Virtualization and Messaging

Subscription Options

What high-impact occurrence is expected to change infrastructure and operations through 2008? According to Gartner, it is virtualization and it is shaking up the industry, in terms of licensing, pricing and component management. “Virtualization is projected to change how you manage, how and what you buy, how you deploy, how you plan and how you charge,” reports Thomas J. Bittman, Gartner VP and distinguished server and storage analyst. In a presentation, Bittman notes that storage has already been virtualized, and that networking is also virtualized. “The leading edge of this change is server virtualization,” says Bittman. “Today, roughly 40 percent of the server market is composed of x86 architecture servers.”

Why this rapid growth? “IT organizations are approaching server virtualization as a cost-saving measure, and it is saving cost,” Bittman acknowledges. “However, organizations that have a mature server virtualization deployment in place are leveraging virtualization for much more: faster deployments, reduced downtime, disaster recovery, variable usage accounting and usage chargeback, holistic capacity planning, and so on.”

Adoption has been steadily increasing. IDC research reveals that in a three year period, the number of servers shipped with virtualization technology grew from nearly zero to 500,000. “Initially, virtualization was completely about server consolidation—instead of having 20 servers that might be 10 percent utilized, you could have two servers that were 80 percent utilized,” says Andres Kohn, vice president of product management for Proofpoint. “These days this ability is becoming more important as the environmental impact of all this equipment becomes more of a concern.”

Kohn believes another reason for the growth is due to appliance bloat. “In today’s data centers there are racks and racks of multi-colored boxes of all these appliances, bought from all different vendors.” He goes on to say that over the past few years, across enterprises of all sizes, hardware appliances have become the preferred deployment form factor for specialized IT functions, such as messaging security. Physical security appliances provide a number of compelling benefits for enterprises—they are pre-configured, easy to deploy, simple to manage and usually offer a compact form factor. Kohn notes messaging security appliances, which typically combine anti-spam, anti-virus and outbound content filtering on a single box, as a prominent example of an attempt to reduce appliances by combining functions. Now with virtualization, even greater efficiency can be achieved. With the virtualization-enabled server infrastructure continually growing in data centers, Proofpoint responded by offering the first virtual appliance to combine email security, data loss prevention and secure messaging capabilities on a unified architecture for the VMware environment.

How Virtualization Works

Virtualization started as a way for developers to simulate other machines, while on their workstations, thus allowing them to test and develop more easily. “The base technology was being able to run an environment with a full operating system that thought it was its own self-contained machine, when it was really only being allocated a part of the CPU, a part of the memory, and a part of the disk of the host computer,” explains Kohn. “This enabled developers to run one host computer rather than running multiple computers, which meant less cost, and less development time.”

According to VMware, the term virtualization broadly describes the separation of a resource or request for a service from the underlying physical delivery of that service. With virtual memory, for example, computer software gains access to more memory than is physically installed, via the background swapping of data to disk storage. Similarly, virtualization techniques can be applied to other IT infrastructure layers—including networks, storage, laptop or server hardware, operating systems and applications.

A Proofpoint whitepaper describes virtualization noting: “a virtual machine is like a physical server, only instead of being a box of electronics, it is a set of software files. Each virtual machine represents a complete system—with processors, memory, networking, storage and BIOS—so that operating systems and software applications run in virtual machines, just like in a physical server, without any modification, ensuring flexibility and efficient utilization of hardware resources.”

While there are other virtualization platforms, VMware is the market leader. “Microsoft virtualization technology and an open source project called Xen that was acquired by Citrix are number two and three,” says Kohn. “VMware is by far the leader in the space. Every single customer that I talk with is using VMware in some fashion. It might be in production systems, it might just be in a lab or in development.” Of Proofpoint customers, many are using it extensively with upwards of 85 percent of their infrastructure as virtualized.

How Secure Is Virtualization?

Virtual machines still require security management and vulnerability patches, similar to physical machine counterparts. According to VMware, virtual machines are the containers inside which guest operating systems are run. All VMware virtual machines have been designed to be completely isolated from each other. This isolation of virtual machines is key to enabling multiple virtual machines to run securely while sharing hardware. This was a key factor in the design of virtual machines.

“An ill-behaved or compromised application cannot impact any other virtual machines in the environment other than through network traffic,” explains Kohn. “Properly configured, virtual machines can better contain digital attacks through fault isolation, as one virtual machine can’t bring down others. VMware Infrastructure virtual networking gives administrators the flexibility to either isolate virtual machines from the corporate network or to make them full peers with other physical machines on the network.”

VMware offers best practice advice for running an ESX Server securely, stating that, “Your machine will only be as secure as you configure it to be. Among many recommendations, VMware notes that to maximize security in an ESX Server environment, allow only trusted users to be have login access to the Service Console; and for maximum security, promiscuous mode adapters should not be enabled.”

In the end, how secure is a virtual machine? “It is a slightly debated item,” admits Kohn. “From the outside looking in a virtual machine looks almost exactly like a physical machine. It has an IP address, and it has the same vulnerabilities.” Some believe that with virtualization there is now an additional component that could be vulnerable, attacked and need to be patched. “In general, the conclusion has been that you need to follow the same best practices with virtualization as you do with physical servers. The main thing to worry about, because things are a lot more dynamic and are moving around, is that you button up a lot more, and that you have very solid security procedures,” advises Kohn.

Everything Is Changing

Bittman’s description that virtualization is “shaking up the industry” is due to the far-reaching implications the technology has on the way business is conducted. “Virtualization enables alternative models that will create new modes of computing management and delivery during the next few years—and it will fundamentally change how IT is managed and accessed,” foresees Bittman. He goes on to say how virtualization breaks traditional software pricing and licensing models and that it enables a move to utility pricing. However, he comments that most businesses are not prepared to deal with IT as a variable expense. “Technology virtualization and abstraction layers are also eliminating market boundaries, and creating new market opportunities,” says Bittman.

Virtualization also has changed deployment practices, with server deployment moving from a two-month project to one that can be completed in two days. For Proofpoint customers, many are initiating a hybrid deployment. “Many start with physical appliances, then add virtual appliances, if more capacity is needed. A Proofpoint advantage is that it’s on our Web site. It is like a full-featured whitepaper—download it, launch it, play with it, and if you like it, call us.”

Getting Started

Is virtualization just for large enterprises? That may have been the original expectation, but Kohn has seen adoption happen across the board, regardless of business type or size. “Anybody who needs servers is thinking about virtualization,” observes Kohn. “Even the prospects that I talk with that have not implemented virtualization yet, there is almost always a virtualization initiative within the organization. They see this as a way to be future-proof.”

Bittman offers advice to those that have not yet swum in the waters of virtualization. “You are entering an era of experimentation, be a scientist, not a subject.” By that he means that virtualization provides power to solve problems, but it must be managed and be aligned with business goals. Bittman recommends organizations beware of ill-conceived offerings, grand strategies, hype, and early virtualization pricing schemes.

When asked to make a prediction, Kohn thinks virtualization will “definitely take over—within the next two to three years.” He expects with every new software implementation the question will be: “Should this be on a virtual or physical infrastructure?”