Best Practices
Email
Print
Start with your images
Just as with physical
machines, virtual instances must be deployed and configured systematically to
ensure security and reliability. Organizations need to determine which machines
or images are eligible for a software deployment and then install and validate
the software on each server, desktop or image. Installing enterprise software
can be a time-consuming task that is best not repeated for 25,000 different
images.
Organizations should
create master images where software can be installed and validated once,
although this is infinitely easier said than done. Every organization ends up
with many, many heterogeneous images. The solution is either to deploy and
update the same software on many images or to customize a single (or multiple)
master image to produce many differently configured images.
In many ways virtual
machine images are data and can be managed similarly to other business data
such as document and data stores. Treating them as data allows IT organizations
to simply back up and archive virtual machine images following corporate data
retention policies. But virtual machine images are more than a static chunk of
data, and it is critical that they be treated as if they are custom-developed
code. They are virtual IT assets; in some ways they are software versions of
physical IT assets. They need to be provisioned and checked for licensing,
protected from and scanned for malware, and patched with the latest OS and
application fixes.
It is for this reason
that VDI best practices dictate creating a gold image to serve as a template
for user virtual desktops. Storage is allocated to a virtual machine image (or
this can be dynamic) and the OS and apps are installed and patched. When deemed
to be gold, the virtual machine image should be cloned; work with the clone and
archive the original.
Chances are that an
enterprise will end up with many clones as virtual machine images are deployed,
customized and updated. There will be a lot of similarities between virtual
machine images, so they are excellent candidates for data deduplication and
virtualized storage datastores. Many times virtual sprawl isn't confined to the
data center and can take place across the entire enterprise network, especially
in business continuity use cases where virtual machine images are getting
deployed, synchronized and backed up across typically slow WAN links. WAN
optimization devices, such those made by Cisco, Blue Coat and Riverbed, can
help relieve the traffic burden.
Matthew D. Sarrel, CISSP, is a network security,product development, and technical marketingconsultant based in New York City. He is also a gamereviewer and technical writer. To read his opinions on games please browse http://games.mattsarrel.com and for more general information on Matt, please see http://www.mattsarrel.com.
