Configuresoft's George Gerchow points out that "You can't manage what you can't see"

Configuresoft's Technology Strategist, George Gerchow, and I had a lovely discussion about virtualization, virtual machine software (such as VMware) and the stresses this technology push on overworked IT professionals. During this discussion, I mentioned that I thought that Configuresof's focus is too narrow, that virtualization is a far broader issue than merely the deployment, provisioning and management of virtual machines. I believe that George agreed with my statement overall but, pointed out that his company is focused on just those issues.

George believes that organizations should be concerned with the following things when it comes to virtualized environments in general and virtual machine software in specific (by the way, George is referring to virtual machine software when he uses the blanket term "virtualization"). I'm paraphrasing what George says in one of his position papers below:

1. Detection/Discovery - You can't manage what you can't see!
2. Correlation - Mapping guest to host relationships and grouping the VM's by criticality & application is a best practice when implementing virtualization.
3. Configuration Management - A Technical Controls configuration management database (CMDB) is critical to understanding the configurations of VM's especially dormant ones. The CMDB will provide the current state of a VM even if it is dormant, allowing a technician to update the configuration by auditing and making changes to the template.
4. Additional Security Considerations - Treat a Virtual Machine just like any other system and enforce security policies and compliance. Also, use an application that dynamically maps guest-to-host relationships and tracks guest VM's as they move from host to host.
5. VM Identity Management Issues - Who manages these machines? Do application owners have visibility into changes being made? Identify roles and criticality and put them through the same processes you leverage for physical devices including change management, release management and hardening guidelines.
6. VM Network Configuration Control - With multiple operating systems sharing a single IP address behind a NAT, network access control becomes much more complex in a virtual network.
7. Identifying and Controlling VM Proliferation - VM's can pop up and move to any location in an instant. To manage this potential issue, you must establish and enforce a process for Virtual Machine deployment.
8. VM Host Capacity Planning - Virtualization can make understanding what applications are running and how many resources are being leveraged much more difficult.
9. ESX Host Driver and ACL information - How is the ESX System itself configured? Organizations must proactively manage ESX machines by tracking and trending their security configurations over time to make sure they don't "drift" from corporate standards.
10. ESX Host Configuration Management - If a guest is infected with a worm or virus it will attack the other local VMs. If that image is moved to another host, it will continue to do damage across the organization.
11. Intellectual Property - Virtualization makes it more difficult to know who has what information. How do you know your VMs are not walking out the door with critical information and data?

While I tend to agree that these are important issues, it seems that the focus is far too narrow. Organizations are deploying many layers of virtualization technology, not just virtual machine software.

If the organization is heavily focused on cost reduction or cost avoidance, it is likely that it will focus on virtual machine technology and consolidation strategies. In this case, George's comments are right on target. Organizations, however, have other concerns that, in all likelihood, virtual machine technology will not address. Here are a few of those concerns.

• Performance - some organizations are focused on making some of their applications run faster. These organizations are likely to scale out their computing environment by deploying a number of systems and adopting high performance computing/Grid computing software. Virtual machine software is unlikely to be chosen for these applications because of the processing power consumed by this technology. Some of the issues mentioned by George are relevant in this environment but, many of them are not.
• Scalability -some organizations are focused on making application systems support a larger number of customers or staff members. These organizations are also likely to scale out their computing environment by deploying a large number of systems and some form of application virtualization technology. Virtual machine technology may be part of this deployment but other approaches are likely to be used. As before, some of the issues George mentions are relevant and some are not.
• Agility -some organizations face a rapidly changing environment and want to make their IT infrastructure deal with a high level of change without also maintaining an environment with a large number of under utilized systems. Virtual processing software, including virtual machine software and partitioned operating system software, are very likely to be part of the creation of an agile environment.

Configuresoft appears to be offering a set of tools that will solve some, but certainly not all, of the detection, creation, provisioning and ongoing management of a virtualized environment. If the organization is heavily focused on cost reduction or cost avoidance strategies, software from Configursoft might be attractive. I would also suggest that these organizations tool at products offered by Virtual Iron, Scalent Systems and a few others.

If the organization is taking a broader view of virtualized environments, other suppliers, that are also taking a broader view, may be a better choice. Organizations in this category might like to become aware of Cassatt, DataSynapse, Qlusters, etc. Do you believe that George has developed the right list of concerns? If not, what would you add to the list? What would you remove from the list?