The chargeback tool in VMware's vCenter can map costs to business units, cost centers, or external customers. BMC Capacity Management software can show costs based on either preset configurations or what the VM actually uses. CA Technologies offers showback and chargeback functionality in all of its virtualization automation tools. Products with similar features include Hyper9 Inc.'s virtualization management software and VKernel's Chargeback.
Security and compliance
As virtualization becomes more common, security and regulatory compliance become more critical. But dealing with those concerns isn't easy because traffic flowing among virtual machines within a host is harder to track than traffic among physical servers passing over the corporate network, says Ken Owens, technology vice president for security and virtualization at Savvis Inc., a managed services and hosting provider.
Some data might have to be encrypted, or it might only be allowed to run on network segments with certain security configurations. Waller would like to tweak his network configurations using V-Commander rather than VMware, whose access controls he calls "clunky." Owens says Savvis chose Vtrust security software from Reflex Systems LLC because it blocks threats and can monitor traffic within a virtualized environment and ensure that VMs have the proper security configurations.
VMware's vShield products provide a single framework to secure virtual servers, networks, data, and endpoints, and its vCloud Director creates "virtual data centers" that keep users' or customers' data and applications separate. That's important for service providers that need to protect customer data in multitenant environments.
HyTrust Inc.'s Appliance provides automated administrative access control, "hardens" the hypervisors that manage virtual machines, and ensures that VMs are configured correctly. Enterasys Network Inc.'s Data Center Manager identifies virtual machines by their MAC (media access control) addresses when they enter the network and applies the appropriate security policies. Symantec Corp.'s Critical System Protection tool offers a single management, policy and reporting framework to control (among other things) network traffic, device access, configuration and system lockdowns, and administrator access control.
Products that identify VMs that "drift" from desired states include CA Virtual Configuration, BMC BladeLogic Server Automation Suite, and VMware vCenter Configuration Manager.
Since virtualization makes it possible to pool servers, storage, and networks, it's becoming increasingly important to manage those components as an interrelated unit.
Storage is one area where some users would like better visibility. Waller, for one, says he has "no way to know if a VM is out of control or eating up more space than it should." O'Day says he would like to trigger space-saving deduplication for an application right from the VMware management console, instead of logging into the SAN console to understand which LUNs (logical unit numbers) or volumes support those applications. Waller says he would like to choose which volumes generate alerts so he won't be awakened when a volume supporting a noncritical application runs low on space at 4 a.m.