The Birth of the Virtual Datacenter Administrator
I recently spoke at a VMware user group conference about securing virtualization. The audience comprised datacenter administrators and managers who are at the center of their organization's virtualization initiatives. I was fortunate to be able to talk with several of them at length about their experiences in virtualizing datacenters. There are several trends to note.
- Almost everyone described some form of friction between the IT and security departments related to virtualization. IT departments are pursuing aggressive plans to virtualize servers and desktops with an eye on cost savings and the security and risk departments are on the fence while they cautiously examine additional risks introduced by virtualization, if any. A few mature organizations have gone past this phase and have IT and security departments working together to not only save costs but also use virtualization to deliver better security. But in most organizations, the lack of understanding of the security implications of virtualization is causing many organizations to become overly risk averse, causing unnecessary delay in the adoption of virtualization or, organizations get too conservative and adopt architectures that dilute the return on investment offered by virtualization. For example, the lack of trust in virtual firewalls and virtual network isolation is causing organizations to leave physical network isolation in place which in turn adversely affects the server consolidation ratios.
- The biggest concern related to security was inadvertent misconfiguration. With the consolidation of server, network and storage services within the virtual infrastructure, server administrator is also required to configure virtual networks and switches. With increased consolidation of computers and networks, the impact of a single mistake in configuration could lead to a major outage of servers or failure of several network segments.
- The convergence of server, network and security capabilities within the virtual infrastructure is creating new demands on the traditional datacenter administrators. Most server adminstrators I talked with were responsible for creating and managing ESX images including the networking, security and storage configuration. Consequently, server teams have to collaborate more closely with network and security teams to properly manage the converged infrastructure. There is strong demand for administrators that have knowledge of computing, networking, storage and security so that they can configure the virtual infrastructure with full understanding of the impact to each domain. The advent of the virtual datacenter is giving rise to a new breed of datacenter administrators who will be capable of using the powerful tools offered by virtual infrastructure vendors to create and manage the entire virtual datacenter. This new breed of administrators will bridge the divide between network and security operations. Administrators that do not possess cross-domain expertise will be prone to expensive misconfiguration. The virtual datacenter adminsitrator is born.
Post A Comment