Virtualization Reality Check by yaosaigeng


									                          EXECUTIVE GUIDE
                                Back to TOC


rEalITy ChECk

         Sponsored by

       Sponsored by APC

                                                                                                                                                           EXECUTIVE GUIDE

Table of Contents
Profile: APC by Schneider Electric                                                                                                                                                        3
Introduction                                                                                                                                                                              4
Exploiting Virtualization                                                                                                                                                                   5
   10 questions to test your virtualization readiness .............................................................................................................................. 5
   How to keep virtual test environments in check ................................................................................................................................. 8
   Variations on a virtualization theme ...................................................................................................................................................10

Market Insights                                                                                                                                                                 13
   Server virtualization in two-thirds of enterprises by ’09, Forrester predicts...............................................................................13
   Virtualization still hot, death of antivirus software imminent, VC says........................................................................................14
   Data center managers see green, battle virtualization hangovers in ‘08 .....................................................................................14
   IT managers stymied by limits of x86 virtualization .........................................................................................................................16

Security Spotlight                                                                                                                                                                         17
   Virtualization security needed – now! .................................................................................................................................................17
   Virtualization security risks being overlooked, Gartner warns .................................................................................................... 20

Case Studies                                                                                                                                                                           21
   EBay’s computing guru gives behind-the-scenes peek ...................................................................................................................21
   A virtual hit for MLB Advanced Media .............................................................................................................................................. 23
   Gannett’s virtualization veteran lets us pick his brains ................................................................................................................. 26

                                                                           Sponsored by APC
                                                                                               EXECUTIVE GUIDE
                                                                                                     Back to TOC

Profile: APC by Schneider Electric
    APC by Schneider Electric, a global leader in critical power and cooling services, provides

    industry leading product, software and systems for home, office, data center and factory

    floor applications. Backed by the strength, experience, and wide network of Schneider

    Electric’s Critical Power & Cooling Services, APC delivers well planned, flawlessly installed

    and maintained solutions throughout their lifecycle. Through its unparalleled commitment

    to innovation, APC delivers pioneering, energy efficient solutions for critical technology and

    industrial applications. In 2007, Schneider Electric acquired APC and combined it with MGE

    UPS Systems to form Schneider Electric’s Critical Power & Cooling Services Business Unit,

    which recorded 2007 revenue of $3.5 billion (€2.4 billion) and employed 12,000 people

    worldwide. APC solutions include uninterruptible power supplies (UPS), precision cooling

    units, racks, physical security and design and management software, including APC’s

    InfraStruXure® architecture the industry’s most comprehensive integrated power, cooling,

    and management solution. Schneider Electric, with 120,000 employees and operations in

    102 countries, had 2007 annual sales of $25 billion (€17.3 billion). For more information on

    APC, please visit All trademarks are the property of their owners.

                                         Sponsored by APC
                                                                                                                            EXECUTIVE GUIDE
                                                                                                                                       Back to TOC


Many large organizations are already invested
in server virtualization technology and reaping
the benefits of improved resource utilization and
simpler management.
                                                       Given a short
     Consider newspaper giant Gannett.“Our         deadline to get the chat system live, Nelson       realize it comes with increased security
general philosophy when deploying new              said he was in no position to put new servers      risks. Experts say a mix of firewalls, intrusion-
applications is to virtualize them unless          and storage in place, turned to a hosting          detection and sound thinking about policies
the application owner or the vendor we             company called Joyent that offered virtual         and partitions are key to safeguarding
purchase them from has a good reason not           server zones and virtual storage.“We said          virtualized resources.
to,” says Eric Kuzmack, IT architect at Gannett.   to Joyent,‘We need 30 machines; 10 in a                Before virtualization can even get off the
     While other companies are encouraged          development cluster and two more gangs of          ground at an organization, certain manage-
by these and other success stories, they still     10 as big chat clusters.’ And so the MLB chat      ment issues also need to be addressed. For
have questions about everything from secu-         client was basically turned up in a couple         example, companies need to figure out
rity to vendor selection. Industry watchers        of days vs. a month or two that it would have      whether staff has the skills to run virtual-
say organizations are wise to approach             taken us to get somebody to ship and install       ized machines. What’s more, political issues
virtualization with eyes wide open, but they       all these machines.”                               need to be confronted, such as whether
say the technology is going to be the way to           MLB Advanced Media is adopting virtual-        different departments are willing to share
go so you might as well get going.                 ization in its new data center as well, and is     server resources. Organizations also need to
     Forrester Research has found that             high on its security capabilities.“If there’s a    determine whether the applications they rely
more than a third of IT shops have already         security [breach], all they’ve broken into is      on most support virtualization.
implemented x86 server virtualization,             one virtual machine,” Nelson says.“Even if a           Of course, not all the onus for tackling
though some are still at the experimental          machine has just one service running on it,        these issues falls on IT.Vendors, such as
stage and many are holding back on using           say one Web server, that’s running in a virtual-   those that make management products, are
it for critical applications.Venture capitalists   ized container. Should the day come when I         upgrading their products to help simplify
are looking for those numbers to rise and          need to move that service to another piece         operation of virtual network environments.
are still placing bets on start-ups building       of hardware, I can just move the container.        What’s more, new companies and open
virtualization technologies.                       My pain point is really low.”                      source projects seem to be popping up daily
     “Virtualization is already hot and it’s           Not that virtualization is a management        to help address some of the shortcomings
going to get hotter,” says Paul Maeder,            or security panacea.                               identified by early adopters.
founding partner with Highland Capital                 Gartner Vice President Neal MacDonald              This Executive Guide addresses basic and
Partners.“It’s going to pop up in a lot of         says “virtualization, as with any emerging         advanced questions about virtualization,
places, but ultimately it all amounts to the       technology, will be the target of new security     examines the status of the market and zeroes
same thing; taking something that’s currently      threats.”                                          in on security. Case studies of early adopters
uncontrollable, labor-intensive and vulner-            John Debenedette, vice president of            help put it all in perspective.
able to security breaches and making it safe       IT at e-commerce logistics provider and
and more economical to operate.”                   virtualization veteran Inttra, says hypervisors,
     Ryan Nelson, director of operations           the layer between the operating systems and
for professional baseball’s MLB Advanced           hardware, could be particularly vulnerable.
Media, is a relative newcomer to virtualiza-           “You can follow best practices on all of
tion but has already seen the technology           your virtual machines,” he says.“But at the
work its magic in supporting an online chat        end of the day, you’re putting a lot of trust in
system his organization scrambled to get           the virtual-machine platform layer itself.”
up and running in time for the 2007 playoff            About a third of 707 Network World
season.                                            readers asked about virtualization said they

                                                             Sponsored by APC
                                                                                                       EXECUTIVE GUIDE
                                                                                                             Back to TOC

VIrTUalIzaTIon                                                                           rEalITy ChECk
Section 1
Exploiting Virtualization

10 questions to test your virtualization
Before diving into server, operating systems, application and
desktop virtualization, industry analyst group suggests asking
critical questions
n	 By Denise Dubie

Virtualization appeals to IT                      writes.“Virtualization should not be rushed.
executives looking to maximize                    It is a long-term opportunity, and enterprises
                                                  that approach virtualization carefully as
data-center operations, but they                  a strategy, not just a project, will be better
must ask themselves 10 difficult                  positioned to benefit in the long run.”
questions before rolling virtual-                      Here is a rundown of the key questions
ization out to successfully adopt                 to ask before embarking on an enter-
                                                  prisewide virtualization project.
the technology, industry watch-
                                                       1. Do you have the skills to support virtu-
ers say.                                          alization? EMA ranks the lack of “appropriate
    Enterprise Management Associates has          skills” as potentially the biggest barrier to
released its collection of “Top 10 questions      successful virtualization deployments. The
to ask before any virtualization project.”        research firm says about three-quarters of
According to EMA senior analyst Andi Mann,        enterprise companies that don’t yet have
the list starts with the basics around existing   virtualization in place believe they don’t
skill sets and quickly moves on to technical      have the skills to support the technology.
hurdles of which every IT organization            EMA recommends training staff before the
should be aware. The benefits of abstracting      technology is adopted, determining require-
software away from hardware to create a           ments, documenting expected changes and
flexible, dynamic environment are compel-         performing pilots of virtualization tech-
ling, but successful adoption depends on          nology in small sample environments.
having the right skills, security and manage-          2. Are you ready for the politics virtualiza-
ment tools and business drivers in place.         tion could introduce? The second pitfall is
    “In some cases, the technology is not         also related to the human element. Because
ready, or the returns will not be sufficient,     IT departments have existed in siloed
to embark on such a major change in               groups for years, IT executives could face
technology, architecture and process,” Mann       pushback in their efforts to win mainstream

                                                             Sponsored by APC
                                                                                                                        EXECUTIVE GUIDE
                                                                                                                                  Back to TOC

Section 1: Exploiting Virtualization • • •

acceptance of virtualization         and disaster-recovery plans at       tion. For instance, EMA cites         ported and which might require
technology, EMA says. For            all stages of the virtualization     applications with “highly             them to upgrade before rolling
instance, some groups may not        project.                             efficient usage, severe require-      out virtualization.
wish to share server resources,          4. How will your security sys-   ment spikes or continuously                8. Can your network support
and for that reason, EMA             tems hold up? Virtualization can     high utilization of any resource.”    virtualization? Network and
recommends organizations put         introduce more security holes,       Also applications that interact       storage can represent potential
in reporting tools to show how       more forms of malware and            directly with hardware will also      bottlenecks for virtualization
virtualization is either helping     more vulnerabilities than many       stall a virtualization project, the   in the data center. For instance,
performance or at the least not      organizations are prepared to        research firm says.                   virtualization technologies
hurting departments by sharing       tackle -- mostly because today’s         6. Do you have a capacity-        that focus on the user, such as
resources among them.                technology isn’t yet equipped to     planning discipline? Virtual          application or desktop virtualiza-
                                                                                                                 tion or application streaming,
                                                                                                                 don’t work well over low-
   Figuring them out                                                                                             bandwidth connections, EMA
                                                                                                                 says. Enterprise IT managers
   How would you describe the typical pricing structures of leading enterprise                                   can try to address network
   network companies?                                                                                            and storage limitations with
                                                                                                                 WAN-optimization technologies
             Very clear              3%                                                                          or by limiting the proliferation
                                                                                                                 of images.
         Usually clear                                                    36%                                         9. Can your management
                                                                                                                 systems handle virtual environ-
   Usually confusing                                                                                55%
                                                                                                                 ments? While virtualization
       Very confusing                     7%      Total % adds up to 101% due to rounding.                       reduces the number of
                                                  Based on Network World survey of 917 readers.                  physical resources to manage,
                                                                                                                 it increases the complexity of
                                                                                                                 the overall environment and
                                                                                                                 introduces management issues
                                                                                                                 that that could challenge some
    3. Have you considered and       deal with the new threats. Such      server sprawl is a common             IT managers. For instance, the
can you accept the risks? Virtual-   security issues as hypervisor        result of virtualization deploy-      ease of deployment leads to a
ization technology reduces the       infections, rootkit viruses and      ments outgrowing their existing       proliferation of virtual machines,
amount of physical resources         malicious virtual machines           capacity. EMA recommends              or virtual server sprawl, which
needed to support multiple           can “be virtually undetectable       IT organizations use detailed         makes management expo-
systems and applications. But at     with current tools,” EMA says. IT    capacity-planning measures to         nentially more difficult. Also
the same time, it “concentrates      executives must secure virtual       make sure they have sufficient        the added layer of software
more users and applications          machines as the do physical          hardware and software resources       increases the complexity of man-
on fewer, more complex, shared       machines, and take extra steps to    to support their virtualization       aging the entire environment,
virtual environments,” the EMA       ensure the virtual environment       implementation and make sure          EMA says.“Until management
report reads, and because of that,   is locked down.“Technology           it doesn’t get out of control.        tools catch up with virtualiza-
“the impact of hardware failure,     and disciplines for discovery,           7. Is there support for your      tion, the key to success is having
human errors, security breaches,     configuration, change manage-        environments? While many              not just tools, but also strong
planning problems, support           ment and more become critical        popular, packaged applications        process disciplines for discovery,
issues and more are vastly           to detecting virtual malware,” the   support virtualization, many          performance management,
magnified in a virtual environ-      report reads.                        applications do not, EMA says.        configuration management,
ment.” Among its suggestions, the        5. Do you have compatible        The research group recom-             patch management, service-level
research group recommends            systems and applications? Some       mends IT shops investigate            management, provisioning,
enterprise companies develop         applications and systems do          which of their software and           disaster recovery” and more, the
detailed business continuity         not mesh well with virtualiza-       hardware platforms are sup-           report reads.

                                                            Sponsored by APC
                                                                                                                EXECUTIVE GUIDE
                                                                                                                      Back to TOC

Section 1: Exploiting Virtualization • • •

    Finding a bargain
    Where do you turn first for a bargain on enterprise network products?
            Vendors I
      already have a
    relationship with                                                                                     63%
                resellers                       14%
                      eBay                9%
            Equipment                     9%
                   others            5%             Based on a Network World survey of 917 readers.


    10. Does virtualization help     mends IT managers plan for             the least expected outcomes.
you address business objectives?     long-term strategic results and        Despite the touted cost benefits
Perhaps the “most overlooked         not use virtualization as a quick      of server consolidation, for
factor in the rush to virtualiza-    fix for a pressing pain point. For     example, it delivers only one-off
tion” is aligning the technology     instance, while many organiza-         cost savings, and the additional
implementation with specific         tions may consider cost savings        costs -- especially of software
business goals, EMA says.            a result of virtualization, EMA        -- are often considerable,” the
To measure the success of a          reports that is not often the case.    report reads.
virtualization rollout, enterprise        “Overall, cost savings is not
IT shops must first know their       always the most likely outcome
desired results before deploying     -- in fact, reduced costs (software,
the technology. EMA recom-           hardware and floor space) are

                                                             Sponsored by APC
                                               SPECIAL FOCUS: VIRTUALIZATION EXECUTIVE GUIDE
                                                                                                                                 Back to TOC

Section 1: Exploiting Virtualization • • •
                                                  How to keep virtual test e
                                                  Using virtualization for testing reduces costs and saves
How to keep virtual test environments in check    By DEnISE DUBIE                                                                                  argue the

                                                                                                                                                   test labs h
                                                       irtual server technologies used in preproduction environments                               of these
Using virtualization for testing reduces costs and saves money, but
                                                       promise cost, time and labor savings, yet the same tools left                                 “It is im
                                                                                                                                                   testing, a
                                                       unchecked can result in complex configurations, wasted
environments need to be managed or they can run amuck
                                                  resources and management nightmares for IT staff.                                                nation b
                                                                                                                                                   tual reso
n    By Denise Dubie                                Virtualization removes the physical server virtualization helps his team test software         pal analy

                                                  constraints of test environments and enables without requiring the build of a new operat-          To help
                                                  sharing of resources among IT staff to make ing system or cluttering a developer’s work-         testing r
                                                  test work easier, but its use needs to be care- station with another piece of software. He       ment ven
Virtual server technologies used in preproduction environments prom- has 55 test and IT needs a comprehensive
                                                  fully controlled,industry analysts and IT pro-   when testing, stage, or sandbox, virtual        new tool
ise cost, time and labor savings, yet the same tools left unchecked machines (VM) ensure proper
                                                  fessionals say.                                  management approach                               Vendor
                                                     wasted resources and manage- “Sandboxes are basic VMs where we test
can result in complex configurations,“One of the pitfalls of using virtualization coordination between physical machines                           VMware)
                                                  in test environments is the proliferation of and evaluate various software offerings with- a
                                                                                                   and virtual resources,” says Melinda Ballou,    have em
ment nightmares for IT staff.                     images, especially when testing multiple out expectation. Ifat IDC. to try out some-
                                                                                                   principal analyst we want                       products
                                                  configurations across different operating sys- thing new,run a beta version or just play with
    Virtualization removes the physical server their use of virtualization for testing across          To help IT managers gain control of their   compan
                                                  tems,” says Carey Schwaber, a senior analyst a new idea, we roll out a sandbox VM,”              quickly b
constraints of test environments and enables the enterprise. Different IT groups wind              testing resources, virtual test lab manage-
                                                  at Forrester Research.“There has to be a real Antonowicz says.                                   ronment
sharing of resources among IT staff to make       effort around controlling this of virtual
                                                 up operating their own pockets environment        ment vendors have been coming out witha
                                                                                                    Using virtualization in such a way — as        features t
test work easier, but its use needs to be        servers that aren’t always properly managed       new tools.
                                                  with policies to prevent the environment tactical tool for testing — is common. But              ture con
carefully controlled, industry analysts and IT   or decommissioned. Industry watchers argue most IT organizations haven’t standardized
                                                  from growing too much or becoming                    Vendors such as Akimbi (acquired by         libraries
professionals say.                               the benefits of using virtualization in test
                                                  unused resources.”                               VMware), CollabNet,VMLogix and Surgient
                                                                                                  their use of virtualization for testing across     For ins
    “One of the pitfalls of using virtualization labs have yet to be fully realized because of     have emerged in the past groups wind
                                                                                                  the enterprise. Different ITtwo years with up    now VMw
in test environments is the proliferation of      Avoiding test-server
                                                 these inconsistencies. sprawl                     products their own pockets of virtual
                                                                                                  operating aimed squarely at those enterprise     build a s
images, especially when testing multiple             “It important to systems engineer at servers that aren’t always server tools to
                                                    Timis Antonowicz, have consistency             companies using virtual properly managed        mate the
                                                  Bowdoin College in Brunswick, Maine, says or decommissioned. Industry watchers                   environm
configurations across different operating
systems,” says Carey Schwaber, a senior                                                                                                            for enter
analyst at Forrester Research.“There has                                                                                                           test infra
to be a real effort around controlling this
environment with policies to prevent the
                                                    Maintaining virtual labs                                                                       automate
                                                                                                                                                   plex test
environment from growing too much or                Virtualization players offer tools to help enterprise companies prevent                          IT staff
becoming unused resources.”                         their virtual labs from becoming a test bed for chaos and unnecessary                          Louis, Mo
                                                    complexity.                                                                                    when the
avoiding test-server sprawl                                                                                                                        ing 24,00
                                                     Vendor: CollabNet                             Vendor: VMLogix                                 would dr
    Tim Antonowicz, systems engineer at                                                                                                            ing the d
Bowdoin College in Brunswick, Maine, says            Product: CUBIT                                Product: LabManager
                                                                                                                                                     “We h
virtualization helps his team test software          Features: Provides a centralized vir-         Features: Allocates infrastructure,             involves
without requiring the build of a new                 tualization platform that reduces             provisions operating systems, sets              being up
operating system or cluttering a developer’s         build and test infrastructure costs by        up software stacks and packages,                and the
workstation with another piece of software.          50%.                                          installs development and testing                multiple
He has 55 test stage, or sandbox, virtual                                                          tools, and downloads required scripts           speed,” sa
                                                     Vendor: Surgient                                                                              engineer
machines (VM) running.                                                                             and data for automated job execution
                                                     Product: Virtual QA/Test Lab                                                                  stations,
    “Sandboxes are basic VMs where we                                                              or manual testing.                              intensive
                                                     Management System (VQTS)
test and evaluate various software offerings                                                       Vendor: VMware                                  to follow
without expectation. If we want to try out           Features: Accelerates testing and                                                               While
                                                     application delivery by consolidating         Product: Lab Manager
something new, run a beta version or just                                                                                                          was the o
play with a new idea, we roll out a sandbox          infrastructure and automating the             Features: Automates the setup,                  desktop
VM,” Antonowicz says.                                setup of complex test environments            capture, storage and sharing of                 needed h
    Using virtualization in such a way — as          on-demand                                     multi-machine system configurations             Rather th
                                                                                                   and allows information to be shared.            cally me
a tactical tool for testing — is common. But
most IT organizations haven’t standardized

                                               says Surgient enables his team to automate the   a short turnaround time and aggressive rollout Virtual
                                                           Sponsored by APC
                                               process of creating multiple configurations in
                                               the test lab and change those configurations
                                                                                                schedule. There is no way we could do this       Still, v
                                                                                                without an automated way to test and deploy be eno
                                               based on the user workstation environment.       these applications,” Boresi says.             8 going a
                                                 “We currently support 600 applications, have                                                   define
                                                                                                                    EXECUTIVE GUIDE
                                                                                                                          Back to TOC

Section 1: Exploiting Virtualization • • •

quickly build up and tear down        member physically meet with            testing only. And unless your
testing environments. The prod-       each desktop owner to deter-           production environment is also
ucts include automated features       mine application requirements,         virtualized, it shouldn’t be used
that track virtual machines and       Boresi says Surgient enables his       in performance testing,” he says.
capture configuration data to be      team to automate the process of            Others agree that perfor-
stored in libraries for future use.   creating multiple configurations       mance testing, such as that for
    For instance, Akimbi’s            in the test lab and change those       application load and availability,
Slingshot product, now                configurations based on the user       is not suited for virtual test labs.
VMware’s Lab Manager, lets IT         workstation environment.                   “You can’t ramp up the
managers build a software test            “We currently support 600          number of concurrent users to
infrastructure to automate the        applications, have a short             see how well the application
setup and teardown of multiple        turnaround time and aggressive         will perform under of a load
VM environments. Surgient’s           rollout schedule. There is no          of say 10,000 concurrent users.
Virtual QA/Test Lab Management        way we could do this without           Virtual machines do share some
System speeds the test process        an automated way to test and           resources with the physical
for enterprise IT managers by         deploy these applications,”            machine, no matter how few, that
consolidating test infrastructure     Boresi says.                           would cause those types of per-
and making it possible to auto-                                              formance tests to be in accurate,”
mate the setup and teardown of        Virtual lab limitations                Forrester’s Schwaber says.
complex test configurations on            Still, virtual test lab manage-        Gary Chen, senior analyst
demand.                               ment tools won’t be enough             at Yankee Group, says he
    IT staff at Sisters of Mercy      to stop the environments from          encourages clients to adopt
Healthcare in St. Louis, Mo.,         going awry, some say. IT organiza-     virtualization for test environ-
turned to VMware and Surgient         tions need to define what can          ments because “if they do, their
when they realized the prospect       be tested, approach it with best       lives will get much easier and
of upgrading 24,000 desktops          practices and ensure anything          they will get more testing for
for a workstation refresh would       tested on the VMs also is run          less money.” But he also warns IT
drain staff resources without         in tests on physical machines          professionals not to fall victim
delivering the desired results.       before hitting production.             to the promise of virtualization
    “We had a desktop refresh             With that in mind, Sister’s        without heeding some simple
cycle that involves all the com-      of Mercy Healthcare uses a             advice.
puters in the enterprise being        virtual environment for one of             “No one should rely fully on
upgrade to the same operating         three stages of tests and always       a virtual environment for testing.
system and the same lockdown          completes a test run on physical       Physical testing is still a must,”
strategy. We had multiple             machines before going live.            Chen says.
environments we had to bring              “We deploy an application
up to speed,” says Brian Boresi,      package to production worksta-
manager of client engineering.        tions in a pilot stage prior to
“Doing that across 24,000             going live. This way we make
workstations, to say the least, is    sure the software meets all the
labor- and time-intensive, too        requirements and doesn’t hit
much for us because we have to        any snags specific to a physical
follow a very rapid deployment        machine and performs as
schedule.”                            expected,” Neubauer says.
    While the IT team realized            Edward Christensen, director
virtualization was the only           of technical operations at Cars.
realistic option for such a large     com in Chicago, say he refrains
desktop rollout, Boresi says          from load or performance
he knew they needed help              testing in the virtual test environ-
managing the test lab as well.        ment.“We limit our virtualization
Rather than have an IT staff          to functional and integration

                                                              Sponsored by APC
                                                                                                                          EXECUTIVE GUIDE
                                                                                                                                    Back to TOC

Section 1: Exploiting Virtualization • • •

Variations on a virtualization theme
Which strategy is right for your data center: consolidation,
clusters or grids?
n   By Phil Hochmuth

To virtualize or not to virtualize -- that is no longer the question when                            software patches, according to Steve Womer,
                                                                                                     senior IT architect at Nationwide Insurance.
it comes to deploying Linux in the data center. Today, the question is                                    “Let’s say it takes you 45 minutes per
which virtualization approach to take.                                                               server to apply patches and software fixes, to
                                                                                                     reboot them and get them back up,”Womer
   One option is to junk dozens, or hun-            is now a push to pare down the amount of         says.“Forty five minutes, with 418 servers
dreds, of stand-alone server boxes and              “pizza box” hardware.                            - that’s 315 man-hours. I’ve got eight people
consolidate virtualized Linux server images             “Customers who run a data center             to do all this. That’s a long time.”
onto a few large hosts. Another is to buy           with 50 or 100 physical servers may need              Womer uses a single shared-root file
hundreds of new Linux machines and tie              500 or 1,000 of those machines someday,”         system, which the 418 servers share, running
them together as a single, virtual system via       says Kevin Lehay, director of virtualization     on top of the IBM z/VM virtualization layer
clustering or grid technology.                      at IBM.“How do you manage all of that            of the mainframe.“If you only have one root,
   “Linux is the strongest example of an            environment? That’s where the scale-up           it’s only two man-hours to patch the copy
operating system that runs on almost any            environment takes advantage of that.”            of the shared read-only root, then you start
hardware you can think of, and almost any               The drivers behind the scale-up model        rolling it through.”
deployment scenario you can think of,” says         include the ability to manage and provision
Jean Bozman, research vice president with           servers more easily, with virtualized servers    hype over hypervisors
IDC’s Enterprise Server Group.“The style            all running inside one box. Cost savings on         Several key Linux kernel and system-tool
of a virtualized Linux deployment you use           power consumption of one large machine,          advancements over the last several years are
depends who you are and what problems               vs. hundreds of single-rack-unit boxes, can be   helping these virtualized data-centers-in-a-
you’re trying to solve. Clusters, grids, virtual-   significant. A recent study by Gartner found     box and grid-style deployments to evolve.
ized servers are all possible from the basic
building blocks of Linux.”

Scale up with consolidation
    The trendy data-center virtualization             “Forty five minutes, with 418 servers - that’s 315 man-hours. I’ve got
scheme among Linux users is server con-                           eight people to do all this. That’s a long time.”
solidation, which aims to address a problem
that has roots in the economic downturn of
2001 to 2003, when cash-strapped enterprises
started favoring smaller servers over larger        that the cost of energy in data centers is in       “The introduction of hypervisor tech-
ones, Bozman says.                                  some cases almost equal to the cost of the       nology you might say is the single-most
    “Over that time, there was a proliferation      server hardware itself.                          important virtualization advancement over
of volume servers, the likes of which has              For Nationwide Insurance, consolidation       the past five years,” says Justin Steinman,
never been seen,” he says. Before 2001, Linux       of 416 Linux servers onto a single Big Iron      Novell’s director of product marketing for
server shipments were around 3 million              box means less walking around and pushing        Linux and open source.
to 4 million units per year. Now they top 7         buttons. This is not insignificant when             The hypervisor is a software layer that sits
million. For customers who built out data           considering wide-scale server maintenance,       between the guest operating system and the
centers using hundreds of machines, there           such as applying Linux kernel or application     physical server.“The best way to think of it is

                                                             Sponsored by APC
                                                                                                                            EXECUTIVE GUIDE
                                                                                                                                      Back to TOC

Section 1: Exploiting Virtualization • • •

as the traffic cop,” Steinman says.   do you make sure all those           says.“Clustering was one of the          written in-house, which distrib-
The software controls the dif-        processors are the exact same        earliest forms of virtualization, in     utes rendering jobs to the 40
ferent operating systems that are     operating system with the exact      the sense that when an applica-          machines.“Users don’t interact
running on a virtualized server       same patch, with all the different   tion is cluster-aware, it views all      with individual nodes,” Ashton
and manages the flow of the           tweaks there? If one box is out      of the attached server nodes             says.“They just submit jobs, and
hardware resources, such as I/O,      of sync, it could bring the whole    as being resources that it can           the queue management software
storage, and processor use and        system down.”                        use, as if it were on a big SMP          takes care of it.”
memory access. Open source                Tweaks in the Linux kernel       [symmetric multiprocessing]                  CIS has used a clustered,
and vendor-specific products          over the last few years also         machine.’’                               virtual rendering system for
in this area include Xen’s open       have expanded possibilities for           Users of large, high-powered        more than four years as a way
source virtualization technology,     distributed, virtualized Linux.      Linux cluster systems say the            to process the work of its artists
IBM’s z/VM and VMware’s ESX               “Some of the advancements        mix of proprietary virtualization        more quickly and inexpensively.
Server.                               inside of Linux that have helped     management software, along               Ashton says nodes in the cluster
    Virtualization via a hypervisor   this stuff are improvement in        with low-cost hardware and               -- dual-processor AMD Opteron
layer is called paravirtualization,   scalability and performance,”        free Linux, are opening up the           boxes with 4GB of memory --
Steinman says, as opposed to          Steinman says. Linux software        processing-power floodgates.             cost about $4,000 each. CIS’ large
standard VMware-style virtualiza-     can now scale to 10TB of                  CIS Hollywood is a                  SMP Linux machines -- four-pro-
tion, in which a guest operating      memory across a grid or cluster,     digital special-effects house            cessor, dual-core machines with
system runs inside a host,            and as many as 1,024 processors.     that produced digital images             32GB of memory -- cost between
without any knowledge of the          “That’s an advantage where the       for “Pirates of the Caribbean,”          $30,000 and $40,000 each. The
host system. Novell’s SUSE Linux      open source technology has           the fantasy epic “Eragon” and            cost savings on a per-node basis
Enterprise Server 10 has a Xen        improved to enable that.You          the most recent “X-Men” movie            is between $2,000 and $3,000
hypervisor built into the Linux       could go out this afternoon and      sequel, among dozens of other            when scaling the system out, as
distribution, and Red Hat’s forth-    download the code and find           movies. Much of CIS Hollywood’s          opposed to up, he says.
coming update to its Enterprise       the exact code tweak that was        rendering work -- in which large             PayPal, the online payment
Linux Server also will have this      made to implement that kind of       computer files are processed             system owned by eBay, uses
virtualization piece built in.        advancement.”                        and crunched down into a                 thousands of Linux machines to
    “You need to put software             Linux virtualization also is     viewable digital movie format            run its Web presence. The Web
drivers [in the guest Linux           being used to consolidate Win-       -- is done on a cluster of 40 Linux      company replicates a single
systems] to make them aware           dows servers in some IT shops.       PCs, running the free 64-bit             Linux/Apache image, bundled
that they’re being virtualized,” he   Success Apparel, a children’s        version of the CentOS Linux              with its own transaction software,
says. This enables the virtualized    clothing company in New York,        distribution, which are managed          across these servers that appear
Linux systems to use processor        has boiled down its 17 separate      by software from Linux Networx.          as a single system to customers.
resources more efficiently. Other-    Windows servers to nine servers           “The big key with Linux
wise, the systems would compete       running SUSE Enterprise Linux,       Networx is manageability,” says              “Rather than have a mono-
for resources, with the software      VMware and virtual Windows           Matt Ashton, systems manager             lithic box, we just have so many
functioning as if running on a        instances on top.                    for CIS Hollywood.“Instead of            [nodes] that the breakages
weak hardware system.                     The move “has reduced oper-      having to maintain individual            are irrelevant,” says Matthew
    In clustering and distributed     ating expenses by 25% while          nodes -- which can be done with          Mengerink, vice president of
computing, some of the impor-         allowing our IT staff to concen-     a variety of scripts -- they’ve got      core technologies for PayPal.
tant advances have happened           trate on other projects,” says       all of that all set up to go. I can          However, few enterprises
inside the Linux kernel, as well      Steven Golub, the company’s IT       update all 40 machines with a            need the kind of computing
as with system and manage-            manager.                             few mouse clicks without having          power of a CIS Hollywood, or
ment tools offered by vendors                                              to do it by hand.”                       the scale of a global payment
to harness and control dozens,        Scale out with clustering                 To CIS’ users -- artists, graphic   system, such as PayPal’s.
hundreds or thousands of Linux-          “It’s funny with all the          designers and computer                       Google is another example
based processors.                     excitement about virtualization,     technicians -- the Linux cluster         of the scale-out model, Steinman
    “That’s a challenge for           people have sort of almost           appears as one large virtual             says. Its search engine runs on
high-performance computing            forgotten that clustering is a       machine. Fronting the cluster            thousands of distributed Linux
users,” Steinman says.“How            form of virtualization,” Bozman      is a scheduling application              computers, which provide its

                                                            Sponsored by APC
                                                                                EXECUTIVE GUIDE
                                                                                      Back to TOC

Section 1: Exploiting Virtualization • • •

signature fast, accurate search     often sit idle during the hours
results.“But will an enterprise     when the markets are closed.
run its SAP platform on that            “Some people would like
model?” Steinman asks.“Prob-        to have a series of distributed
ably not.”                          resources, the kind of work you
                                    used to do on a mainframe,”
Griddy up                           IDC’s Bozman says.“This is a
    However, this does not          work in progress, but clearly
preclude the use of distributed,    people would like to do that.”
virtualized computing in                Whether Linux users deploy
enterprises.                        virtualization in a consolidated
    “Businesses tend to use [a      deployment, or in clustered
distributed Linux] model in         applications or grids, Bozman
certain specialized enterprise      says there’s a common thread
applications, such as actuary or    shared among trends.
risk management applications,”          “It’s like back to the future.
IBM’s Leahy says.“You could         What we’re doing is reinventing
build a stand-alone environ-        the economics of computing,
ment, which could deliver these     but we still want the same
processes in minutes or hours,      results that we had before” in
but it would be pretty expensive    the mainframe and large-system
and dedicated to one thing.”        days -- “lots of reliability and lots
This single-purpose system also     of availability and utilization.
would remain idle most of the       But we’re doing it today at lower
time, he adds.                      price points than we did in the
    This is popular in Wall Steet   early ‘90s.”
firms, where trading desks have
very powerful workstations that

                                                             Sponsored by APC
                                                                                                                      EXECUTIVE GUIDE
                                                                                                                                Back to TOC

Section 2
                                                                                     rEalITy ChECk
Market Insights
Server virtualization in two-thirds of
enterprises by ’09, Forrester predicts
IBM, HP, Microsoft urged to upgrade virtualization tools
n   By Jon Brodkin

More than a third of enterprise IT shops have implemented x86                                      workloads, according to Gillett. Machine
server virtualization, and nearly two-thirds expect to do so by 2009,                              sharing isn’t that necessary if a machine is
Forrester Research finds in a survey.                                                              already busy, and portability might not be
                                                                                                   compelling when there are few other servers
    IT departments already using virtualiza-      says report lead author Frank Gillett. But the   a workload can be moved to.
tion have virtualized 24% of servers, and that    survey results “show the power and popu-
number is expected to grow to 45% by 2009.        larity of the idea … and demonstrates there
    Vendors need to get busy upgrading            is significant intent to increase usage.”
virtualization products, because many enter-          The latest report finds that 37% of IT
prises have been using the technology for         departments have virtualized servers already,
two years or more and are ready to expand         and another 13% plan to do so by July 2008.
usage, Forrester reports.                         An additional 15% think they will virtualize
    “BMC Software, IBM Tivoli, HP Software,       x86 servers by 2009.
and Microsoft must repackage their offerings          As enterprises gain a couple years experi-
to create immediate tactical value by adding      ence with virtualization, they will move
or buying tools for virtualization environ-       from tactical, experimental approaches to
ment tasks, such as converting between            strategic IT infrastructure initiatives that
physical and virtual servers and rapidly          might involve upgrading servers, storage,
updating virtual server configurations,”          networks and systems management.
Forrester states.                                     But virtualization isn’t close to being
    The Forrester report -- “x86 virtualization   universally adopted throughout enterprises,
adopters hit the tipping point” -- was released   Gillett says. IT executives typically aren’t
Friday and is based on a survey of 275            using the technology for critical applica-
enterprise server decision-makers.                tions, or platforms like grid computing and
    Previous Forrester research actually          supercomputing, he says.
showed higher adoption of server virtu-               “Virtualization is working its way [up]
alization, with 50% of IT shops using the         from things where people are less uptight
technology in production and pilots in 2006.      about performance,” he says.
    Estimates tend to be “all over the map,”          Virtualization is primarily about sharing
and IT executives are sometimes too               machines and portability, but these may not
optimistic about predictions of future use,       be compelling reasons to virtualize critical

                                                            Sponsored by APC
                                                                                                                           EXECUTIVE GUIDE
                                                                                                                                     Back to TOC

Section 2: Market Insights • • •

Virtualization still hot, death of antivirus
software imminent, VC says
Highland Capital Partners founder also expects to see the
ability to bypass wireless networks in 2008
    By Cara Garretson


In 2008, investments in start-ups that target consumers are expected                                   overnight, Maeder adds, but will slowly fade
to remain significantly hotter than those in companies building                                        into the background as enterprises embrace
                                                                                                       this new model.“Ultimately it’s the enterprise
enterprise wares, as has been the case for the last few years. However,                                buyers who are going to decide what the
there are a few areas in corporate IT that should see some significant                                 structure of the industry is, and they decide
interest, according to Paul Maeder, founding partner with venture                                      that through their buying habits,” he says.
capital firm Highland Capital Partners.                                                                    A third trend predicted for 2008 by
                                                                                                       Maeder is the ability to work around closed
   One of these is virtualization.                      Another trend Maeder predicts for 2008         wireless networks, much like Skype opened
   “Virtualization across the board is             is, at long last, the death of antivirus software   up the opportunity to bypass wired net-
already hot, and it’s going to get hotter,” says   and other security products that allow              works.
Maeder. Once applied mainly to servers in          employees to install and download any                   “Carriers so far have a hegemony of
the data center, this technique will find more     programs they’d like onto their PCs, and then       closed systems; they decide what applica-
applications as enterprises look to get their      attempt to weed out the malicious code.             tions go on a phone and what comes over
arms around unruly IT systems.“It’s getting        Instead, products that protect endpoints            the airwaves. That has resulted in very slow
more segmented, it’s going to pop up in a lot      by only allowing IT-approved code to be             innovation, versus the rate of innovation on
of places, but ultimately it all amounts to the    installed will become the norm.                     the open Internet,” he says.“I think entre-
same thing; taking something that’s currently           “There are much better approaches to           preneurs are going to find ways to bypass
uncontrollable, labor-intensive and vulner-        dealing with external threats, and those            that, and once they do there’s going to be
able to security breaches and making it safe       approaches are going to take over,” he says.        enormous innovation.”
and more economical to operate.”                        Antivirus products won’t disappear

Data center managers see green, battle
virtualization hangovers in ‘08
It’s time to face the challenges of managing virtual environ-
ments and adopting green computing practices
n   By Denise Dubie

Data center managers who championed virtualization and green                                              As projects move beyond the planning
                                                                                                       phase in 2008 into broader deployment, data
computing in 2007 now face the task of delivering the benefits they                                    centers managers will need to evaluate how
promised -- something industry watchers say will be no small feat.                                     they’re going to manage and support the

                                                             Sponsored by APC
                                                                                                                          EXECUTIVE GUIDE
                                                                                                                                    Back to TOC

Section 2: Market Insights • • •
new technologies without overhauling their          tools, so industry watchers say vendors will     sultancy Forsythe Technology, the amount
entire infrastructure.                              have to work to cover more platforms and         of power that data centers consume has
    “Virtualization and green computing will        develop standards to help customers manage       doubled in the past five years and it is pro-
flip-flop for a while, because they represent       heterogeneous environments.                      jected to double again in five years. Because
challenges beyond what they are said to                 “A big debate in 2008 will be around         the data center consumes a significant
do,” says Robert Whiteley, senior analyst at        how to put hooks into management tools           amount of the resources from facilities, many
Forrester Research.“We will see a bit of a vir-     from the multiple virtual resources, and data    will be looking to IT to be more cost-effec-
tualization hangover at first because while a       center automation will become even more          tive and conserve energy.
lot of people have embraced the technology          critical,”Whiteley adds.                             “When people think about how they
and seen some success on x86 servers,                   Indeed, data center managers are looking     can save money and lower operating costs,
virtualization forces IT to look differently at     for vendors to provide more automation           unfortunately the big changes from the facili-
managing an environment. And the greening           capabilities to their tools. With the volume     ties side -- such as replacing an electrical or
of IT, that is going to be a challenge because      of servers increasing exponentially due to       mechanical system -- are extremely expen-
a lot of companies don’t have a full grasp on       virtualization, systems administrators will      sive and introduce significantly more risk,”
what it is yet.”                                    not be able to keep up-to-date server and        Harris says.“So companies will be looking to
                                                    application configuration records or track       IT to make changes such as consolidation,
Managing more than VMware                           change manually. Acquisitions such as HP’s       virtualization and optimization to lower
    To start, virtual server management tech-       Opsware buy and BMC’s RealOps purchase           costs and do so without causing major
nology will become more critical as VMware          could help these vendors get ahead of            outages.”
faces competition in the hypervisor market          competition looking to not only manage               For IT, that means finding ways to
that until now included few players.                but also provide automation in virtual data      reduce their power consumption -- but not
    With Citrix (considering its XenSource          center environments.                             necessarily because they care about the
buy), Microsoft, Oracle and Sun all having              “The noise I am hearing the most around      environment. Forrester’s Staten says in 2008
plans for virtualization, data center managers      data centers involves managing virtual           data center managers will be tasked with
will for the first time “face islands of hypervi-   servers and automation. IT has gotten to the     “energy auditing,” which involves under-
sors within their IT shops,” which will have        point where it absolutely needs to control       standing the entire power path from the
to be managed as a cohesive whole to truly          the configurations of multiple systems and       utility to the CPU. While vendors will paint
cash in on the benefits of the technology,          has no reasonable means to do so without         such efforts as green computing, companies
says James Staten, principal analyst at             considerable automation,” says Jasmine           are more looking to cut costs.
Forrester Research. Hypervisor providers and        Noel, a principal analyst at Ptak, Noel and          “Being green is not the main driver for
management vendors alike will be working            Associates.                                      trying to conserve power. It’s a cost-driven
to deliver the platform on which multivendor                                                         measure for IT,” he says.
virtual servers can be managed. For instance,       It’s not easy going green                            One way to start cutting costs is with
VMware acquired virtual server manage-                 Just as virtualization is no slam dunk,       products that shut off unused workstations
ment software maker Dunes Technologies in           neither is green computing. Industry             or limit power consumed by servers. For
2007.                                               watchers say that working toward a greener       instance, companies such as Partners
    “The market is going to see the need for        computing environment isn’t going to be          Healthcare and many others tapping Energy
a heterogeneous virtualization management           easy for most data center managers due to        Star initiatives have already reported millions
platform that we haven’t seen up until this         technical, political and other reasons outside   in savings.
point,” Staten says.“It will cause a significant    the control of IT.                                   Still, the disconnect between the premise
shake-up in the management space when                  “Legislation is coming about putting          of green computing and the IT drivers could
start-ups pop up, and bigger players that           corporate responsibility programs in place,      cause confusion among data center man-
haven’t been doing a very good job will look        but in a lot of cases IT doesn’t fall under      agers lacking clear direction from corporate
to acquire them.”                                   the umbrella of corporate responsibility,”       management.
    In addition, data center managers are           says Zeus Kerravala, senior vice president           “There isn’t anything you will be doing
considering virtualizing not only server            of global enterprise research at the Yankee      when you won’t hear about green IT,” but
resources, but also storage, network, desktop       Group.“IT needs to start understanding more      without more knowledge of the subject and
and application resources -- -- which will drive    about data center facilities and find ways to    technologies relating to green IT,“the whole
a need for more comprehensive manage-               design data centers to eat up less power.”       argument could blow up in IT’s face,” says
ment tools. But data center managers aren’t            According to Steven Harris, director of       Rich Ptak, founder and principal analyst at
about to replace their existing management          data center planning and design at con-          Ptak, Noel and Associates.

                                                              Sponsored by APC
                                                                                                                          EXECUTIVE GUIDE
                                                                                                                                     Back to TOC

Section 2: Market Insights • • •

IT managers stymied by limits of x86
X86 virtualization lacks maturity of mainframe virtualization,
analyst firm says

n   By Jon Brodkin

IT managers well-versed in mainframe virtualization might expect                                     of non-mainframe servers, he says.
smooth sailing when implementing virtualization tools for x86-based                                       For now, he says customers should stick
                                                                                                     with the basics: create a plan that meets
servers. But they’re quickly finding unexpected challenges because                                   clearly defined objectives, research existing
x86 virtualization is nowhere near as mature as the mainframe virtual-                               tools and use the best, most updated virtual-
ization tools that evolved over the past four decades, says a Saugatuck                              ization technology available.
Technology analyst who is researching virtualization.                                                     Burns’s report covered the whole realm
                                                                                                     of IT virtualization - including virtualization
    “The large shops start with the impres-       he says.                                           of applications, desktops and storage - to
sion that it will be easy, because they think         IT managers Burns interviewed while            identify the impacts today and the future of
they know what they’re doing,” says Charlie       doing his research have discovered that            these technologies.
Burns, author of the report “The Many Faces       there are different rules and best practices            By the end of 2010, at least 30% of
of Virtualization: Understanding a New IT         for operating virtualized x86-based servers        non-desktop IT infrastructure pieces will
Reality”.“The problem is it’s different. They     compared to “real” physical servers. If you        be virtualized, up from 5% today, Saugatuck
start to find out pretty quick that the things    want a physical server to run faster, you give     found. Cisco,VMware and XenSource will
handled automatically by the virtualization       it more memory, Burns says. But this isn’t         dominate IT virtualization, providing the
mechanisms in the mainframe either aren’t         always the right move with virtual servers.        tools for 60% of new deployments through
there, or are less mature and robust.”                “In a virtualized environment, you might       2010, the report predicts.
    Virtualized servers are in some ways          get the exact opposite effect,” Burns says.“If          But use of virtualization will be limited
harder to manage than the traditional envi-       you increase the size of the virtual storage       over the next half-decade by several key
ronment in which each server hosts a single       amount in that virtual image, you might            factors, such as IT processes and expertise,
application, because they contain a layer of      cause the whole thing to slow down. There          and the services and management tools
abstraction between the operating system          are things you relearn for a new server            available to customers, Saugatuck states.
and hardware. When something goes wrong,          environment.”                                           Server virtualization is actually maturing
this layer of abstraction makes it difficult to       The popularity of server virtualization        faster than mainframe virtualization did in
identify malfunctioning devices, according        has increased dramatically over the past few       its infancy 40 years ago, Burns’s Saugatuck
to Burns.                                         years as IT executives place a bigger focus        report states. But there’s another key factor
    Beyond troubleshooting limitations,           on increasing server utilization rates. The        that could impede the growth of x86 server
Burns says IT departments will run into diffi-    tools have gotten better, too, but Burns thinks    virtualization. With the mainframe, most
cult management challenges if they attempt        it will take another three to five years to sort   system components came from the same
to run more than about five operating             out the problems in today’s technology.            vendor (IBM). With x86 server virtualization,
system images on a single server. Mainframe           Intel and AMD are building virtualiza-         the microprocessor, server platform, storage,
virtualization tools can comfortably run          tion into the chip level, and customers            hypervisor and operating systems typically
hundreds of virtual servers on a single piece     can expect software improvements from              come from multiple vendors.
of hardware, Burns says.                          hypervisor makers such as VMware, the                   “These vendors may have conflicting
    But hypervisor software used for x86          Citrix-owned XenSource, and SWsoft (now            objectives,” Burns writes.
servers today falls short of mainframe vir-       Parallels), he says.Virtualization will be
tualization when it comes to balancing the        mature and robust enough within a few
requirements of workloads vs. performance,        years to greatly increase the utilization rates

                                                            Sponsored by APC
                                                                                                                                        EXECUTIVE GUIDE
                                                                                                                                                          Back to TOC

Section 3
                                                                                            rEalITy ChECk
Security Spotlight
Virtualization security needed – now!
Experts say it’s only a matter of time before malware writers
weasel their way into the core of a virtual server platform.
Here’s how to stop them
     By Deb Radcliff


For years, Inttra, an e-commerce logistics provider to the world’s larg-                                   is vulnerable. The others did not believe
est cargo-shipping organizations, has been using virtualization on                                         virtual-machine platform vendors need to
                                                                                                           make security integral to their products (see
its back-end IBM mainframe and Citrix Systems servers in a secure                                          graphic, below):
environment. Now the Parsippany, N.J., company primarily uses IBM
blade servers running virtual Linux machines. VMware’s virtualiza-                                          Virtualization,
tion technology on an Intel platform powers this New Data Center                                            security and you
infrastructure.                                                                                             In a recent survey of 707 Network World
                                                                                                            readers conducted by Research Concepts,
    John Debenedette, Inttra’s vice president        which virtual-machine malware writers are              approximately two-thirds of respondents said
of IT, says he believed he could keep a virtu-       trying to break, experts say.                          virtualization has not increased their security
alized data-center environment secure while              In this virtual environment, effective             risk. The 250 respondents who do consider
emulating established best practices. He’s           security best practices are sorely needed.             virtualization an added security threat tackle
not ready, however, to risk running virtual          In addition to physical machines, virtual
                                                                                                            the problem in various ways. Here’s the
                                                                                                            breakdown (multiple answers allowed):
Web servers outside his DMZ. Nor is he ready         machines must be managed and secured.
to allow virtual machines on the endpoints,          Network defenses must be tuned to watch                Deployed traditional agent-based antispam, antimalware
                                                                                                            and antivirus filters on virtual machines
which are harder to control.                         for rogue traffic on them. And the virtual-
    “You can follow best practices on all of         machine layer must be built safely and                                                    56%
                                                                                                            Set up virtual LANs to cordon off access to
your virtual machines. But at the end of the         defended from up-and-coming forms of                   virtual machine pools
day, you’re putting a lot of trust in the virtual-   attackware.                                                                               56%
machine platform layer itself,” Debenedette
                                                                                                            Working with intrusion-prevention, firewall or
says.“This layer — also called the hypervisor,       Virtual-machine best practices                         monitoring software designed for virtual environments
the virtual kernel or virtual-machine monitor            In a survey of 707 Network World readers,                                             54%
— sits between the hardware and all its              36% of respondents — 250 respondents                    Pushing virtualization vendors to make security
device drivers, including the operating              — said they realize virtualization has                  integral to their products
system, which puts it in a very authoritative        increased security risk. Of those, slightly                                    34%
position.”                                           more than half had deployed firewalls and               Other
    Security watchers have not confirmed             segmented critical networks into virtual                      8%
any exploits at this layer; but virtual-machine-     LANs, and another half had included
aware malware, such as RedPill, and                  virtual-machine traffic-awareness in their                  Clearly, many enterprises are failing to
virtual-machine rootkits, such as BluePill, are          Danger at the hypervisor
                                                     intrusion-detection sensors.                           apply even the most basic security policies
common. Debenedette rightfully frets about                When successfully installed, a virtual grasp for protecting their virtual target
                                                         One-third of respondents seemed to machine-based rootkit sits beneath theservers.
this new platform layer: It’s a vector into               the virtualization platform layer The
                                                     that operating system and applications. itselfrootkit, which comprises a host operating system,
                                                                                                                 Topping off that dangerous misstep,
                                                         a virtual machine monitor and malicious services, manipulates the system boot sequence
                                                         so that it loads before the target operating system. Once the rootkit loads, it boots the
                                                         target operating system using its virtual machine monitor. The target operating system
                                                                Sponsored by APC
                                                         functions normally, while the rootkit runs its malicious services in the background.
                                                                 B E I O N
                                                                     FORE INFECT                                                                                     17
                                                                                                       Target application           Target application
                                                                                                                              EXECUTIVE GUIDE
                                                                                                                                     Back to TOC

Section 3: Security Spotlight • • •

organizations are experiencing rogue and               Being able to locate virtual machines         structure, every virtual device and its systems
unmanaged virtual-machine creep — the               also helps with licensing and product            and network segments must be controlled
very thing virtualization tries to relieve in the   support, says Richard Whitehead, a product       and managed according to best practices,
hardware realm, consultants to Fortune 500          director at Novell.“If you’re running virtual    experts say. These practices should include:
companies say.                                      servers, and they’re not licensed, they’re not   	 	 	 n	 Standard-goldbuilds, security, and ver-
    “The problem is collectively                                                                         sion- and patch-management controls for
known as virtual-machine                                                                                 every application running on every virtual
sprawl,” says Anil Desai,                                                                                machine and every virtual-machine type.
consultant and author of The
                                                                                                                 enforced by virtual firewalls, anti-
                                                                                                     				n	 Policy
Definitive Guide to Virtual
                                                                                                         malware and virtual-device management.
Platform Management.“If
virtual machines are built                                                                           				n	 Appropriate  logical and physical separa-
without IT’s knowledge, it’s                                                                             tion of virtual-machine types; for example,
                                                                                                         virtual Web servers should be separate
tough even to know they exist
                                                                                                         from virtual database servers.
on the network,” he says.
    Consultants report a                                                                                     network intrusion-detection system or
                                                                                                     	 	 	 n	 A
widespread problem at client                                                                             monitoring finely tuned to rogue or mali-
sites:“Software developers,                                                                              cious virtual-machine traffic.
intranet users, even users on
data-center servers with too                                                                         Partition like the real world
much privilege, are setting up                                                                           Where and how virtual machines failover
virtual machines [without IT’s                                                                       is important, says Tom Parker, executive
knowledge] because they’re                                                                           consultant at Verizon Business. Enterprise IT
easy to deploy and help get                                                                          executives are all over the map in how they
certain jobs done,” Desai says.                                                                      set up their failover processes, he says.
    Inttra’s Debenedette says                                                                            For example, failover could occur from
he doesn’t understand this                                                                           one virtual machine to another or to a
phenomenon. Any organiza-                                                                            different virtual subnet. Best practices
tion worth its salt should have                                                                      might dictate that the failover transfers to
locked down its data centers                                                                         a separate physical server. This would be
according to best practices,                                                                         particularly important in the case of total
which would make actions                                                                             system failure.
such as launching a new                                                                                  In a virtual environment, separation and
virtual server something that                                                                        partitioning of systems are important, not
would trigger alarms, he says.                                                                       only for backup but also to create a DMZ. IT
Enforcement of those best                                                                            often overlooks this separation, Parker says.
practices is what ultimately                                                                         “What happens when the database servers
cuts down on scope creep.                                                                            are virtualized alongside, say, a farm of virtual
    Debenedette’s team uses VMware’s Virtual        supported,” he says.“That means they’re not      Web servers on the same computer? I see
Center management software, which con-              patched and updated. And that makes them         that all the time,” he says.“You’re increasing
tains an autodiscovery feature that locates         a security risk.”                                the risk that attackers and malware can get
rogue builds. Novell’s ZenWorks, Microsoft’s           Other discovery-related features of man-      from the Web server to the database server.”
System Center Virtual Machine Manager               agement tools that help with security include        Best practices dictate that these types
and other virtual-machine-specific manage-          terminating unnecessary virtual machines         of systems be separated by a DMZ, which
ment tools also are available with discovery        and failing over to other secure systems if a    can be accomplished virtually, physically
features. For those who don’t want to               load balance, infection or attack makes that     or through a combination of virtual and
integrate such tools into their management          necessary, Whitehead and others say.             physical elements.
consoles, CA, HP Network General, and other                                                              In a virtual DMZ, virtual switches and
management and monitoring vendors over              Best practices in securing virtual               firewalls virtually separate a cluster of virtual
the past year have added varying degrees of         machines                                         data-center servers from a cluster of virtual
virtual-machine-awareness to their suites.             In a virtualized New Data Center infra-       Web servers, experts say. This can get as

                                                              Sponsored by APC
                                                                                                                  EXECUTIVE GUIDE
                                                                                                                        Back to TOC

Section 3: Security Spotlight • • •

elaborate as you want — with        John Safa, CTO of DriveSentry,          of its integrity — its safety,
virtual firewalls and switches      which makes firewalls for hard          because any malicious or
separating subnets everywhere       drives.                                 unauthorized changes to the
— as long as the virtual network        Patrick Lin,VMware’s senior         platform (and ultimately the
devices and firewalls also are      director of product manage-             virtual machines themselves)
managed according to best           ment, recites a list of tests and       are not allowed, Intel’s Smith
practices.                          certifications through which            says. Configuration changes
    Parker, however, has con-       the company runs its products           and patches are difficult using
cluded that it’s best also to       to prevent security failures. But       the Trusted Computing Group’s
separate these server farms         security problems still come            model, Russon counters. This is
logistically — with Web servers     down to users having too much           because every change for every
on one physical server and data-    trust in the vendor; that’s why         virtual device in the trust-
bases on another.“This removes      Paul Smith, server security strate-     certification process must be
the risk of anything malicious      gist at Intel, says he thinks virtual   replicated and rehashed again at
spreading between the [virtual      machinery will drive authentica-        the chip.
machine] server farms them-         tion to the chip.                           Not to mention that manage-
selves,” he explains.                   Smith is referring to the “root     ment calls to the chip open a
                                    of trust” components within the         whole new layer, some say.“Flash
lock the lowest layers              Trust Computing Group’s (TCG)           programming to the chip for
    The VMware platform, with its   Trusted Platform Module (TPM),          updates: Can this be cracked?”
rights and privileges to the host   which stores a key containing           Inttra’s Debenedette asks.“I’ll bet
operating system and hardware,      the hash value of a system’s            we’ll have to worry about that in
makes a tempting target for         approved configuration on the           the future.”
malware writers, consultant         chip. When the system boots,
and author Desai says.“From a       the root of trust compares the
technical standpoint, the virtu-    hash values on the key and the
alization layer has to run with     chip, and prevents anything from
either direct access to hardware    running if the chip’s hash has
or a hardware abstraction layer     changed.
— meaning it’s running with a           Specific to virtual machines,
high level of permissions to the    Intel and Advanced Micro
physical machine,” he says.“Any     Devices support TPM’s root of
application with that level of      trust, which checks the hash of
access would be a target.”          the virtual-machine monitor,
    That makes it a question        or hypervisor. If that hash
of when — not if — virtual-         has changed and the system
machine-specific malware will       attempts a reboot, the root of
start jumping between virtual       trust will revert to the original
machines, down the stack to the     hash or not allow the boot.
host operating system or even       Developers also are working to
to the virtual-machine monitor      address virtual TPMs. In this way,
layer. Parker and other malware     the trust-certification process
researchers say they have seen      would extend to virtual guests,
all these attack scenarios under    says Larry Russon, a Novell
development.                        product manager.
    “They’re looking for ways to        This would ensure the
attack the sandboxes and virtual    integrity of the virtual-machine
machines by their kernels,” says    platform, as well as — by virtue

                                                            Sponsored by APC
                                                                                                       EXECUTIVE GUIDE
                                                                                                             Back to TOC

Section 3: Security Spotlight • • •

Virtualization security risks being overlooked,
Gartner warns
Gartner raises warning on virtualization and security
n    By Ellen Messmer

Companies in a rush to deploy virtualization technologies for server
consolidation efforts could wind up overlooking many security issues
and exposing themselves to risks, warns research firm Gartner.
                                                    n	Mobile VMs   and security policy.
    “Virtualization, as with any emerging
technology, will be the target of new security      n	   Immature and incomplete security and
threats,” said Neil MacDonald, a vice presi-             management tools.
dent at Gartner, in a published statement.              Gartner speculates that the “rush to adopt
    Virtualization software offers the ability to   virtualization for server consolidation efforts”
run multiple operating systems, or multiple         will result in many security issues being
sessions of a single operating system, on a         overlooked. That, in combination with the
single physical machine, whether server or          lack of available security tools for virtualiza-
desktop. But virtualization software, such          tion, will mean “as a result, through 2009, 60%
as hypervisors, present a layer that will be        of production [virtual machines] will be less
attacked and security strategies need to be         secure than their physical counterparts.”
put in place in advance, Gartner warns.
    “Many organizations mistakenly assume
that their approach for securing virtual
machines will be the same as securing any
OS and thus plan to apply their existing
configuration guidelines, standards and
tools,” MacDonald said. While this is a start,
a closer look at securing virtual machines is
required, especially since needed tools may
be “immature or non-existent,” according to
    Among the specific points about virtual-
ization and security addressed by Gartner:
n		Loss   of separation of duties for administra-
    tive tasks.
n	Patching and signature updates and protec-
    tion from tampering.
n	 Limited  visibility into the host OS and vir-
    tual network to find vulnerabilities and
    correct configuration.
n	 Restricted views into “inter-VM traffic” for
    inspection by intrusion prevention sys-

                                                              Sponsored by APC
                                                                                                                    EXECUTIVE GUIDE
                                                                                                                              Back to TOC

Section 4
                                                                                 rEalITy ChECk
Case Studies
EBay’s computing guru gives behind-the-scenes
Shares eBay’s views on the next-generation data center,

n   By Beth Schultz

                                                                                               as being network-distributed. And the plat-
Today on eBay, you just might find that absolute perfect mantelpiece                           form on which they run is the data center.
you’ve been looking for, at a great price. It’s there, nestled among                           The data center is a system and should be
some 100 million other items, placed for sale by one of the online                             treated as such. The application components
auctioneer’s 233 million registered users. Now think about the back-                           are distributed across the entire system.
end infrastructure that enables you to find, and then buy, that object                         How your application behaves depends on
                                                                                               where your load-balancers direct traffic, the
of your delight, and you do have to wonder how it ever happens.                                number of application instances behind
Contemplating the database environment alone — 600 production                                  them, how you connect to your databases.
database instances spread across hundreds of medium-sized serv-                                Your applications and services don’t run on
ers — is enough to give even the most stalwart IT executive a case                             a single server. They run on a collection of
                                                                                               resources that range from servers to firewalls,
of the shakes.
                                                                                               load-balancers and such.
   But Paul Strong, distinguished research       “You just can’t get all the details for 100
scientist at eBay, doesn’t faze easily.      million items on a single machine,” he said       Where the next-generation data
                                             in an interview, during which he described        center is headed …
                                             eBay’s IT infrastructure, discussed next-gener-       One of the real trends in the next-gen
                                             ation trends, and shared how any enterprise,      data center is that it’s all about intercon-
                                             large or small, could benefit from the lessons    nectedness. It’s about the fact that all value
                                             the online auctioneer has learned along the       is delivered by connecting sets of things
                                             way.                                              together and agility is achieved by recon-
                                                                                               necting the same sets. So it’s all about
                                             The next-generation data center                   relationships and how you manage them. It’s
                                             today …                                           the relationships that deliver value and how
                                                 When we look at the data center, we           you cable together your infrastructure, how
                                             don’t see silos and silos of applications on      you make your applications and services
                                             islands and silos of infrastructure because       communicate, and the patterns you use to
                                             those have proven to be expensive and not         drive the value it delivers for the business.
                                             particularly efficient, and they tend to be
                                             very static. We need to move toward [some-        Managing the next-generation
                                             thing] more dynamic, and that means really        infrastructure …
                                             viewing applications and business services           We’re using some technologies, for

                                                       Sponsored by APC
                                                                                                       EXECUTIVE GUIDE
                                                                                                             Back to TOC

Section 4: Case Studies • • •

example semantic Web technologies, to                constraints on deploying things is really
allow us to have an ontology that describes          around performance and on latency, very
our infrastructure and allows us to ask ques-        specifically. Many virtualization products
tions of it. We want to be in a position where       have carried a latency penalty because
we can ask our management framework,‘If a            obviously if you’re going to do something
user presses this button, show me the things         that goes through the I/O stack then it’s
in the path.’ And if they have a problem             going to have to go through not only the
with it,‘Show me everything in the path that         I/O stack of the operating system but the
could be broken.’ Or if, say, a load-balancer        virtual machine that sits under it. However,
in our infrastructure breaks,‘Show me which          we have used those in environments like
business process is impacted so I can under-         test and [quality assurance] where we want
stand the financial impact on our business.‘         to rapidly provision stacks of software for
Things like that.                                    testing purposes.
    We have a good start, but we expect that
we won’t be able to capture all of these             Database virtualization at eBay …
relationships. So we’re trying to build a                By using database virtualization, we’re
system that if we don’t know everything, at          able to scale. We used to run on the largest
least it captures what we do know so we can          computers money could buy with the
learn or infer the things that we don’t know.        most memory you could fit in them. And it
For example, if we know there’s a relation-          didn’t matter how big of a machine we got,
ship between two application components,             we couldn’t fit our databases onto them.
and they exchange a message, then we can             So initially we started partitioning those
infer -- even if it’s not explicitly stated that     databases in a traditional sense by having
that’s a SOAP message over HTTP – they               discrete instances. And then we discovered
must be able to exchange HTTP messages               that you can’t get all the details for 100
between them. That means there must be the           million items on a single machine either. So
ability to create TCP/IP connections between         you had to start splitting them. We moved a
them, which means there must be a physical           very large chunk of database functionality
link that connects them because you know             out of the traditional database tier and into
the application which is exchanging SOAP             the middle tier. We heavily customized it so
messages depends on the operating system             we were able to basically scale the database
to have a TCP connection between them                across hundreds of … medium-sized servers
that depends on physical servers that have           by essentially virtualizing the database. So
bits of wire connecting them together. So            for an application on our infrastructure
by knowing the high-level thing, you know            that uses the database, the coder doesn’t
that somewhere there’s a relationship and            need to know anything about the database
you can go away and search for it and                vendor, what the table spaces look like,
understand and see if you can see how it’s           where they data is physically located or
doing, what its properties are. Because if the       anything else. We built an abstraction layer
SOAP message is running slowly, you can say,         into our application layer stack that allows
‘OK, well what are the physical cables this is       us to virtualize the underlying database. So
running over? Is there a problem with a port         again, we get the same benefits in general of
in the line?’ And things like that. It’s all about   virtualization, which is essentially efficiency
the relationships.                                   improvement, scalability improvements and
                                                     flexibility, because we can change things
Server virtualization’s role at                      behind the scenes without impacting the
eBay …                                               application that depends on it. And for us,
  If you think of server virtualization, like        and I believe many users, because data is
VMware and Xen and a whole slew of others,           exploding in terms of its quantity, that how
we don’t use a lot of that in production.            you manage data and how you make it
The main reason is that one of our main              accessible by very large distributed applica-

                                                               Sponsored by APC
                                                                                                                       EXECUTIVE GUIDE
                                                                                                                                  Back to TOC

Section 4: Case Studies • • •

tions is becoming a very big problem. And        Because our database wouldn’t fit inside one      and now we’re beginning to see the products
it’s probably one of the hardest places to       large box, we had to split it across 10 or 20     that will allow people who don’t have the
actually scale.                                  large boxes. And if you can split it across 20,   skills and can’t afford the burden of paying
                                                 then why can’t you split it across 1,000? This    for people to develop their own software to
What others can learn from eBay’s                reduces your dependency on a specialized          do it.
IT experiences …                                 vendor, perhaps, and gives you freedom of
   In the early days, it was easy to say,        choice and things like that. We were pushed       The ultimate next-generation goal
‘We’re very different. We can achieve this by    to it by the scale and the way in which we        …
spending money on very heavily specialized       were growing. But many other users are                We really should be recognizing that we
equipment that an average IT person might        seeing these trends. They’re not driven to        never build to an endpoint. We’re building
not require in the data center.’ At one point,   solve the problems as much as eBay was            for constant change and agility and respon-
we had a very large number of the largest        because our entire survival depended on us        siveness to the business. Anything static
computer systems you could buy. What we          solving these problems very, very quickly. We     possibly ends up being a constraint on the
ended up doing is what everybody else            solved the database scale-out problem to          business in terms of agility and capabilities
will have to do but we had to do it sooner.      some greater or lesser degree in 2000-2001        of delivering shareholder value.

A virtual hit for MLB Advanced Media
Virtualization helps MLB Advanced Media get a new applica-
tion up in midseason and promises to play a big role in its new
data center and beyond

n   By Paul Desmond

December is a relatively slow time of year at MLB Advanced Media,                                  lit up before September so fans could chat
the company that brings you the official Major League Baseball Web                                 about the playoff races and use it during the
sites. From pitch-by-pitch accounts of games to streaming audio and                                playoffs. But it was a big, ambitious project
video -- plus news, schedules, statistics and more -- it has baseball                              and I didn’t have any rack space or spare
                                                                                                   power and [there was] no time to order new
covered. Doing so requires serious horsepower, so much so that the                                 machines. So, we worked with a company
company’s Manhattan data center is pretty much tapped out in terms                                 called Joyent in California that provides
of space and power, according to Ryan Nelson, director of operations                               hosting using virtual zones and virtual
for the firm. Strategic use of virtualization technology enabled him                               storage.
nevertheless to forge ahead with implementing new products during                                      We said to Joyent,‘We need 30 machines;
                                                                                                   10 in a development cluster and two more
the 2007 season, and promises to smooth a shift to a new data center                               gangs of 10 as big chat clusters.’ And so the
in Chicago in time for the 2008 season.                                                            MLB chat client was basically turned up in
    How long have you been using virtualiza-     in the last year to actually split off server     a couple of days vs. a month or two that it
tion technology?                                 environments, development environments            would have taken us to get somebody to
    It’s all pretty new. We are a homogeneous    and [quality assurance] environments.             ship and install all these machines. And
Sun shop, so we’re not really touching a lot         During the 2007 season we got hit with a      then we developed like crazy for about a
of the VMwares of the world. One of the big      big new challenge we didn’t find out about        month, tested for another three weeks, then
features of Solaris 10 is Solaris Containers     until the All-Star break, which was to add a      launched it.
and Zones. We started using Solaris Zones        chat product. There was pressure to get it            At launch time we asked for another 16G

                                                           Sponsored by APC
                                                                                                                        EXECUTIVE GUIDE
                                                                                                                                   Back to TOC

Section 4: Case Studies • • •

bytes of RAM in each server.        to see who this guy is they just       second data center in Chicago        actually in a facility in Chicago
It scaled very well. When the       drafted. In the middle of July         that is just about to go online      and outgrew it before we got in
playoffs and World Series came      I may need an additional 10            that has 130 servers. So, by the     production, and so moved to
around, we ordered up 15 more       machines to be generating the          time we get cooking on the 2008      another facility from the same
machines and got twice as           CAPTCHA images and pro-                season, we’ll have in production     company. We knew we would
much memory and processors          cessing All-Star balloting. All-Star   about 180 of those.                  need more floor space and more
installed on them, as                                                                                                    power. We’re finishing it
well as on the ones                                                                                                       during the off-season.
we already had. Joyent                                                                                                    Once Chicago comes
dials all this up and                                                                                                     online, we’re going to
down. As soon as                                                                                                          take much of the New
the World Series is                                                                                                       York data center offline
over, we call and say,                                                                                                    and rebuild it.
‘Thanks, that was great.
Let’s scale down to a                                                                                                    I can’t resist — so
skeleton crew of these                                                                                                   this is a rebuilding
machines.’ So, when I                                                                                                    year?
have a need for it, we                                                                                                         Right. We’ll upgrade
pay for the utilization.                                                                                                   servers to Solaris
When we don’t, we                                                                                                          10, upgrade our
don’t. We can turn it                                                                                                      [storage-area network]
up and down as we                                                                                                          infrastructure and
need to.                                                                                                                   replace some older
    We can respond                                                                                                         hardware with newer,
to new projects really                                                                                                     thinner models that
quickly, and it also                                                                                                       use less power and
lets us try out new                                                                                                        generate less heat. That
products. If our chat                                                                                                      data center is in Man-
product had been                                                                                                           hattan, where the cost
a huge failure, we                                                                                                         per square foot is just
could’ve turned the                                                                                                        ridiculous. So, driving
whole thing off and it                                                                                                     up utilization and
wouldn’t have been                                                                                                         squeezing everything
a big deal. It makes it                                                                                                    you can out of every
easy to try new things.                                                                                                    last square inch of rack
We don’t have to sign a                                                                                                    space is important to
contract, get approvals                                                                                                    us.
and all that.                                                                                                                  We’ll move all the
    We can also                                                                                                            services we have run-
respond to the                                                                                                             ning in New York to our
seasonal load changes.                                                                                                     data center in Chicago.
And we can also respond to          balloting is about four days of        So you’re just wrapping              Migration services is one of
differences in the season that we   crazy database load, and then it       up the new center?                   the features of virtualization in
know are coming. In April, we’re    goes back to nothing.                      We’ve had it for about a year,   general, but Solaris Zones spe-
focusing on registering new                                                but it’s been in build-out phase.    cifically.You can do things like
users and selling new products.     Give us a sense of the                 Part of the reason we’re inter-      clone a zone or migrate a zone.
On draft day, I might need to infrastructure.                ested in virtualization is because   We can move a virtual machine
really beef up my stat resources       In terms of Web servers, we         of the power, space and data-        from rack to rack around a
because people are querying         have roughly 100 at our New            center-capacity pain — we’ve         single data center, and actually
our minor-league stats engine       York data center, and we have a        certainly felt that. We were         move these services to a virtual

                                                            Sponsored by APC
                                                                                                                                  EXECUTIVE GUIDE
                                                                                                                                             Back to TOC

Section 4: Case Studies • • •

machine in a different city.           Especially in the age of [Pay-          pool. But we need to get a                 code stuff as fast as possible.
    Also, in addition to seasonal      ment Card Industry] compliance          handle on it before it gets out            The Sun server has an Intel chip
traffic shifts, our load character-    and all that, we need to secure         of control. We’re quickly going            inside and can be a Windows
istics change drastically during       operational access to produc-           to outgrow the point where we              machine when it needs to be.
the day. If I have 10 games            tion machines. But now I can            can manage an army of virtual              And if you have a good manage-
starting at 7 p.m., there’s a huge     snap off an exact copy of the           machines like we can manage                ment console, you can just say,
influx of traffic right at 7 p.m. If   production machine and hand             a smaller army of hardware                 ‘Install Windows on these 30
we have a bunch of day games,          that to the developer, or I can         because we’re doubling our data            machines or boot Windows on
people use their high-speed            give him access to a different          center capacity on real physical           these 30 machines.’ That’s pretty
Internet connections at work,          Solaris Zone running on the             hardware in a couple of months.            interesting.Virtualization lets us
reloading the scoreboard page          same machine. So it let’s us draw            In the off-season we also             slosh resources around season-
a lot or watching our flash            interesting security lines.             have regular employee turnover,            ally.
Gameday product, which has                                                     and it’s interesting trying to hire            Sun also just announced
[pitch by pitch updates], or           What were the biggest                   people who have virtualization             xVM based on Xen. So Sun’s got
watching the streaming video           challenges when you                     experience, especially big-enter-          Solaris Zones, which is kind of
online. So the ability to slide        were implementing                       prise virtualization experience.           a virtualized user environment
computing resources around is          virtualization technology               You can’t really go out and say,           — one kernel with a bunch of
pretty handy for us.                   initially?                              ‘I need to hire three guys who             virtual computing environments
                                           For every application we run,       have been using iSCSI and                  underneath it — and then there’s
how else are you using                 you end up with some assump-            Solaris Zones for large scale              the Xen piece, which is actually
virtualization?                        tions, such as it will always use       Web infrastructure’ because                booting multiple kernels on
    All the services in our new        this IP address or this much            they’re just not out there. So,            big-enterprise hardware. That’s
data center will be put into           memory. We need to make sure            we’re learning on our own,                 in partnership with Microsoft, so
containers, to get the manage-         these assumptions are kept to a         basically, and we’re working with          it supports things like Windows.
ability and security benefits          minimum or at least abstracted          Sun Professional Services quite            I would imagine that that’s the
— if there’s a security issue, all     out into a different layer or           a bit. I can imagine if this had           technology we would end up
they’ve broken into is one virtual     into config files that can be           happened five years ago, the               using to do projects like I just
machine. Even if a machine has         then transformed as part of the         Zones feature in Solaris would             described.
just one service running on it,        virtualized-host boot scripts.          have been an extra license. Now
say one Web server, that’s run-            Wrapping our heads around           it’s all free, and it’s really cool, but   have you found any sorts
ning in a virtualized container.       this extra layer of abstraction         where they really want to make             of applications that do
Should the day come when I             from an administration perspec-         their money is helping us on the           not lend themselves well
need to move that service to           tive is a challenge. If I’ve got 100    services side.                             to virtualization?
another piece of hardware, I           hosts, that’s an administration                                                        We haven’t even considered
can just move the virtualized          challenge already. If each of           What other applications                    running our database stuff on
container. My pain-point is really     those hosts has one or two              do you see for the                         a virtualized host. For all of
low.                                   or three virtual hosts running          technology?                                our databases, we really need
    It also lets us accommodate        inside of them, I need to keep              We’re tasked with transcoding          high-performance storage and
developers who are in a pinch          track of those as well. And they        a huge library of archived ball            lots of dedicated hardware.
because our season starts this         move around a lot, so you need          games. I can see where we                  That database includes our
year on March 25 — the [2007           to be very careful. It seems like       would take a rack of machines              Major League Baseball stats,
World Series Champion Boston]          we’ve had to buy three times the        that are used during the season            fantasy-team data, all the
Red Sox are opening in Japan           number of white boards we use           to serve up files and reconfigure          newsletters customers subscribe
against Oakland. That day is hard      just to keep track of all this stuff.   them to run a virtual instance of          to, and what subscription audio
and fast. Previously, as a security        Right now we’re doing most          Windows to become a Windows                products they’ve purchased, and
guy, it was my job to say no to        of the management by hand               Media encoder. We can take                 so on. With virtualization, you
developers who wanted to log           with scripts that we’ve written         those servers and say,‘Today               do add a lot of extra abstraction.
into a production machine and          ourselves because we’ve only            you’re going to be 20 Windows              The big challenge for people
look at something because they         got, not a toe but maybe most           machines,’ and throw batch jobs            who are inventing these new
were trying to debug a problem.        of a foot into the virtualization       at them and have them trans-               virtualization technologies is

                                                                Sponsored by APC
                                                                                                                             EXECUTIVE GUIDE
                                                                                                                                        Back to TOC

Section 4: Case Studies • • •

to make the overhead as low           ‘You’d like to give a free taco           What have been the most              logon information and ask if
as possible, but it’s still there.    to everybody in the country?              pleasant surprises about             they need root access on the
For really high-performance           That’s going to take X number             virtualization?                      box, which blows their minds
computing, if you need one big        of servers. And you need them                 I’d say it’s not as hard as we   sometimes. But once you’re
monolithic machine, virtualiza-       up by Friday? I just can’t do it.’        once thought. If you think back      in a virtualized environment,
tion doesn’t help.                    Now I can say,‘Yes, you can do            to the days of mainframes, you       it’s very familiar to people. It’s
                                      that and here’s what it will cost.        actually had to write [code] for     more administration work on
have you been able to                 And if you have a big surge in            a compute grid or to spread your     the outside, but we don’t have
determine your roI on                 traffic, I can double the number          application around. When the         to train people much to use the
these virtualization                  of your servers and it’s going to         developers use their instances       resources that are presented to
efforts?                              cost this much.’ And if they’re           of applications or of servers,       them in a virtual way.
   Not really, but I know it’s very   going to make three times that            they don’t necessarily know
good. It’s nice when someone          much on the product, they’ll say,         that they’re even running on         any big disappointments
comes up with an ambitious            ‘That’s fine.’ So it lets us get to yes   virtual machines. They just ask      with the technology?
new project and my default            very easily. And the time from a          for access to a machine to test         Not yet. But we’re just getting
answer isn’t ‘no.’ It used to be,     decision to delivery is very fast.        something and we give them           into it.

Gannett’s virtualization veteran lets us pick his
Having gone virtual in 2002, Gannett’s Eric Kuzmack knows
what the technology does well and where it still needs
work — and there’s plenty of bothtion up in midseason and
promises to play a big role in its new data center and beyond
n    By Paul Desmond

    Gannett Co. is the largest newspaper             servers’ utilization rates, which at the time       deploying new applications is to virtualize
publisher in the United States, with 85 daily        averaged no more than 10%. Today the com-           them unless the application owner or the
papers including USA Today and nearly                pany has well over 1,000 virtual machines           vendor we purchase from has a good reason
1,000 non-daily publications. The company            running on more than 50 VMware hosts, says          not to. We’ve come across a few application
also operates 23 U.S. television stations and        Eric Kuzmack, IT architect at Gannett.Virtu-        types that tend not to be great candidates for
a large number of Web sites affiliated with          alization has been a big success, delivering        virtualization, such as large databases and
its various properties. As you might expect,         ROI numbers that ‘nobody would believe,’            those that do a lot of polling, like network
all that content creates a rather heavy              Kuzmack says, but adding that it’s not for          monitoring applications. But we’re virtual-
demand on the company’s IT infrastructure,           every application and there is no shortage of       izing most other kinds of workloads, whether
which supports nearly 50,000 employees at            enhancements he’d like to see, especially in        it’s intranet Web servers, database servers,
about 200 locations. To help it keep up with         terms of management and accounting tools.           various application servers, Active Directory
demand without breaking the bank, in 2002                What kinds of applications are you sup-         and portions of Exchange, although Micro-
the company began exploring virtualiza-              porting using virtualization?                       soft has taken a very hard stance against
tion technology. It hoped to improve its x86             All kinds. Our general philosophy when          virtualizing Exchange 2007. So, we’re not

                                                                Sponsored by APC
                                                                                                                        EXECUTIVE GUIDE
                                                                                                                                   Back to TOC

Section 4: Case Studies • • •

virtualizing our Exchange 2007      between what the various              you can’t with some of                ‘too many eggs in one basket’
mailbox servers, but we are using   vendors offer. There’s lot of talk.   the others?                           problem [and VMotion solves
virtualization for some of the      Microsoft, XenSource [acquired           At a very basic level, it’s easy   that]. We didn’t want to have 10,
other components of Exchange,       by Citrix Systems],Virtual Iron       and flawless with VMotion. I          15 or 20 applications go down
as well as for disaster-recovery    and everybody else is coming          right-click on a server, click        because of a hardware problem
components. And for the most        up with their own management          migrate, hit enter a couple           or because we needed to do
part, we really haven’t                                                                                                   maintenance. So, when
had problems at all.                                                                                                      VMotion came out and
                                                                                                                          we started working
you set out to                                                                                                            with it — we were one
improve server                                                                                                            of the two non-VMware
utilization rates.                                                                                                        entities that beta-tested
What have you                                                                                                             VMotion — it dawned
achieved?                                                                                                                 on us how important
    When we start                                                                                                         VMotion was. Other
approaching 60% to                                                                                                        vendors have kind of
70% process utilization                                                                                                   dismissed VMotion as
we’ll add servers to                                                                                                      a curiosity, but they’re
our farms. We like to                                                                                                     plainly wrong.Very
leave some headroom                                                                                                       shortly after we set
to handle spikes.                                                                                                         it up, we had several
Generally we’ll go up to                                                                                                  cases where we used
eight physical servers                                                                                                    it to the company’s
and then start a new                                                                                                      benefit. And it’s very
farm. Or when there’s                                                                                                     easy to set up.
a generation change
in the processor, we’re                                                                                                   are there other
essentially forced                                                                                                        virtualization
to start a new farm                                                                                                       management
because you can’t use                                                                                                     challenges that
VMware’s VMotion                                                                                                          have not yet been
technology across                                                                                                         met?
two Intel processors of different   tools. What we don’t really have      of times and I’m done. The                How much time do you have?
families. [Ed. note: VMotion        yet is a good, proven story on        other vendors in the market           For one, no one’s quite gotten
makes it possible to move a         taking a Xen virtual machine          are coming out with [similar          to cost accounting yet. There
running virtual machine from        from anybody’s hypervisor and         technology], but it’s still a ways    are two pieces to this. We don’t
one physical server to another      running it on somebody else’s         away. And once they do come           do internal chargebacks, but in
without disruption.] Intel is       hypervisor. Or having a Microsoft     out with it, how stable is it going   general it’s important for us to
introducing some features in its    hypervisor in the same pool           to be? We’ve been using VMotion       understand [virtual machines]
new chips that are supposed to      as a Virtual Iron server and          since 2003, which is a very long      aren’t free. One of the downsides
help moving [virtual machines]      being able to move a [virtual         time.                                 of virtualization is a lot of folks
between processor families so       machine] from one to the other.                                             say,‘Oh, we’ll just spin up another
that won’t be as big of a deal.     So, at the industry level, there’s    Why is that capability so             [virtual machine].’ So having
                                    still a long way to go.VMware is      important to you?                     tools to identify how much a
Management was a big                certainly well beyond anybody             VMotion was really the fea-       particular farm costs, including
concern for you early on.           else in the market [in terms of]      ture that cemented our decision       the servers and the disks and
how would you assess                management.                           to go down the virtualization         everything, and how it’s being
the general state of the                                                  road. The biggest concern man-        utilized and at what percentages,
tech today?                         What kinds of things can              agement had when we started           would enable you to come up
   There’s still a wide disparity   you do with VMware that               looking at virtualization was the     with a cost of ownership for a

                                                            Sponsored by APC
                                                                                                                        EXECUTIVE GUIDE
                                                                                                                                   Back to TOC

Section 4: Case Studies • • •
particular [virtual machine].          we prefer not to have to buy         server, maybe you take down 10      soft dollars that are much harder
     And another challenge             multiple instances of it.            applications. It’s a much larger    to quantify. We know we’re saving
is growth prediction, where                                                 business impact. So early on        a lot of time and effort in terms
if you’ve got a set number of          What have been the                   we made sure we bought Tier         of deploying applications, as
[virtual machines], being able         biggest challenges                   1 vendor hardware, with all the     well as in the overall flexibility
to look at how those are being         to implementing                      right redundancy components         and time to market for various
utilized and, based on that,           virtualization?                      built in, fully redundant storage   applications. Time equals money.
project how many additional                Honestly, there really weren’t   networks and that sort of thing,
[virtual machines] of similar          many. We’ve only run into one        because we do run mission-          aside from savings, what
characteristics you could put          or two bugs of any substance         critical applications on virtual    other kinds of benefits
in a given environment before          since we started. And the issues     infrastructure.                     have you realized?
you’ll run out of resources.           we had weren’t technical. They                                               A couple of years ago we
Those kinds of things are critical.    were what we like to call the        has there been any                  did some testing where we
Today a new application comes          ‘eighth layer’ of the OSI model,     user reaction to                    VMotion-ed a virtual machine
in, and it’s purely a guess as to      the political layer. People want     virtualization?                     from one location to another
whether or not the amount of           to have their own servers. Or if         The end-users have no           100 miles away. We lost just
virtual resources you have will        you’re sharing a resource and        concept of virtualization. But      one packet. Now, the plumbing
fit the application, which in a        you run out, then some little        the business owners of the          required to actually do that for
sense is similar to the physical       application may come along           application have seen our ability   real wasn’t there yet. But as pipes
world. Except people are a lot         that has to bear the expense of a    to deploy more quickly, whether     get bigger, as VMware and other
more comfortable with the              new physical piece of hardware.      test, development or production     companies continue to build in
physical world and, generally          So, how do you account for the       servers. Our ability to react to    disaster recovery, we’re going to
speaking, you either pick a            fact that one little application     change is faster. When all of a     see the capability to do things
two-, four- or eight-processor box.    costs the company $1,000 and         sudden we need four more Web        like VMotion-ing between data
You don’t have a whole lot of          another little application costs     servers to do X, we can deploy      centers. A variety of people have
tiers in there. But in the virtual     the company $12,000? So, things      them in minutes instead of days     already done it in one way or
world, we’re able to nuance our        related to capital allocations       or weeks. Business owners also      another. With things like that,
resources much more efficiently        were sticking points.                see substantially reduced costs     virtualization is going to change
than in the physical world. The            Another issue was trusting       because they don’t need to          the way we do things on a large
downside of that is you don’t          that the environment works           purchase test and development       scale. Disaster recovery, busi-
necessarily fix everything using       — the issue of all my eggs in one    hardware. They may need to          ness continuity — those kinds
brute-force performance:‘Oh,           basket. On the technical side we     contribute some capital funding     of things are pretty key in our
this application is slow. Instead      had training issues involved with    to the overall virtual hardware,    virtualization strategy. We don’t
of troubleshooting the applica-        troubleshooting performance          but typically it tends to be much   have to do cold spares anymore
tion, just put it on a faster box.’    problems. It’s different in a vir-   less expensive than having to       for most kinds of environments.
     Also, the management tools        tual environment. Understanding      buy individual servers for all      If we’re having problems with a
out there are great at managing        that hitting the old power switch    the components of their various     particular virtual server, we just
two, three or four host servers,       has a very different meaning         applications.                       take a snapshot of it. We let the
but when you start getting into        when you’ve got 25 virtual                                               production system continue to
50 or 100 hosts spread across          servers running on a box.            have you tried to                   run and we can give the actual
multiple divisions or subsidiaries,        And you can get yourself into    calculate your roI?                 server that’s having trouble over
all of the tools still have a fairly   trouble if you don’t pay atten-         When we started our virtual-     to the developer to troubleshoot
long way to go. So our subsid-         tion to the infrastructure you’re    ization efforts back in 2002, we    what the problem is.
iaries that have a large number        running on. If you typically buy     built a very strong ROI purely on       Also, building a development
of hosts have their own instance       very inexpensive servers without     the reduced number of servers       lab is never easy, and they are
of the management tools. Some          a lot of redundancy, that may be     that we had to purchase. We         never anything like real life.
of the smaller environments that       okay for an environment where,       came up with an ROI that was        Well, in our environment they
have two, four or five servers         if you lose a server, you lose one   so high we knew nobody would        are. We take a snapshot of real
are on our central management          application. But if you use the      believe it. We had to cut things    life [virtual machines] and
system. But the management             same kind of servers in a virtual    back, but we know it’s saving the   pull them off into an isolated
software is fairly pricy, and          environment and you lose that        company hard dollars. It’s the      environment. Then we have a

                                                             Sponsored by APC
                                                                                 EXECUTIVE GUIDE
                                                                                       Back to TOC

Section 4: Case Studies • • •

development environment that            it’s rock-solid, very much one of
actually matches production             those things you just don’t need
— because it was production an          to worry about.
hour earlier.
                                        What’s your biggest
What does that do for                   disappointment?
you?                                        ‘Disappointment’ may not be
    The first thing to get cut when     the right word, but the software
doing development projects              vendors have been slow to
are test and development                adopt a support policy for virtual
environments because generally          environments; licensing policies
speaking, you can’t afford to           for virtual environments are all
buy three of the same system.           over the place. Be it Microsoft,
In a virtual environment, we            Oracle, IBM, whoever — they’re
don’t have to worry about that          all over the map. Even the
as much. And when you want              vendors themselves don’t have
to roll out a new version of the        consistent policies, and when
application a year later, you can       they do, their salesforces don’t
just take another copy of the           necessarily know what they are.
current production environment          One salesperson will say,‘Oh, yes,
to create a fresh development           sure, you can do it that way.’ And
environment, as opposed to              then you actually go and look
using the year-old one.                 at the license and find, no, you
                                        can’t. We’re large enough that if
So, would you say                       a salesperson makes a promise,
you’re getting better                   we’re generally able to get the
applications as a result?               vendor to live up to that promise.
    Yes. And we also get better         But for your average [small-to-
deployments of things like              midsize] business, they don’t
patches. There have been cases          have that kind of dollar baseball
where we deployed patches but           bat to go after a vendor.
were unsure of exactly what was
going to happen. Now we can
take a snapshot of the [virtual
machine], deploy the patch and,
if things go poorly, just revert
back with a couple of mouse

What would you say has
been the most pleasant
surprise for you with
respect to virtualization?
   From a VMware perspective,
how easy it’s been. Generally
speaking, the virtual-infrastruc-
ture stuff is pretty easy to install,
especially if it’s a small environ-
ment with two or three hosts. It’s
easy to install, easy to run and

                                                              Sponsored by APC

To top