Users Talk Virtual Troubles

NEW YORK -- Despite the growing popularity of virtualization, many users are still struggling with lengthy deployment cycles and security issues related to the technology. This was the message from CIOs and IT managers at a conference here today. (See IDC Reports on Virtualization.)

Speaking during a keynote, John Humphreys, program director at analyst firm IDC, warned that virtualization brings a unique set of challenges to the data center. "It changes your processes," he explained. "[Its about] how much time, effort and energy it takes to transform your organization."

Attendees agreed that this is a major hurdle in the path of their virtualization strategies. "Time is definitely a major concern of ours," said Jim Steinmark, director of architecture and engineering at Fidelity Investments. "One of the big challenges is the time that it is taking to get people to accept virtualization as a production-ready technology," added the exec, who uses VMware, Citrix, and SoftGrid within his infrastructure.

For this reason, Steinmark estimates that it probably takes 40 to 50 percent longer to get an application deployed on virtual machines than it would on physical servers. A complex virtual application shared by a number of different users, he said, could easily take a year to deploy.

On the plus side, the exec told Byte and Switch that his firm can deploy updates to his virtual software much faster than he would have been able to with traditional software running on a physical server.Another attendee, George Scangas, lead IT infrastructure analyst at Welch's Foods, warned that developers are often the hardest group to get on board. "A lot of them are from the old school of thinking -- they want to run [applications] on a physical box," he added.

Welch's Foods, which has saved over $300,000 in hardware costs since deploying VMware's ESX Server in 2004, has nonetheless managed to get its testing time down to two weeks. "We let [the application developers] kick the tires initially, to see how everything works," explained Scangas.

The other big challenge cited by New York CIOs was security. For some time now, users have been voicing their concerns about the security implications of virtualization, which add yet another layer of complexity to corporate security policies. (See Tales From the Virtual Crypt, Users Talk Virtual Tension, and Users Search for Virtual Reality.)

Vendors are now coming under pressure to boost this side of their virtualization story. "One of the top concerns that we hear from users is [the need for] for trusted virtual machines," said Intel exec Lorie Wigle during another of today's keynotes.

Intel, according to the exec, has a number of research projects underway to address this issue, although she did not go into specific details. That said, it appears that much of this work is likely to revolve around the Trusted Computing Group's Trusted Platform Module (TPM) specification.TPM is a standard that builds security features such as encryption into processors. The standard has already made its presence felt in the laptop market, and Intel is now attempting to extend its reach into server and storage devices. (See TPM To Bolster Laptop Security.)

Last year Intel added TPM support to its chip family, although at least one IT manager wants to see more activity around the standard. "I would like to see more vendors leverage the TPM technology and take advantage of security on a chip," said Fidelity Investments' Steinmark.

Specifically, Steinmark would like to see virtualization vendors such as VMware and operating systems specialists like Microsoft flesh out their TPM stories. "It's just not being utilized now," he said

At the moment, vendors appear to be focusing most of their security efforts on the virtualization hypervisor. IBM, for example, unveiled its Secure Hypervisor Architecture or "sHype" technology today, which it is touting as a way for users to lock down their virtual workloads. (See Virtually Secure.)

Developed in conjunction with the Xen open-source community, the idea is that IT managers can use the sHype software to set security policies for their virtualization hypervisors. (See XenSource.) This could, for example, set rules for which members of the IT department can access and change the hypervisor.VMware, for its part, "will continue fortifying at the hypervisor level," according to Parag Patel, the vendor's senior director of ecosystem alliances, although he would not go into roadmap specifics.

The vendor has already moved to lock down virtual machines with its Assured Computing Environment (ACE) product, and is now rumored to be adding firewall features to its virtualization software.

Other IT managers at the show were more concerned about what happens to their virtual data when it's on the move. "We have seen a lot of security issues coming across," said Harvey Betan, a consultant that works with government agencies and the financial sector. "I am involved in business continuity and I am interested to see how you can go from a live environment to a recovery site keeping the virtualization in place."

— James Rogers, Senior Editor Byte and Switch