General discussion

Locked

Use of Virtual Machines in a Business Setting

By wayoutinva ·
I have a couple of questions for those of you who currently use some virtualization in your workplace.
1. Is the virtual machine effectively an "island" inregards to the underlying OS. i.e. if the Virtual machine became infected would the virus/trojan etc. be able to get to the underlying OS to corrupt that as well.
2. If you are using on production machines is there a significant hit on performance..if not how much ram are the machines in question running.
I ask this because I am in the process of interviewing for 2 different sys admin jobs and was looking at a way to cut down the time spent on system security monitoring. if all of the clients could successfully run a virtual machine on top of the OS and NOT run the chance of infecting that OS then if a virus did make it through it would not necessarily be able to cripple the machine or the network in general.
Am I generally right in that assessment or is there more to this that needs to be looked at before implementing such a plan.
Thanks for your comments in advance.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

VMs are no security panacea

1) They are as isolated as two separate machines on the network, assuming that they do not share any storage areas. This means that if you leave the C$ share on the host wide open and a virus/Trojan/whatever on the VM exploits that, the host gets hit just the same as it always would.

2) Yes, VMs are absolutely CRIPPLING to a machine that is mid-to-low range. Think about it... you are running two copies of an OS! Unless the underlying host OS is something very lightweight, such as a UNIX that is not running a desktop manager (pure CLI environment), count on 1 GB RAM minimum (and bump your CPU requirements up a bit too). Think about it. You need 256 just to get XP up & running with the VM software. Then you're loading another, full production copy of XP into that, so with 1 GB RAM you can only give the VM 764 MB RAM. On top of that, the host OS needs to virtualize all of that hardware, so you have a fake NIC, video card, IDE controller, etc. loaded into memory and chewing up CPU cycles.

The final nail in the VM coffin is WINDOWS LICENSE COSTS. This is all too often overlooked. You're running two copies of XP. Microsoft expects to get paid for each of those copies! Now, if the underlying OS is a Free or Open source UNIX, you dodge that bullet. But still...

I've tried working on VMs, on less that top-of-the-line PCs (like a PC from a year or two ago, standard "business desktop"). It was a less than pleasant experience.

So, if you don't mind stepping up to 1.25 or 1.5 GB of RAM and taking a pretty-high end processor, and paying for two copies of Windows (one of which you're barely using, other than to host the VM), then yes, VMs are an easy, conveneint way of being able to re-deploy a desktop in case of viruses or other problems. If you'd rather save your employer a huge wad of cash, and make your user's lives easier, just use a drive image and stick it on the server somewhere, and use that to redeploy in case of problems.

VMs are VERY over rated, and in my experience, should really only be used for testing & development on the desktop side of things.

J.Ja

Collapse -

Not a Panacea for Storage Either

by Too Old For IT In reply to Use of Virtual Machines i ...

Sure, with enough memeory, one could laod up about 3 or 4 virtual machines on one actual machine. The second the underlying OS hocks up a hairball, you are out of business.

I'd never ever consider VMs in a Continuous Data Protection environment.

Collapse -

Agreed!

You are dead on right about that as well.

As I said, outside of testing & development, or maybe for certain tasks like providing a training enviroment, I think VMs are a bad idea. I think hypervisors are at least better on a technical level.

At the end of the day though, I have to ask myself, "Why?" Unless I need two different OS's running (preferably one being really tiny, like a micro UNIX just to dish out DNS requests, as an example), I really do not see the point, except for testing. What do two copies of Windows or UNIX (or BeOS or whatever...) actually get for you?

J.Ja

Collapse -

Thanks Guys For the Info

by wayoutinva In reply to Agreed!

Thanks for the responses, that's what I was looking for an honest answer from someone who has already attempted to do so. I have messed around with VM's a little but not enough to accurately judge wether or not they would be feasible to use in a production environment. And besides my thought was to go with a base linux os and run WINXP within the VM but that appears to really offer no great benefit to security of performance.

Thanks Again

Collapse -

VMWare

by javenlim In reply to Thanks Guys For the Info

I think in terms of cost cutting, VMWare definitely can make the mark. The thing is that it is not advisable to use it as production server due to the fact that everything is in a box. I just need to hit ur main box, everything is down. Also, in terms of requirements as a proper server, if u need to get a server with requirements of say 2GB Ram, u will require to have at least 3-4GB Ram because the remaining Ram is used for your underlying VMWare actual box. I had tried a bit here and ther on VMWare. Dun really think it is advisable for production servers to be used this way as u need to cater much more hardware requirements as a part of it is used for the underlying VMware
On the other hand, it is definitely good for development servers and training centre servers.

Collapse -

Not Really About Servers But Thanks

by wayoutinva In reply to VMWare

I appreciate the info, but I was really talking more in terms of desktops than servers, trying to think of a way to protect the users from themselves.. (not that they ever do anything wrong). The only thing I can think of is to use a software such as deepfreeze to lock the workstation in its present state (works as long as all documents are saved to a network location). Get a virus simply reboot the machine and virus is gone as it is not able to permanetly allowed to put its hooks into the system files...etc...That was the main reason i was looking at using some sort of VM software in a production/office environment.

Collapse -

Try This

by AlfMaster In reply to Not Really About Servers ...

Try Adrence. They have a product close to what you're looking for.

http://www.ardence.com/enterprise/products.aspx?id=56

Back to IT Employment Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums