One IT pro who spoke during the virtualization track also used the "crack" analogy, saying that configuration errors contributed to a recent headache-filled day in which 10 or so VMs became inaccessible. Paul Lantieri, network operations manager for the Division of Health Care Finance and Policy in the Massachusetts state government, said his VMware environment and Dell/EqualLogic ISCSI storage-area network were having problems communicating with each other. At one point, he discovered that the list of buffered commands that VMware has issued to the storage system was more than 12,000 long. Typically the number is less than five.
Ultimately, the government agency powered the entire datacenter down after gaining assurances from vendors that they would not lose any critical data or workloads. To prevent future mishaps, Lantieri's team has changed the way it allocates resources, reduced the number of VMs connected to each data store, and are teaching developers how to write code for a virtual environment.
"Virtualization is like crack sometimes," Lantieri said. "You do things in the virtual world that you probably shouldn't be doing. We were being too lenient and generous with our development groups."
Storage is often a sticking point when it comes to virtualization, Burke said.
"A good number of the [IT pros we interviewed] had put virtualization projects on hold for six months to a year to get their storage networking stories straightened out," Burke said. "They realized until they had networked storage that was virtualized appropriately they would not" achieve the benefits of virtualization, such as site recovery.
Security is another potential problem, and one that too many IT pros have ignored, according to Burke. Network managers who routinely set up robust security for physical resources haven't done the same after virtualizing, neglecting to set up virtual firewalls and security zones, Burke said. Even if this doesn't lead to security incidents, it could expose them to regulatory problems, he indicated.
"They were trading a level of assurance and auditability that they used to have for nothing," Burke said. "They could not show that they had not produced an unacceptable level of risk. Their security teams had not been paying close attention.