Top-11 virtualization pitfalls

TalkBack 5 of 6:: Next »; « Previous

Thread View
Flat View

You hit the nail on the head!!: George's article hits all the high points in an even slightly complex virtualized environment. He gets right to the heart of the matter in moderately or extremely complex virtualized environments.

Want to see your manager turn white? Ask him/her about these 11 items. They haven't thought about them (translated that means they do not *think* any of this is an issue) or they have nightmares about it because they've lived through one or more virtual host/guest disasters.

Is it aimed mostly at VMware? Not in my plane of existence. I ask these questions about all flavors of virtual hosts and guests. And, so what if it is aimed mostly at VMware? With 50+% of the market, that's one in two readers. Can I ask the same questions about Microsoft Virtual Server? You betcha. And at 30+% of the market that's about one in three readers. As for the other assorted solutions that make up that last 20%, if you're representing 1% of the market, that's one in every 100 readers. I can live with that.

What about the points George made? Here are the random thoughts that ran through my head as I read them:

1. Detection/Discovery: The bane of my existence. Our server team doesn't do away with a virtual instance, they just turn it off. So many of these have been turned on by accident (up to two years later) that it's not even funny any more.

2. Correlation: All you need is one major hardware outage on a host with 8 or 10 or 12 guests that don't have compatible SLAs or outage windows. The screaming from application owners/users will defeat even the most stoic IT manager.

3. Configuration management: How do you peer into the innards of the guest configuration? Is the last info you jotted down six months ago still relevant? (Where is that post-it?) Or have the resources been rearranged between guests and only the last person to "tweak" knows what's where in there?

4. Additional security considerations: Your virtual host is compromised and some process is using all of the processor and all of the memory to do its evil deeds. What happens to your guests? Do they perform normally? I think not. And if you don't know how the host or all those guests are configured do you really think not knowing what those guests do is going to deflect the heat? And what about inactive guests? If it's an infectious exploit, can it infect an inactive guest? If I was writing it, you could bet your last dollar it would!

5. VM identity management issues: This can be a serious issue for SOX compliance in a physical server world and becomes exponentially more difficult when the lines blur across virtual host and virtual guests.

6. VM network configuration control: If you've never had to troubleshoot an application that doesn't like sharing its IP address *and* being NAT'd, you just haven't lived.

7. Identifying and controlling VM proliferation: Heard in my office today: "It's just a virtual instance. No one will know it's there. And if they do notice, we'll just move it to the other server." "...and we don't need no stinking licenses..." in the same conversation!

8. VM host capacity planning: Capacity, sma-pacity! Those virtual guests can run on a toaster oven like it was an 8-way cluster of quad proc bad boy servers! Uh huh. Then why can't I log on to this instance that is doing *nothing* while you're running reports on the instance that runs SQL reporting for our entire world?

9. ESX host driver and ACL information: No, no, I don't know, no. And on top of that, we consider it a "stealth" system. No one knows those are guests on a virtual host and what they don't know, won't hurt 'em. And since they don't know the name of the virtual host, they can't get to it to do anything, can they?

10. ESX host configuration management: The relationship between our guests and hosts? The host hosts the guests. And that's all you need to know, unless there's a problem or you need to schedule an outage.

11. Intellectual property: Where did you say that database was? You put a virtual copy of the server in the lab to test a new script? Wasn't that the day that consultant was here and was burning data to a DVD? Hmmmm, I wonder what all he put on that DVD since the project he's working on fits on a thumb drive?; Posted by: cmcmanus Posted on: 06/26/07 You are currently: a Guest | Members login | Terms of Use