Virtualisation has been trailblazing into the IT mainstream for several years, but industry observers saw a few critical barriers holding the technology back, before it was universally accepted as a mission-critical enterprise technology.
Initially, it was perceived that virtualisation needed to improve around performance. Today, the overhead that a virtualisation layer puts on a physical server is now so small that IT departments are quite happy to virtualise some of the most resource-hungry applications and databases.
A second issue to be addressed was security; fundamentally, virtual machines - by virtue of the fact they are completely encapsulated and sand-boxed from other machines - are less likely to pass on viruses or malware. There has been philosophical discussion about what might hypothetically happen if a hacker was able to insert some kind of malicious code underneath the hypervisor, but to date no one has yet found out how to do this - it remains no more than a hypothetical discussion.
Today, mature virtualisation technology has taken a number of steps to enhance platform security. A core hypervisor of only 32MB embedded with hardened code means it presents a very small surface area for potential attacks. However, other approaches bundle the hypervisor up within a large operating system, which is a potentially less secure architecture as it presents a larger footprint to attackers and requires more frequent patching over time.
Early intervention
So, what does this mean for security vendors and the end-users looking to protect their IT infrastructure? The answer, ultimately, is that security technology will move further down into the infrastructure to detect threats at a different level and potentially deal with them far earlier. This represents a far more proactive approach to security - dealing with malicious code before it is even executed, rather than fire fighting once it has become an issue.
We are also likely to see a more policy-based approach to security in virtual infrastructures, because security at an individual virtual machine level will still be required. Some of the technologies which IT departments will deploy in 2009 will be able to apply security policies throughout the entire life cycle of the virtual machine - ensuring the right levels of protection are given to virtual machines at the point of provisioning, and that patching is automated across groups of similar virtual machines. This should take a lot of the manual effort out of securing virtual infrastructures and ensure a more rigid application of policies.
Security at the infrastructure level is one core area of focus, but another that has become a priority for end-users - in part due to some high profile media coverage - is around end-point security. A number of high profile data leaks, particularly in the public sector, have caused many organisations to re-evaluate their approaches to employee access control and mobile working in particular.
Fundamentally, IT departments are faced with an interesting paradox - they want to introduce flexible working practices and liberate workers while at the same time locking down data.
Ride the wave
Previous virtualisation models allowed enterprises to deploy and manage pre-packaged desktop virtual machines to end-users. As virtualisation matures, desktop virtualisation is seen as an ever-increasing trend and the wave of the future.
The concept behind modern desktop virtualisation is that IT services are delivered to individuals, not devices. End-users want the same view of their data regardless of what device they use to connect to their desktop or where their applications and data are located - the user wants a universal client. IT organisations, on the other hand, want to simplify management and take control of desktops and applications to secure information.
Fundamentally, IT departments are faced with an interesting paradox - they want to introduce flexible working practices and liberate workers while at the same time locking down data.
Chris Norton is regional director of VMware Southern Africa
The consumerisation of IT is making data protection more of an issue - employees now carry around all sorts of devices with memory cards that only serve to increase the potential for information to be lost or stolen.
With desktop virtualisation, departments will be able to retain central control of their assets - any important or confidential data can be retained in the data centre. For example, a user might be able to connect to a virtual desktop in a number of different ways, they might log on from a thin client terminal in the office, or via Remote Desktop Protocol from home. The use of some new technologies being introduced might enable users to 'check-out' their virtual machine image on a USB stick to run on a laptop.
When logging on within the corporate firewall, the user might get full privileges, whereas from home or on the road, certain functionality might be limited or locked-out to ensure no data can be transferred onto USB sticks or local hard drives.
Overall security and desktop manageability will give end-user organisations even greater peace of mind. On the one hand, IT departments will benefit from increased security within the virtual infrastructure itself, with enhanced virtual security solutions complementing and enhancing traditional technologies. The second big shift is towards using virtualisation at the desktop level to enable flexible working, while at the same time delivering the necessary levels of control over corporate assets and centralisation of sensitive or confidential data. By combining these technologies, organisations may avoid being at the centre of the next high-profile case of data loss.
* Chris Norton is regional director of VMware Southern Africa.
Share