Your SlideShare is downloading. ×
Vmworld 2005-sln241
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Vmworld 2005-sln241


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Virtualization StreamlinesRegulatory ComplianceKacee Bui: Sr. Manager, IT Complianceand Governance, VMwareIben Rodriguez: Technical Operations,VMware
  • 2. This presentation may containVMware confidential information.Copyright © 2005 VMware, Inc. All rights reserved.All other marks and names mentioned herein may be trademarksof their respective companies.
  • 3. What Led Us Here?Growing complexity of TechnologyBusiness Environment changing
  • 4. What Led Us Here, cont.Certification and Accreditation – C & A:Internal controlsRisks are mitigatedIncreased legislations as a result of variouscorporate scandals (Enron, WorldCom)
  • 5. Regulatory Rules and StandardsSarbanes-Oxley (SOX 302 & 404)HIPPACalifornia SB1386Graham-Leach-Bliley (GLB)Federal Info. Security Mgmt (FISMA)Internal auditsISO17799, ITILEtc., etc., etc.
  • 6. How Does Compliance Affect You?You have to follow regulationsIncrease IT resource and cost requirementsHigh demands on IT organization:Control ActivitiesDocumentation & MaintenanceTesting / quarterly audit
  • 7. How Does VirtualizationStreamline Regulatory Compliance?Reduces resource & cost requirementsUnify IT ControlsProvides efficient audit trailsReduces compliance administrative effort
  • 8. Examples
  • 9. Example 1– Access ControlsRisk: The security architecture for thenetwork (LAN) and servers is notconfigured to properly preventinappropriate and/or unauthorized accessControl:With Virtualization: Virtual machines can beISOLATED from each other
  • 10. ExchangeWindows2000ConsoleNICCD, Floppy,Serial, etcIntel Processor VirtualizationService ConsoleSNMPAgentPerlScriptingRemoteKVMSecurityMgmtWeb ServerCPUCPUOtherdevicesSQL ServerWindowsNT4ApacheRed Hat7.2SchedulerCPUMemoryMgmt.MemorySCSI/FCStorageEthernetNetworkOtherDevicesWhat Is Virtualization?
  • 11. IsolationCPU hardware / protectionFault, performance andsecurity isolationCPU, RAM, Disk, and networkresource controlsResource allocations can bechanged “on the fly”Guaranteed service levelsIf one virtual machine“crashes”, it has no negativeeffect on any other runningvirtual machines
  • 12. Virtualization Reduces ResourceRequirementsYour production and development instancesmust be separatedWithout virtualization, you would need to obtainadditional machines for each production anddevelopment instanceWith virtualization, you will have fewer physicalmachines and software controls are used toisolate machines
  • 13. Example 2 – Change Mgmt ControlsRisks:Incomplete, inaccurate, or unauthorized development isintroduced into the Production environment, impactingsystem integrity and availabilityKey business processes and/or IT assets may beunavailable because of unauthorized changes to theinfrastructure and/or job schedulesControl:With virtualization, events and changes are capturedautomatically
  • 14. Virtual Controls: Audit TrailsIncidents and changes must belogged and documented accuratelyWithout virtualization this is amanual process and subject to errorWith virtualization events andchanges are captured automaticallyExamplesAdding drive spaceDB Schema changesAdding network interface
  • 15. Change Control ExamplesVirtual networkinterfaces:Virtual NICs plug intovirtual switchesTwo or more: Bondedexternal links for faulttolerance and bandwidthaggregationVLAN AVLAN BVirtualVLANSwitchUplink NICTo physical switchVLAN trunk portsUplink NIC
  • 16. Example 3 – IT Operations ControlsRisk:Segregation of duties – unauthorized access, shared functionsControl:With virtualization: Minimizes discrepancies andexceptions
  • 17. Virtual Controls: SegregationSeparate roles for system anddatabase administrators, softwaredevelopers and business analysts. UseRole Based Access Control lists toauthorize who can make what changesWithout virtualization, this requiresmore training, oversight and manualauditingWith virtualization, only members ofhardware support team can upgradephysical hardware
  • 18. Example 4 – IT Operations, cont.Risk:Backup and Recovery: Inability to recover and restore criticalbusiness data accurately, completely and in a timely mannerin the event of a failed system or disaster.Control:With virtualization: Recovery time is minimized
  • 19. Virtualization: RecoveryMany of you will leverage SOX to ensureproper recovery plans are in place and testedTypically standby data center and hardwareReplacement servers do not need to beidentical hardwareVirtual machines can be consolidatedduring recoveryVirtual machines can be replicated, andstandby site can be brought up quickly
  • 20. Virtualization: EncapsulationEntire state of the virtualmachine is stored in acomputer controlled fileAdministrators can now usesoftware and not screwdriverswhen working on machinesVirtual machine state can betransferred through spaceand timeTime: stored on a DVD-ROMSpace: Transfer over a network
  • 21. Recovery ExampleArchitectureHypervisorAppOSArchitectureHypervisorVirtualization LayerAppOSAppOS
  • 22. Virtualization Simplifies ChangesHardware upgradeshappen in virtual world.Requires 1 - 3 hourmaintenance windowHardwaremaintenanceA few minutes with virtualmachine managementconsole4 - 6 hours for migrationService interrupted forduration of maintenancewindowRequires days/weeks ofchange managementpreparationMoving anapplication to anew server orRepurposing aserverA few minutes to provisiona new virtual machine.Standard templates areused.3 - 10 days hardwareprocurement1 - 4 hours provisioning newserverProvision a newserverWith ServerVirtualizationTraditional ApproachKey Task
  • 23. Summary - Virtualization andComplianceRegulatory compliance is complexVirtualization is a complex toolCareful planning, implementation andmonitoring are essential
  • 24. Questions