VMware goes beyond the hypervisor

Few IT technologies are evolving as fast as virtualization. In fact, even the major CPU manufacturers are pushing the envelope. Every new processor revision from Intel and AMD moves more virtualization code from the OS into microcode. Soon, nearly all of the major virtualization tasks currently handled by kernel and user-space code will be on the chips themselves, and hardware-based server virtualization will be as commonplace as RAID controllers. A quad-core CPU will come to be seen not as four processors for a single OS, but rather as a single processor each for four virtual servers. So what’s beyond that door?

At that point, all the layers in the application stack will drop a level. Operating systems, which now serve as a clearinghouse for all applications, will become a delivery mechanism tuned for specific apps. Vendors will begin shipping products pre-installed on virtual machine images to reduce cost and complexity, and the virtualization platforms will relinquish mundane tasks to the CPUs and concentrate more on security and management. Server workload profiling will become commonplace, and live server resource modeling and reassignment will be the rule.

Vendors already are shifting their attention both above and below the hypervisor to offer high-end server management and security tools. Taking advantage of VMware’s modular network stack, products are in the works that insert intrusion prevention below the OS level, and hot on the heels of hypervisor-based IPS is hypervisor-based anti-virus. Operating at the raw x86 instruction level will not only increase the reliability and accuracy of these tools, but also reduce their footprint, as a single instance running at the hypervisor layer could protect all the virtual machines running on that host without consuming separate process space inside each VM.

The application delivery possibilities are starting to be seen in large part due to VMware's Virtual Appliance Marketplace, an initiative that began as a contest to build custom-configured, VM-based applications that could be distributed via VMware’s Web site. The obvious candidates were security devices built on Linux, and other appliances were built to provide instant deployment of network telemetry and monitoring tools such as Nagios, Cacti, and ntop. Now commercial software vendors are beginning to embrace virtual appliances.

Rather than shipping CDs or installers for their software products and dealing with support calls, it would seem to be far simpler for the vendor to build an entire virtual server housing their application, and send the VM to customers. Installation time becomes nearly nil, the installation of all necessary supporting packages is guaranteed, and the app ends up running on an OS tuned to its specific needs, rather than on a generic build. This will both enhance security and performance of the application, while easing delivery and cutting implementation costs.

To fully realize this ideal, virtualization vendors will have to come together to agree on standards for virtual servers. From configuration settings -- which are already based on XML in most cases -- to resource management and the layout of virtual disks, it’s not a small task, but a necessary one from the ISV perspective. Instead of having to create (and test and support) different versions of their code for the different virtualization platforms, ISVs could provide a single VM that would run on Xen, Microsoft Virtual Server, VMware, and so on.

Of course, despite the rapid pace of development, these are still the pioneer days for x86 server virtualization. Truly ubiquitous virtualization will be some time in coming, but it will define the datacenter when it arrives.