Control, Security Issues
Control, Security Issues Kaiser first tried ESXs control manager, but he said he found that the product was difficult to use and didnt provide the security features he was looking for. Because multiple administrators need to access the virtual machines, Kaiser wanted to create a complex security scheme that would give him centralized control. At the same time, he wanted to prevent users from creating their own virtual machineswhich they could do using the ESX control manager."As great and mighty and powerful as ESX is, the console lacks in terms of security, and its very difficult to use," Kaiser said. "We toyed with it, and it wasnt consistent, which is why we needed to find another way to get fine-grain management and lock down the ESX console." Kaiser decided to deploy Leostream Corp.s Leostream VMC (Virtual Machine Controller) 1.2 to manage his virtual machines in a centralized manner. Before Coleman installed Leostream VMC, server administrators had to go to several Web-based consoles to access virtual machines on ESX. Using Leostream VMC, administrators can log on to a portal to launch a remote session to manage their virtual machines. Leostream VMC gives users full control of their machines, including the power button to turn their own machines off. Kaiser retains control of the virtual machines, and users see only what he permits. "You have to go through the struggle of trying to secure ESX before you can appreciate the benefits of Leostream," Kaiser said. "ESX is a great product, but Leostream fills in a lot of the gaps and really seals the deal." The success of his consolidation project now has Kaiser exploring other IT trails. Kaiser said hes considering the use of ESX and VMC in his disaster recovery site on two additional IBM eight-way x440 servers. Although Coleman is using only a few features in the Leostream product, Kaiser said he is looking into its other capabilities, including cloning servers, storage area network integration and the idea of failing over virtual machines between servers.
He has also asked Leostream to add LDAP support so that he can force session timeouts for additional security.
"The problem with server consolidation is that you reduce costs but increase complexity to some degree, which is exactly what youre trying to avoid," Kaiser said. "Using a virtual machine controller has really allowed us to realize the benefits of ESX."
eWEEK Labs Senior Writer Anne Chen can be reached at email@example.com.
Although Kaiser tried using Symantec Corp.s PCAnywhere for remote management of his virtual machines, the softwares inability to run on Linux meant that administrators using that operating system had no common way to access all their virtual machines.