Tightening security in a virtual set up

Many a CIO can lose more than night's sleep over security mishaps. With virtualisation becoming a pervasive technology in organisations it poses a different set of security challenges. Read on for some tips on handling security in a virtual network and more from Pallavi Kathuria, Director, Server Business Group, Microsoft India.

CIOL: How can CIOs address the security vulnerabilities created by a virtualized setup?

Pallavi Kathuria: This question is really the other way around: How can Virtualization help organizations become more secure? Virtualization can help make corporate data and applications much more secure. By isolating elements, it helps ensure that viruses and other problems with one VM or one virtualized application, for example, don't affect any other parts of the infrastructure. Separating OS's from hardware, and applications from OS's, also helps keep systems pristine and lowers the risk of infection. Virtualization can also streamline and speed security patching, since it only needs to take place at the source, not on hundreds or thousands of individual devices. This not only reduces labor needed for desktop maintenance, it also ensures that any security vulnerabilities are corrected immediately and comprehensively.

Because of security or confidentiality concerns, IT may want data to reside in a central location rather than being distributed across a constellation of desktop PCs. A virtualized presentation configuration places all data storage and processing in a central location, with the desktop being simply a presentation of the user interface.

To maximize security of your virtualized infrastructure, you need to ensure that your security processes and tools are appropriate. For instance, the VMs must be located correctly (such as behind the firewall), and critical or vulnerable workloads—such as those accessed by customers and partners in a perimeter network—should be isolated to help contain any security risks. We also recommend spreading mission-critical workloads over multiple VMs to distribute risk and avoid interruptions.

CIOL: How to go about getting legacy systems more agile by using virtualization technologies?

PK: In general, Virtualization helps in transforming physical IT infrastructure into logical layers. This, coupled with policy based management, enables creation of self managing Dynamic IT systems. Such integrated & unified IT infrastructure will deliver more cost effective & agile IT systems than loosely coupled ones. Use specific offerings like Virtual PC to run legacy applications not compatible with desktop OS's on the desktop, and Microsoft Application Virtualization to slash costly compatibility testing and application-related helpdesk support calls.

CIOL: Calculating ROI for virtualization is a challenging task -- how can CIO's justify an investment in this area?

PK: Despite high levels of awareness around the significance of virtualization - the actual adoption of this technology is currently at a nascent stage. Here’s why. As a part of Microsoft’s ongoing client engagements – we found that while most customers acknowledged the benefits of virtualization, they desperately sought guidance and support in understanding the actual implementation of this technology. Microsoft also observed a constant dilemma amongst customers and partners around getting a comparative view of the ROI involved in adopting virtualization solutions available in the market today.

Keeping this gap between awareness and actual implementation of virtualization in mind, Microsoft is taking the lead in making virtualization a reality for its customers, by offering tools that help them understand the intricacies involved in adopting this technology and the resultant RoI. Microsoft recently launched the Microsoft Integrated Virtualization ROI Tool to give customers direct access to a software solution that produces a detailed representation of the total cost advantage that Microsoft’s virtualization solutions deliver in comparison with other options in the market. Microsoft also offers a solution accelerator – Offline Virtual Machine Servicing Tool to help customers automate the process of updating virtual machines, thereby allowing them to manage the updation of a large numbers of offline virtual machines according to individual needs. The launch of these tools is a concrete step forward from Microsoft in demystifying virtualization and helping customers experience the value of this solution.

CIOL:What are the infrastructure layers that can be virtualized? And where should the virtualization process begin? How should enterprises approach virtualization -- the big bang approach or phased?

PK: Adopting virtualization across the enterprise should naturally follow a maturation curve. While each scenario provides concrete and compelling benefits, it is best if an organization adopts these approaches in a reasonably defined order. Different circumstances will dictate some modification to this sequence, but a structured roadmap can guide organizations to effectively employ virtualization in their respective scenarios.

Test and development environment: The natural place to begin piloting all types of virtualization is in the test and development environment. IT managers can model the OS, application, security, and management environment prior to putting these into production in a more streamlined and efficient way, providing greater flexibility and quickly identifying potential conflicts.

Server infrastructure: Consolidating workloads from a large array of discrete, underutilized physical servers to an environment where complimentary workloads are isolated and aggregated onto a smaller number of physical servers is the most common application of this technology, and is where immediate cost savings can be realized. Server consolidation is an ongoing process—it is more of a journey than an end state. Early on, IT organizations can and should focus on non-business critical production workloads, to harvest the low-hanging fruit while learning how to efficiently manage virtual and physical servers across their infrastructure. As their processes become more mature and the expertise improves, a more proactive strategy that includes business-critical applications makes sense for consolidation. Here, the benefits in disaster recovery and business continuity become more critical than simply cost savings. Finally, as the IT organization becomes adept at managing critical and tactical workloads across a rationalized server infrastructure, it can use virtualization to dynamically assign resources to improve flexibility and scale—increasing the strategic value to the organization. With the right tools and policy-based business processes, the IT organization provides an extremely responsive IT infrastructure that supports business demands while efficiently controlling costs.

Desktop infrastructure—Applications: Managing numerous desktop images drives up IT cost and consumes significant IT resources, as does maintaining up-to-date applications and security patches. By separating the application layer from the operating system on the desktop image, an IT organization can remove much of the complexity and management challenges it faces every day. Significant application-to-application regression testing is typically required before deploying a major application or OS update. In an environment where applications are virtualized and delivered on demand to the desktop, application-to-application conflicts are nearly eliminated, since the applications execute without impacting the desktop operating system—or other applications. In addition, application maintenance and security patching is streamlined, since it only needs to take place at the source, not hundreds or thousands of individual desktops.

Desktop infrastructure—Presentation: In certain circumstances, it is critical that all data reside in a central location rather than becoming distributed across a constellation of desktop PCs. A virtualized presentation configuration places all data storage and processing in a central location, with the desktop being simply a presentation of the user interface.

Storage and network resources: Virtualizing enterprise storage and networks provides another avenue to consolidate resources for greater flexibility and scale. Managing storage and network resources in a virtual environment streamlines resource allocation, provisioning, and maintenance while reducing the apparent system complexity IT managers work with day to day.

Overall infrastructure—Business continuity: Converting operating system and application instances into data files streamlines backup, replication and movement, providing a more robust business continuity capability and speeding recovery in the case of an outage or natural disaster.

CIOL: What are the virtualization trends in India?

PK: Customers today want a realistic end-to-end virtualization approach that would meet their requirements of lower TCO, higher availability and greater agility. Virtualization has clearly emerged as one of the hottest technology trends with wide reaching implications in the global as well as Indian market scenario. In fact, IDC India estimates that the share of virtualized servers to double from the present 22 per cent to 45 per cent by 2008-end.

While worldwide, only around 4-5% of servers globally are virtualized - we believe that the market is now set to ramp up to reach 90% in the next three-five years.

Customers have been evaluating virtualization technologies over the last few years, and we are confident that they will now start taking radical steps towards achieving long term benefits from virtualization.

CIOL: How much does virtualization support an organization’s efforts of going 'green' and ubiquitous computing?

PK: Companies today are investing huge sums of money to meet their fast expanding datacenter requirements. In fact, according to industry estimates - the number of installed servers in datacenters is expected to grow to a whopping 44 million by 2010.

A fact little known however, is that a server typically utilizes only a mere 15% of its full capacity. Each operating system or application requires a dedicated server for it to be run - as a result of which, companies end up deploying multiple servers to support multiple applications. While all resources of the server may be occasionally required to run the application - for the majority of time, the server remains unutilized when its application is not under use and keeps guzzling precious power. As a result, companies end up footing enormous electricity bills for running these power intensive servers, leading to immense wastage of resources. This is where virtualization steps in.

Virtualization enables Green IT in the three key ways:

Reduced wastage and recycling costs: Virtualization creates multiple virtual servers on a single hardware machine, allowing multiple users to access applications from the same platform. As a result - virtualization helps drastically reduce the number of software and hardware resources being deployed by an organization, thereby cutting down wastage and costs of recycling physical computing equipment.

Efficient use of power: By creating several virtual machines on one physical server, virtualization brings down the cost of running multiple hardware machines and significantly helps save precious power resources.

Less requirement of physical space: Cutting down the number of hardware resources - enterprises using virtualization require less amount of physical space for storing physical machines, thereby saving them from making expensive real estate investments.

Now is the time for customers to get virtual and benefit from improved energy and power usage features!