continuity and disaster recovery scenarios. However, this type of infrastructure can require additional management. If your company's entire business continuity plan is based on your virtualization platform, you'll have to look carefully at the tools required to manage and maintain it, and design and architecture become increasingly critical elements during the early stages of a scoping exercise. Impact: We've spoken about applications and systems – what about storage? Does virtualization have a role in storage architecture? Peter: Most definitely. Storage virtualization is pretty much a key requirement to achieve BCP and disaster recovery efficiencies associated with virtualization. If you're going to virtualize systems, you better be planning on virtualizing storage. At the same time, storage virtualization has key benefits in its own right. As organizations store ever-increasing amounts of information; planning, architecting and managing that information is becoming an increasing drain on the flexibility of organizations. Storage virtualization – addressing how storage is allocated, how information is managed and how the environment is maintained – delivers key tools to make storage a flexible part of your corporate infrastructure. Bell has delivered critical thin provisioning, tiering and non-disruptive migration solutions to some of our customers, making storage an integral part of the BVEF. Impact: One final question – what about the network? Peter: Actually, you're getting to the key point about the BVEF. There's more than one virtualization technology/solution that can be implemented. Whichever one you choose, the benefits come from closely combining the five layers of the BVEF – access, application, system, server and storage. Critical to making it all work is the way it links together, so the network is absolutely key to a well-implemented virtualization solution. Impact: Thanks Peter. If you could leave our readers with one thought about virtualization, what would it be? Peter: That's a challenge! But yes, there is one overriding thought I'd like to convey. Virtualization is real – and the benefits and opportunities are real. There's a lot more to building an effective virtualization solution than installing software and throwing out excess hardware. Every one of our customer virtualization successes – and indeed our own internal model – have been built on a careful and clear understanding of where we're starting from, utilizing elements of all five layers of the BVEF, and building to achieve both the short term acquisition ROI and redefining process to achieve long-term process and management benefits. It helps to have experienced professionals working with you. Bell can deliver on all those fronts. Peter Cresswell is National Practice Manager – Virtualization, at Bell. Click here to be contacted by a Bell representative about your virtualization needs. ... The Bell virtual enterprise frameworkTo help customers understand, plan and implement a virtualization strategy, Bell has developed a virtual enterprise framework that identifies five layers of enterprise IT architecture to which virtualization solutions can apply. Surrounding these layers – and critical to making them work together – are connectivity solutions and a robust security architecture.
1. Access The access layer abstracts delivery of applications to users, enabling anywhere, anytime, any device access, often through thin clients and hosted desktops that provide users with access to critical business tools and information. 2. Application Application virtualization focuses on taking a packaged approach to application delivery, streaming either applications or entire desktops to local workstations or access layer devices. 3. System System level virtualization inserts an intermediary layer of software – called a hypervisor – between the hardware and the operating system. which allows multiple OSs and server applications to run on one physical server. 4. Server Server virtualization pools computer hardware and processing power into a single resource. An example of this is grid computing, a form of virtualization that is starting to gain traction. In current practice, the most typical use of server virtualization is in combination with provisioning software. This approach has been proven to provide real practical benefits in the enterprise. 5. Storage Storage virtualization is the key companion to system virtualization. Similar to system virtualization, storage virtualization links storage devices together to create a single, shared resource that makes for easier storage provisioning – sometimes called thin provisioning. It also ensures,non-disruptive migration of data and simpler, unified data management. Connectivity and security The key to making virtualization work is the effective interaction of all the virtualized components. From dynamic switching support in the datacenter to anytime/anywhere access to enterprise data and applications, connectivity and security underpin a successful virtualization. Bell : Helping you go virtual Virtualization enables a whole new vision for enterprise computing, one of secure, connected and flexible access to applications and data. At Bell , we can help you sort through the various tools and approaches offered by leading virtualization vendors. We have a unique combination of skills, service delivery capabilities and partners to offer a wide range of virtualization services today. Let us help your enterprise go virtual. Click here to be contacted by a Bell representative ... Secure virtualization: Handling shared environment risksIf your organization is adopting virtualization solutions, then you need to come to grips with the potential security risks implied by a shared architecture. Interestingly, some in the IT community seem prematurely convinced of the security of virtual systems. In an Information Week survey from the fall of 2007, 43 percent of respondents thought that a virtual server was as secure and safe as a conventional server. Yet there are risks. A quick survey of warnings issued by CERT and other security organizations show that there are flaws being discovered in virtualization products, just like any other technology product. In this article we'll take a look at what the security risks are, where they come from, and how to approach them, using sever virtualization as an example. We'll also provide some best practices so that you can build a virtualized environment that delivers the benefits of virtualization without compromising the security that you've built into your existing physical environment. What's the problem? The fundamentals of security impose strict rules of separation and segmentation to ensure appropriate access to IT resources. In a virtual infrastructure, these rules must still be enforced, but the role of the arbiter, that is, the hypervisor or virtualization manager, becomes critical. How we evaluate and trust the virtualization solutions are a key consideration in the deployment of virtualized infrastructures. Key to any virtual solution is the embodiment of three key principles; encapsulation, isolation and partitioning. As separate physical resources are combined virtually on a new logical processing architecture, what used to be enforced physically – separate applications running on separate platforms – is now ultimately being controlled by the virtualization solution being implemented. From the desktop application sandbox, through to system hypervisors and storage consolidation solutions, how should an organization introducing virtualization approach the security problem? The server virtualization example We'll focus on server virtualization, the most well-known area of virtualization activity. In server virtualization, the objective is to consolidate multiple physical servers and their applications onto fewer servers. Each new physical server in the new virtual environment therefore represents multiple logical servers and each of these servers is running whatever business application solutions are required. The first challenge is to ensure you can trust all of the other applications running on the same system. If a malicious application or virtual machine (VM) can affect other VMs running on the same physical hardware, security-related incidents could result from using resources from the other VMs. This threat is most commonly and effectively handled by each VM vendor, by the hypervisor layer monitoring each VM, controlling access to the shared physical resources and ensuring that each remains encapsulated, partitioned and isolated. Current attack vectors and hypervisor vulnerability So what if the hypervisor is compromised? Modern hypervisors run in two modes, either directly on the hardware or as a guest on top of a general purpose or special purpose operating system. It is in the latter cases, with the hypervisor as guest, that most currently-identified attack vectors have worked. How does the attack work? The vector breaks the hypervisor partition typically due to a flaw in a driver component of the underlying OS. It then compromises the OS, the hypervisor and by extension all VMs running on that physical box. For this reason it is a worrisome vector. The good news This vector is not practical in most commercial virtualization implementations, because in a commercial implementation the hypervisor is installed on the ‘bare metal' of the server. Indeed most major server vendors today will (or plan to) sell versions of their servers with the hypervisor code available as a boot option from flash memory directly on the server. In these cases the hypervisor layer is quite small (generally around 32MB) with tight code. The major difference between the embedded hypervisor code and what was available before is that the management infrastructure has been decoupled from the virtualization engine, meaning that there is less operating system-like surface to attack. This makes general purpose exploits more difficult to implement – but not impossible. What the hackers say Hypervisor exploits have been a hot topic of conversation at hacker conferences throughout the past year, where many examples of potential hacks have been proposed and discussed. A key question has been whether an attack exploit the hypervisor and render all systems running on the compromised system open to attack? Or would it allow systems running on a compromised hypervisor to detect that a compromise had taken place? These are serious questions, but ultimately we expect to see security software address this element of hypervisor trust, ensuring greater peace of mind that the virtualization layer has not been compromised, in the near future. The challenge for security tools There is another vulnerability to consider. Each VM on a physical system must communicate with the rest of the IT environment and with other systems which may or may not be virtualized on the same physical box. This is a special challenge for many network based security tools. If they are not hooked into the virtual switches, they can't monitor the traffic running between virtual systems. This begs a fundamental question: Do we approach VM security by implementing the same security tools on all VM servers, thereby consuming multiple virtual cycles, or do we approach the problem by running the security tools at the host OS level? The answers to this question haven't been completely settled, although virtualization vendors are responding. Recent initiatives are seeing security hooks being built into the hypervisor layers, and security VM appliances being created to work with these hooks and monitor security across multiple VMs on a single physical server. How to minimize the risk and reap the benefits While some issues are still be resolved, our view is that the benefits of a virtualized organization are too great to be delayed. The increased flexibility and utilization, as well the decreased power, cooling and space requirements will bring immediate benefits to the organization. That being said, you need to be smart. To avoid the security pitfalls when building your secure virtual environment we recommend that you:
Ultimately you can build an effective virtualized environment without compromising the security that you've built into your existing physical environment. With more than a decade of practical experience deploying virtualized environments, and the experience implementing our own infrastructure across over three hundred servers internally, Bell has the knowledge and experience to help you deploy the right secure, virtualized solutions. Click here if you would like a Bell representative to contact you about your virtualization needs. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
.jpg)
Is your disaster recovery plan tied closely to your virtualization strategy? In the brave new world of mission-driven virtualization, it should be. From solidifying business continuity to advancing corporate social responsibility agendas, virtualization is being touted as the answer to many IT challenges.
These resources and tools will help you understand how to assess your virtualization needs and make the right choices when it comes to developing your virtualization strategy.
Impact sat down with Peter Cresswell, National Practice Manager – Virtualization, Bell , to talk about virtualization technologies, where virtualization is heading, what to anticipate and how to benefit from the virtualization technologies available today. Continue reading to find out what you need to know to get the most out of virtualization. 
