Ca technology exchange virtualization


Published on

CA Technologies Thought Leadership Publication on Virtualization

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Ca technology exchange virtualization

  1. 1. Volume 1 Issue 2 November 2010 CA Technology Exchange Insights from CA Technologies VirtualizationInside this issue:• Virtualization: What is it and what can it do for you?• Virtualization: Enabling the Self-Service Enterprise• Data VirtualizationplusColumns by CA Technologies thought leaders
  2. 2. CA Technology ExchangeTable of Contents 1 Welcome from the Editor in Chief Marv Waschke, Principal Software Architect, Office of the CTO, CA Technologies, and Editor in Chief, CA Technology Exchange 3 Virtualization: What is it and what can it do for you? Anders Magnusson, Senior Engineering Services Architect, CA Technologies25 Leading Edge Knowledge Creation Dr. Gabriel Silberman, Senior Vice President and Director, CA Labs, CA Technologies27 Virtualization: Enabling the Self-Service Enterprise Efraim Moscovich, Principal Software Architect, CA Technologies40 Service Assurance & ITIL: Medicine for Business Service Management Brian Johnson, Principal Architect, CA Technologies42 Data Virtualization Sudhakar Anivella, Senior Architect, Service Desk, CA Technologies51 Lessons Learned from the Mainframe Virtualization Experience John Kane, Technical Fellow Emeritus53 Glossary of Virtualization Terms
  3. 3. CATX: Virtualizationby Marv Waschke, Principal Software Architect, CA Technologies,Editor in Chief, CA Technology ExchangeOur first issue of CATX was published in April 2010. The theme was cloud com- CA Technology Exchangeputing. This issue addresses virtualization, a subject closely related to cloud Editorial Committeecomputing. The two concepts are often juxtaposed in discussion and I occasion-ally hear people speaking as if the two concepts were identical. Marv Waschke, Editor in Chief Principal Software Architect,Virtualization and Cloud Office of the CTO, CA TechnologiesVirtualization and cloud are related yes, but identical, clearly not. In computing, Janine Alexanderwe often advance by focusing on the outcome of an activity and delegate per- Technical Writer, CA Support,formance of the activity itself to some other entity. For instance, when we use CA TechnologiesSQL to query a relational database, we delegate moving read heads and scan-ning disk sectors to the RDBMS and concentrate on the tables of relations that Marie Danielsare the result. This allows database application builders to concentrate on the Program Director, CA Support,data, not the mechanics of moving bits and bytes. CA Technologies Michael DiazBoth cloud computing and virtualization are examples of delegation, but what is Quality Assurance Architect,delegated is different and the delegation occurs for different reasons. Workload Automation, CA TechnologiesCloud computing is delegation on a grand scale. A cloud consumer engages with Robert P. Kennedya network interface that permits the consumer to delegate the maintenance Senior Director, Technical Information,and management of equipment and software to a cloud provider. The consumer CA Technologiesconcentrates on the results and the provider keeps the lights on and the equip- Laurie McKennament running in the datacenter. Director, Technical Information CA TechnologiesVirtualization separates the execution of software from physical hardware bydelegating computing to emulators that emulate physical hardware with soft- David W. Martinware. The user can focus on the software rather than configuring the underlying Senior Principal Software Engineerhardware. Emulators can often be configured more quickly and with greater flex- Virtualization and Service Automation CA Technologiesibility than physical systems, and configured systems can be stored as files andreproduced easily. Without the convenience and flexibility of virtualized sys- Cheryl Morristems, cloud implementations can be slow and difficult, which is why almost all Principal, Innovation and Universitymention of cloud includes virtualization. Programs, CA TechnologiesArticles in This Issue Richard PhilyawPractice is never as simple as theory. Two of our three articles in this issue dis- Principal Software Architect, Office of the CTO, CA Technologiescuss virtual systems in practice. David TootillAlthough virtualization can deliver great rewards, deploying an IT service or Principal Software Architect, Servicegroup of services to run virtually is a complicated project that requires planning Management, CA Technologiesand systematic execution. Anders Magnusson from CA Services is an experi-enced implementer of virtualization projects. His article provides an insider’sview of the challenges in justifying, planning, and executing virtualization proj-ects.Efraim Moscovich is an architect of virtualization management tools. He hastaken time to consider the potential of virtual systems for self-service in IT. 1
  4. 4. Finally Sudhakar Anivella, a senior architect in service management develop-ment, discusses another dimension to virtualization. We tend to think of virtual-ization as synonymous with virtual servers, but in fact, we use the concept ofvirtualization in many ways in computing: virtual memory, virtual routing, areall common. Data virtualization, as Sudhakar points out, has become very im-portant in IT systems.The glossary of virtualization terms was a joint project of the editors and the au-thors. Terms come and go and change meaning all the time as virtualizationevolves. We attempted to provide terms as they are understood today in thisglossary.ColumnsIn addition to full-length articles, we have columns from CA Labs senior execu-tive, Gabby Silberman, and ITIL expert, Brian Johnson. Virtualization has longbeen a staple of mainframe computing. Ideas that are new to distributed com-puting have been used for a long time on the mainframe. Recently retired CATechnical Fellow Emeritus, John Kane, has written a column that touches onsome of the ways that virtual distributed computing is recapping the experienceof the mainframe.All articles in CATX are reviewed by panels of experts from CA Technologies. Ar-ticles that pass the internal review go on to external review panels made up ofindividuals from universities, industry experts, and experts among CA Technolo-gies customers. These reviewers remain anonymous to preserve the integrity ofthe review process, but the editorial committee would like to thank them fortheir efforts. They are valued contributors to the success of CATX and we aregrateful to them. If any readers would like to participate in a review panel,please let us know of your interest and expertise in an email to editorial committee hopes you find value and are challenged in this issueon virtualization. Please consider contributing to our next issue, which will cen-ter on REST, (Representational State Transfer), the “architecture of the WorldWide Web.” Although REST will be the main theme of our next issue, we willalso include additional articles on virtualization, the cloud, and other topics ofinterest to the IT technical community.Our April 2011 issue promises to offer a varied range of thought-provoking arti-cles. CATX is open to everyone to contribute, not only CA Technologies employ-ees but all IT technologists. Please address questions and queries 2
  5. 5. Virtualization: What is it and what can it do for you?by Anders Magnusson, Senior Engineering Services Architect, CA TechnologiesThe Promise of Virtualization About the author:Although the concept of virtualization began in the mainframe environment inthe late 1960’s and early 1970’s, its use in the distributed environment did notbecome commonplace until very recently. Even though the underlying technol-ogy and related best practices rapidly continue to evolve, for most applicationtypes virtualization has proven mature enough to support business critical sys-tems in production environment.When done right virtualization provides significant business value by helping or-ganizations manage cost, improve service, and simplify the process of aligningbusiness with IT. We can see a rapid acceleration in the number of traditionaldatacenters that are pursuing this value by shifting to a virtualization basedmodel, and some are even taking it one step further and by implementing pri- Anders Magnusson is a Senior Engineer-vate clouds. How fast this transformation will happen and how much of the ing Services Architect at CA Technolo-“old” datacenter will instead move out to public clouds is uncertain. To help us gies and a member of CA Technologieswith these estimates we can look at what Gartner Inc. and Forrester Research Council for Technical Excellence.are predicting: Since joining CA Technologies in 1997 he has held a number of roles and re-• “Virtualization continues as the highest-impact issue challenging infrastruc- sponsibilities across the organization ture and operations through 2015. It changes how you manage, how and what but, during the most recent several you buy, how you deploy, how you plan and how you charge. It also shakes up years he has focused on developing licensing, pricing and component management. Infrastructure is on an standard procedures and best practices inevitable shift from components that are physically integrated by vendors for utilizing virtualization and deploying (for example, monolithic servers) or manually integrated by users to logically multi-product solutions. composed "fabrics" of computing, input/output (I/O) and storage components, and is key to cloud architectures. This research explores many facets of Anders is responsible for providing siz- virtualization.” (Gartner, Inc., “Virtualization Reality”, by Philip Dawson, July ing best practices and tools for several 30, 2010.) CA Technologies solutions as well for virtualization related material on the Implementation Best Practices site,• “By 2012, more than 40% of x86 architecture server workloads in enterprises which can be found at will be running in virtual machines.” (Gartner, Inc., “IT Virtual Machines and Market Share Through 2012”, by Thomas J. Bittman, October 7, 2009.) mon/impcd/r11/StartHere.htm• "Despite the hesitancy about cloud computing, virtualization remains a top priority for hardware technology decision-makers, driven by their objectives of improving IT infrastructure manageability, total cost of ownership, business continuity, and, to a lesser extent, their increased focus on energy efficiency." (Forrester Research Inc. – Press Release: Cambridge, Mass., December 2, 2009, “Security Concerns Hinder Cloud Computing Adoption”. Press release quoted Tim Harmon, Principal Analyst for Forrester.)Despite the awareness of the huge potential provided by virtualization – or evenbecause of it – there are many virtualization projects that fail in the sense thatthey aren’t as successful as expected. This article is written in two parts. Partone defines virtualization and why organizations choose to use it, while part twofocuses on planning a successful virtualization project. 3
  6. 6. What is Virtualization?The first step in understanding what the virtualization effort will achieve is to At a high level, virtualization presentsagree on what we mean by “virtualization”. At a very high level virtualization system users with an abstractcan be defined as a method of presenting “system users” (such as guest sys- emulated platform without details.tems and applications) with the big picture (that is, an abstract emulated com-puting platform) without the need to get into all the little details – namely thephysical characteristics of the actual computing platform that is being used.Virtualization has long been a topic of academic discussion and in 1966 it wasfirst successfully implemented in a commercial environment when the IBMmainframe systems S/360 supported virtual storage. Another breakthroughcame in 1972, when the first hypervisors were introduced with the VM/370 op-erating system. The introduction of the hypervisor is important because it en-able hardware virtualization by allowing multiple guest systems to run inparallel on a single host system. Since that time virtualization has been devel-oped on many fronts and can include:Platform or Server Virtualization: In this form of virtualization a single serverhosts one or more "virtual guest machines". Subcategories include: HardwareVirtualization, Paravirtualization, and Operating System Virtualization.Resource Virtualization: Virtualization also can be extended to encompass spe-cific system resources, such as storage and network resources. Resource virtual-ization can occur within a single host server or across multiple servers (using aSAN, for example). Modern blade enclosures/servers often combine platformand resource virtualization, sharing storage, network, and other infrastructureacross physical servers.Desktop Virtualization: Virtual Desktop Infrastructure (VDI) provides end userswith a computer desktop that is identical or similar to their traditional desktopcomputer while keeping the actual computing power in the datacenter.When this approach is used, the end user requires only a thin client on his desk-top. All updates or configuration changes to the application or hardware are per-formed in the centrally located datacenter. This approach provides greaterflexibility when it comes to securing the systems and supplying computingpower on demand to the end user.Application Virtualization: Application virtualization is a technology designedto improve portability, manageability, and compatibility of individual applica-tions by encapsulating the application so that it no longer communicates di-rectly with the underlying operating system.Application virtualization utilizes a “virtualization layer” to intercept calls fromthe virtualized application and translate them to call the resources needed toprovide the underlying operating system.Computer Clusters /Grid Computing: This type of virtualization connects mul-tiple physical computers together as a single logical entity in order to providebetter performance and availability. In these environments the user connects tothe “virtual cluster” rather than to one of the actual physical machines.The use of grid computing or clustering of computers is typically driven by the 4
  7. 7. need to support high availability, load balancing, or a need for extreme comput-ing power.Each one of these general categories can be divided into additional subcate-gories. All of these potential options make it important that you are clear aboutwhat you are referring to when you talk about virtualization.The requirements and best practices for each of these different techniques arevery similar – often what is valid for one form is valid for many of the others. Inaddition, several of these depend on each other, and by implementing more ofthem, you enhance the value. For example, if you are implementing Server Vir-tualization or a Grid Structure you should also consider various types of resourcevirtualization to support the infrastructure.For the purposes of this article, we are focusing on server virtualization unlessotherwise specified.Why Use Virtualization?Now that you know what virtualization is, The short answer to the questionwhy do organizations choose to use it? “Why use virtualization” is to manageThe short answer is to manage cost, im- cost, improve service, and simplify theprove service, and simplify the process of process of aligning business with IT.aligning business with IT. For example, byusing virtualized environments, organiza-tions can provide improved service by an-ticipating and quickly responding togrowth in demand. In extreme examplesROI has been achieved in as little as 3-6months; however, a more realistic expec-tation is that it will take 12-18 months.Following are some of the common drivers that influence organizations in de-ciding to virtualize their IT environment.Hardware Cost Savings through Consolidation of logical servers into fewer Hardware cost savings throughphysical servers is one of the main promises from virtualization. There are mul- consolidation of logical servers intotiple ways in which savings can be realized. First, fewer physical servers may be fewer physical servers is one of therequired. In a well managed virtual environment, multiple logical servers can be main promises from virtualization.hosted on the same physical server. Second, by reducing the number of physicalservers required, virtualization can help manage “datacenter sprawl”, a savingsof both physical space and the utilities required to manage the larger space.To consolidate successfully, you need to understand the entire picture. An organ-ization can consolidate workload that was previously distributed across multiplesmaller – and often underutilized - servers onto fewer physical servers - espe-cially if those servers previously had a limited workload - but these new serversstill must have sufficient resources, at all times. See the section “New HardwareRequirements” below for more details on this.Automation and Enhanced Resource Management is, in many ways, relatedto hardware cost savings but the drivers are sometimes different:• Optimized usage of hardware resources. In a non-virtualized environment it is 5
  8. 8. common to have some servers that are barely utilized. Many datacenters are filled with servers that use only a small percent of the available resources. These centers are perfect targets for consolidation and can provide an excellent return on investment.• Rapid deployment of new servers and applications. In a well managed environment with established templates for typical server installations, new logical servers can be deployed rapidly on host servers with available capacity.• Flexibility, ability to provide on demand resources. Many applications require significant resources - but only briefly. For example end of month or end of year reporting or other specific events may trigger a higher than usual load. In a virtualized environment, more resources can be assigned dynamically to a logical server or, if the application is designed to support scaling out horizon- tally, rapid deployment can supply additional logical servers as worker nodes.• Flexible chargeback systems. In a flexible virtualized environment an organiz- ation can provide a meaningful chargeback/showback system that will efficiently encourage system owners to use only the resources they need without risking the business by using servers that are inadequate for their needs. This approach is especially true in a highly mature and flexible virtual environment that includes management tools that collect all required metrics and resource virtualization techniques such as storage virtualization with thin provisioning.• Support test and development by providing access to a large number of potential servers that are active and using resources only when needed. This need is typically the starting point and an obvious choice to virtualize for any environment that requires temporary short-lived servers. It is especially true when test and development groups require a large number of different operating systems, configurations, or the ability to redeploy a test environ- ment quickly from a pre-defined standard.Fault Tolerance, High Availability, and Disaster Recovery on different levels Fault tolerance, high availability, andcan be simplified or made more efficient in a virtual environment. In highly disaster recovery on different levelsavailable environments, brief interruptions of service and potential loss of trans- can be simplified or made moreactions serviced at the time of failure are tolerated, while fault tolerant environ- efficient in a virtual environment.ments target the most mission-critical applications that cannot tolerate anyinterruption of service or data loss. Virtualization can provide a viable solutionfor both – including everything from simplified backup/restore of systems tocomplete disaster recovery or fault tolerance system supported by the varioushardware and virtualization vendors.A few examples of this scenario are:• Backup of complete images. A virtual server, by its very nature, is comprised of a set of files that can be moved easily between physical servers. A quick snapshot of those files can be used to start the server in this exact condition on another physical server.• Simplified disaster recovery solutions. When coupled with the appropriate hardware infrastructure, virtualization strategies can be used to simplify the process of disaster recovery. For example, a typical disaster recovery solution 6
  9. 9. may include distributing resources into primary and secondary datacenters. Solution providers often take advantage of features built into a virtualization infrastructure and sell out-of-the-box solutions to support high availability and disaster recovery.• Minimize downtime for hardware and software maintenance tasks. All down- time due to planned hardware maintenance can be avoided or kept to a minimum because an organization can move the active virtual images to another physical server while the upgrade is performed. With correct planning, change control for software maintenance can also be significantly enhanced through judicious use of virtualization. Because the complete logical machine can be copied and handled as a set of files, organizations can easily set up separate areas such as Development, Quality Assurance, Library of available images, Archive of previously used images, Staging area for Configuration, and so on. A structure like this one encourages organizations to upgrade and test a new version in the “Development” and “QA” areas while still running the old version in “Production.” When the new version is approved, a small maintenance window can be scheduled to trans- fer the new, updated, and verified library image over to the production system. Depending on the application, the maintenance window can even be com- pletely eliminated by having the old and the newly updated images running in parallel and switching the DNS entry to point to the updated instance. This approach requires some advanced planning, but it has been successfully used by service providers with tight service level agreements.• Efficient usage of component level fault tolerance. Because all virtualized servers share a smaller number of physical servers, any hardware related problems with these physical servers will affect multiple logical servers. Therefore, it is important that servers take advantage of component level fault tolerance. The benefit of taking this approach is that all logical servers can take advantage of the fault tolerant hardware provided by the host system.Energy Saving and Green IT. Another justification for using virtualization is to Another justification for using virtual-support sustainability efforts and lower energy costs for your datacenter. By con- ization is to support sustainabilitysolidating hardware, fewer and more efficiently used servers demand less en- efforts and lower energy costs forergy to perform the same tasks. your datacenter.In addition, a mature and intelligent virtualized environment can power on andoff some virtual machines so that they are active only when they are in use. Insome cases, virtual machines running on underutilized host servers can bemoved onto fewer servers, and unused host servers powered down until theyare needed.Simplify Management. One of the primary challenges in managing datacentersis data center sprawl, the relentless increase in diverse servers that are patchedand configured in different ways. As the sprawl grows, the effort to maintainthese servers and keep them running becomes more complex and requires asignificant investment in time. It is worth noting that, unless effective lifecyclemanagement procedures and appropriate controls are in place, data centersprawl is a problem that will be magnified in a virtual environment.Using well controlled and well managed virtualization guest images, however, 7
  10. 10. reduces the number of configuration variations making it easier to manageservers and keep them up to date. Note that this approach requires that a virtu-alization project also includes a change control process that manages virtualimages in a secure way.When a server farm is based on a small set of base images, these images can beefficiently tested and re-used as templates for all servers. Additional modifica-tions to these templates can be automatically applied in a final configurationstage. When done correctly this approach minimizes the risk of serious failuresin the environment. All changes, including the final automated configuration,should be tested before they are put in production. This secure environmentminimizes the need for expensive troubleshooting of production servers andfosters a stable and predictable environment.Managing Security. Security is one of the major concerns surrounding virtual- In a virtual environment, much ofization. Too often, the main security risk in any environment is the human fac- the security management can betor; administrators who, without malicious intent, mis-configure the system. The automated and raised one level sotraditional security models are effective if sufficiently rigorous procedures are that fewer manual steps are neededfollowed. In a virtual environment, much of the management can be automated to keep the environment secure.and raised one level so that fewer manual steps are needed to keep the environ-ment secure.A few examples of this are: Patch management. Virtualization allows testing changes in a controlled en- vironment, using an identical image. After the updated image is verified, the new image or the specific changes can be promoted to the production sys- tem with a minimum of downtime. This approach reduces the risks with patching the system and, in most cases, if something goes wrong reversion to a pre-patch snapshot is easy. Configuration management. The more dynamic environment and the poten- tial sprawl of both physical and logical servers makes it important to keep all networks and switches correctly configured. This is especially important in more established and dynamic virtual environment where virtual machines are moved between host servers based on location of available resources. In a virtual environment, configuration management can be handled by pol- icy driven virtual switches (a software implementation of a network switch running on the host server) where the configuration follows your logical server. Depending on your solution you can define a distributed switch where all the resources and policies are defined on the datacenter level. This approach provides a solution that is easy to manage for the complete datacenter. Support for O/S hardening and an integral part of change control. If all servers have been configured using a few well defined and tested base im- ages it becomes easier to lock down the operating systems on all servers in a well controlled manner and minimizes the risk for attacks.Enabling Private Cloud Infrastructure. A highly automated virtualized environ-ment can significantly help your environment create a private cloud infrastruc-ture. Stakeholders can request the resources they need and return them when 8
  11. 11. they no longer are needed. In a highly mature environment where the stake-holder requests resources or services, these requests can be hosted in a privatecloud or, if resources aren’t available, in a public cloud. This level of flexibilitywill be difficult to accomplish in an acceptable way without basing the privatecloud on a virtual environment. From the requestor’s point of view, it doesn’tmatter if the services in the cloud are hosted on a physical machine, a virtualmachine, or some type of a grid as long as the stakeholder is getting the re-quired resources and the performance.Next StepsThe goals driving your particular virtualization project may include any numberof those identified in this article – or you may have a completely different set ofdrivers. What is critical is that you clearly identify those goals and drivers priorto undertaking the project. Project teams need a clear understanding of whatthey are expected to accomplish and what business value is expected to be de-rived in order to identify the appropriate metrics that will demonstrate the valueof virtualization to the stakeholders. Part two of this article “Planning Your Vir-tualization Project” examines how these drivers can be used to direct the projectand outlines a number of important areas to be aware of when planning a virtu-alization project.Planning Your Virtualization ProjectThe Importance of PlanningWhen you are planning a virtualization project, one of the most critical first When you are planning a virtualiza-steps is to ensure that both the project team and all stakeholders understand tion project, one of the most criticalwhat the project needs to accomplish, what the supporting technology is capa- first steps is to ensure that both theble of and what the true business drivers behind the project really are. This is project team and all stakeholderstrue for any project – but it is particularly true for virtualization endeavors be- understand what the project needs tocause there are many common misperceptions about what virtualization can accomplish, what the supportingand cannot offer. For further insights on the benefits of virtualization – and technology is capable of and what thecommon business drivers - see Part one of this article “What is Virtualization?” true business drivers behind the project really are.Even though your team may know that a virtualization project can provide sig-nificant value unless that value is explicitly spelled out, it runs the risk of be-coming “just another big project” which is an invitation to failure. Thevirtualization project may save the company money, it may make it easier toprovision new machines, and, perhaps, it might even reduce the company’s car-bon footprint, but a project with goals this vague is likely to fail and be be super-seded by a new project because there is no way of effectively measuring itsprogress or success. To endure and succeed, a project must have explicit intent,understandable milestones, and clear measures of success defined up front.Without them, expectations will be unclear and there will be no way to accu-rately communicate the benefits.Before undertaking any virtualization project, the following questions must beaddressed:• Maturity levels: What is the current and expected maturity level of the virtu- alized environment? (see “Maturity Levels” later in this article for examples).• Purpose: What are the business drivers for the project? 9
  12. 12. • What: What processes, functions, and applications will be virtualized?• Support: Do stakeholders (for example, system owners and executive leaders) support the project goals?• Cost: How much is the project expected to cost, and save?• Risks: What functional and financial risks will be associated with the project? Are they acceptable?• Scope: What is the timeframe and what resources will be needed to complete the virtualization project? (Will it be a single, focused project, or one of multi- ple phases and milestones?)• Changes: Will changes will need to occur in the current processes, functions, and applications to support virtualization? Will changes need to occur in the deployment environment?• Accountability: What measurements will be incorporated that indicate that the project has reached its targets and is successful? Which stakeholders need to be informed of project progress, and how often?This list is by no means exhaustive, however, without at least a good under-standing of the answers to these questions it is likely that the project will beless successful than it could be. In a larger project where the goal is to virtualizea significant part of the environment or span multiple maturity levels, it is alsoimportant to have an open mind and, to some degree, an open project plan, thatpermits incorporation of lessons learned during earlier phases of the project intolater phases. Changes to the original stakeholder agreement must have buy-in;a minor change or delay that is communicated is rarely a problem, but ignoredchanges might turn an otherwise successful project into a failure.Virtualization Maturity LevelsAnalyzing the current state of virtualization, the maturity level, and comparing it There are typically four levels ofto the future desired level simplifies virtualization decisions. There are typically virtualization maturity:four levels of virtualization maturity: Level 1 – Islands of virtualization; Level 2 - Consolidation and managing expenses; Level 3 – Agility and flexibility; and Level 4 – Continuous adaptivity.Level 0 – No Server UtilizationAs the starting point of the virtualization maturity “ladder” this level describesan organization which has not yet implemented virtualization.Level 1 – Islands of Virtualization for Test and DevelopmentThis maturity level describes the state of most IT departments before they starta formal virtualization project. Virtualization is often used by individuals or lim- 10
  13. 13. ited groups within the organization without centralized management or re-sources. At this stage virtualization is used reactively and ad hoc to create vir-tual machines for testing and development in order to address specific issuesfor non- business critical systems when they arise.Level 2 – Consolidation and Managing ExpensesAt this stage the primary driver is to consolidate servers and increase the utiliza-tion of available resources. When done correctly, consolidating small or under-utilized servers into larger servers can be very efficient and it can savesignificant costs. However, the key to saving costs is identifying the right serversfor virtualization. While there can be valid reasons to virtualize larger servers aswell, it is difficult to realize savings on hardware in doing so.Level 3 – Agility / FlexibilityThe driver for the next step on the virtualization maturity ladder is the need forenhanced flexibility, enabling you to add and remove resources on demand andeven move workload between physical hosts. This ability can be used to balanceworkload or to support a high availability solution that allows virtual machinesto be restarted on a different physical server after a server failure.Level 4 – Continuous AdaptivityThe driver behind this step is the desire to fully automate all of these functionsin order to enable software solutions, often with hardware support, to pre-dictably and dynamically balance the load between servers, rebalance resourcesbetween virtual machines, start up and shut down virtual servers based onneed, control power saving features in both the virtual machines and the hostsystem itself, etc. This automation should be service-aware and should considersuch factors as measured and expected workload, tariffs for energy, importanceand urgency of requested resources, and demand from other services, andshould use all available information to identify the best use of the available re-sources.The potential gains from virtualization grow significantly with each step up thematurity ladder: however, climbing too fast up the ladder can risk project failure.This is especially true if you also lack complete support from the stakeholdersand the executive leadership, access to the correct infrastructure and tools orthe required skillset. Travelling up the maturity levels is often a journey and it islikely that a project will lead to a mix of the different maturity levels, which isexpected, but it is important that your goals be clearly defined and communi-cated.Virtualization ChallengesPart one of this article “What is Virtualization?” discussed the importance ofidentifying the business drivers for a project. After that is done it is equally im-portant to be aware of problems and challenges that may arise. Awareness canguide infrastructure design to minimize problems caused by these obstacles.One common and challenging problem with server consolidation is that someareas of the organization may want to retain control over their existing hard-ware and applications. This resistance could be caused by a fear of losing con-trol of their environment, fear of inadequate response times or systemsavailability, concerns about security and handling of confidential data, or gen-eral anxiety about changes to their business environment. Some of these con- 11
  14. 14. cerns may be valid while others may only express a lack of understanding ofwhat this new technology has to offer. The project team must identify theseconcerns and address them to the satisfaction of the stakeholders.Even though it is critical to have full support for the project, it is equally impor-tant to have a good understanding of the types of problems – both technicaland business impact related - that can potentially occur.A few common challenges are:Overutilization: One common problem with a virtualized environment is One common problem with a virtual-overutilization of physical servers. Although virtualization permits running mul- ized environment is overutilization oftiple logical servers on one physical server, virtualized applications require more, physical servers.not fewer, resources when they are virtualized. Virtualization always adds over-head. A virtualized application uses more resources than a non-virtualized in-stallation of the same application and it will not run faster unless it is hosted onand has access to faster hardware than the non-virtualized installation. The ac-tual overhead depends on a number of factors but independent tests haveshown that the CPU overhead generally ranges from 6%-20%(See “VMware: The Virtualization Drag” at Overutilization of resources can present a serious problem in virtual-ized environments that do not have correctly sized host servers. See the section“New Hardware Requirements” below for more details.Underutilization: Alternatively, the underutilization of servers minimizes thevalue of virtualization. To provide a good balance it is important to understandthe environment and to have the necessary tools to monitor and balance theload dynamically. Typically hypervisor vendors provide tools for this, but 3rdparty vendors can provide added flexibility and value. For example, one organi-zation I have worked with utilizes virtualization to provide a dynamic test envi-ronment that can scale to meet the needs of many different groups. Resourcerequirements can vary dramatically depending on the type of testing beingdone. The environment is a rapidly growing environment that initially experi-enced serious issues with overutilization. They resolved these issues by imple-menting a management solution that continuously measured the load andprovided early warning of potential overutilization. This allowed the team toproactively balance their workloads and add resources when needed.Single Point of Failure: In a virtualized environment where every host is run- In a virtualized environment wherening multiple logical servers, the impairment of a single physical server could every host is running multiple logicalhave devastating consequences. Therefore, it is important to implement redun- servers, the impairment of a singledant failsafe systems and high availability solutions to avoid situations where physical server could have devastatingone failing component affects multiple applications. This solution should in- consequences.clude configuring redundancy for all critical server components, employinghighly available storage solutions (RAID 5 or RAID 1+0), ensuring network con- Therefore, it is important to imple-nections are connected to separate switches, etc. In addition, in the event every- ment redundant failsafe systems andthing else fails, we recommend configuring the environment to be fault tolerant high availability solutions to avoid sit-so that if one host fails, the guest systems will start on a secondary host. Imple- uations where one failing componentmented correctly, virtualized systems are likely to have significantly better up- affects multiple applications.time than individual systems in physical environments.One organization that initially experienced a few hectic evenings as the resultof a single failing server bringing down multiple important applications learned 12
  15. 15. early on the value of clustered host servers with dynamic load balancing. Aftervirtualization was fully implemented, and one host went down, the workloadsautomatically restarted on another node in the cluster. In addition this organiza-tion has also set up separate distributed datacenter so if one datacenter be-comes unavailable the entire organization isn’t affected.Virtualization of Everything: Attempting to virtualize every server and applica-tion in an environment can be challenging. It is true that it is possible to virtual-ize most workloads, however, success requires careful planning that identifieswhat should be virtualized, why it should be virtualized, and what supporting in-frastructure is required. Just because something is possible does not mean thatit is a good idea.Some of the more challenging examples are:Heavily utilized servers. Significant planning is required before virtualizingservers that often or always register high resource utilization. This is especiallytrue for servers with multiple CPUs. While most hypervisors support guest sys-tems with 4 or more vCPU, this requires complicated scheduling and the over-head can be steep. Therefore, unless there are compelling reasons and ampleavailable resources, virtualization should be avoided for heavily utilized systemsthat require multiple CPUs, especially when predictable performance is critical.Real time requirements. Applications that require real time or near real time re-sponse from their servers typically are not suitable for virtualization. The systemclock on virtualized system may lag as much as 5-10 seconds under a heavyload. For typical loads this is not a problem, but systems that require real timeor near real time response need special treatment. A satisfactory virtual imple-mentation will require careful analysis of the hypervisor solutions support forreal time requirements on guest systems.Application support. As virtualization becomes more common, many applica-tion vendors will begin to support their applications in virtualized environments.Nevertheless, a significant number of applications still are not supported andeven if virtualization is supported, some application vendors may require proofthat any reported issue can be reproduced in a non-virtualized environment.Licensing. There are still many applications and licensing agreements that aren’tdesigned with dynamic virtualized environments in mind. Ensure that licensingprovisions address whether the license cost is connected to the number of phys-ical CPUs on the host servers and whether it is licensed to only run on a dedi-cated physical server. In these situations, the license may require payment for alicense for the host server’s 16 CPUs even though the application is assigned toonly one vCPU. Dedicated physical server licenses may prevent dynamic migra-tion of the logical server to other host servers. Another consideration is that awell-planned lifecycle management solution requires each image to have multi-ple active instances for Development, Test/QA, Production, and so on. The or-ganization needs to determine and track whether each one of these instancesrequires additional licenses?Direct access to specific hardware. Applications that require direct access to cer-tain hardware such as a USB or serial port keys or other specialized hardware,such as video capturing equipment, tape drives and fax modems might be com- 13
  16. 16. plicated or impossible to virtualize in a meaningful way.New Hardware Requirements. Hardware must be sized appropriately to take Hardware must be sized appropriatelyadvantage of virtualization. For efficient scheduling of resources between multi- to take advantage of virtualization.ple logical servers, each host server must have ample resources, including CPU, For efficient scheduling of resourcesmemory, network I/O and storage I/O. Because many concurrent resources are between multiple logical servers,sharing these resources, the environment must not only support high volumes, each host server must have ampleit also must support a large number of transactions. For example, one extremely resources, including CPU, memory,fast network can be helpful but a single fast card is seldom adequate. Efficient network I/O and storage I/O.virtualization requires equipment with multiple fast I/O channels between allcomponents. Sufficient hardware can also provide added value acting as compo-nent level fault tolerance for all logical servers.Special focus needs to be put on the storage infrastructure. Connecting all ofyour servers to a SAN (fibre channel or iSCSI based) is, highly recommended, fora virtual environment. A fast SAN and dedicated LUNs for the virtual machinesavoids many I/O bottlenecks. The more advanced features and common driversfor a virtualized environment, such as hot migration, high availability, and faulttolerance, are impossible or significantly harder to implement without a SAN.Cooling requirements can be a concern. An older datacenter may develop socalled ‘hot-spots’ when a large number of smaller servers are replaced withfewer but larger servers. Although new servers may require less energy and cre-ate less heat overall, the generated heat can be concentrated in a smaller area.There are many ways to address this situation, including adding new racks withintegrated cooling or developing more complex redesigns of the cooling system.A lack of sufficient resources is a common obstacle for virtualization efforts. Forexample, a large organization quickly became aware that they hadn’t allocatedsufficient storage when the constraints became so severe that they weren’t ableto take snapshots of their images. Consequently, they could not implement theirplanned high availability strategy.Another organization tried to implement a large number of I/O intensive net-work applications on a host with a limited number of network cards. As a result,the number of I/O interrupts to each card quickly became a bottleneck for thisphysical server.These examples demonstrate how crucial it is to actively monitor and manageall types of resources; a resource bottleneck can easily cause an otherwise suc-cessful project to lose critical planned functionality.Security. Another common concern is properly securing virtual environments.Reorganization and consolidation of servers and applications can be disruptiveand risky; however, these risks can be managed. For security, there are advan-tages and disadvantages to virtualized environments and the two are oftenclosely related. Items that are typically seen as problem areas or risks can oftenturn into advantages when the environment is well managed. For example, newabstraction layers and storage infrastructures create opportunities for attacksbut these additions have been generally proven to be robust. Nearly all attacksare due to misconfigurations, which are vulnerabilities that exist in both physi-cal and virtual environments. 14
  17. 17. A few common concerns are: Security must be considered when deploying a virtualized environment. Management of inactive virtual machines can not rely on traditional patch Common concerns that should be management systems. In many virtualized environments, the templates or addressed are: guest systems that are used as definitive images for deployment may not be • Managing inactive virtual machines accessible to traditional patch management solutions. In a worst case sce- • Maintaining virtual appliances nario, a poorly managed definitive image may revert an existing image to an • Version controlling unsafe earlier patch level. • Server theft • Understanding the new abstraction In an environment with strict change control and automation of all configura- layer tion changes, this is not a major issue, but in some environments, these situa- • Hyperjacking tions can present major problems. • Securing a dynamic environment • Immature or incomplete tools Maintenance of virtual appliances. Virtual appliances are pre-packaged solu- • Securing and isolating confidential tions (applications, OS and required drivers) that are executed on a virtual host data and that require minimal setup and configuration. Appliances can be secured further through OS lockdown and removal of any services or daemons that aren’t necessary for the appliance. This practice makes the appliance more ef- ficient and more secure because it minimizes the attack areas of which a mali- cious user can take advantage. These non-standard installations can be harder to maintain and patch be- cause some standard patches might not work out-of-the-box unless provided by the virtual appliance vendor. This problem can be mitigated by testing all configuration changes in a separated development and test environment be- fore deploying in production. Lack of version control. Virtualized environments that allow guest systems to be reverted to an earlier state require that special attention is paid to locally stored audit events, applied patches, configuration, and security policies that could be lost in a reversion. Strict change control procedures help avoid this issue. Storing policies and audit logs in a central location also helps avoid problems. Server theft. In a non-virtualized environment, stealing a server is difficult. The thief needs physical access to the server to disconnect it and then cooly walk out of the datacenter with a heavy piece of hardware. In a virtual environ- ment, a would-be thief only needs access to the file system where the image is stored and a large enough USB key. Surreptitious network access may be even more convenient for a thief. A successful illegal copy of the virtual image may be indetectable. This issue underscores the need for efficient access con- trol and an audit system that tracks the actual user and not just ‘root’, ‘admin- istrator’ or other pre-defined privileged users. New abstraction layer. Hypervisors introduce a new abstraction layer that can introduce new failures as well as security exposures. Hypervisors are designed to be as small and efficient as possible which can be a double-edged sword from a security perspective. On the upside, hypervisors have a small footprint with few well controlled APIs so they are relatively easy to secure. On the downside, lightweight and efficient can mean limited error recovery and secu- rity implementation. The downside can be mitigated by configuring high secu- rity around the hypervisor including specific security related virtual appliances or plug-ins to the hypervisors. 15
  18. 18. Hyperjacking is an attack on the hypervisor that enables a malicious user to access or disturb the function of a large number of systems. So far hyperjack- ing hasn’t been a significant problem, but it is critical to ensure that your vir- tual environment follows the lockdown procedures recommended by the hypervisor vendor and that you apply all recommended security patches. Securing dynamic environments. To fully take advanatage of the potential pro- vided by a virtual environment that environment needs to support automated migration of guest systems between host servers. A dynamic environment, however, presents new challenges. When secured resources move from host to host, a secure environment must be maintained regardless of the current host of the guest system. These challenges may not be as problematic as it ap- pears. With policy-based security and distributed vLANs that are managed for a complete group of host servers or the complete datacenter, policies will fol- low the guest system and remain correctly configured regardless of which server its currently running on. Immature or incomplete tools. Over the last several years the tools to manage virtual environments have been maturing rapidly and much of the functional- ity for securing the system, automating patching, and managing of the virtual system are enhanced frequently. Many of these functions are provided by the hypervisor vendor, while other tools with additional features are provided by 3rd party vendors. This rapid development of tools and features can be expected to continue and it will be more important to have management solutions that can extend across heterogeneous environments - including virtual and non-virtual sys- tems - and all the way out to cloud infrastructures. Precise predictions are im- possible, but the industry is aware that virtual environments and cloud solutions will rapidly take over more and more workloads. Management sys- tems of the future will work with and manage a mix of hypervisors, operating systems and workloads in these environments. The ability to secure and isolate confidential data is a common concern that must be carefully considered when designing storage solutions. Server virtual- ization itself doesn’t add a significant risk in this area, but it’s important to be aware of since SAN and more complex virtual storage solutions are often em- ployed to maximize the value of a virtualized environment. Further discussion on this topic is beyond the scope of this article, when these solutions are em- ployed, the steps required to secure the storage may require special or vendor- specific knowledge. This is particularly important if data is governed by regulations such as HIPAA, GLBA, PCI, SOX, or any other federal or local regulations. When regulations such as these apply, data security often must be designed in consultation with auditors and regulators.With a properly managed virtualization project, these risks can be minimized;however, it is important that organizations be aware of the risks and addressthem appropriately. A well-managed virtual environment can provide greater se-curity by ensuring that all servers are based on identical, well-tested base im-ages. 16
  19. 19. In addition, security solutions are easier to implement and administer whenbased on centralized policies. For example, consider an organization that needsto distribute management of much of the guest system to individual owners.These individual owners might choose to revert to an earlier snapshot at will.Central IT manages the security on these system by regularly scanning them toensure they are correctly patched and do not contain any viruses or other mal-ware. When non-critical issues are detected, the owner is notified; for critical is-sues the system is disconnected from the network.Appropriate Skills and Training. With the right tools and planning, manage-ment of a virtualized environment can be simple and streamlined; but the ITstaff may need additional training to acquire new skills.Administrators who don’t fully understand the specific tools and requirementsfor virtualized environments can easily misconfigure the environment – result-ing in environments with unpredictable performance or, worse, securitybreaches. Sufficient time and resources for training are required both before andthroughout any virtualization project.Consider the same organization noted in the previous example. They needed todistribute many management tasks to individual owners. They ran into an prob-lem when a group using a guest system with 2TB of data took a snapshot of thesystem. The local manager didn’t realize that the system would now need 4 TBof data and that it would take 5 hours to commit the snapshot. The issue wasresolved by having a certified professional educate the system’s owner aboutthe impact various actions have on the storage requirements and performance.They were able to remove the snapshot safely, without losing any data, butcould have avoided the issue if they had taken the proper training first.General Project Risks. Virtualization projects are subject to the same genericrisks as any major project. Both scope creep and unrelated parallel changes withentangling side effects can derail virtualization projects as quickly and com-pletely as any other project.Design ApproachGiven an understanding of the reasons for virtualization, the business drivers,the possible affects on business and potential obstacles, the sources of failureand their mitigation, project planning can begin in earnest. The next step for avirtualization project is to carefully understand and analyze the environment. Asuccessful virtualization project is the result of more planning than anyone ex-pects. Some specific planning steps are laid out here.Identify Workloads Appropriate to VirtualizeThe first step is to identify the scope of this project, that is, the applications andservers to be included. The bullet item Virtualization of Everything listed in theprevious “Typical Challenges with Virtualization” section identified several typesof servers that are difficult to virtualize. Avoid virtualizing these types of serversunless there is a valid reason and a plan for addressing the concerns. Fortu-nately, few servers fall into these categories. Most hypervisor vendors providetools that can assist with this process, but to get the best possible result andavoid being at the mercy of the vendor, you should have a good understandingof the environment in question. The following server categories are listed in theorder of suitability for virtualization: 17
  20. 20. Rarely used servers that must be accessed quickly. Virtualizing these servers al-lows the organization to keep a large library of servers with different operatingsystems and configurations with a minimum hardware investment.They are typically used for:This starting point is a common for many companies because the value is sig-nificant and the risks few. Value is realized through faster provisioning of newservers, reduction of provisioning errors, and minimized hardware investment.Additional worker nodes to handle peak loads. This approach is especially usefulwhen applications can be dynamically scaled out with additional nodes sharinga common virtual environment. If the environment is maintained and sufficientresources are available when needed, this scenario adds great business value. Ajust-in-time automated worker node provisioning system maximizes this value.Consolidation of lightly used servers. Some examples of lightly used serversinclude:• Service Providers (xSP) with many small clients.• Multiple mid-tier managers or file and print servers originally implemented on separate servers for political, organizational, or legal reasons.In many cases isolation provided by virtualization is sufficient, especially if thedata is separated onto private disk systems; however, you should verify that vir-tualization satisfies the organization’s isolation and separation requirements.Servers with predictable resource consumption profiles allow planning thedistribution of work to virtualized servers. In these cases, keep in mind that:• You should beware of applications with heavy I/O.• Applications that require different sets of resources at the same time can coexist on the same physical server.• Applications that require the same resources at different times can also coexist on the same physical server.In each of these cases, value comes from reducing the number of servers, re-sulting in both hardware maintenance and management cost savings. Unless aproject falls into one of these categories, virtualization alone seldom savesmoney. There are other good reasons to consider virtualization, but you shouldbe aware that cost savings may not appear. 18
  21. 21. Understand and Analyze the EnvironmentServer consolidation is an opportunity to raise the virtualization maturity level Server consolidation is an opportunityof the environment, or to prepare to raise it by identifying aligned procedures to raise the virtualization maturitythat can be automated and enhanced. level of the environment, or to prepare to raise it by identifyingThe analysis should include performance profiles of individual servers and appli- aligned procedures that can becations, covering all critical resources (CPU, memory, storage I/O and network automated and enhanced.I/O) and their variation over time. Both the size and the number of transactionsare important. An understanding of when different applications need resourcesand under which circumstances helps determine which applications are suitablefor virtualization and which can share resources and be co-located in the sameresource groups.Many hypervisor vendors have tools that can assist with this process. However,regardless of which tool you are using, it is important to monitor performanceover a period of time that also includes any expected performance peaks. Cap-turing a baseline of this information is recommended so that it can be com-pared against corresponding data collected from the virtualized environment. Insituations where all expected peaks can’t be measured it is important to care-fully analyze and estimate the needs.This analysis also requires consideration of social engineering and the types ofevents that trigger resource consumption. You especially need to gauge the riskthat the same events will trigger multiple applications to use more resources.Awareness of these scenarios is critical to ensure acceptable response timesduring peak load times for different solutions.Consider the following examples:A typical environment in which, at the end of every workday, a majority of theusers:• Send an email, synchronize email folders and then logout from the mail server.• Run reports to prepare for the following day’s activities.• Print these reports and, perhaps, additional documents to bring home with them for review.• Make backup copies of a number of important files to a folder on a file server.An environment in which an unplanned event or fault occurs that triggers activ-ity on multiple systems such as:• A fault triggers the fault management systems to alarm, do root cause analysis, handle event storms, and certain automation tasks.• The end users notice the problem and use knowledge tools and service desk functions to determine if the problem is known and, otherwise, report it.• The operations and the help desk team receive the alert from the fault management and service desk system and connect to the service desk, CMDB, asset management, or network and system management tools to 19
  22. 22. troubleshoot and correct the issue.If the applications share a common host system whose requirements are basedon ordinary usage, these virtual machines will slow down from the higher peakload as a result of the activity of hundreds or thousands of users. Just when thesystems are most needed, they become overloaded.Tracking the consumption of critical resources over time will reveal patterns ofresource usage by servers. Based on that knowledge, you can determine serversto safely virtualize, what resources they need and which applications can suit-ably share resources. This will enable you to more effectively pair virtual ma-chines to stress different types of resources and to stress the system at differentpoints in time.Hypervisor and Supporting Software SelectionA hypervisor must work well in the environment and efficiently support require-ments. A few years ago there were only a limited selection of hypervisors buttoday, the number of solutions has increased. Independent lab tests show thateach of the major hypervisor solutions has advantages and disadvantages:A few important areas to scrutinize when selecting a hypervisor vendor are:Organizational and Social Requirements: Requirements that arise from theknowledge and experience of the people in the environment are often as impor-tant, if not more important, than the technical requirements. These require-ments can affect the success and cost of the project.For example:• Does the organization have experience or knowledge about one specific solution?• Do preferred partners have knowledge or experience with any potential solutions?• Have solutions been tested or can they be tested easily with the planned hardware platform and most critical applications?Required Functions and Protocol: With the gradual standardization of basic hy-pervisor functions, many of the solutions from the major vendors are becomingsimilar. Added value has become the primary differentiator in the form of:• Efficient and dynamic automated migration that moves virtual servers between physical hosts. Load balancing and high availability solutions controlled by the vendor’s tools and integrated with standard enterprise management solutions are important here.• Support for specific hardware combinations. For example, more advanced functions like hot migration commonly require the servers (especially CPUs) to be identical or similar. Some hypervisors also allow compatibility mode with mixed CPU versions, but this forces the systems only to take advantage of functionality that all of the CPUs in use have in common. 20
  23. 23. • Support for existing or planned SAN solutions.• Support for multiple storage repositories and dynamic move and rebalance of virtual images between repositories.• Support for all, or at least a majority, existing or planned software applications• Support for all operating systems planned for virtualization (32/64 bits versions of Windows, UNIX and/or Linux).• Ability to access, utilize, and efficiently distribute all required resources.• Management tools or support for management tools to monitor performance and availability and use this information to automate your environment. Preferably the solution will have an open API to integrate it with existing enterprise management systems.• Built in functions and APIs to manage advanced functions for security, high availability, fault tolerance, and energy saving.These are just a few examples; a project should carefully list the requirementsimportant in the business environment. Describing the importance of each re-quirement and the consequences of lack of support will simplify prioritization ofoptions.Virtualization Management ToolsManagement of an environment becomes even more critical when virtualization Management of an environmentis employed. Some of the common management issues related to virtualization becomes even more critical wheninclude the need to: virtualization is employed.• Simplify creation of new virtual servers and migration of existing systems into a virtualized environment.• Predict and track virtual environments that compete for server and storage resources.• Predict and track performance utilization in real time as well as historical trends in individual environments, the host system as well as the SAN system, and preferably, in a way that allows correlation between these components.• Tools that trace resource utilization, up and down time, and connect metrics from these tools with chargeback and show back systems. Efficient usage of chargeback systems, together with mature systems that spin up and down servers as required, allow the organization to encourage the system owners to manage their environment efficiently and, therefore, maximize the impact of Green IT and minimize energy bills.• Management tools supporting life cycle management processes with clear stages for development, quality assurance, library of available images, archive, configuration, and production.• Efficient tools for workflow orchestration and automation will simplify and modularize automation by securely reusing previously created tasks. 21
  24. 24. While implementing automation focus on “low hanging fruit”, simple automa- tions that clearly save money or add security. Complex one-off automation tasks can be expensive to maintain and are often not worth the effort.• Tools that intelligently and actively manage the environment based on polices, measured performance and events. This added flexibility can be one of the great advantages of virtualization. A few examples are: • Dynamically changing resources available to virtual machines • Moving virtual machines between different host servers as needed • Dynamically provisioning and configuring servers on demand or when triggered by policies • Dynamically shutting down virtual machines and host servers when they aren’t being used If these capabilities aren’t managed appropriately, these otherwise great features can present some very significant risks.• Manage “VM sprawl” by implementing good change control and life cycle management processes that track where, why, and how virtual applications are running and which resources they use.• Provide tools for backup and disaster recovery of the virtual environment.• Provide tools and procedures to manage security, including patch manage- ment tools, firewall integrated with the hypervisor, and various security related virtual appliances for the virtual environment.If the management tools can handle most of these issues and include basic hotmigration (VMOTION, Live Migration, XenMotion or similar) the environment willsupport efficient load balancing between the servers. Although some manage-ment tasks can be automated, it is important to be able to predict, wheneverpossible, the resources that are required before they are required. This approachdemands strong understanding of the business systems and occasional humanintervention.The importance of a holistic view of datacenter management solutions cannotbe underemphasized. Datacenter management solutions must support the com-plete environment, virtual and non-virtual systems, both on-premise and off-premise in cloud infrastructures.The solution should focus on business services and the role of IT in the busi-ness, and, when needed, seamlessly drill into other aspects of management andthe business ecosystem. To accomplish this holistic approach, virtualizationtools must cooperate and integrate with the existing enterprise managementsoftware.Executive Buy-inHaving examined what virtualization can and cannot do and the considerationsfor deploying virtualization in an environment, we return to a crucial step in the 22
  25. 25. project plan and one that can post the most common obstacle to success:stakeholder support.Without executive support and backing from all important stakeholders, anyproject is likely to fail or achieve only partial success and profitability.The following steps will help garner support:Identify the Importance: Articulate the importance of the virtualization projectto both the company as a whole and to the stakeholder’s organization and fa-vored projects.The business drivers listed earlier in this article are a starting point. Spell out thesavings the project will generate, and how it will support new business modelsthat will create new revenue streams. Will it make the organization more effi-cient and minimize the lead time to provision new services, and so on?Always communicate the importance of the project in a way that makes senseand is relevant to the target audience.Communicate Risks and Risks of Inaction: Honestly and sincerely point outthe risks. The stakeholders must buy into the true picture. Hidden facts seldomstay hidden forever. A strong supporter who feels misinformed by the projectgroup can easily turn into an even bigger obstacle, resulting in severe damageto the project.Explain Migration without Risk of Interrupting the Business: A main concernfor the business owners is interruption in the business. A detailed migrationplan that addresses interruption of business is essential. Point out that a matureand flexible virtualized environment will minimize downtime for planned out-ages.Listen: It is important to listen to concerns, investigate whether those concernsare valid and, if so, identify how they can be addressed. Again, the key to a suc-cessful project is to have strong support from the stakeholders.Proof PointsProof points are measurements that indicate the degree of the project’s success.Without identifying these points, the value of the virtualization will be obscure.These metrics will also help obtain executive buy-in and support for the projectby associating it with measurable gains in productivity – or reductions in costsor response time. This is especially important if the stakeholders have previ-ously raised concerns.Proof points can be derived from business drivers and their baseline metrics. Forexample, if the intent is to reduce the time it takes to deploy new hardware orsoftware, first identify current deployment times. If the intent is to save moneythrough hardware consolidation, identify the costs for maintaining the currenthardware, including cooling costs for the data center. Then, follow up with thosesame measurements after the project or a significant phase in the project hascompleted. 23
  26. 26. Summary – Five Key PointsThe five points to remember for a successful virtualizationproject:Understand Why and What: Clearly understand the reasonfor the project, the business drivers, and the applicationsand functions to be virtualized. The scope of the projectmust be clearly defined including phases for a staged ap-proach, milestones, and the appropriate metrics to meas-ure progress and expected outcome.Identify the Expected Risks: Risks, both functional and fi-nancial, are expected and acceptable. Virtualization canprovide great value, but like any project, there are risks.Risks can usually be managed, but the key is awarenessand planning by the project team and the stakeholders.Virtualize Appropriate Workloads and Avoid Overutilization (and Underuti-lization): A common reason for virtualization failure is unreliable performanceafter applications have been virtualized. Avoid this situation by ensuring thattoo many applications do not share limited resources, and avoid host systemswith inadequate bandwidth or inadequate support for large numbers of I/Otransactions. Conversely, overestimating the amount of resources required canresult in too many idle resources and can reduce the overall ROI.When virtualizing an environment the key is to choose the appropriate workloadto virtualize, provide modern high-end server class host servers and carefullymanage the workload and rebalance the workload so that all applications havesufficient resources during their peak time.Get Support of Stakeholders: Get support from executive management as wellas from the business owners before starting the project. Listen to concerns andaddress them. Have buy-in before the project starts.Establish Success Criteria: Each project or subproject must have defined suc-cess criteria. These should include a comparison with the baselines from beforevirtualization. This criteria should be tied directly to the project’s business driv-ers, such as cost per application, energy consumption in the datacenter, speedto provision a server, or avoided alternative cost for building a new datacenter.Virtualization offers efficiency and agility, but there are many pitfalls and obsta-cles to success. By following these five key points and the principles explainedin this article, risks are reduced and chances for success are maximized.Additional insights on implementing virtualization can be found in the Virtual-ization Best Practices section of the Implementation Best Practices pages,which you can access through the following URL: thanks Terry Pisauro, Engineering Services Architect at CA Technologies,for providing valuable editing contributions. 24
  27. 27. Leading Edge Knowledge Creationby Dr. Gabriel Silberman, Senior Vice President and Director, CA Labs, CATechnologiesEver since businesses began looking for efficiencies by outsourcing or leveraging About the author:specialized services or favorable cost structures, one of the challenges has beento use this approach for acquiring leading edge knowledge. It may be arguedthat mergers and acquisition activities fulfill this role, as does recruiting of newpersonnel, either new university graduates or those who have accumulated pro-fessional experience. But these methods tend to be sporadic and do not repre-sent a continuous process for bringing knowledge into a large and diverseorganization.At CA Technologies we have taken a different approach to tap into external re-sources. We aim to carry out a broad agenda geared towards continuous, in-con-text knowledge creation, to complement other more sporadic efforts. In contrastto the “pull” model used by some companies to attract ideas and proposals, CA Gabriel (Gabby) Silberman is SeniorLabs, the research arm of CA Technologies, relies on a “push” paradigm. This en- Vice President and Director of CAables us to reach out to the research community to seek insights into technical Labs, responsible for building CAchallenges, the evolution of existing products, point solutions, or research to as- Technologies research and innova-sist in new product development. tion capacity across the business. In collaboration with Development,Using a popular context, the … as a Service (aaS) framework, think of CA Labs as Technical Services, and Support, andan internal service provider. Its offerings include access to an extensive network working with leading universitiesof leading academics, and the mechanisms (legal, financial, etc) to establish a around the world, CA Labs supportsframework for collaboration. This would be the equivalent of an Infrastructure relevant academic research to furtheras a Service (IaaS) offering. On top of this, foundational research projects may establish innovation in the com-be structured to undertake long-term technical initiatives. These are based on panys key growth areas.needs identified by the Office of the CTO and others responsible for charting andexecuting the strategic direction for CA Technologies’ products and services. Gabby joined CA in 2005, bringingThese initiatives will explore technological advancements prior to potential im- with him more than 25 years of aca-plementation as CA offerings, and constitute a Platform as a Service (PaaS) type demic and industrial research experi-of offering. ence. He joined CA from IBM, where he was program director for the com-To complete the analogy with a Software as a Service (SaaS) offering, CA Labs panys Centers for Advanced Studiesprovides the capability to create “research sprints.” These are short term efforts, (CAS) worldwide. Previously, Gabbybased on the relationships established through our long-term trusted relation- was a manager and researcher atships with academic partners and their deep knowledge of interests, products IBMs T.J. Watson Research Centerand services relevant to CA Technologies. where he led exploratory and devel- opment efforts, including work in theConsider the example of Reacto, a tool for testing the scalability of reactive sys- Deep Blue chess project.tems developed as a foundational research project (think PaaS) in collaborationwith researchers from the Swinburne University of Technology in Australia and Gabby earned bachelor of scienceCA’s development lab in Melbourne. and master of science degrees in computer science from the TechnionIn a sophisticated enterprise application, a single user action may trigger a – Israel Institute of Technology, andnumber of coordinated activities across a variety of systems. Before deploying a Ph.D. in computer science fromsuch an application, it needs to be thoroughly tested against realistic operation the State University of New York atscenarios for quality assurance purposes. However, replicating such a large-scale Buffalo.testing environment is challenging and even cost prohibitive, due to resource 25
  28. 28. and complexity constraints. The Reacto project developed a general emulationframework, using lightweight models to emulate the endpoints with which thesystem under test interacts. This enables large-scale realistic emulation of a va-riety of enterprise production environments using only a small number of physi-cal machines.Reacto has been used to demonstrate the scalability of several CA componentsand products, including the Java Connector Server (a component of CA IdentityManager).Now let us look at an example of a foundational research (PaaS) effort which be-came the basis for a research sprint (SaaS). The case in point is the Data MiningRoles and Identities project done in collaboration with researchers from the Uni-versity of Melbourne in Australia.Role mining tools automate the implementation of role based access control(RBAC) by data mining existing access rights, as found in logs, to reveal existingroles in an enterprise. Along with individual roles, a role hierarchy can be builtand roles may be assigned to individual users. Additionally, data mining may beused to identify associations among users, accounts and groups, and whetherthese associations are necessary.As a result of CA’s acquisition of Eurekify and its Enterprise Role Manager, the re-searchers were asked to move their focus to leverage the role visualization tooldeveloped as part of the project. This request gave birth to a research sprint todevelop a tool to visualize access control data. Using the tool it is possible to vi-sualize the “health” of a customers RBAC implementation, before and after thedeployment of CAs Role and Compliance Manager. Furthermore, the tool maybe used periodically to detect and investigate outliers within an enterprise’s rolehierarchy, as part of governance best practices.The success of the research model practiced by CA Labs has been sustained bythese and other examples of innovative and practical implementation of knowl-edge transfer. 26
  29. 29. Virtualization: Enabling the Self-Service Enterpriseby Efraim Moscovich, Principal Software Architect, CA Technologies“To provision a complete multi-system SAP CRM application, press or say ‘1’.” About the author:Virtualization is not a new concept; it has been around since the early 1960s.Self-service systems such as travel reservations and online shopping are an in-tegral part of today’s dynamic economy. The marriage of virtualization technolo-gies and self-service concepts has the potential to transform the traditionaldatacenter to a Self-service App Store.This article examines virtualization technologies and the role they play in en-abling the self-service enterprise. It also discusses key concepts such as service,service catalog, security, policy, management, and management standards, suchas Open Virtualization Format, in the context of self-service systems.1.0 IT Services and the Services Gap Efraim Moscovich is a Principal SoftwareIn today’s enterprise, the IT department has the primary responsibility of deliv- Architect in the CA Architecture Team,ering, running, and maintaining the business critical services (line of business) specializing in Virtualization and Au-also known as production. This includes the infrastructure (such as servers, net-, cabling, and cooling), software, and management functions to ensure highavailability, good performance, and tight security. Downtime or degraded func- He has over 25 years of experience in IT and Software Development in varioustionality may cause significant negative financial impact to the bottom line. capacities including IT Production Con-The critical business services include, among others, email, customer relation- trol, programmer, as a developmentship management or practice management, supply chain management, manu- manager, and architect. Efraim has beenfacturing, and enterprise resource planning. involved in the development of many products including Unicenter NSM, andIn addition to the production services, the IT department has to provide infra- Spectrum Automation Manager.structure and support for a wide variety of other services, which range from as-sisting the sales force with setting up demo systems for clients to helping the He has expertise in various domains in-engineering department with their testing labs. The typical IT department has a cluding Event Management, Notificationlong backlog of projects, requests, and commitments that it cannot fulfill in a Services, automated testing, web serv- ices, virtualization, cloud computing, in-timely manner. Many of the backlog items are requests for evaluation and pur- ternationalization & localization,chase of new hardware or software, to set up and configure systems for end Windows internals, clustering and high-users, create custom applications for the enterprise, and provide short-term availability, scripting languages, and di-loaners for product demos and ad-hoc projects. For example, to convert a large agnostics techniques.collection of images from one format to another, the project team required hun-dreds of computers to run the conversion but only for a few days or weeks. He is an active participant in the DMTF Cloud Management Work Group.The gap between the ‘must do’ services and the ‘should do’ services typically iscalled the IT service gap. Prior to joining CA Technologies, Efraim worked on large scale performance management and capacity planningThe struggle to close this gap and provide high quality services to all IT users on projects at various IT departments.time at a low cost has been raging for years. Some of the solutions used to im-prove the speed and quality include: Efraim has a M.Sc. in Computer Science from New Jersey Institute of Technology.• Automating procedures (including scripting and job scheduling systems)• Adopting standardized policies and procedures (such as ITIL1) 27
  30. 30. • Distributing functions to local facilities• Sub-contracting and using consulting services• Outsourcing the whole data center or some services to third parties• Enabling end users to fulfill their own needs using automated tools (self-service)2.0 Self-ServiceThe self-service concept dates back to 1917 when Clarence Saunders2, whoowned a grocery store, was awarded the patent for a self-serving store. Ratherthan having the customers ask the store employees for the groceries theywanted, Saunders invited them to go through the store, look at the selectionsand price of goods, collect the goods they wanted to buy, and pay a cashier ontheir way out of the store.Some well-known self-service examples include:• Gas stations, where the customers pump their own gas rather than have an attendant do it• Automatic Teller Machines (ATMs) that enable consumers to have better control of their money• The human-free, and sometimes annoying, phone support systems in many companies (“for directions, press 1”)• The ubiquitous shopping web sites (such as Amazon) that almost transformed the self-service concept into an art formThe main reasons for the proliferation of the self-service paradigm are the po-tential cost savings for the service providers and the assumed better service ex-perience for the consumers.In order for a service to be a candidate for automated self-service, some or all ofthe following conditions must be met:• There are considerable cost savings or revenue opportunities for the provider in operating the service.• There is a service gap between what the provider can offer and what the consumer demands.• The service can be automated (that is, the service has a discrete and repeat- able list of steps to be carried out and no human intervention is required from the provider.).• The implemented self-service is convenient and easy to use by the consumers, and is faster than the non-automated version.• The service offering fits nicely within the consumers’ mode of operations and does not require expert knowledge outside their domain. 28
  31. 31. The IT department adopted the self-service paradigm for many of its functions The IT department adopted the self-even before virtualization was prevalent. Examples include the Help Desk and service paradigm for many of its func-other issue tracking systems, and reservation systems for enterprise resources. tions even before virtualization wasHowever, the implementation of more complex and resource intensive self-ser- prevalent.vice systems was not possible, at an acceptable cost, until the arrival of virtual-ization technologies.3.0 VirtualizationAccording to the Merriam-Webster dictionary, the word ”virtual” comes fromMedieval Latin ”virtualis”, from Latin ”virtus” strength, virtue, and it means ”effi-cacious” or ”potential”3.In our context, virtualization is a form of abstraction – abstracting one layer ofcomputing resources (real or physical) and presenting them in a different form(virtual, with more virtues) that is more efficacious and has more potential. Usu-ally the resources appear larger in size, more flexible, more readily usable, andfaster than they really are in their raw form.There are many forms of virtualization, from hardware or server virtualization(that can create what is commonly known as Virtual Machines or VMs), to Stor-age (implemented via SAN or NAS), to Network, and Application virtualization.Emerging forms of virtualization that are entering the mainstream are networkand memory virtualization (a shared resource pool of high-speed memory banksas opposed to virtual memory), and I/O virtualization.Server Virtualization is achieved by inserting a layer between the real resourcesand the services or applications that use them. This layer is called a Virtual Ma-chine Monitor, a Hypervisor, or Control Program.Figure 1: Virtualization (VMware)These virtualization technologies can be abstracted further to provide databaseand data virtualization, and more application-level constructs such as a mes-sage queuing appliance, a relational database appliance, and a web server ap-pliance. For additional virtualization terms and definitions, please refer to theGlossary. 29