Colin Smith highlights the seven points in virtualization implementations that could give you trouble down the road if you don't do some planning in advance.
Virtualization has many benefits and there are many articles and vendor whitepapers to help you learn about them. What about the challenges that face the typical virtualization implementation?
Here are seven areas that often get overlooked or become afterthoughts:
1. Capacity planning and provisioningIn an effort to maximize hardware usage, there is a compulsion to squeeze as many VMs as possible on a single a physical server (or cluster). The ability to overcommit host resources is a wonderful feature but can exacerbate under provisioning especially when normally asymmetric workloads on the same physical resource spike simultaneously. Being too cautious can lead to over provisioning. Either result is sub-optimal. It is important to understand and balance the server workload, physical resources, and business rules. There are some good modeling tools available that let you accomplish this.
Traditional performance and health monitoring measures resource availability (CPU, memory, disk, network, etc.) and the event stream to identify and isolate problems and bottlenecks.
This model fails when the server hosting an application is virtualized. Since resources are abstracted and the virtual machine monitor (VMM) or hypervisor allocates resources to the VM as required, any telemetry based on resource availability within the VM would be distorted.
To avoid this issue ensure that the monitoring tools that you select can monitor the physical hardware, the VMs, the applications in the VMs, as well as the hypervisor that manages them and then aggregate and correlate the data across all of the additional layers.
With more VMs on less physical hardware, what used to be purely a volume challenge (amount of data to back up) has become a time and a resource issue. Shared physical resources (typically I/O and/or network) are impacted by backup operations. The load per server has increased as more VMs share the same host. The backup of a single VM can impact the performance of other tenants of the host. Ultimately backup windows will tend to get stretched.
To shrink the backup requirements, consider reducing the amount of data that requires backup through data de-duplication. Some vendors claim reductions of as much as 90%.
Another strategy is to use VM-aware backup tools that leverage the hypervisor to use idle cycles to perform backups throughout the day without impacting performance. Most of these solutions come in the form of virtual appliances.
With more VMs on less physical hardware i/o resources can be pushed to the limit. Typically, more disk
is needed on each physical machine to support the multiple VMs and disk channels are saturated as
multiple VMs contend for the same storage resources.
Mobile VMs (Live Migration / vMotion) have a requirement for shared storage that supports the specific
HA model implemented.
This is a complex issue and there is no simple solution. Some of the strategies that can help include:
- Since a large portion of similar VMs (OS for example) are similar, data de-duplication and linked clones / differencing disks can minimize the footprint of VMs.
- Use SAN technology to maximize disk i/o (FC, iSCSI etc.) and HA access.
- Avoid over provisioning by using thin provisioning to dynamically allocate disk as needed.
- Use defragmentation tools on host systems and guest VMs to avoid potential fragmentation within fragmentation in virtualized environments.
Consolidation of physical resources adds new risks not present when systems were "isolated." Obvious to most organizations is that new attack surfaces and vectors are introduced with virtualization and that they need to be managed. However, what is less obvious is that there are network implications as well. Remember on a single host the hypervisor "hides" inter-VM communication from the traditional network monitoring tools and IPS/IDS tools that work on the wire.
There is a growing market in Virtual Security Appliances (VSAs) used to monitor the virtual attack surfaces and inter-VM communications. These products allow you to create virtual firewalls and zones within which organizations can apply business rules to maintain isolation while still allowing for consolidation.
6. Configuration management
VM sprawl is a well-publicized phenomenon arising from some of the benefits of virtualization. Consider that virtualization makes it easy to spin up new virtual machines, VMs can move between hosts, there is no physical network connection or box, and it can become difficult to locate and manage them as they proliferate. VM sprawl can lead to many non-standard builds that are unaccounted for creating security, configuration management, and licensing challenges.
Some of the strategies to help manage VM sprawl include using strong process control to VM provisioning. Of course, applying strict change management policies and procedures is always recommended and becomes easier with a good CMDB solution. These techniques can help to detect and isolate rogue VMs
Gartner claims that licensing is a major stumbling block to wider spread adoption of virtualization. Licensing models are still in flux and many vendors do not have VM-friendly licensing models or require additional compliance monitoring. In some cases manufacturer support can be restricted when applications are run in VMs. Due diligence is required to ensure that licensing costs are accurately calculated and do not exceed budget.
Need help keeping systems connected and running at high efficiency? Delivered Monday and Wednesday, TechRepublic's Network Administrator newsletter has the tips and tricks you need to better configure, support, and optimize your network. Automatically sign up today!