What Can Stay the Same

By Cameron Sturdevant  |  Posted 2008-09-15 Print this article Print


Firewalls, intrusion prevention systems and VLANs (virtual LANs) that form the connections between physical systems must stay in place and be maintained. However, the functions of these systems need to move inside the virtual network that is created to connect VMs. Usually this virtual network is created using a virtual switch that resides with the VMs on top of the hypervisor on a physical system.

Today, when intraVM traffic needs to be monitored for security purposes, it's common to route that traffic out to a physical system designed for that purpose. Once processed, the traffic is sent back onto the virtual network. It almost goes without saying that this likely makes the network the bottleneck for increased productivity among the VMs.

A hybrid solution of this type also ties VMs to the physical systems on which they are installed, unless elaborately architected physical systems are in place to support this activity if the VMs migrate to a different physical host. There are so many problems with this approach that only the fact that there are very few alternatives explains why it would be used at all.

The first problem is that using the hybrid approach clings to the recently ended era when machines came online and stayed online until death or retirement. Security products necessarily developed a static, accretive approach to understanding the physical and logical connections of systems.

In physically oriented tools, security policy revolved around brittle, static models of the network. To be quite frank, even what we see today as the glacial pace of change in the data center still often outpaced IT managers' ability to keep up with topographical and logical changes embodied in traditional IT security tools.

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at csturdevant@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel