IBM is ramping up its virtualization capabilities, aiming for greater security and expanded use of the technology in its mainframe systems.
The technology giant announced the new offerings at the IDC Virtualization Forum here Feb. 6, where analysts said the technology is ready to move into its 2.0 phase, in which it not only will grow in use in servers but also continue reaching into other areas, such as PCs, storage systems and networking devices. Its use also will continue to grow from simple consolidation projects to such tasks as disaster recovery and backup, company officials said.
"Right now, you see some early end users who see the benefits in terms of reduced cost, better availability and increased security," IDC analyst John Humphreys said at the event.
With as much potential as virtualization has—IDC predicts the number of installed servers worldwide will hit 45 million by 2010—one issue that has not been adequately addressed is security, analysts said. Users are looking for protection against vulnerabilities within hypervisors when workloads are moved either from physical machines to virtual ones or from one virtual machine to another.
Security is a key factor in what IBM, of Armonk, N.Y., calls a secure architecture for virtual hypervisors used with x86 and blade servers. IBM is offering customers the same type of security found in traditional mainframe servers, officials said. The architecture, called Secure Hypervisor, or sHype, will work as an embedded tool that wraps around a hypervisor to better secure a virtualized workload, company officials said.
As workloads—an operating system, application or middleware—are migrated from either a physical machine to a virtual machine or from one VM to another, sHype also will migrate with the workload and provide the same set of security measures that were originally constructed to protect the data. "The idea behind this is to have mandatory access control," said Kevin Leahy, director of virtualization for IBM.
sHype will work with proprietary hypervisors or with open-source hypervisors, such as Xen. IBM also plans to release portions of sHype to the open-source community, where it can be used as part of the Xen kernel.
With a traditional security firewall on a server, there is no guarantee the firewall will be properly migrated and moved to the right spot during virtualization, Leahy said. By embedding sHype with the hypervisor, policies and security established by the IT administrator will move with the workload and provide security directly into the virtualization software layer.
Once the security configurations, policies and exceptions have been set by an administrator, sHype will then lock those specifications with the configuration needed to run a workload, which will create a more secure environment as applications or operating systems are migrated through virtualization, Leahy said.
IBM also launched an updated version of its z/VM virtualization technology for mainframes. The product allows IBM to push its virtualization tools and re-emphasize its plan to tout mainframe servers as a mainstream alternative in the data center.
IBMs mainframe business continues to grow. According to fiscal fourth-quarter results announced Jan. 18, revenues from System z products grew 5 percent over the same period last year, and shipments of mainframe computing power—measured in mips—grew 6 percent.
The latest version of z/VM, to be released June 29, will now support up to 32 processors and offer users 128GB of memory, which will allow the software to host more than 1,000 virtual images, Leahy said. It also will allow servers to be turned into multiple partitions, or "virtual" Linux servers.
Charles King, an analyst with Pund-IT, said IBM is trying to distinguish itself from other virtualization vendors, such as Microsoft, VMware and Virtual Iron, which have mostly stayed within the x86 space.
"Its really important for them to get the word out there and let people know what the capabilities of the System z mainframe offering are," King said. "This isnt a knock on x86 virtualization, but when you talk about hosting a thousand images on the mainframe, people sit up and listen."