VMware & Virtualization Expert Edward L. Haletky

When asked for technologies key towards sustained IT cost reductions, data center leaders commonly cite server virtualization technologies.

Our Data Center Leaders interview series digs deeper into this subject today as we discuss VMware virtualization with AstroArch founder Edward L. Haletky.

Haletky is a leading expert on VMware and virtualization who has authored the books VMware ESX Server in the Enterprise: Planning and Securing Virtualization Servers and the upcoming Virtual Infrastructure Security: Securing ESX and the Virtual Environment.

Haletky shares insight below on virtualization best practices, including how to identify and eliminate security threats common to virtual platforms:

Evolving Solutions:
Your book, VMware ESX Server in the Enterprise: Planning and Securing Virtualization Servers, offers VMware deployment tips and best practices.  What top three tips would you offer to businesses who’ve just implemented server virtualization through VMware?

Edward L. Haletky:
Now that the implementation is complete, it is time to review everything to make sure no changes are necessary. In some cases, these changes could mean a reinstall due to a change in usage or the plan.

You can now gather performance data to see how things are working and adjust the system appropriately.  This is the time to make sure your investment in virtualization succeeds. Verify memory limits, perhaps you have allocated more memory than what is actually used, verify Disk and Network IO, you may need to adjust this as well by adding new LUNs or more pNIC to the vSwitch, etc.

Form a Team that comprises the Security, Storage, Server, Network, and Virtualization Administrators to discuss issues as they come up. Sort of an advisory board of sorts within the company. With virtualization, the traditional siloed approaches do not work very well.

When considering new hardware, always choose something that is on the Hardware Compatibility Lists and nothing off them.

Evolving Solutions:
When asked for technologies designed to reduce costs in larger data centers, Cisco’s Omar Sultan cited virtualization technologies such as VMware and Hyper-V. How soon after implementation of these technologies can businesses expect to see cost savings?

Edward L. Haletky:
That depends on quite a few things, but most companies see an immediate lower consumption in power and possibly even cooling.  Those are always the big savings and immediate ones.  Cost savings also occur when hardware is to be updated as you are updating less hardware but license costs tend to eat into those savings.

Over time more items will be virtualized and a new baseline for cost savings will be created that already includes virtualization.

The real savings will end up being in efficiency.

Evolving Solutions:
Your upcoming book, Virtual Infrastructure Security: Securing ESX and the Virtual Environment promises to help identify and mitigate security related threats in all VMware platforms.  What would you identify as the single largest security threat present in VMware platforms today?

Edward L. Haletky:
This is a tough one, but it can boil down to the fact that currently virtualization security does not encompass the entire virtual environment but concentrates just on virtualization host security.

There is quite a bit more to virtualization than just a hypervisor to consider: there is management, backup, storage, clustering, and virtual networking.

In addition, security is often considered a bolt-on or after thought when it should be considered from the very beginning, when you are architecting and designing your virtual environment.

Evolving Solutions:
In regards to leaving themselves open to security threats, what are the biggest mistakes companies make after implementing a virtualization initiative and how can they be avoided?

Edward L. Haletky:
Many companies bolt on security instead of design/architect it in from the beginning.

That aside, the biggest error I see is the use of a flat network for management, IP storage, and VMotion. These three networks should actually be separate from each other and the normal production networks using firewalls and perhaps separate physical switches.

The other item that comes to mind on virtual networking is the level of trust in VLANs. This is not a security construct but people use it as such.

The other issue that comes up is to overlook aspects of storage security such as how backups are made.

In general, most people feel that they cannot be attacked and that they are safe from attack due to having an external firewall. Until a Penetration Tester comes in and shows how false that is, ignorance is bliss.

Evolving Solutions:
VMware vSphere 4 is bringing virtualization to small businesses. How have small businesses reacted to this opportunity promising to improve data center efficiency?

Edward L. Haletky:
vSphere 4 is not really doing that, it was done when VI 3.x was released as well as when VMware Server and ESXi were offered for free. Yes vSphere 4 builds on this, but the promise was made when ESX v3 was released.

Over the last few years I have seen more and more small organizations like Doctor’s offices turning to virtualization. They do this to cut their electrical costs. The last place a Doctor tends to invest is into IT.

I think vSphere 4 as critical new tools for the Enterprise and some specific SMBs, but in general, they like what was already available. Now that is improved.

Evolving Solutions:.
Wild Card: Anything else you’d like to add?

Edward L. Haletky:
Visit www.astroarch.com/wiki/index.php/VMware_Virtual_Infrastructure_Security for the latest information on my latest book “VMware vSphere(TM) and Virtual Infrastructure Security”, which is now available in a pre-edited version on Rough-Cuts.