|
Virtualization is being broadly adopted within enterprise IT infrastructure for many reasons, and industry analysts and journalists have explored the topic in detail. According to a comprehensive report on virtualization trends and forecasts conducted by Enterprise Management Associates (EMA) released in April 20081, server consolidation and improved hardware utilization tops the list of most organizations, as these drivers successfully translate to reduced hardware costs and floor space requirements. Other critical benefits include reducing downtime, enabling more effective disaster recovery and business continuity, and ensuring better achievement of service level agreements.
Test and Development, according to the EMA study, remains the most common use case for virtualization, with 79% of all respondents having workloads in this area. Second to Test and Development—and growing quickly—is Production Application Servers, which has increased from 64% in 2006 to 74% in 2008. This trend is significant, and Tripwire was curious to understand two important underlying issues.
1) Most IT organizations have deployed virtualization in their production environments to some degree today, but just how deeply has virtualization penetrated the overall production workload?
2) If in fact virtualization is now pervasive, have the security, change management, and compliance controls common to physical infrastructure followed in equal measure within the virtualization environment?
A survey commissioned by Tripwire and conducted in June of 2008, clearly indicates the level of adoption for server virtualization within production environments is indeed very high. Nine out of 10 respondents said some percentage of their current production infrastructure is running on virtualized servers. In more granular terms, 62% of respondents stated that up to one quarter of their production servers are now virtualized, and 77% reported that they have virtualized up to half. When asked to project adoption out three years, the majority of those surveyed (57%) predicted the percentage of production servers that will be virtualized will range from 26% to 75%, with 40% of respondents expecting more than half of their production server infrastructure to be virtualized.
The actual number of virtual workloads (e.g., guest operating systems or virtual machines) is correspondingly on a steep rise. Half of those surveyed (49%) reported that they are running 1-50 workloads in production today. Roughly the same number (51%) predict that they will be running over 50 workloads in the next three years. Of these, nearly two out of three expect to have 51-250 workloads running in production in the future. As an interesting side note, a significant number of respondents (15%), coming mostly from Security and Compliance, did not know how many workloads they had running in production today.
Once considered to be suitable only for back office applications, virtualization has clearly gone mainstream. All types of workloads—and most commonly enterprise applications, Web services, and databases—are frequently being run in production on virtualized servers. Of the nine types of workloads surveyed, six of these are being run by over half of all respondents. Though still significant in their occurrence, email services, print servers, and eCommerce were the least likely workloads to be run on virtualized servers within production environments.
By all accounts, virtualization has taken hold and is expanding quickly, driven by the realization by enterprise IT organizations of new-found cost efficiency and service quality enhancements. Industry pundits, however, have questioned the relative strength of security and process controls within virtualized server environments. Respondents to this survey did not echo these concerns. Controls for virtualized servers for security, change management, and compliance deployed in production environments were largely perceived as equivalent, if not even stronger, to those implemented in physical server infrastructure.
When asked how change management and compliance controls compare between physical and virtualized servers, eight out of 10 respondents said there is no difference. This opinion was shared across all functional areas, with the greatest agreement among Security.
|
