Best Practices

By Matthew Sarrel  |  Posted 2010-09-28 Print this article Print


Start with your images

Just as with physical machines, virtual instances must be deployed and configured systematically to ensure security and reliability. Organizations need to determine which machines or images are eligible for a software deployment and then install and validate the software on each server, desktop or image. Installing enterprise software can be a time-consuming task that is best not repeated for 25,000 different images.

Organizations should create master images where software can be installed and validated once, although this is infinitely easier said than done. Every organization ends up with many, many heterogeneous images. The solution is either to deploy and update the same software on many images or to customize a single (or multiple) master image to produce many differently configured images.

In many ways virtual machine images are data and can be managed similarly to other business data such as document and data stores. Treating them as data allows IT organizations to simply back up and archive virtual machine images following corporate data retention policies. But virtual machine images are more than a static chunk of data, and it is critical that they be treated as if they are custom-developed code. They are virtual IT assets; in some ways they are software versions of physical IT assets. They need to be provisioned and checked for licensing, protected from and scanned for malware, and patched with the latest OS and application fixes.

It is for this reason that VDI best practices dictate creating a gold image to serve as a template for user virtual desktops. Storage is allocated to a virtual machine image (or this can be dynamic) and the OS and apps are installed and patched. When deemed to be gold, the virtual machine image should be cloned; work with the clone and archive the original.

Chances are that an enterprise will end up with many clones as virtual machine images are deployed, customized and updated. There will be a lot of similarities between virtual machine images, so they are excellent candidates for data deduplication and virtualized storage datastores. Many times virtual sprawl isn't confined to the data center and can take place across the entire enterprise network, especially in business continuity use cases where virtual machine images are getting deployed, synchronized and backed up across typically slow WAN links. WAN optimization devices, such those made by Cisco, Blue Coat and Riverbed, can help relieve the traffic burden.

Matthew Sarrel Matthew D. Sarrel, CISSP, is a network security,product development, and technical marketingconsultant based in New York City. He is also a gamereviewer and technical writer. To read his opinions on games please browse and for more general information on Matt, please see

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel