Virtualization cuts hardware, power, and real estate costs by combining multiple servers, networks, and storage arrays into virtual pools. But for users like Pat O'Day, CTO at hosting and managed services provider BlueLock LLC, managing those resource pools means wrestling with multiple applications.
"There's a backup console, the SAN has a console, antivirus has a console -- everything has its own console," says O'Day. Buying all of those applications and training staffers to use them is costly and makes it hard to tune a virtualized environment to meet changing needs.
[ Doing server virtualization right is not so simple. InfoWorld's expert contributors show you how to get it right in this 24-page "Server Virtualization Deep Dive" PDF guide. ]
Rich Phillips wishes he could instantly create a virtual machine and provide everything it needs, such as load balancers, firewalls, and database connections, and then automatically register it with his configuration management database. But the tools he's seen that are designed to do that are either too expensive or "not fully baked," says Phillips, principal network engineer at Apollo Group Inc., which provides IT services to the University of Phoenix and other schools.
Apollo uses NetScout Systems Inc.'s nGenius Performance Manager, Service Delivery Manager, InfiniStream Console, 9900 Probes, and Virtual Agents to monitor the performance of its network. Phillips says he is pleased with the tools but wishes they could also monitor and troubleshoot the servers and storage arrays that can slow application performance.
Vendors are working to develop tools that enable users to manage entire systems through a single console -- or a "single pane of glass" -- but for now, users must choose among products that manage only parts of their environments or focus on specific problems, such as security, backup, or the sprawl of unused virtual machines.
Even if obsolete or unneeded VMs aren't powered up, they take up expensive disk space. If they are running, they use computing cycles and network bandwidth and can cause performance or security problems.
Lifecycle management systems find unused virtual machines by tracking the resources they're using or their scheduled expiration dates. They may also support templates that control the amounts of CPU, memory, storage, and network bandwidth available to different types of VMs; the backup or failover policies associated with them; or their life spans.
Ted Waller, Internet operations engineer at Cvent Inc., a vendor of online event management software, says he uses V-Commander virtual machine management software from Embotics Corp. because with it, he can require users to set expiration dates for the VMs they request. Like many other tools, V-Commander can also send warning emails to owners of virtual machines that are due to expire, among other capabilities.
Tools with similar functionality include BMC Software's BMC Cloud Lifecycle Management software, VKernel's Optimization Pack, VMware's vCenter CapacityIQ, Abiquo's Abiquo 1.7, and CommVault System's Simpana 9.
Administrators can control VM sprawl by making users pay for the virtual resources they use (chargeback) or showing them the costs of the assets they use (showback). Showback systems are easier to implement than chargeback systems; they also help internal IT shops prove that they can match the prices of outside providers.
The chargeback tool in VMware's vCenter can map costs to business units, cost centers, or external customers. BMC Capacity Management software can show costs based on either preset configurations or what the VM actually uses. CA Technologies offers showback and chargeback functionality in all of its virtualization automation tools. Products with similar features include Hyper9 Inc.'s virtualization management software and VKernel's Chargeback.
Security and compliance
As virtualization becomes more common, security and regulatory compliance become more critical. But dealing with those concerns isn't easy because traffic flowing among virtual machines within a host is harder to track than traffic among physical servers passing over the corporate network, says Ken Owens, technology vice president for security and virtualization at Savvis Inc., a managed services and hosting provider.
Some data might have to be encrypted, or it might only be allowed to run on network segments with certain security configurations. Waller would like to tweak his network configurations using V-Commander rather than VMware, whose access controls he calls "clunky." Owens says Savvis chose Vtrust security software from Reflex Systems LLC because it blocks threats and can monitor traffic within a virtualized environment and ensure that VMs have the proper security configurations.
VMware's vShield products provide a single framework to secure virtual servers, networks, data, and endpoints, and its vCloud Director creates "virtual data centers" that keep users' or customers' data and applications separate. That's important for service providers that need to protect customer data in multitenant environments.
HyTrust Inc.'s Appliance provides automated administrative access control, "hardens" the hypervisors that manage virtual machines, and ensures that VMs are configured correctly. Enterasys Network Inc.'s Data Center Manager identifies virtual machines by their MAC (media access control) addresses when they enter the network and applies the appropriate security policies. Symantec Corp.'s Critical System Protection tool offers a single management, policy and reporting framework to control (among other things) network traffic, device access, configuration and system lockdowns, and administrator access control.
Products that identify VMs that "drift" from desired states include CA Virtual Configuration, BMC BladeLogic Server Automation Suite, and VMware vCenter Configuration Manager.
Since virtualization makes it possible to pool servers, storage, and networks, it's becoming increasingly important to manage those components as an interrelated unit.
Storage is one area where some users would like better visibility. Waller, for one, says he has "no way to know if a VM is out of control or eating up more space than it should." O'Day says he would like to trigger space-saving deduplication for an application right from the VMware management console, instead of logging into the SAN console to understand which LUNs (logical unit numbers) or volumes support those applications. Waller says he would like to choose which volumes generate alerts so he won't be awakened when a volume supporting a noncritical application runs low on space at 4 a.m.
Thin provisioning is another concern. Its purpose is to reduce storage costs by promising applications more space than is available on arrays, but it can crash multiple applications if a host with many virtual machines runs out of space on a thin-provisioned volume without warning. Embotics, among other vendors, provides some storage visibility by monitoring available space and suggesting where to allocate storage for new VMs.
Quest Software Inc.'s vFoglight Storage and vOptimizer Pro provide performance and capacity management for storage in virtual environments, and vOptimizer Pro can automatically resize virtual machines to decrease storage requirements.
Vendors with roots in network management use network traffic data to aid management. When Enterasys' Data Center Manager identifies servers as they join the network, it reconfigures the network for sufficient bandwidth. Network management appliances from Infoblox Inc. are designed to identify new VMs when they request IP addresses and then trigger the provisioning of resources such as firewalls, load balancers and switches for those VMs.
Abiquo, a vendor of open source management software, claims to offer "single pane of glass" management with a system that features policy-based controls of logical units made up of physical and virtual computing, network and storage resources.
Big vendors offer systems that take this approach further. Examples include Cisco Systems Inc.'s Unified Computing System and the Virtual Computing Environment from EMC, Cisco and VMware. IBM's Virtualization Manager manages physical and virtual systems running VMware, Xen, or Microsoft Hyper-V, as well as systems running on IBM's own Power processors.
Monitoring utilization trends and using predictive modeling to determine when to add capacity helps organizations make wise virtualization investments. VMware's vCenter CapacityIQ provides visibility into servers and storage and (to a lesser extent) into the network; it also does predictive modeling.
BMC's ProactiveNet Virtual Performance Management does both capacity and performance management. Technology that BMC acquired from Neptuny will let customers use business metrics to determine investments in virtual infrastructure. Embotics provides real-time capacity and performance management, and VKernel Capacity Analyzer predicts bottlenecks and their sources, and offers capacity planning and management.
Virtualization is worth little if users can't reconfigure resources to tune performance. For example, they might want to move VMs among physical hosts or devote more storage to a VM.
VMware recently purchased Integrien, whose technology analyzes data from the VMware vCenter management platform and other tools to warn of problems. Hyper9's virtualization management software, recently acquired by SolarWinds, identifies possible bottlenecks that might arise when VMs contend for memory and CPU cycles.
Quest's vFoglight highlights performance problems, provides detailed performance information, and issues alerts with recommended solutions. It also has the ability to automate fixes and allows users to see several virtual centers from a single interface.
NetScout uses deep packet inspection and analysis of network traffic to recommend ways to fix (and prevent) performance problems and integrates with the management tools that perform the fixes. VMTurbo Inc.'s virtual appliances automate such operations as workload balancing and capacity management.
Abiquo claims that its system can manage virtual resources, using business policies based on security and compliance needs, energy costs, utilization and load balancing. Xangati Inc.'s Xangati Management Dashboard offers real-time performance monitoring and provides in-depth information to uncover bottlenecks.
VMware claims that its snapshot capabilities make it easy to capture the data and settings in a primary site and replicate it to a disaster recovery environment, while its vCenter Site Recovery Manager automates key backup and recovery processes.
But replicating LUNs in a virtualized environment requires labeling the affected LUNs and adding the remote site name to their descriptions. "And then you have to tell VMware to only put those VMs and those apps" on the disaster recovery site, says O'Day. "All I want to say is, 'This application wants to have a copy of itself over in Salt Lake City and another copy in Indianapolis.' "
Products designed to tackle disaster recovery include CA ARCserve Backup, which can perform backup, failover, and other functions from physical-to-virtual, physical-to-physical, and virtual-to-virtual environments. Actifio Inc. claims that its VMware SRM tool offers a simple, low-cost way to replicate virtual machines by using commodity storage. Veeam Software's Backup and Replication 4.0 combines backup and replication, native support for thin-provisioned disks, and hot mirroring of active production environments.
Hewlett-Packard Co. says that its Data Protector software supports all top server virtualization platforms, backs up both physical and virtual machines from multiple vendors through one interface, and provides eight methods of data protection. Symantec NetBackup 7 and Backup Exec support virtual environments. Symantec's recently announced ApplicationHA is designed to enable customers to set up high-availability VM clusters. CommVault's Simpana 9 provides automatic, policy-based backups of VM data and a single console to manage backup of physical and virtual servers.
Quest's vRanger is designed to speed full, incremental and differential VMware backup and replication and reduce storage needs. Its vReplicator is built to replace virtual machine images across networks to speed disaster recovery. And its vConverter converts physical systems into virtual images, and vice versa.
Virtualization provides almost infinite ways to combine computing, network, and storage resources. Finding a single tool to handle every management need is a pipe dream, at least for now. Focus instead on identifying your most critical virtualization needs and finding the products that address them.
Scheier is a veteran technology writer. He can be reached at firstname.lastname@example.org.
Read more about data center in Computerworld's Data Center Topic Center.
This story, "How to wrangle your virtual machines" was originally published by Computerworld.