Virtualization: A New Data Center Architecture
Virtualization: A new data center architecture
Virtualization is a new data center architecture that brings with it a range of challenges for traditional data center management tools-and traditional control and audit practices. Some of the more obvious issues include:
When you can make 20 exact copies of an existing server and distribute them around the environment with a click of a mouse, server identity becomes critical. The traditional identity based on "physicality" is no longer good enough.
Physical servers do not move much. VMs, on the other hand, are designed to be mobile. Tracking and tracing them throughout their life cycles is critical to maintaining and proving control and compliance.
3. Data separation
Host servers share resources with the virtual servers running on them. That is, portions of the host's hardware (such as the processor, memory and networking) are allocated to each virtual server. As of yet, there have been no breaches of isolation between virtual servers. But this isolation will likely not last.
Cloud governance magnifies these challenges. Not only are these three issues now managed and controlled by someone outside the IT department (which doesn't let an organization off the hook when it comes to its overall governance commitments), but there are now additional challenges specific to the cloud, including:
1. Life cycle management
Once a workload has been transferred to a cloud, how is its life cycle managed? The IT organization gave it birth but how can you audit its location through its life? Did it stay in the cloud to which it was delivered? Were any copies made? Were all instances returned to the IT organization at its death and all backups deleted?
2. Access control
Who had access to the application and its data while it was in the cloud?
Was it altered or tampered with while it was in the cloud?
4. Cloud created VMs
We think of clouds as an infrastructure in which to temporarily place IT workloads. But they also generate their own workloads and transfer these into the data center. We call these "virtual appliances" and they are being downloaded into data centers on a daily basis. Identity, integrity and configuration all need to be managed and controlled here.