Managing Virtualization in Hybrid Cloud Environments
In a virtualized hybrid cloud environment, you’ll have a lot of individual pieces to manage. You’ll need to treat all resources together as though they were a single system, as opposed to an image here or there. If you don’t, you’ll end up having resources that are there but not being used effectively. The issue is how you manage these images in a virtualized hybrid environment.
The following diagram illustrates just how complicated this management can be. You can see that you have multiple virtual machines across multiple environments.
Provisioning software lets you manually adjust the virtualized environment. Using provisioning software, you can create new virtual machines and modify existing ones to add or reduce resources. This type of provisioning is essential to managing workloads and to moving applications and services from one physical environment to another. Provisioning software enables the following:
Migration of running virtual machines from one physical server to another
Automatic restart of failed virtual machines on a separate physical server
Clustering, or grouping, of virtual machines across different physical servers
In a hybrid environment, you’ll have to make sure that cloud providers offer provisioning software in a consistent manner and can work with your internal resources.
Before virtualization, hardware provisioning was simply a matter of commissioning new hardware and configuring it to run new applications (or possibly repurposing it to run some new application).
Virtualization makes this process a little simpler in one way: You don’t have to link the setup of new hardware to the instantiation of a new application. Now, you can add a server to the pool and enable it to run virtual machines. Thereafter, those virtual machines are ready when they’re needed. When you add a new application, your cloud data center administrator or your service provider (via a self-service interface) will enable you to configure it to run on a virtual machine.
One of the key benefits that companies have found with cloud computing is the ability to quickly and effectively provide additional hardware resources from IaaS (Infrastructure as a Service) providers.
Provisioning is now the act of allocating a virtual machine to a specific server from a central console. Be aware of a catch, however. You may decide to virtualize entire sets of applications and virtualize the servers that those applications are running on, for example. Although you may get some optimization, you also create too many silos that are too hard to manage. You may have optimized your environment so much that you have no room to accommodate peak loads.
A hypervisor lets a physical server run many virtual machines at the same time. In a sense, one server does the work of maybe ten. That arrangement is a neat one, but you may not be able to shift those kinds of workloads without consequences.
A server running 20 virtual machines, for example, may still have the same network connection with the same traffic limitation, which could act as a bottleneck. Alternatively, if all those applications use local disks, many of them may need to use a SAN (storage area network) or NAS (network addressable storage) — and that requirement may have performance implications.
Using virtual machines complicates IT security in a big way for companies running hybrid cloud environments. Virtualization changes the definition of what a server is, so security is no longer trying to protect a physical server or a collection of servers that an application runs on. Instead, it’s protecting collections of virtual machines running across multiple environments. Here, as a result, are some security issues that arise:
Perimeter security: In a hybrid cloud, the data center is no longer a single entity that you can protect. You now have to ask yourself what your perimeter security looks like.
Hypervisor security: Just as an OS attack is possible, a hacker can also take control of a hypervisor. If the hacker gains control of the hypervisor, he gains control of everything that it controls; therefore, he could do a lot of damage. The hypervisor should have no externally accessible ports that can be accessed by a hacker, and it should be as invisible as possible to a network. It should not have to be patched often.
Storage security: If data is written to a local storage machine and then not cleaned when reallocated to another virtual machine, data leakage can occur.
Configuration and change management: The simple act of changing configurations or patching the software on virtual machines becomes much more complex if the software is locked away in virtual images. In the virtual world, you no longer have a fixed static address to update the configuration.
Network monitoring: Current network defenses are based on physical networks. In the virtualized environment, the network is no longer physical; its configuration can actually change dynamically, which makes network monitoring difficult. To fix this problem, you must have software products that can monitor virtual networks.
Capacity planning refers to the estimation of how much computer hardware, software, connection infrastructure, and space will be needed over a certain period of time. Although capacity planning in a data center means a lot of forecasting, capacity planning in the cloud model is theoretically easier because of the elastic nature of the cloud. That doesn’t mean you shouldn’t do it, though.
You still need to have some idea of what workloads will go where and what the performance will be. Otherwise, although you think you might have infinite resources, you may find that you don’t, or that your costs become uncontrollable.