A rush by Australian organisations to adopt virtualisation has left them with messy IT shops that will take three years to clean up, according to one Microsoft director.
Talking to Computerworld Australia, Microsoft senior product manager of the virtualisation and systems centre group, Michael Cooper, said adoption of virtualisation boomed in organisations in Australia, the United States and Europe before IT managers were able to understand the ramifications of the technology and learn best practice.
“There are very few managers that know how to contract capacity quickly. No CIO lacks the power to turn on more servers, but they struggle to roll it back,” Cooper said.
According to Cooper, virtualisation deployments not built on best practice exacerbate problems in software licensing, efficiency and security that are common to physical server and storage infrastructure.
“Virtualisation can introduce new problems into the data centre. Getting management right is a lot of work and you can't write a check to get out of it. Managers just have to spend the time to get a handle on their IT.
“Physical servers have an end of life, but now there are few business drivers to remove that unmanaged and un-patched server in a virtual environment - other than that it violates security processes. Virtualisation has taken that pain and hidden it in the data centre, and a good chunk of time will be spent getting rid of unnecessary virtual machines.”
Cooper, who claims to speak with 100 chief information officers from the Fortune 500 list each year, said organisations in Australia, the US and Europe that use virtualisation will forego adopting new technology including cloud services over the next few years in order to gain control of virtualised environments and remove unnecessary instances. He said the lure of private cloud computing will not rival the virtualisation “land-grab” for these organisations because they “have a mess to clean up”.
Unmanaged virtualised data centres present “significant” security vulnerabilities if they disrupt security policies and machines remain un-patched, Cooper said, adding that replacing physical servers with software opens inherent data protection issues.
“I would probably be caught if I walked out of a data centre with a server box. But many organisations wouldn’t know if I copied their virtual machine to my iPhone. This is a real issue.”
Analyst firm Gartner claimed in March that 60 per cent of virtual servers are less secure than the physical boxes they replace. This would remain true until 2012, but the analyst firm did not say how specifically security would improve.
Common security risks associated with virtualisation include virtualised machines planned without assistance from security professionals, and unknown vulnerabilities in the hypervisor and virtual machine monitor. According to Gartner, the hypervisor should be regarded “the most critical x86 platform in the enterprise data center”, be kept “as thin as possible”, and noted that host-based security controls should not be relied on to protect systems below the hypervisor.
Cooper said organisations are also wasting money on unnecessary software licences, which he has observed with Microsoft customers.
Gartner claimed about 18 per cent of enterprise data centre workloads ripe for virtualisation had been converted to virtual servers so far, with predictions that figure would reach 50 per cent by 2012.
Organisations in Korea and Japan have already stalled virtualisation deployments in favour of ensuring data centre management is up to scratch, and will conversely spend the next three years deploying virtualisation or preparing for cloud services technology. Yet Cooper said neither management- or technology-focused roadmaps can be described as more favourable.
“A lot of people and news articles say that if you adopt new technology, you’re ahead of our peers. That’s simply not true. Getting better at doing IT is not a matter of going as fast as you can.”
IT managers in Australia, Europe, and the United States generally have the same emphasis on technology adoption, while Japan, Korea and other Asia Pacific organisations are focused on IT processes, Cooper said.