Virtualisation not trusted for critical apps

Datacentre operators across Asia Pacific and Japan are resisting virtualisation for critical application environments, according to new research.

While server consolidation is a high priority for most datacentre operators, it is only occurring for non-critical application servers, according to Symantec's global state of the datacentre survey, which questioned 800 datacentre managers from 14 countries.

Just 20 percent of respondents said they would consolidate mission critical servers but 59 percent said they were happy to virtualise 'relatively unimportant' ones.

Forty-three percent said they would consolidate 'test and development' servers.

Paul Lancaster, systems engineering director at Symantec Australia, said the results show administrators do not yet trust virtualisation for critical apps.

"The survey showed there are a number of concerns around large investments into the virtualisation of physical servers. The first was around mission critical servers not being deployed onto a virtualisation platform," he told ZDNet Australia.

The survey also revealed fewer datacentre managers in Asia Pacific (29 percent) had started virtualising servers compared to the world average of 39 percent.

Analysts agree that for many larger organisations, the uptake of virtualisation has been slow for production environments while it has been rapid for lower risk environments.

"Virtualisation of test and development environments has exploded. Of course, test and development has a low impact if it goes wrong, but it also offers huge value in reducing the number of servers," Intelligent Business Research Services analyst Kevin McIsaac told ZDNet Australia.

Other major problems facing datacentre operators, according to Symantec's research, are difficulties finding and retaining staff and meeting increasingly tough service level agreements (SLAs).

However McIsaac said the issue of labour shortages is certainly not datacentre-specific and disagreed that meeting SLAs, at least for Australian datacentre operators, is a major problem.

A greater problem, according to McIsaac, is the issue of power and cooling due to ageing buildings that don't permit operators to replace datacentres with new air conditioning technology.

"Every three to four years, the power of servers has gone up significantly, yet datacentres are only refreshed every 20 to 25 years. The answer to that is that we need the physical infrastructure -- power and cooling -- to be modular, so you can rip it out every five to seven years," said McIsaac.

• Related stories

• Alerts

Add your opinion

Virtualization attracts. Deployment process can be worrying but there some ways Matthew Herbert -- 20/11/07

I think the core of the problem lies within the fact that most of us still continue to think about virtualization as a "new technology". And the origin is as far as I can tell it based on my own experience is the TOC problem. Total Cost of Ownership may even increase if you enable virtualization within your company without first taking measures to prepare the tools to control your new environments. It's hard to make a clear distinction between virtual and physical environment once you start thinking about using virtualization in production environment. The key point here is that both your environments physical and the newly built virtual environment should be tightly integrated with your business logic. This in its turn means that you have to make steps to organize service interoperability between two environments making the borders between both as thin as possible. The best way here is to make data interchange between both transparent to you and your users. But here we face with the problem of challenging with two tasks at the same time. First off, what does it mean to make something transparent? It does mean that you expose data to someone else. You are lucky man if your private data is exposed to a trusted person only. Data leaks are not necessarily the result of hacking your system but it may be a result of an improperly made configuration that has unintentionally became a source of a problem. I remember I myself was against deploying a virtual infrastructure in our environment. Sure I was aware of all the good sides but I was curious how can we manage to avoid exposing our private data. I've tried several approaches but the main problem with that I've tried was that neither was flexible enough to allow me to configure my corporate physical computers and virtual ones equally. The key point was that most were still considering the virtual and physical environments separately. They had a basis that implied that you first select what your corporate network is used for. Then you should decide if you prefer targeting on your physical network or you want now concentrate on your virtual environment. I you choose the first case you get the usual solution that based on standard configuration ways we use to configure our 'normal' environment. But they give almost no answer on how you can connect both should you select the second case by providing more preferences to the virtual environment. So that if you select the second option you basically get an abstract well-secured and configured system that however has nothing to do with your physical environments. Of course there are multiple methods that suggest using manually guided automation using COM automation via VB-scripting or something more powerful that implies using .NET via PoSH for example. But look, every such approach is like building a computer system without taking into consideration how every part of it will operate should it be working with some other part. You have a good chance to face trouble if you just buy a videocard without knowing how it will work with the mobo you've chosen. We know every component of your computer hardware was made with as much compatibility as possible. But you cannot predict whether that your video card will work with your motherboard without consulting with at manufacturer's site. However, what to do if the only person you can consult is you? That's why most of us consider avoiding the use of virtual environments in our production networks. That's why I was quite amazed when I found out there's actually a way to configure virtually any kind of environment transparently to each other but with a maximum level of standardization and control. I never heard about such approach before but as it comes Scriptlogic's Desktop Authority http://www.scriptlogic.com/products/desktopauthority/
can configure both environments based on the same standards that we have applied throughout our company. For example, previously I had to loosen security confi

• Reply to comment
• Reply to story
• Report offensive content

Continuing at the bottom. Matthew Herbert -- 20/11/07 (in reply to #320090267)

For example, previously I had to loosen security configuration levels for every user that has some connection with a virtual environment. But virtual structure in our company is directly connected with the physical structure. That makes the physical structure liable to data exposure. In fact you just could attack the physical system from a virtual system. With Desktop Authority I can set user to have very strict access permissions based on his level of access that he has in physical environment. For example I don't have to provide user with a local administrative privileges to run software that requires that level of access. For example a software that directly interacts with attached devices such as removable storage or USB sticks or installs services or driver. With Scriptlogic's tool I just can configure the manager tool to launch the software for a user. So I can make it fully transparent to the user. I can deliver him the software he needs to work in particular environment giving him a different set of software but the same security settings. For example, sometimes I need to define different patches based on the language settings so that I know he won't get an improper patch for his software if the software applies only to a specific language. By the way, another interesting thing with USB devices... I won't disclose a secret if I say that any attached removable storage represents a source of a data leak. But if there are ways to block such devices in a physical environment why block it at all in a virtual. But with a standard method you just block a usb driver with an administrative template removing the ability to work with such devices. What if your user needs different level of access depending on the type of environment he works in? For example, we supply some project managers with USB drives that we've purchased to allow them to work with data and read/save/interchange between their mobile and physical computer. I previously just used to create different security policies. If a system the user would use the USB stick on is affected by data leaks I just block write access for the USB drive leaving the user with ability to read documents from the drive. We've just recently received a notification that Scriptlogic updated their Desktop Authority and enabled the functionality to block USB device based on its serial number. That means that I will be able to block any but our corporate USB sticks. I know managers frequently use their own unsecured sticks. I had my eyes shut on that matter so far. Now I am amazed I will be able to set a more strict security for our virtual boxes that we use to run warehouse services with access to some sensitive data.
P.S. Could you possibly enable post length autochecking?

• Reply to comment
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials