Virtualization is not a new concept in the world of information technology. The roots of modern day virtualization can be traced back to computer science research from the 1950s. Virtualization is a framework or methodology of dividing the resources of a computer into multiple execution environments.
One of the many benefits of virtualization is the ability to consolidate the workload of multiple underutilized servers into fewer physical machines. The "virtual machines" can then be consolidated and spread across one or more physical machines, as resources permit. Servers in this context are much like files in a file system that can be easily transferred from one location to another. This kind of deployment flexibility means that servers can be instantly deployed or reallocated to accommodate demand without the need for additional investment in hardware.
For decades, virtualization was commonly found in mainframe computing environments. Then, in 1998 a company called VMware introduced virtualization technology to the Intel x86 platform, which allowed the simultaneous creation and execution of multiple, virtual x86 computers on a single server. Virtualization has become ubiquitous thanks in part to the efforts of VMware. According to VMware at the time of the writing of this paper, more than 4 million users and 20,000 corporate customers of all types and sizes use VMware software, including 99 of the Fortune 100 companies.
The benefits of virtualization combined with its ubiquity have led to widespread adoption. As companies have discovered new and increasingly more creative uses for server virtualization, they have also encountered some challenges. One of the biggest challenges mirrors a problem in the physical server world: security patching. Combating the threat of software vulnerabilities in the virtual world requires a unique approach. This paper describes in greater detail the benefits and challenges of server virtualization, and offers insight into how Blue Lane customers are utilizing the PatchPoint System to combat the threat of software vulnerabilities.
Benefits of Server Virtualization
Physical servers with a single operating system frequently operate well below capacity. By dividing the physical resources of the server among multiple operating systems (virtual machines), the workload can be optimized. This enables administrators to get more performance out of their server infrastructure without having to make any additional investment in hardware. Server consolidation can lead to several additional benefits, including:
- Reducing the amount of square footage, rack space, power and cooling requirements in the datacenter
- Reducing administrative costs by simplifying tasks such as server backup, ghosting and provisioning
- Reducing required investment in physical hardware
Virtual machines can run multiple operating systems simultaneously. A variety of different versions and different systems can be ready on hot standby. Some systems, such as legacy, may prove difficult or impossible to run on newer (real) hardware so the virtual machine is a convenient way to extend the life of those legacy applications. For example, virtualization could encapsulate Windows NT systems that otherwise could not be upgraded to newer hardware that does not provide support for Windows NT.
Virtual machines can provide an isolated sandbox for running applications, which creates opportunities for test and development that would otherwise be cost prohibitive for many organizations to duplicate in the physical world.
Challenges of Server Virtualization
The primary challenge in managing a virtual server environment is that change and configuration management issues become magnified. Many companies struggle to keep up with security patches in their physical server infrastructure. Because virtual machines can be created so easily and quickly, deployed instantly, and shuffled around the infrastructure like files, managing change become incredibly complex.
Consider a software development organization. Software developers are typically heavy users of virtualization because of efficiencies of scale afforded by a virtual environment. In a typical test and development environment, engineers may require hundreds of different iterations of servers to determine whether or not all versions of software and hardware combinations work with the new software product. The iterations of servers will often include outdated versions of software as well as unpatched applications and operating systems, which mimic the distribution in the real world. Because these servers exist in a known vulnerable state, they can be easily compromised if not segregated from the rest of the network.
