Details Virtualization Challenges

At Evolving Solutions, we build IT solutions for companies that improve data center and business efficiency.

Server virtualization, a solution reducing the number of physical servers in a data center by consolidating them into a virtual environment, helps achieve these objectives.  Utilizing fewer physical servers ensures data centers run more efficiently and more affordably, as costs needed to power and cool servers are reduced.

In several posts, particularly in our Data Center Leaders Interview Series, we expound on the benefits of server virtualization – and they are vast.  That being said, the implementation of any new solution will present its share of initial challenges. We would be remiss in only sharing the benefits of server virtualization while not alerting you to these challenges.

NetworkWorld recently detailed the challenges to be aware of with server virtualization in the excellent whitepaper, “Seven Key Challenges You Can’t Ignore,” available now for complimentary download.

Bottom-line, when companies implement a data center solution, they are looking for three things:

•    Performance
•    Affordability
•    Simplicity

In one way or another, everything can be said to relate to these three bullets.

So, bottom-line, does virtualization support these bullets?  If planned, implemented and deployed properly – yes.

Courtesy of NetworkWorld, here’s how:

•    Performance – when moving from physical to virtual software, application networking resources can be depleted at a faster rate, causing initial issues with server performance.  To improve performance, application networking resources can be offloaded onto a purpose-built appliance.
•    Affordability – From new software licenses to new hardware, initial costs of virtualization can threaten to overshadow its eventual cost-saving benefits.  Contain these costs by planning ahead, especially in regards to making the most of existing resources during deployment.  The smoother, more gradual the deployment, the more initial costs will be contained.
•    Simplicity – Anytime you introduce a new IT solution, there will be initial challenges felt as your team learns to manage the data center, new components and all, as a cohesive unit.  By managing virtual machines, your application network and storage network together, your organization can significantly reduce complexity – and simplify administration – by dynamically provisioning resources.

Each of the challenges and solutions above, plus more from the latest whitepaper by NetworkWorld, should be a part of the virtualization plan developed by your data center consultants.  Your consultants should also present these challenges and solutions in regards to how they specifically relate to your company.

If ever you’re unsure about something, the key is simply to ask, and armed with a copy of “Seven Key Challenges You Can’t Ignore” you will be more empowered to ask the right questions.

In the meantime, pose any of your additional questions about the benefits and challenges of server virtualization via a comment below.  We’ll ensure our data center consultants review and provide feedback to each.

Presents Virtualization Webinar

Several posts we’ve published, including those in our Data Center Leaders Interview Series, offer server and storage virtualization as one of today’s top data center cost avoidance strategies.

As an IT architect who has helped hundreds of clients launch server and storage virtualization initiatives, we are compelled to share the success possible with virtualization.  That being said, we are far from the only source touting its benefits.

Launched this month, and available through June 2010, is the complimentary webinar Unleashing Virtualization’s Full Energy Savings.  Sponsored by APC, the webinar is presented by Aaron Goldberg, VP, Market Experts Group, Ziff Davis Enterprise, and Victor Avelar, Strategic Research Analyst, APC. One of the primary takeaways for attendees who attend this webinar will be how to choose and implement a high-density data center strategy.

By definition, a high-density data center strategy is a plan empowering a data center to do more with less.  For example, more data capacity with fewer pieces of hardware.  Essentially, the purpose of using fewer piece of data center hardware is saving on data center power costs, particularly those stemming from heating and cooling.  Power and cooling costs are necessary expenditures for data centers that must regulate temperatures for multiple servers and increase with the more servers in use.

Server virtualization, which reduces the quantity of physical servers in a data center by consolidating them into a virtual environment, is a key tactic in any data center high-density or cost savings strategy.  Ultimately, this should secure interest in server virtualization for a high percentage of data center managers.

According to survey results published by The Data Centers Users Group and reported by SearchDataCenter.com, 47% of data center managers list energy efficiency as their second highest concern.

These survey results differ markedly from a survey conducted four years ago where energy efficiency was not even listed by data center managers as a top 3 concern.  This helps the energy efficient data center stand out as a symbol of an industry whose tide is quickly turning in much different direction than ever before. Of course, with any quickly turning tide, it’s vital that you truly understand it before you hop on for a ride.

We encourage readers of this blog to learn more about server and storage virtualization by registering for the webinar, Unleashing Virtualization’s Full Energy Savings, or by submitting any questions you have via a comment below.

Virtualization Expert Victor Avelar

What is the bigger incentive to run an energy efficient data center: saving some money or saving the earth?    Can a data center manager consider both to be equally important or is this line of thinking inherently dangerous?  And where do technologies like server and storage virtualization fit into the mix?

To answer these questions and more, our Data Center Leaders Interview Series turned to Senior Research Analyst from APC Victor Avelar, fresh off his webinar with Aaron Goldberg, Unleashing Virtualization’s Full Energy Savings:

Evolving Solutions:
What tips would you offer for business seeking to reduce data center costs?

Victor Avelar:
In general, the older the data center, the more energy-saving improvements that can be made.

Cooling system improvements are always a good place to start.  If hot and cold aisle containment hasn’t been implemented yet, I would start planning this, so that all future refreshes result in some kind of rack layout relocations that bring the data center closer to 100% hot / cold aisle.

Hot / cold aisle configuration will increase the effectiveness of air distribution and could allow one or more of the air conditioners to be turned off.  Same thing with installing blanking panels in all the empty U spaces of the racks.

Another easy way to save energy costs is to unplug servers that are no longer needed yet are still plugged in.  If there are any windows in the data room / center, cover them up with some insulation to reduce the solar heat gain that the air conditioners must remove.

Evolving Solutions:
Are there inherent dangers in trying to make your data center too cost efficient?

Victor Avelar:
In short the answer is yes.  You can place your critical operations at risk if you don’t understand how an ‘improvement’ impacts other systems.

For example, I could really save energy by turning off some air conditioners but if I’m not careful about monitoring temperature, a few servers may turn off due to thermal shutdown.

However, there’s nothing wrong with going all out to make your data center more cost efficient, the key is to know when you begin to hit the point of diminishing returns.

Evolving Solutions:
The webinar you co-presented with Aaron Goldberg, Unleashing Virtualization’s Full Energy Savings, highlights tactics like server virtualization that will help attendees maximize data center efficiency.  Are solutions like server virtualization geared more towards large data centers, small data centers, or can these solutions be scaled for any size company?

Victor Avelar:
I believe the largest % savings from virtualization go to companies that have hundreds of servers.

Host servers running 40 to 60 virtual machines is very possible and very efficient.  Large companies also have a better chance of rightsizing their power and cooling systems which can reduce the electric bill even further.

This isn’t to say that companies with 50 servers couldn’t benefit, but the savings percent tends to be lower.

Evolving Solutions:
According to survey results published by The Data Center Users Group and reported by SearchDataCenter.com, 47% of data center managers list energy efficiency as their second highest concern.  In a similar survey published four years ago, energy efficiency did not even appear in the top three.  Outside of the desire to save costs, what do you feel has driven the concern over data center energy efficiency so high?

Victor Avelar:
I believe there are a few different reasons for this.  One is definitely psychology.  If my peers are actively pursuing energy efficiency, you can bet that I will follow the herd, since I don’t want to appear clueless.

On a similar vein, the “green movement” has taken hold and companies want to be seen as part of the solution when it comes to saving the earth.  The risk of backlash is too great if they don’t.

Furthermore, if many people are pursuing it, chances are there is some real value there.  Which brings up reason #2; savings.  Done right, energy efficiency can definitely lead to real savings on the electrical bill.  Reason #3 is government regulations.

It’s just a matter of time before the data center industry is acted upon by energy regulations through carbon tax, Energy Star incentives, penalties, and other ways to reduce energy consumption.  Some electric utilities are already providing incentives for companies to reduce power consumption through rebates for buying certain types of IT equipment.

Evolving Solutions:
What products or solutions do you envision contributing to data center efficiency 5 years down the road?

Victor Avelar:
By far the biggest positive impact on energy savings will come from cooling system improvements.  If you look at the efficiency of the power train (i.e. from service entrance to the rack power strips) we have solutions today that result in a power train efficiency of greater than 86%.  The “cooling train” is far less efficient and is fertile ground for improvements in the next five years.

Specifically we’ll see solutions related to free-cooling through air-side and water-side economization.  Of course, the energy savings of these solutions will depend heavily on where in the world you locate your data center.  Other improvements in cooling systems will come from “smart” data center management which makes certain changes to devices based a holistic understanding of the entire ecosystem.

Today, a “good” change made to one device may cause the net power consumption to increase.  The classic example is when one air conditioner is cooling and humidifying while another one is dehumidifying.

Another solution that we’ll see is data center management that not only monitors and controls the white space but also the electrical and mechanical systems.  These management systems will have a holistic view of the entire ecosystem and will be able to alert when the data center efficiency is lower than it should be.

Evolving Solutions:
Wild Card:  Anything else you would like to add?

Victor Avelar:
There is so much information out there today and for the most part it’s pretty accurate.  I encourage all data center operators to read what’s out there so they are at least familiar with various solutions and how they decrease power consumption.

Antivirus Researcher & Disaster Recovery Expert Peter Szor

Truly one of the most insidious of the man-made disasters threatening a company’s data center are ever present, ever-evolving, computer viruses.

On the front lines helping to backup and protect data centers from these viruses is Peter Szor, the subject of today’s Data Center Leaders Interview.

Szor is a computer antivirus and security researcher with 20 years of experience building antivirus and security solutions. He is a distinguished engineer at Symantec Corporation, holds over 30 issued computer security patents and is the author of the best selling technical book The Art Of Computer Virus Research and Defense(1).

Below, we discuss the history and rapid evolution of computer viruses, answer why companies should think broader than antivirus protection when creating disaster recovery plans, and overlook the damage caused by a few of the most malicious viruses Szor has ever seen:

Evolving Solutions:
In your experience, how many companies understand the importance of creating disaster recovery plans that take cyber-threats, like computer viruses, into account?

Peter Szor:
Large companies with critical infrastructures always understood the risk of computer malware.

Yet, while antivirus solutions remains their number one security choice, relatively few companies are focusing on other important aspects of computer security that are also critical to them, such as making sure data is kept secure, yet available at all times.

Companies know that well maintained computer antivirus solutions from trusted, dedicated security vendors will vital for their security, but I strongly believe that in the very near future companies will move to the next stage of understanding and put more focus on disaster recovery plans.

Companies need to understand that mitigation of risks is increasingly important, especially in environments where services are provided to users where any interruptions can quickly lead to negative business impact.

It is amazing how much the data needs of companies have changed over the years.  Even in homes, people store far more data than ever before as everything is increasingly becoming digital. Both companies and home are at risk of losing information, which needs to be protected and kept secure from viruses and protected by data backups.

Having spent almost 20 years developing computer antivirus and security software, I strongly feel, that customers understand security risks much more today than ever before. Fast spreading computer worms such as CodeRed, Nimda, Blaster and Conflicker all point to the same underlying issues in our networks that we share. Computer networks, operating systems and applications will remain vulnerable and exploitable, and disaster recovery plans are more important than ever. Data backup and storage management are critical.

Evolving Solutions:
What tips would you offer businesses to protect against computer viruses that seem to evolve just as quickly as software designed to prevent infection?

Peter Szor:
We often see that companies do not manage their infrastructure enough. Vulnerabilities are not always managed by deploying security updates at all end points. Companies do not always follow closely enough what software their users run, what they can do, and what attacks they might bring to the corporate network when doing so.

Operating systems are often old, as are the applications on them, meaning they often have vulnerabilities unpatched. Most users run their system as Administrator. Today, what we find is that the majority of attacks are getting in via downloads when users browse the web. Securing the browser is critical. What the user can browse has a huge impact on the internal security of the network, especially so, when the code enjoys Administrator privilege to get installed right away.

Of course, I would also recommend user education. I do not give up my hopes in this regard. My family dedicated their life to education: math, physics, history and music, you name it. I tried to contribute to the field of computer security myself and hope that computer professionals understand attacks and defenses better from my work. I am happy to see that computer security is becoming a science and that people can graduate by receiving degrees in the subject.

I strongly recommend companies to hire security professionals with first-hand experience in security. The degree is one thing and the experience is the other. The more people understand computer security, the better it will get for the company. Yet, if there is no expertise in house, security consulting should be used.

Computer security is evolving all the time with the new attacks. It is exciting to see how much antivirus has evolved over the last few years as the threat space grow to over 4 million. To me, this is an amazing expansion of the threat space.

For the first 10 years, we have witnessed just about 10,000 distinct computer virus variants and we all believed it was already overwhelming. We got the rest of the malware space during the last decade which clearly shows an exponential curve. The malware universe expansion is clearly rapidly accelerating.

Keeping your version of Antivirus engines and products up to date is important beside the definition data provided. There are true inventions in AV software today, such as advanced heuristics, software behavior management and “cloud” based reputation systems, which will all shape client protection during the next decade. These inventions come with new products which need to be deployed time to time to be sure that computer security can evolve with the new threats.

Evolving Solutions:
Your book, The Art of Computer Virus Research and Defense, is a report from behind the scenes in anti-virus research.  Apart from what is published in your book, what is the one piece of data most important for businesses to know regarding how a virus could affect their data centers?

Peter Szor:
There are many attack types, which – fortunately – have not developed to their full potential.

During the last few years, exploitation was the main focus of attackers. What we see today is that web browsing brings more and more attacks to the end points, and so, we made our defense stronger against such malware attacks.

Computer viruses can cause devastation, especially the fast spreading worms that open up the network to the remote control of the attackers. When confidential information is leaked, there is always a problem, which goes way beyond the recovery of the attacks itself on the internal network because it affects the reputation of the company who leaked the data. Therefore the protection against information leakage is increasingly important aspect of security today.

I already mentioned that so called “cloud based” security solutions will shape the security landscape during the upcoming years. Targeted, unique attacks are exploiting end points every second. It is not unlikely that we will see more than 10 million malware variants during 2010.

People who are behind these attacks operate as businesses, and make a lot of money, which they can reinvest to improve attacks. Unfortunately, this process accelerates the evolution of malware a lot.

If you think about it, attackers already use cloud computing, when they harvest bot networks for their use, such as spam delivery. Next, I think, they will increasingly use real cloud computing systems, since they can effort to borrow as many virtual machines as they want relatively cheaply, and they can certainly effort to pay for them as needed.

Modern attacks require revolutionary security software to address them, and this is precisely what we are working on.

Evolving Solutions:
How has Symantec learned to anticipate computer virus evolutions and develop software to combat these viruses accordingly?

Peter Szor:
Symantec was the pioneer of fast antivirus updates.

We realized that instantaneous pulsing update processes were important and eventually we invented the idea of providing a service directly to clients querying a central database. This provides the most up to date security protection.

Software reputation services will be a strong pillar of our computer security. We built a large software reputation database for the last few years and are getting ready to use it. With this, Symantec will help users to avoid software, which is rarely used, as most Trojan programs are very rare with few victims each.

We fight back against server side polymorphism – the effect behind the quick millions of malware increases – by realizing that users typically want to run software that many people also use. When you choose a restaurant, you want to be sure that is grade A, and have good food, and you know that if you see that the place is always packed. When you see a grade B restaurant with a few people inside, you want to avoid it, because you risk that you get sick when eating there. Similarly, if you are among the first to run a program that nobody has ever ran, you better not to take the risk. Such a policy will help protection tremendously in the future, and possibly, it is the greatest extension of the art of computer protection since my book was published a few years ago.

We understand, that our protection against malware attacks such as self-replicating viruses and worms is very strong, and thus, traditional techniques help our customers to fight back against them. We made sure during the last decade that our software provides solid protection against even the most sophisticated polymorphic and metamorphic virus attacks. We demonstrated in leading antivirus tests that we are unmatched when doing so. We made our protection against malware attacks much stronger during the last 12 months, while improving the performance of our software at the same time.

Evolving Solutions:
What is the most despicable computer virus you have ever witnessed, and without naming company names, what level of damage did you see it cause?

Peter Szor:
During the years, I have seen successful attacks, which deleted data that could not be restored since data backups were typically not available. We have even witnessed PC’s being destroyed by overwriting the content of their Flash-BIOS, as the CIH virus did, that made the motherboard of the attacked system useless.

You could not possibly prevent using add on software- the Flash-BIOS- to be overwritten, since the “metal” could be directly accessed via PORT commands with no way of interruption, once the malicious code ran on the system. This is a basic design flaw of modern computer architectures.

Instead, the actual viruses and Trojans had to be detected at the first place before they could run. Antivirus software was key to detecting these attacks and will surely remain the wheel of computer security in the future.

Back in 1995, I was certain that Windows systems would be the new target of attackers and expected to see computer worms on the platform. First, I witnessed the Happy99 worm, released a decade ago, which demonstrated the main problem infecting systems world wild.  Then, attackers finally turned towards the use of exploits.

CodeRed and Nimda worms would show how quickly attacks could spread on the Internet when exploiting remote vulnerabilities.  When I traveled to Europe in September of 2001 to visit the Virus Bulletin conference in Prague. I recall, the cab driver asked me, what kind of business I did, and I proudly said:

“I am a computer antivirus researcher.”

He quickly went on to say:

“Have you heard of Nimda, Admin backwards? It is all over the radio!!”

When he noticed that I had no idea what he talked about – I just landed in Prague a few minutes earlier, and the worm was actually released while I was in the air – he went on saying laughingly:

“What kind of security researcher are you?”

At that very moment, we both realized that the security world had dramatically changed. Then all other researchers at the conference talked to me about Nimda one by one. They all knew I was painstakingly analyzing every single variant of Win32 malware, carefully cataloging them, and giving them their names.  Then, the sudden explosion of these threats just happened, seemingly one day to the next.

The Conflicker worm recently demonstrated that essentially the same vulnerabilities are still with us. As a matter of fact, Conflicker uses some modules that were built years ago by the 29A virus-writing group, which is no longer, but their legacy is still with us.

Certainly, there is more to do to improve protection at both sides of the spectrum: at security vendors as well as at the end points by the companies themselves. We are working very hard to improve security for our users who can be rest assured that we have never, ever been more focused on delivering the best protection in the industry.

(1) The Art Of Computer Virus Research and Defense, published by Addison Wesley 2005.