I can’t tell you how glad I was to read the recent Forbes article on server Virtualization dangers. For those of you who are not familiar with the term, virtualization in a nutshell is the process of putting multiple discreet OS installs on a single server via virtualization hardware or software.
First off, let me say that virtualization is a great tool under the right circumstances. It allows the distinct advantages of leveraging a single machine with excess hardware capabilities to gain the greatest return on investment for your hardware. It is a technology that has been around for many years and it’s use is wide spread. Couple the technology with a beefy SAN and voila you have a server farm in a single rack.
All of that is great but there are a lot, and I mean a LOT, of disadvantages for choosing this infrastructure model as the sole model for your enterprise.
- Virtualization puts all of your eggs in one basket. Sure, there are plenty of ways to mitigate this risk with clustering technology but the reality is that several virtual servers on a single machine is simply more risky than having dedicated equipment for each application. Having managed a reasonably sized data center (>100 real servers and several virtual), I can tell you from personal experience that compartmentalization and redundancy cannot be overstated as a method to mitigate risk.
- Virtualization has a longterm cost. The major selling point for virtualization is cost reduction. However, many of the long-term costs associated with virtualization are ignored in order to realize the short-term gain. Heat, power consumption, complexity, and performance all become issues when moving to a virtual environment. These costs may seem small but a deeper understanding reveals that these costs become fixed costs now associated with running your business.
- Virtualization is a hacker dream. It doesn’t take a genius to figure out that it’s easier to take over one machine than to many. With a single attack on a virtual server’s hypervisor your whole security system can be overcome. With the ever increasing need to keep data secure, this is a risk that must be considered when considering to virtualize.
Virtualization has been well marketed. Much in the same way that the Microsoft server was well marketed back when a small company called Novell owned the IT infrastructure market(remember when it just worked?). In much the same way, the trend is toward a solution with lower initial costs that requires more in the long-run to manage.
The prudent IT professional would do well to consider when to use and when not to use virtualization. As for replacing your entire infrastructure with virtual servers, I have two words: Caveat Emptor…
Until next time, happy blogging.
Megadisclaimer: Take nothing at face value. Everything on this blog is for entertainment purposes. It won’t change the world, or even your opinion in most cases. If you believe everything that you read stop reading now!
April 11th, 2008 at 8:11 am
All good points that should be considered before virtualizing but…
But #3? If hackers are getting to your actual servers, you have a bigger problem than virtualization. That’s like saying it’s the goalie’s fault for letting a guy score after he’s taken the ball all the way from his own penalty box and dribbled past every other player on the team.
For example, I can think of at least one instance I’ve seen in a major corporation where half the company had physical access to racks and racks of servers that supported mission critical applications. Vulnerability to hackers wasn’t nearly as big of a threat as the possibility of someone turning a machine off (which happened).
April 11th, 2008 at 12:20 pm
Thanks for the feedback.
You’re dead right about physical access. If you can’t control that, your security is worthless. Most companies with mature IT processes understand that the rooms that store servers are not also office spaces. When that simple concept is alien to a company, the area becomes “high traffic” and is then impossible to secure.
However, if someone can remotely gain access to hypervisor via the virutal server session, “hyperjacking” (I love new technobabble), you have trouble in spades.
April 11th, 2008 at 12:29 pm
[...] to Gartner’s annoucement, the future is hypervisor and virtualized machines. Didn’t I hear the same thing about Java years ago? Wasn’t [...]