Virtualization technology essentially reshaped IT in the last decade, but we drank so deep and long at the fountain that we enter the new decade with something of a hangover, and lots of fuzzy questions about what we have wrought.
Yes, virtualization has paid huge dividends in data center/server consolidation efforts, and yes it is helping redress the fact that our corporate systems are woefully underutilized. It's just that the list of issues surrounding virtualization is growing as fast as new applications crop up for this wonderful elixir.
These issues were easier to ignore when we were giddily realizing 10:1 server consolidation ratios and driving utilization rates from below 20% to 50% or more, but it is time to holistically assess where we are today.
The now cliché server sprawl that resulted from the ability to create systems at the push of a button is accompanied by a bevy of challenges that includes but is not limited to: stranding a lot of storage as resources are dedicated to virtual machines; difficulties getting a real inventory of VMs and managing them through their life cycle; which raises thorny security and compliance questions; and makes it hard to back up the resources and accompanying data; and has implications for software licensing (do you know enough about what you have running where to pass a surprise audit right now?).
Mobile VMs complicate all these problems and the complexity will double again if ultimately the goal is to be able to move machines between on-premise-based systems and resources hosted in the cloud (adding a layer of tough questions about data privacy). Oh, and if you believe Gartner, we're about to see an explosion in desktop virtualization, which will further add to the fun.
Dave Bartoletti, Senior Analyst at the Taneja Group, says: “The next phase of virtualization is about control, with the emphasis on efficiency, performance and agility” (see Virtual insecurity: Who's in control of your virtual machines?)
He says what we need now are next-generation tools that “address access control, policy enforcement, configuration control and activity logging.”
That makes sense. But it all starts with shaking off the party mist and categorizing the work that stretches out before us.