Successful implementations of virtualization in enterprise production networks depend less upon virtual server vendors and more upon management and security technology providers adapting their products to the new paradigm virtual environments represent, according to sessions this week at Interop.
As more enterprise IT managers look to virtualize x86 servers in production networks, industry watchers warn that management and security technologies must also be considered before deployment. For one, virtualization will tax tomorrow's networks as today's tools fail to keep up with the rate at which virtual servers proliferate and network managers succumb to virtual server sprawl. With all the benefits of virtual servers -- speedy roll outs, efficient resource consumption and made-to-order test environments -- the network traffic that passes among virtual server instances can be lost to traditional network management and security tools, putting environments at greater risk for performance failures and security threats, industry watchers say.
"I cannot emphasize enough that you must get management nailed down when it comes to virtualization. If you don't, you are going to be in for a world of hurt in the virtualized environment," Duncan Hill, an entrepreneur in residence at Ventures West, told Interop attendees.
Vendors at Interop such as WildPackets and InfoVista are trying to get ahead of the challenge of managing virtual environments. For its part, WildPackets announced a feature in its OmniAnalysis product that captures network traffic on virtual servers -- even when it doesn't cross network segments. With the data, network managers can troubleshoot performance problems and pinpoint in which virtual partition the issue occurred, the company says. Separately, InfoVista announced it added capabilities to discover virtual instances alongside virtual physical resources to its VistaInsight for Servers 3.0.
Yet management isn't the only challenge facing virtual environments. During a panel discussion at Interop, industry watchers debated how security must be updated to move away from signature-based systems and toward products that can baseline appropriate virtual behavior and isolate anomalous activity.
"For many years, security tools have been based on firewalls identifying IP addresses to allow access, but a vmswitch doesn't have a vm-firewall or vm-IPs to use for security," says Andreas Antonopoulos, a senior vice president with Nemertes Research. "Virtualization introduces a larger attack vector for the bad guys to target on your network."