Virtualization Report | David Marshall | TAG: Interviews

MORE ENTRIES

TAG: Interviews

March 15, 2008 | Comments: (0)

Finding out more about virtual networks from Altor Networks

I recently had the opportunity to speak with Altor Networks CEO, Amir Ben-Efraim, so that I could find out more information about virtual networks and what Altor Networks is trying to do with them.

Q: So if you would, please tell us about Altor Networks?
Altor Networks is a virtual network security company whose vision is to make the virtual network more secure than its physical counterpart. Our team consists of world-class experts in network security, with experience from some of the most respected vendors in the industry.

Q: And what does the company do or provide?
Altor Networks has announced two products: Virtual Network Security Analyzer (VNSA) – available now and Virtual Network Firewall (VNF) – available in Summer of 2008.

Altor's VNSA provides unprecedented, granular visibility into virtual switch traffic hidden inside virtual servers such as VMware's ESX. The virtual switch is no longer the 'blind-spot' it was for legacy security and monitoring solutions. The VNSA's comprehensive dashboard assimilates traffic information across multiple physical servers and surfaces security issues like port scans, unwanted protocols, etc. Data center administrators can use the detailed information to improve operational efficiencies by quickly isolating and troubleshooting virtual network issues.

Altor's VNF is the first security product built from scratch for the virtual environment. It brings forth great innovations like:

The first firewall designed specifically for the virtual datacenter, with full support for all the dynamic features of virtualization
Security that stays 'attached' to the VM as it is moved, paused, or re-started
Security policy that can be defined and enforced per-VM
Hierarchical policy infrastructure that achieves maximum security with low administrative overhead.

Q: Is the product monitoring physical switches and networking or just virtual switches and adapters? And does it only work with VMware? Or does it also work with other virtualization platforms as well?
We are focused uniquely on monitoring and securing the virtual network. Virtual switch/bridge is a universal construct for all virtualization platforms, and is considered a standard feature of the 'virtual infrastructure'. It exists in VMware, Citrix-Xen, Microsoft, Oracle and Sun.

Altor Networks' products monitor and control virtual switches, not physical switches.

Q: What is it that you have seen that says virtualization is plagued in the networking security space? And is there a big threat happening?
Virtual servers are just as vulnerable as their physical counterparts. Security best-practices must be implemented, much like they were in the physical world. However, best-practices in the virtual environment must also consider the new characteristics presented by virtualization. Three main things have made this interesting from a security perspective:

As the number of virtual machines per physical server increases, the virtual network becomes the true network access layer. Given the fact that this network cannot be monitored or controlled makes it ripe territory for security mishaps.
Legacy security solutions have not kept pace with the innovative productivity features of virtualization – live-migration, rollbacks, pause-restart, are not common place in the physical world. As such, legacy security solutions cannot adequately protect the virtual environment.
Last but not least, during server consolidation, intentionally or unintentionally, servers with varying security postures and risk profiles are consolidated onto one physical server, but security best practices do not follow them into the virtual world.

We believe that deploying security as part of the virtual infrastructure and following security best practices will increase adoption of virtualization and maximize the return on investment.

Q: Is network usage a really big resource problem when it comes to DRS and VMotion? Would you expect high spike network traffic to cause a DRS response? What if both network activity and CPU is high? Would CPU trump network traffic?
When there is high network traffic, it is typically accompanied by a spike in CPU usage as the VM processes the network requests/traffic. As such, DRS and VMotion which use CPU usage as decision criteria are including the possibility of high network traffic among other things.

Our assertion is that if two VMs are exchanging a lot of network traffic, then it is more efficient for them to reside on the same physical server. With Altor's VNSA, administrators can use the inter-VM information to create efficient VM groupings for DRS and VMotion.

Q: Is your company currently in stealth-mode?
Altor Networks will be publicly launched on March 17th.

Q: And is this a beta product? If so, when is the GA version expected out?
Altor's VNSA will be released with the launch of the company on March 17th. It has been in beta with many customers for 2-3 months. Customers interested can go to www.altornetworks.com to download a full-featured free version to get familiar with the product, features, and benefits.

Altor's VNF will be available for beta in Summer 2008. Customers interested in participating in the beta can send an email to vnf-beta@altornetworks.com

Q: So who is currently using the product? And have you heard any feedback or stories from these customers yet?
VNSA is installed at many customer sites.
A sample list of the customers is at - www.altornetworks.com/customers
Here is a small sample of some interesting customer discoveries when VNSA was installed on their environment:

"This puts VMs on a level playing field with physical servers."
This was the story of a senior VMware administrator having a difficult time getting buy-in from the rest of the IT team.
"We can use this for our compliance audit."
This was from a HIPAA director at a county hospital who had been asked for a detailed access report during a compliance audit.
"I did not realize there was so much multicast traffic on our network."
This was from a VP of IT at a software services organization with many Windows VMs. He was particularly surprised since he had his team build the VMs with the explicit intent of turning off unnecessary services that are on by default.

While we did not find any real-time security breaches, VNSA can detect and alert on port scans, VMs in promiscuous mode, unwanted protocols, etc.

Q: Why is it that your company claims that a virtual datacenter can be made more secure than a physical one?
By closely integrating with virtual infrastructure APIs (e.g. VMware's VMsafe) and virtualization management systems (e.g., Virtual Center), our products can articulate and enforce a security policy-per-VM. This locks down each VM to its defined services and network communications, achieving a fine-grained level of isolation. This level of security granularity is rarely found in the physical data-center. Our products can thus achieve an unprecedented level of access and control over virtual-switch traffic, which is not possible to achieve in the physical world.

Q: One last question, can you explain why the existing security tools already present in the datacenter aren't able to properly protect the virtual environment?

Network Firewalls and IDS/IPS

Live-migration of VMs (i.e., VMotion) breaks legacy firewalls and IDS systems.
Perimeter policy framework was not designed for 'policy-per-VM', which we believe is absolutely necessary in the new dynamic, on-demand, data center.
Legacy solutions lack both integration with virtual platform management to enable ease of use and the performance tuning required to be a good citizen in a shared environment. Many security solutions deployed as an appliance or as a dedicated server were not architected to work in a shared environment.

OS Firewalls

Many customers using the free OS firewalls are quickly abandoning them due to management overhead. OS firewalls lack central management and consistency across different OSes.
The more important reason OS firewalls are not an option is because of their lack of availability on legacy OSes which are often the first to get virtualized.

VLANs

VLANs lack traffic inspection, are complex to manage, and limit features like live-migration of VMs.

I'd like to again thank Amir Ben-Efraim for his time and for explaining more about virtual networks and how his company, Altor Networks, fits within our virtualized world.

Posted by David Marshall on March 15, 2008 05:48 AM

December 22, 2007 | Comments: (0)

Simon Crosby of Citrix Discusses Virtualization Heading into 2008

Simon Crosby, former CTO of XenSource and now CTO of the Virtualization and Management Division at Citrix Systems, is well known in the industry as a virtualization and open source champion.

As we leave 2007 behind us and push forward into 2008, I wanted to find out where Citrix stood in this growing virtualization environment. Between the incredible news about the Citrix acquisition of XenSource and then the high energy and excitement that took place during Citrix iForum, who better to speak with than Simon Crosby to find out more about Citrix, virtualization and what's coming down the road in 2008 - a year where virtualization really starts to attack the remaining 95% of x86 servers that refused to drink the kool-aid in 2007.

Virtualization Report: With all the buzz and constant chatter about the benefits of virtualization, how do you answer people when they ask about the downsides? Do you think there are any?

Simon Crosby: There are downsides to poorly planned virtualization deployments. Before anyone begins a virtualization project, it is important to know what the end goal is, and exactly what they are trying to achieve. Simply buying an expensive virtual infrastructure product because it's all the buzz is certain to not deliver the benefits you want, unless you have a clear view of the intended outcome. So I always say "Start at the end – ask yourself what benefits you want to have achieved." If you simply want to reduce server count, power use, save rack space and upgrade your server infrastructure, our entirely free XenServer Express Edition or XenServer Standard Edition may be enough. Indeed we have over 150,000 users of these affordable production-grade server consolidation products today – from Police department 911 services, to very large enterprises. If you're looking to virtualize your infrastructure wholesale, then the objectives include greater flexibility, dynamism, security and availability – things you can't achieve by carrying on the way you are. These features are offered in our powerful, yet affordable Enterprise Edition product, which offers all you'll need to manage a virtualized server, network and storage infrastructure as a pool of resources. Few projects end in total failure – but the cool factor can wear off fast if you've paid a lot for your virtual infrastructure and you suddenly find that you also need to change out your backup procedures and storage management tools. It all takes planning. Customers that think ahead tend to have more successful outcomes. Many of those use Citrix XenServer.

Q: AMD and Intel are now focused on virtualization and adding support for it at the chip level, what does that mean for Citrix?

A: Hardware assisted virtualization is the most important trend in x86. We rely entirely on this innovative feature to give us great performance that follows the standard hardware "shrink and clock up" curve. Thus far we are seeing over 300% performance increase year on year for hardware accelerated virtualization, something that a purely software based solution such as VMware's cannot take advantage of. Moreover there is a very exciting pipeline for additional hardware support – Extended Page Table support, I/O virtualization are two that spring to mind. The net-net is that we see the overhead of virtualization rapidly reducing to insignificant levels – we recently demonstrated 9.6 Gb/s iSCSI block I/O to and from guest VMs on XenServer, using a Solarflare NIC card, for example.

Q: When Microsoft announced Hyper-V, it was reported as if the clouds parted and the sun came shining through for the first time. Reports were made that this is VMware's biggest threat. Is that true?

Microsoft offers a scale of footprint that cannot be ignored. Over a period of time (say a year or two) a large section of the SME market will simply adopt the features provided to them with Windows Server 2008, including Hyper-V. Hyper-V is certainly not nearly as fully featured as Microsoft and the industry would have liked to see, however, XenServer, which leverages the Microsoft VHD format and is designed to extend the Microsoft user experience, offers a compelling, Microsoft compatible virtual infrastructure feature set to Microsoft customers today. Our customers are adopting XenServer as a virtual infrastructure platform that lets them move Windows and Linux VMs into production, sure in the knowledge that when Hyper-V offers the feature set to support that, those VMs can directly run in a Microsoft environment. Meanwhile, we will extend the Windows environment with high availability, disaster recovery, desktop delivery (VDI) and policy based automation solutions that add value to Hyper-V. It's worth noting that Hyper-V's ability to run Linux with high performance (enlightened I/O) is entirely dependent on the features that we deliver to Microsoft.

Is all this bad news for VMware? Yes.

Q: So if you had a crystal ball, do you think Xen and Microsoft will finally make VMware's ESX Server hypervisor pricing come down in the next year or two?

A: VMware is engaging in the art of marketing like never before. They are laying claim to management as the high ground for virtual infrastructure – and painting the vision of the next generation Datacenter OS. This is problematic in many ways. Our field tells us that VMware is heavily addicted to VI3 revenues, and is out attempting a land grab before we and Microsoft can gain significant share. They have artfully positioned VI3 as a combination of management and hypervisor, allowing them to state that the hypervisor is free, and they continue to load up on enterprise management features in VI3 Enterprise. This puts them in direct conflict not only with Microsoft and other OSVs at the platform layer, but also the established systems management vendors, who are increasingly alarmed at the idea of a powerful VMware selling data center management. Citrix is not a systems management vendor – we sell an affordable, powerful virtualization platform together with end-to-end application delivery automation solutions, partnering with Microsoft and with the major systems management vendors to make the offering directly interoperable with established ISV software and IT procedures. Another key category is Storage Management, where VMware appears to be going head to head with existing storage management, availability and clustering solutions, as well as changing the game on backup and image management. Our partnership with Symantec/Veritas allows us to deliver powerful VM-aware storage solutions without a forklift upgrade of the storage infrastructure.

Q: Often times I hear VMware speak about how Xen is an immature product. How do you respond to that?

A: The largest deployment of virtualization on the planet is built using Xen. Amazon, both internally and with EC2, leads the industry in terms of secure, massively scaled out virtualization deployments. Xen continues to beat VMware on performance, and it is being widely deployed by Google, Facebook and other major internet brands. I hope I don't need to point out that every virtualization offering on the market (including Hyper-V) draws from the Xen architecture – even the nascent feature set of KVM.

Citrix XenServer offers only (and all of) the core features customers need to get the key benefits of virtual infrastructure, in an open product that is extended by the world's leading innovators in different categories. Take fault tolerance for instance: Stratus and Marathon are both XenServer OEM partners. Marathon demonstrated five nines fault tolerant virtualization at VMworld – and won best new technology award – whereas VI3 is limited to VM restart. Our approach is to partner with the best in the industry, rather to try to re-invent or cut key partners out of the value chain.

Q: What's next for virtualization as a hypervisor and platform? Is it all about management down the road? Or are there other tricks of the trade that can be implemented?

A: 2008 is all about the hypervisor embedded in server hardware, and about the market getting real for VDI. XenServer will be an option on over 50% of x86 server hardware in 1H08, "baked in" during system assembly. This offers customers an incredible value proposition built into the box – and dramatically accelerates the adoption of virtualization. Citrix XenDesktop will launch in 08 too, and will be the industry's only comprehensive, end to end desktop delivery system, leveraging all of the key infrastructure components built by Citrix over the years for its core Presentation Server business today. Citrix believes that it can dramatically enhance the security and manageability of large scale desktop deployments, at a fraction of the cost and complexity of VMware's Propero-based first generation product.

Q: What are your customers telling you? Is there something specific that they are missing with Citrix and Xen?

A: Our customers love the product. They want us to deliver more features faster. Now that XenSource is part of Citrix you can expect to see us dramatically accelerate the rate of value-added features for XenServer, both based on our own development and our partner solutions that are certified as Citrix Ready. We believe we have everything that we need to compete head to head with VMware, and as the Citrix channel ramps on XenServer, we certainly hope to dramatically accelerate our own market penetration. Our business is still doubling quarter on quarter, which is very exciting.

Q: Do you see anything new or interesting in virtualization for 2008?

A: New features from the platform vendors include enhanced performance for enhanced page table support, our first support of I/O Memory Management Units (IOMMU) and virtual machine device queues that accelerate the I/O path for latency sensitive workloads. We aim to stay at the peak of performance and features through close collaboration with the hardware vendors. I see increasing interest in virtualization on client devices as well as VDI based virtualization of desktop OSes, to enhance manageability and security. Finally, I see a keen interest on the part of storage vendors to add value to their arrays and infrastructure to support virtualization functions natively. By way of example, XenServer today can directly invoke primitives on leading NAS Filers to initiate thin provisioning, snapshotting and cloning of VMs – something that is way beyond the reach of VMware with their proprietary cluster file system and legacy VMDK hard disk format.

Q: Server consolidation has been the battlecry for virtualization in 2006 and 2007, what's the next major use case to help push virtualization forward in 2008 with the remaining 95% of x86 servers?

A: In my view we have been too focused on server virtualization as the "hammer", which has to be applied to anything that looks like a "nail". We need to deliver the benefits of centralization, simplicity, dynamism, availability and automation for servers that aren't virtualized. Citrix Provisioning Server offers this today. It effectively performs a P2V of a native client or server image which it captures in a centralized storage repository. Servers and clients are set up to network boot, and their virtual hard disks are then streamed dynamically over the network. Provisioning Server scales massively – we can boot thousands of VMs from one Windows golden image, dramatically reducing the number of images to manage, and the complexity of OS patch and security management. The benefits: instant on provisioning of workloads, reduced patching, dramatically reduced storage needs, and an instantly scalable virtual or native data center environment.

Q: How has the Citrix/XenSource acquisition affected the Xen open source community? Can you tell us a little more about how this has played out?

A: As of Jan 1 the Xen project will have its first full time program manager focused solely on community development, and we will soon double the size of our open source development team – all courtesy of Citrix. The net effect will be an increased rate of development on Xen, from Itanium super computers to ARM based PDAs. The community has recently been strengthened with the addition of the multi-vendor Xen project advisory board, that oversees the project, recommends the roadmap and sets policies for licensing of the Xen trademark. The support that Citrix has given to the project is tremendous, and the most recent Xen developer summit was a strong demonstration of the strength of the project, with over 200 developers present. You can find the project at www.xen.org.

Q: In your opinion, why is the open source approach to virtualization better than the approach VMware has taken? Are there any negative aspects to the open source approach?

A: Open source is the most creative and powerful way to develop a core code base that multiple vendors can deliver to market. Uniquely perhaps the Xen project does not aim to commoditize all features – only the hypervisor – and has specific interfaces at which the open source "engine" can be combined with other open source or proprietary features by different vendors. This allows the vendors to price to value, and not to cost (as, say traditional open source vendors that only support the code are forced to do). More importantly, it correctly incentivizes the participants to continue their contribution. This is why Xen is so powerful.

VMware's product contains open source technologies, but they like to pretend that it is all proprietary. They take, but do not give back. This is a one way street that eventually leaves them with the burden of creating all features and the clear feeling on the part of the community that they have not played fair. We reject the VMware approach to open source, and are interested to see whether the community continues to advance the view that in fact ESX Server is a derived work of Linux.

Q: In 2008, what is it going to take to get Citrix into every deal that VMware is going after and then win the deal? How do you move from an SMB positioning to an Enterprise player when price doesn't seem to be enough?

A: There are many deals in which we don't stand a chance – deals where VMware has been selected as "the vendor for virtualization". However we increasingly find that VMware's failure to build a credible ISV ecosystem, and its closed, proprietary approach to the market, is leading customers to demand an alternative – that is, dual sourcing – so that they do not face the risk of being locked up in an expensive, proprietary single vendor stack. Our opportunity arises from our openness – our embracing of ISV partners, our embracing of existing systems management and storage management vendors, and our advanced high performance architecture. Customers that think strategically are purchasing XenServer.

I'd like to once again thank Simon Crosby for taking the time out to speak with me and for sharing his vision into the new year. 2008 is going to be an exciting year for all of us in the virtualization community. I for one can't wait to see what people are coming up with to advance this technology further.

Posted by David Marshall on December 22, 2007 10:36 AM

December 03, 2007 | Comments: (0)

Surgient's Future After a Strong Third Quarter

I recently read about Surgient's third quarter success and about the release of their latest virtual lab automation product, VQMS. I spoke with the company's VP of Product Strategy, Erik Josowitz, to find out how these things affect the company going forward, as well as to find out more about the competition provided by VMware.

You recently announced record third quarter earnings and said the company is on track for nearly 60 percent year-over-year revenue growth, to what do you attribute this success?

Erik Josowitz, VP Product Strategy, Surgient:
There is tremendous momentum right now around virtualization, just look at the VMware IPO and the acquisition by Citrix of XenSource and all the interest around those. More mainstream customers around realizing that virtualization must be part of their technology strategy. Those that are attempting to use server virtualization technologies are realizing that they provide only partial solutions, which leads them to investigate complementary solutions, like virtual lab management applications, that accelerate their time-to-benefit from virtualization.

Is heterogeneity in your product a big selling point? Or are most of your customers using VMware ESX Server?

EJ: Support for heterogeneous virtual and physical infrastructure is part of the discussion we have with customers in every sales cycle, even though most customers today are using our products with VMware ESX Server. The reason heterogeneity is such an important part of the conversation, I think, is that customers want to keep their options open. They realize that virtualization is really still an early technology and there will be alot of changes in the coming months and years.

VMware is the current virtualization giant in the marketplace. With so many people now entering that space, one way to differentiate yourself is by expanding into the application market. And VMware has really been doing that for the past two years. How do you differentiate your product offering from VMware's Lab Manager product?

EJ: I think VMware has made some good acquisitions over the past 2 years that help them move up the stack and provide more than infrastructure. As a best-of-breed partner and vendor, Surgient's strategy is to differentiate by providing advanced features and broad platform support that goes well beyond VMware's in-the-box solutions. Surgient's products differ from VMware Lab Manager by supporting more complex labs that better mirror what is deployed in production, enabling larger teams to more effectively share a centralized lab, and by providing tighter integration with common enterprise test management systems. We look at Surgient VQMS as an enterprise test lab management solution and VMware Lab Manager as a "workgroup" solution.

With VMware's acquisition of Akimbi and the ultimate release of VMware Lab Manager, what kind of changes have there been with your partnership?

EJ: Surgient was one of the first software vendors to integrate with VMware ESX Server and we continue to have a strong technology relationship with them - their acquisition of Akimbi didn't change that. As VMware has grown as a company they have added resources to better support their software partner and, in many ways, we work together much better now then we ever have. Of course we don't do much in the way of joint sales or marketing activities because we compete with VMware Lab Manager, but on the whole we feel it's a great relationship.

You recently announced a new version of VQMS, your automated virtual lab provisioning software for software developers and quality assurance testers, what new features stand out in this release?

EJ: We recently released Surgient Virtual QA/Test Lab Management System (VQMS) version 5.3. The focus in 5.3 was making it easier to get started using the virtual lab environment, making it better to use in the most common enterprise environments and also to broaden our heterogeneous platform support. So we added an easier installation and configuration system in v5.3 as well as a new community support system through the Surgient Success website. We added advanced agentless networking capabilities in 5.3 that take the ability to create and clone labs that mirror the production environment to the next level, including advanced VLAN support that can coordinate at the switch. We also, as always, support the latest versions of virtual infrastructure from Microsoft and VMware.

Some people may not be aware of it, but your company also offers software that helps with software demonstration and training using virtual machines and automated provisioning. Can you tell us a little more about what those products offer your customers and how they are using them?

EJ: Our vision for virtual labs has always been as a platform that supports then entire software development and deployment lifecycle (SDLC). In each phase of the SDLC you have different individuals, roles and workflows and we package those commonalities into applications that can best deliver the business results required by those teams. Enterprise software companies, for example, have seen big changes in the size and complexity of deployment architecture of their applications and this has led to difficulties in demonstrating and supporting the evaluation of those applications. We have an application, Virtual Demo Lab Management System that uses virtual labs to solve these problems and understands the specific needs of the software pre-sales process. Similarly, many companies face challenges when it comes to educating the user community around enterprise applications. Studies show that people learn better when they have the ability to practice what they have learned, but it's difficult to support this in the production roll-out of an application. We have an application, Virtual Training Lab Management System, that uses virtual labs to support the classroom deployment of hands-on application training labs. This enables, for example, each student to have their own version of a production application where they can practice new skills and thus be ready to work with new applications when they are deployed. More and more we see IT operations groups charged with supporting the entire SDLC and our goal is to make sure that we have the best-of-breed applications that help them most effectively use virtual labs to achieve their goals.

What is the best way for people to learn more about virtual labs and Surgient's virtual lab management applications?

EJ: We have a community site, Surgient Success (http://success.surgient.com/), which provides discussion forums, best practices information, tutorials and other information to help ensure that their is broad understanding about the use and benefits of virtual lab management applications. We also encourage that people download Surgient VQMS and try it out and compare it to other virtual lab management applications. The product is available for free download with a 45-day evaluation license at the Surgient website (http://www.surgient.com/download). We also regularly host webinars to help educate people about the benefits of virtual labs. Many recorded webinars, as well as white papers, case studies and other information, are available on the Surgient website.

I'd like to thank Erik Josowitz for taking time out to speak with me about this subject.

Posted by David Marshall on December 3, 2007 04:55 AM

November 18, 2007 | Comments: (0)

Taking a Closer Look at Utility Computing with Virtualization

Virtualization has been around for quite some time, but it's only within the past 2 years that the technology has really started to take off and gain in popularity. Likewise, utility computing is only now starting to get the notice that it believes it's due. Commercial utility computing solutions based on virtualization such as 3Tera's AppLogic and Amazon's EC2 are starting to get more attention.

To help try and understand the utility computing market better, I was lucky enough to get the chance to speak with 3Tera's Bert Armijo, Senior Vice President of Sales, Marketing and Product Management and Peter Nickolov, President and CTO.

Q: Virtualization is the latest popular buzzword in the technology industry and every media outlet is talking about it in some form or fashion. Can you tell us, why aren't more people talking about Utility Computing?

A: New technologies, developments that aren't linear extensions of existing systems, always take time to catch on. Virtualization came out in 1999, but it wasn't until five years later, in 2004, that it became a hot topic. Utility computing really started just last year with the introduction of 3tera's AppLogic in February 2006, and six months later Amazon launched EC2.

Now that we have users who have been in production for more than a year and new releases of code are coming out, we're seeing more and more interest and coverage.

Q. Do you believe that utility computing is the next step for people once they get into virtualization? Is the technology inevitable?

A. There are a lot people adopting AppLogic that have never used virtualization, so I don't see it as a required stepping stone for utility computing. The value propositions are different.

Utility computing is a business enabler. Most Web 2.0 users start using AppLogic because they want to be sure they can scale when they get demand. SaaS vendors want to be able to replicate applications for users at will. Enterprise users are interested in making infrastructure become responsive to business requirements. Virtualization, on the other hand, is most often used for server consolidation. The adoption has been driven by cost savings, and that's clearly reflected in the coverage they've gotten.

Is utility computing inevitable? I'm biased, of course, but I believe so. Building data centers, racking servers and plugging network cables in no longer adds value to most businesses. We've proven that not only can you tap readily available computing resources as easily as plugging in a toaster, but that the result is more resilient and flexible. Technology transitions don't happen over night, though, so we're working with many customers who want to build their own utility as well.

Q. Where do you see server virtualization technology lacking at the moment? Are there any missing features?

A. Virtualization isn't lacking, it was simply built for a different purpose. Virtualization is designed to carve a resource into smaller pieces for efficient usage. It was also, as it turns out, a needed technological stepping stone to utility computing.

Utility computing is really about aggregating resources and making them consumable in a new way. That's why when folks simply try to apply virtualization to utility computing the lack of certain services becomes acute resulting in compromised storage and networking features. We've written about that in a previous article "The 7 services virtualization lacks for utility computing."

As an example of the difference in scope between virtualization and utility computing, consider an actual debugging example. We have a customer running a search engine on AppLogic who was troubleshooting lost page requests. About 1 out of 1,000 requests was being dropped. After an hour on WebEx with our engineers it became clear it'd be easier if we could run our own tests. The customer simply exported a copy of the app to us and two hours later we had our own running copy. Yes, I really mean they copied and exported an entire SEARCH ENGINE; load balancers, firewalls, web servers, data bases and more. And when we got it all we had to do was hit run. That type of power in manipulating a huge application is what I mean by utility computing is an enabler.

Q. In your opinion, are there any current virtualization vendors that are approaching the notion of utility computing?

A. I think they'd like to. Certainly, the OVF shows that they're thinking about it. However, OVF also shows that they lack an understanding of the fundamental issues that need to be solved to truly enable utility computing.

Perhaps more importantly, Xen and VMware have become so successful that their markets are forcing them in different directions. For instance VMware has initiatives for virtualization on the desktop and Xen is now being used in cell phones. These are huge exciting markets that will require major technological breakthroughs to fully exploit - and they require quite different solutions from utility computing.

We do find other vendors are noticing as well, though, as the series of cloud announcements over the last year shows. However, thus far most of these appear to be revamping of existing technologies or new specialized programming environments rather than general purpose utility systems.

Q. Where does 3Tera's AppLogic and Amazon's EC2 fit into the equation?

A. AppLogic and EC2 are the first demonstrable utility computing systems on the market.

The systems share some similarities. For instance, both use grid architecture. Both are also based on virtualization as a foundation layer. In fact, both are based on Xen. The reason for that, as I noted earlier, is that existing virtualization lacks certain required services. Xen, being open source, allowed for easy extension.

However, the two systems take different approaches to some key issues like storage and networking. EC2 has no permanent storage, and if you try building a utility system you'll quickly discover why - storage in a system like this is extremely complex. AppLogic, on the other hand, incorporates the direct attached storage in the servers directly into the grid which allows storage volume and performance to increase as the grid grows.

Q. To finish things off, what other information about 3Tera's AppLogic can you leave InfoWorld Virtualization Report readers with?

A. In the end, utility computing isn't simply a service, but rather an ecosystem. We currently work with half a dozen partners who run AppLogic in more than 12 data centers in the US and Europe. This week AppLogic was demonstrated in Japan for the first time during the Web 2.0 conference in Tokyo. Plus, as I mentioned earlier, we'll license the system to enterprises looking to build their own in-house utility. We're also working on an exchange for virtual appliances and complete application infrastructures. Thus, you can build applications completely devoid of hardware and select where, and at what scale they'll run only when they're actually executed. If business needs change you can reduce, or increase resources, almost at will. You can even move an app to a new data center with a single command. This is true utility computing.

I'd like to thank 3Tera's Bert Armijo and Peter Nickolov for taking time out of their busy schedules to help educate us on utility computing and 3Tera.

Posted by David Marshall on November 18, 2007 07:29 AM

August 06, 2007 | Comments: (0)

TechWorld Speaks With Simon Crosby from XenSource

TechWorld was able to catch up with XenSource CTO Simon Crosby in London where he was recently discussing the background to the XenSource and Symantec deal. Interestingly, they were able to get much more from Simon, as he offered up his opinions on the future of the virtualisation industry. And evidently, he launched a serious critique of VMware and even of business partner Microsoft.

Questions asked and answered include the following:

Q: How do you see the future of the virtualisation market?
A: The world has created a new Microsoft - there's a monster embedded in our industry. So the market is starting to crystallise, partly as a consequence of the way that VMware is building its company. They just want to sell more and more, and it's starting to step on people's toes.

Q: Is VMware really that horrible?
A: Unlike VMware, Microsoft doesn't compete with its channel but leaves room for an ecosystem. It's a superb platform player. Microsoft is very conscious of its scale and leaves pockets of $100m markets around for its partners. Our relationship with Microsoft is strong, will remain strong, and strengthens every day. Microsoft has been a very supportive partner.

The chink in VMware's armour is the weakness of its ecosystem - all its partners are under threat. That said, I wouldn't fault VMware entirely. VMware has grown very fast - they had to do that so I can't fault them for it, but no-one's making money out of VMware. There's a general sense of unease.

Read the rest of this great interview, here.

Posted by David Marshall on August 6, 2007 08:03 PM

July 30, 2007 | Comments: (0)

EMA's Andi Mann Shares his Virtualization Wisdom with the Virtualization Report

I recently had the pleasure of speaking with Andi Mann, Senior Analyst at Enterprise Management Associates. For those of you who may not know them, EMA is a leading IT Analyst firm specializing in IT management issues. Andi heads up EMA's Systems Management practice, and is the author of several reports on virtualization, including last year's ground-breaking 130-page research study "Virtualization: Exposing the Intangible Enterprise", and the recent 4-page advisory note "Is Virtualization Right For You? The Top Ten Questions You Should Ask."

Q. What do you think is behind the current boom in virtualization?

A. Well, some 'common wisdom' - which seems to be based on little more than guesswork - says it is all about cost savings - server consolidation, floor space, things like that. But EMA's research actually shows pretty convincingly that is not true. For most businesses it is primarily about strategic business values like flexibility, agility, and business continuity. You can never ignore direct costs, but they appear to be secondary to these more strategic goals. That's one reason why we advise our clients to look at virtualization as a strategy, not a project.

Q. What do you mean by that - can you explain the difference a little bit more?

A. I have been telling my clients for almost 18 months that virtualization is a strategy, not a project; it is about the whole business, not just about IT; it is about long-term benefits, not necessarily short-term savings. For example, once you have finished a server consolidation project with virtualization, you are left with a half-empty data center, and a sunk cost in virtualization technologies and skills - so how do you keep leveraging that investment? Enterprises need to consider how they can use virtualization to make their entire business better for the long-run, not just about how they can finish their server consolidation project.

Q. Where are the biggest problems with virtualization?

A. My research last year showed that the key issues are management challenges, and human issues. For management of virtual systems, integration is a major challenge - integrating the management of physical and virtual systems, of heterogeneous platforms, and of different virtualization types. Configuration management, capacity planning, and workload orchestration are also key disciplines, to get the most from virtualization while preventing or delaying VM sprawl. On the human side, the politics of sharing resources and prioritizing performance can be difficult. Virtualization also requires a new set of skills and methodologies, not just within IT, but in the end-user community. And it requires new and creative thinking, not just new training and skills. These are key issues right now.

Q. What about security - is that as big a problem as people are saying?

A. Well, it is important, but it is not as big a problem as some people make it out to be. As far back as 2006, I pointed out many different security challenges in a virtualized environment, based on my research data. For example, there are some entirely new threats like the so-called blue pill/red pill attacks, hypervisor attacks, hypervisor malware, etc. But it has security benefits too. For example, virtualization also makes it easy to overcome virus infection by recovering from a "golden image". So security becomes a bit of a double-edged sword.

Q. So should businesses be concerned about these security exposures? Should they delay virtualization initiatives?

A. There are some self-styled experts saying things like that - but they come across like Chicken Little saying "the sky is falling, the sky is falling", when really they should know better. Sure, businesses need to be aware of the potential risks, and we do need better tools for security management for virtual environments - but there is no need for some of the panic I have seen from other analysts. There are some straightforward ways to deal with the threats; they just require some informed thinking and good process controls. Once you understand the new exposures, you can implement processes and technology to close the gaps. Controls like continuous discovery, configuration management, change management, and other positive procedures can be very effective. Virtualization can be quite secure, if you know what you are doing.

Q. So finally, what do you see as the next big thing in virtualization?

A. It will be all about the end user impact of virtualization. In fact, that is the topic of my next virtualization advisory note. Way back in 2006, way before some other writers picked it up, my research was showing that desktop and application virtualization would be the next big thing. You can see it in how the primary vendors have focused on various desktop initiatives - like desktop virtualization, application virtualization, streaming, etc. You can see this in moves like VMware picking up Propero, Citrix acquiring Ardence, Microsoft taking Softricity, and LANDesk and Altiris both building in application virtualization technology. I think you will see pure-play vendors like Thinstall, Endeavors Technologies, Kidaro, and AppStream becoming even more important too. These are some really exciting technologies for cost saving, agility, business value, security, and so on.

Q. And long-term? Where is this all heading?

A. Eventually, we will see virtualization as the basis for a truly dynamic IT infrastructure, which will allow businesses to be more agile than ever before. SOA, Web Services, grid architectures, and virtualization will come together to provide business services that are truly platform independent, thin and agile, and available 'on tap' with extreme scalability and mobility. Automation and management will be critical success factors, but IT will eventually be able to deliver discrete, flexible services across a highly dynamic compute fabric as and when they are needed - internally or externally; through the Web or locally; on desktops or handhelds; wireless or tethered. It is going to be a way off, but you can see it coming. It will be exciting to watch these technologies continue to develop.

Q. Thanks Andi, it was great to talk to you.

A. My pleasure David, as always.

Posted by David Marshall on July 30, 2007 04:13 PM

May 06, 2007 | Comments: (0)

Q&A Discussion about VMware's Benchmarking Policy

One of the best ways to select which virtualization platform to choose for your environment is usually based on benchmark or performance findings. Unfortunately, many of us cannot perform these benchmark tests ourselves, for any number of reasons. And so, we rely on others in the industry to help provide us with this data to help us determine the best platform choice.

Until recently, doing an Internet search for any published benchmark numbers comparing one virtualization platform to another just simply did not return any useful information. One reason for that is the end-user license agreement (EULA) that you must agree to from VMware that states that you cannot publish benchmark findings using their products. VMware changed that policy somewhat last year when it stated that they would allow people to publish their results once VMware has reviewed and approved of the methodology, assumptions and other parameters of the study.

TechWorld recently asked VMware about its benchmarking policy. Speaking with VMware's senior director of enterprise and technology marketing, Andrea Eubanks, TechWorld finds out more about VMware's stand on VM benchmarking and the publication of results.

Read the entire Q&A interview, here, to find out about VMware's involvement with SPEC, VMware's free benchmarking tool - VMmark, why VMware's EULA prohibits publising benchmarking results, and why it has taken so long to come up with a virtualization benchmarking solution.

Posted by David Marshall on May 6, 2007 06:03 AM

April 04, 2007 | Comments: (0)

Interview: Virtualization Management Q&A with Opsware CTO Tim Howes

Tim Howes, CTO of Opsware, recently sat down with me to discuss the subject of management within the virtualization space. Once you've gone down the road of virtualizing more than a single server, you quickly start to realize how important a good management solution becomes.

InfoWorld Virtualization Report: Virtualization adoption is skyrocketing, but reality is that most of the deployments (nearly 80%) have been limited to test and development scenarios on a few hundred servers. What is preventing enterprises from rolling out virtualization technology in production environments?

Opsware CTO Tim Howes: Rolling out virtualization on a large scale is easy. Managing a large virtualization deployment and the extra complexity it brings to an IT environment is hard. For the handful of organizations (about 20 percent) attempting large-scale deployments, the lack of enterprise class management tools has hindered success by increasing management costs and decreasing responsiveness and quality. This ultimately threatens the return on investment of virtualization itself.

IVR: What are some of the main challenges associated with managing virtual machines?

Tim Howes: The first challenge is that there are likely to be a lot of them. Creating virtual servers is easy to do and habit-forming, leading to an explosion of new virtual machines that must be managed. The second challenge is that VMs introduce a whole new set of relationships and dependencies that must be managed and understood, complicating tasks such as impact analysis and understanding virtual application compatibility. Finally, virtualization introduces new technology that must be managed, such as the hypervisor operating system. If virtualization is left unmanaged, it can lead to a variety of challenges ranging from unmanageable complexity, IT labor shortages, and security and service delivery problems on a global scale.

IVR: How does Data Center Automation software help enterprises maximize their investment in virtualization technologies?

Tim Howes: Data Center Automation is mature technology proven effective at reducing the complexity and cost of managing the physical world of servers, network devices and storage. On servers, the technology manages the entire lifecycle of server virtualization from provisioning and patching to compliance and configuration. For example, Opsware has added a new tool to its product family called Virtualization Director that provides all the capabilities necessary to manage large numbers of heterogeneous virtual systems deployed in multiple data centers, as well as the business-critical applications they support. This comprehensive server management system provides automated capabilities for creating, securing and controlling virtual servers. This includes discovering, visualizing and tracking dependencies between virtual and physical infrastructure elements and the applications they host, and standardizing management across both physical and virtual servers running on heterogeneous platforms throughout the enterprise.

Data Center Automation enables IT enterprises to realize the true value of virtualization by minimizing the complexity that is often a result of the adoption of server virtualization. More and more end-users are realizing a need for automation, and that's a trend that consistent across both physical and virtual servers.

IVR: Do customers really need a virtualization management tool from an independent vendor? Why can't the virtualization vendor provide this capability?

Tim Howes: IT stands to benefit the most with a vendor-agnostic management platform that manages virtual machines from many vendors in once centralized location. This enables IT to ensure consistency and standardization of server builds which will lead to a higher quality and more reliable IT environment. An independent solution also allows IT to combine virtual server management with management of physical servers. Virtual and physical servers must cooperate seamlessly to serve the applications running on them. Nobody wants to go one place to manage their virtual machines and another to manage their physical machines. The whole point of virtualization is that you should not have to care. Only an independent vendor can provide this level of integration. The result is seamless integration that provides even greater efficiencies and cost savings across an enterprise's global infrastructure.

IVR: Why is management across virtual and physical machines critical for today's enterprise?

Tim Howes: Seamless management of virtual and physical servers is key to building a zero-latency data center - reaching deep into the applications that power today's global enterprise. In contrast, with different solutions for physical and virtual machines, IT is burdened with an incomplete picture of the entire infrastructure that supports an application which ultimately could compromise core revenue-generating activities for the business, such as ensuring the ability for customers to place orders online. Seamless management for physical and virtual machines plays a critical role in helping companies comply with industry and government regulations, and ensuring the tightest level of security across the infrastructure. In the virtual/physical server world, IT's ability to understand how a change on a virtual server may affect other parts of the application and vice-versa is critical.

IVR: What will happen if enterprises don't automate management of virtual machines now?

Tim Howes: There are many consequences of not automating management of virtual machines, including widespread chaos and increased complexity across the data center. Just as IT cannot tolerate the risk of a missing security patch or misconfigured physical server, the same holds true for virtual servers. Unfortunately, this is an all too common occurrence in environments where virtual machines are not automated.

Enterprises must also ensure their virtual machines are in compliance with government and industry regulations. Only through automation can enterprises accurately track and audit activity across the entire infrastructure, including virtual machines. If enterprises cannot show they are taking steps to ensure compliance of their virtual machines, they are opening themselves up to costly fines, delisting and potentially jail time.

IVR: How has the market responded to Opsware's Virtualization Director?

Tim Howes: We've received an incredibly positive response to the introduction of Opsware Virtualization Director from current Opsware customers, as well as new customers who see the introduction of complexity caused by virtual servers as a reason to automate. Moving from a small, confined deployment to a large scale virtualization rollout can be intimidating for customers who need to ensure compliance, security and reporting policies. Opsware Virtualization Director provides a proven approach to server management that allows customers to create and maintain a significant amount of virtual servers completely integrated with the way they already manage their physical servers. In the end, this provides customers with the confidence to take their virtualization deployment to a whole new level.

I'd like to thank Opsware CTO Tim Howes for speaking with me about this important topic.

Posted by David Marshall on April 4, 2007 08:55 PM

November 16, 2006 | Comments: (0)

Q and A with VMware's Mendel Rosenblum

I had the chance to hear VMware's co-founder, Dr. Mendel Rosenblum, speak during one of the keynote presentations at VMworld 2006. His discussion about the future of virtualization was fantastic! Even more awe inspiring was getting the chance to actually meet with him, shake hands, and talk about virtualization with him during my book signing at the VMworld Company Store. The man is a true visionary and yet very down to Earth.

TechWorld was also able to catch up with Dr. Rosenblum at the show, and asked him a number of interesting questions. TechWorld wanted to find out where he saw the company taking this fast evolving technology. Some of my favorite questions and answers follow:

Q: What combination of factors has made virtualisation the hot topic of today? A: A lot of the excitement around virtualisation stems from problems in the current software environment - a combination of modern operating systems and applications. People weren't happy with issues such as reliability and security. While the OS is supposed to be in charge of the hardware, people spend too much time managing them, and they're not robust enough to run multiple applications. What was needed was a thinner layer to do the mapping onto the hardware resources.

For example, you could imagine a distributed OS that allows free flow of information between applications, or one that stops bad processes bringing down the entire OS - but we evolved not to do that.

And some of the older technology was too slow - now the hardware has arrived.

Q: What's the most promising development outside of VMware that you believe can or will aid VMware's stated aim of virtualising everything? A: Finally we're getting hardware support for virtualisation - we can only do so much in software to get resources treated as a pool - with boxes connected by faster networks that's exciting. We've never done anything in hardware, only software. Virtualisation is an incredibly useful technology - virtualisation will be pushed by partners from shops that service SMBs and want to be able to build a virtual infrastructure. And there are vendors who want to use the technology to improve security.

Q: What are the barriers to running 3D graphics in a VM - and when do you anticipate overcoming these? A: We can do some of this in software - need to wait until the ATIs and nVidias see virtualisation as important. I know they're working on it, and today's GPUs are like mini-supercomputers. The technology is not that different from Silicon Graphics old systems with multiple graphics cards - it's just about putting the pieces together.

The good news is that even Microsoft is helping by the way it's specifying the graphics level - you can read the state out of the chip. As for timing, that depends on graphics people. It's an example of what we'd like to see - let the hardware architects figure out how to make it happen.

Q: Your model seems to be to keep ahead of Microsoft by scattering a pile of free software in your wake as you push the technology forward. A: Want to avoid being in a niche - we're better than the competition, who can't do what we do so we can charge a premium price. Guided by the notion of the virtual appliance model, we needed a free player to seed the VA market. Our sales people hate it because it's free but developers like to impact a lot of people so that's a good thing for them.

But then, they also like to have stock options that go up in value.

Read the entire interview, here. TechWorld has a number of other great questions and answers.

Posted by David Marshall on November 16, 2006 04:48 PM

November 04, 2006 | Comments: (0)

Virtualization Report Talks with Kidaro's CEO

Last week, the Virtualization Report broke the news about Kidaro's new product, Kidaro Managed Workspace. Since then, I have had the opportunity to speak with the company's founder and CEO, Ran Kohavi. I wanted to find out more about the company's product, and so, Mr. Kohavi agreed to the interview.

Virtualization Report:I'm interested in your Trim Transfer. It sounds unique. Can you tell us more about it? How does it reduce network bandwidth?

Ran Kohavi:This technology is indeed unique to Kidaro, and addresses one of the key challenges of applying virtualization to desktops today: the network bandwidth required to transfer a full virtual machine.

Kidaro is the first vendor that applies delivery methods that are targeted at virtual machines from day one, and are not derived from generic delivery mechanisms.

Kidaro Managed Workspace's Trim Transfer technology dramatically accelerates deployment speed and reduces the network bandwidth needed to transport a prepackaged workspace to multiple end-users by an average 90% -- no matter which connectivity method is used.

Kidaro completely eliminates the usual, full virtual machine image-transfer process. Trim Transfer technology is applied for every deployment: from the initial deployment of a new, prepackaged workspace to a future patch or update.

Trim Transfer uses a set of proprietary, patent-pending algorithms to send the minimal data needed to recreate an exact copy of the prepackaged workspace on the client machine.

Trim Transfer works in three phases:
Phase 1. Most information required for a virtual machine image already exists on the client. Trim Transfer leverages this fact to eliminate any redundant transfers. At the server, Trim Transfer breaks the image into tiny bits of data, called "grains". The Trim Transfer agent then scans the client, looking for only those grains required for the virtual machine image, and removing pre-existing grains from the transfer. For example, if a virtual machine running Microsoft Windows XP is deployed to a client that runs a local copy of Windows XP, Trim Transfer will automatically remove all the redundant Window XP grains from the deployment stream, dramatically reducing the amount of information and transfer time.

Phase 2. Trim Transfer streams the required grains in compressed form from the server to the client. Trim Transfer automatically tunes each client's bandwidth consumption during delivery to match available network bandwidth.

Phase 3. Trim Transfer recreates an exact copy of the virtual machine image on the client machine and verifies its integrity against a set of cryptographic signatures.

Trim Transfer technology can be used over any network, inside or outside the enterprise perimeter. IT can choose standard HTTP sessions or can require an authenticated, secured, and encrypted transfer (e.g., over SSL). A standard web server (IIS or Apache) is used for Trim Transfer; no additional software or modules is required. By using standard web-server architecture, Kidaro ensures high scalability and fault tolerance. The result is a background deployment process that is quick, bandwidth efficient and transparent to the user.

VR:Since it leverages existing virtualization technologies, how does the performance compare with this solution to using a virtualization platform and a VM natively?

Kohavi:Kidaro is built on top of standard virtualization engines and supports VMware Player, VMware Workstation, Microsoft Virtual PC. Hence Kidaro's performance is the same as the virtualization engine. Kidaro does not add any overhead or additional layer of virtualization. On the contrary, when packaging the virtual machine, Kidaro automatically applies some mechanisms to reduce virtual machine load time and to minimize memory consumption.

VR:Is this a Windows platform only? Or does it also work on Linux?

Kohavi:Kidaro supports all Windows versions from 2000 and up. There is no technological barrier that ties the solution to Windows platforms, but Kidaro currently focuses on Windows as the initial market, since it is by far the most dominant platform in enterprise desktop computing. Linux support is on our roadmap.

VR:Any interest in supporting other virtualization platforms such as Xen or VMware ESX in the future?

Kohavi:We currently support all client versions of VMware and Microsoft Virtual PC. Vista will be supported soon. Since Kidaro is a desktop solution, there is no need to support VMware Server or ESX platforms. Our product is not vendor-specific and we will add support for additional virtualization platforms continually.

VR:Are there any hardware requirements to be aware of? Or can it work on any machine that can run a virtual machine in one of the already discussed platforms?

Kohavi:There are no special requirements beyond those of the virtualization engine. From our experience with existing desktop models, CPU is not an issue, and 512Mb RAM is sufficient in most cases.

VR:Who are your competitors? Is Moka5 a competitor? And how do you differentiate yourself?

Kohavi:As far as we know, the only vendor that has a similar offering may be vThere (business unit of Sentillion), focusing on a remote-access solution based on a virtual machine.

Kidaro offers several enterprise-class differentiators:

A powerful management console that enables workspace provisioning according to users and groups, centralized control, and monitoring of active clients.
Enhanced security - isolation, encryption, network restriction and policy-based dataflow control to allow, block and audit any dataflow between the workspace and the user desktop, including desktop activity (copy-paste, drag & drop), device access (USB, removable media, printers), or file transfer.
Seamless integration and familiar user operation: Users are unaware they are working with a virtual machine. The user simply starts applications from the native start menu, or clicks a pre-configured URL to initiate an application within the virtual machine. There is no virtual machine window, or an additional desktop the user need to learn how to use - the applications appear as local applications on the user desktop and taskbar.
A variety of deployment methods (web, USB, DVD) and Trim Transfer optimized network delivery technology

Moka5 is indeed in the desktop virtualization space, and we have some technological similarities, but to the best of our knowledge, they focus on consumer scenarios, providing a virtual appliance, and running VMware Player from a USB drive.

Kidaro addresses enterprise needs and challenges and focuses its advantages on those aspects as we mentioned. Moka5 is optimized for consumer use-cases.

For instance, both Kidaro and Moka5 provide "live" virtual machine distribution and update mechanisms, but emphasize different aspects and use different technologies to achieve this functionality.

VR:Desktop security is becoming a major concern and focus for IT organizations. With this solution, where is the data kept?

Kohavi:Security, and specifically corporate data protection, is one of the three key benefits of Kidaro Managed Workspace (Managed, secured, easy-to-use). In addition to the built-in isolation inherent in virtual machines, Kidaro provides policy-based data flow control as indicated previously. Central audit trails can be tracked from the management console.

The corporate data itself can be kept on servers, or saved locally within the virtual machine, according to the corporate policy. Kidaro workspace supports authenticated access to any network resource, including email, file shares and databases.

To safeguard "data at rest", Kidaro encrypts the virtual machine disk.

Kidaro also enables administrators to start a new desktop image every time, removing residual corporate data from the user machine.

VR:How fast of a network connection do you need with this solution?

Kohavi:Kidaro Managed Workspace does not depend on network connectivity to operate. Users can work offline or over slow connections: applications will behave just as if they were installed locally. The only part of the Kidaro solution that can benefit from higher network bandwidth is the web deployment and updates - a slow connection will result in longer download time, mainly for the initial deployment.

VR:Can you explain more about the deployment method?

Kidaro offers a range of deployment methods that administrators can choose from:

Secured web download - point your browser to a URL to download Kidaro client and automatically retrieve the workspace.
Removable media "plug and work" - have everything required for deployment on a USB drive or a DVD, easily deployed to any remote user.
Enterprise software distribution - apply existing tools to deploy Kidaro's standard MSI package within the enterprise or in offsite facilities.

Regardless of the deployment method, administrators can choose to apply the enterprise domain authentication, before allowing the virtual machine to initiate. If applied, the virtual machine is inaccessible without a server token that is provided only after authentication.

In addition, our optimized Trim-Transfer network delivery technology can be applied to any user, anywhere, regardless of the deployment method used (web, USB, DVD).

I'd like to thank Mr. Ran Kohavi for taking time out to speak with me and for answering a few questions about his product. More information about the company and it's product can be found on their Web site.

Posted by David Marshall on November 4, 2006 07:05 PM

September 23, 2006 | Comments: (0)

TechWorld Interviews IBM's Rich Lechner

TechWorld recently took the opportunity to speak with IBM's Rich Lechner, VP of Virtualization, when he dropped into the UK on a European tour. Lechner was able to shed some light on both IBM's role within virtualization and where he thinks the technology is headed.

Two interesting question and answer sessions follow:

Q: What are your customers saying about virtualisation? A: We regularly survey IBM and non-IBM customers, and 54 per cent either have or will implement virtualisation this year. For SMBs -- that's companies with under 1,000 employees -- the adoption rate is the same as for big enterprises which is very unusual for a new technology. Sixty per cent of all virtualisation engagements are in SMBs and their pain points are same as those of the big customers: cutting costs, consolidation, and handling storage growth while containing IT admin costs.

Virtualisation is like a microwave oven -- it's very complex and capable, and it brings rapid ROI with a simple application of the technology. For example, take storage: a customer can justify the cost of virtualisation through a single data migration. Then they can do tiered storage, disaster recovery and so on.

And until very recently the drivers have been cost reduction via better utilisation of floor space and so on. But in the last two quarters, customers have been saying that disaster recovery and higher availability are their main drivers, such as failover partitions, VMware's VMotion, and data replication services.

...

Q: What challenges can you see ahead for virtualisation? A: The main problems for customers are organisational barriers, such as when they move from physical resources that are owned by divisions within the organisation to a distributed architecture. Departments need to be assured they'll only pay for what they use -- on mainframes we've been able to do this for years.

Customers are also rapidly realising that management of the virtualisation environment is critical. Firstly, they don't want physical resources to be divorced from the virtualised environment -- in other words, they don't want a whole new set of management tools; they have enough. Secondly, they want management tools to work across broad physical resources. And thirdly, they want integration of those tools into enterprise management systems such as IBM's Tivoli.

But the single biggest challenge to virtualisation is a lack of skills, whether for those who are or who aren't doing virtualisation. So we're educating our services people and those of our partners to design and deploy systems for customers.

We've also created patterns for virtualisation implementation that customers can follow, such as how to design and implement networking, server selection and so on -- it's not IBM-specific as it's aimed as accelerating adoption. We had the same problem with Web services and that proved a good template to adapt. And 65 per cent of all customer engagements are led by our business partners, so it's good news for them.

Read the entire question and answer session, here.

Posted by David Marshall on September 23, 2006 01:11 PM

September 20, 2006 | Comments: (0)

Interview: Graham Lovell talking about Sun and Virtualization

According to a recent press release from Sun Microsystems, one company in particular is combining the well planned architecture of Sun's Sun Fire X4200 Server and the power of virtualization to perform a 22-1 server consolidation, thereby allowing them to combat and reduce power consumption and high heat output by up to 84 percent:

NewEnergy is replacing its entire Houston data center, comprised of 22 Intel processor-based servers, with two Sun Fire X4200 servers powered with the Dual-Core AMD Opteron processor, and running the Solaris 10 OS. NewEnergy's Houston data center performs CPU-intensive Grid computing simulations for its customers nationwide, which mirror real-world electric Grids in order to plan for potential disasters. Trial results demonstrated the Sun Fire X4200 servers as being much faster than other servers which is partially credited to the Solaris 10 OS's efficiency over memory-intensive applications running the Windows OS.

Sun and VMware have combined efforts to provide innovation and deliver proven virtual infrastructure solutions for enterprise computing. Leveraging the power of VMware Infrastructure 3, Solaris 10 and the Sun Fire series of servers, customers can maximize performance and reduce overall cost of ownership via server consolidation, business continuity, and test or development solutions. Combining these products, IT managers are given a complete solution to help increase their server utilization, improve performance and reduce costs while making better use of their data center resources, like space, cooling and power consumption.

I recently had the pleasure of speaking with Graham Lovell, Senior Director of the Systems Group for Sun Microsystems. I wanted to find out more about Sun and to get his take on the whole virtualization scene, specifically software licensing, emerging trends, and customer needs in the virtualization space.

David Marshall: In your own words, what is Sun's strategy towards virtualization?

Graham Lovell: The first thing we need to establish is what we mean by virtualization and how we communicate it. We need to define it with customers in different circumstances.

Customers generally look to improve the utilization of their servers. They want to run multiple applications and different operating systems. The idea is to snapshot what they have in a piece of hardware and then run it on another system in a virtualized way.

They can see the benefits of running virtualized environments, but they have to support it. They need management tools to run it well.

It is important that suppliers such as Sun can provide a range of options on different multiple operating systems. We have SPARC and x86 product lines. With Solaris 10, we have containers. It lets you run isolated systems where each one thinks its running on a dedicated system. If you are running Xen or VMware, you aren't running multiple software copies.

This has been popular with customers running Solaris and SPARC and Solaris on x86 platforms.

The next choice is that customers can select VMware. VMware has a number of new products, but people think it is a single solution. When we talk to customers about experiencing VMware, some of them may have just heard of it. That is when we can talk about different styles of implementation.

Customers are seeing the benefit on how they can mix VMware. They talk about pooling resources in the data center so one can then resource data across several servers. This makes it easier to move applications around and help with capacity planning. Virtualization can help you install pool behavior.

David: Are you finding that people are using Solaris containers to do the same thing as VMware? Such as for development and test or support? Or are they strictly using it for server consolidation?

Graham: Customers look at virtualization to test and debug applications across a range of application systems. That is where the customer can be more sophisticated in their choice with VMware or Xen. With VMware, you can see things have more choice. Xen is up and coming. It is embedded in a number of operating systems. It has interesting and new budget tools. I think Xen will have an interesting future virtualization stack as well.

Containers are typically rolled out in an application environment.

David: How does virtualization impact software licensing?

Graham: The software industry is reeling from pricing multiple cores per processor. Microsoft has strong policies around pricing cores. Virtualization software subdivides a processor into pieces of CPU. Vendors then argue why do they pay for the whole software when they only use a fraction of it?

Value-based pricing is a more reasonable way to charge for software. I think Microsoft is one of the first to come out with policies around virtualized environments.

David: I agree with you. Software licensing will have to change. People are using virtual machines for things such as disaster recovery options and software companies will have to adapt.

Graham: Without the flexibility in licensing, customers may find themselves paying more for the software. They moved the software from a 2-core system to an 8-core system. Virtualized environments have bigger engines. They need to make sure they don't fall far of software restrictions.

Customers need to go back to their ISVs and say, is it ok if I can move from 2-cores to 4? Then you have a start for negotiation.

Sun has an enterprise system where you charge by the number of employees in the company. It doesn't matter how much hardware you run, it's a site-based license with lots of flexibility.

David: What do you think is driving the demand for virtualization today?

Graham: I got this Windows NT application. The problem is I can no longer get hardware that can run the physical operating system. You can't buy old hardware that will run this new software. Legacy reasons are one of the key drivers for virtualization.

Server sprawl also generates too much heat and uses too much power. If I consolidate them, I can then improve the use of space, heat and power in the data center.

When customers think of disaster planning, they need to easily migrate applications across platforms. If one data center has a problem, it's easier to migrate in a virtual environment than a non-virtual one.

Virtualization also offers more flexibility. When a business comes along and the IT department needs to respond quickly to business needs - virtualization can ramp things up.

David: I've seen problems using VMware and Xen with patch management. Since the containers approach is based on one operating system, would that solve part of the patch management problem? It seems like instead of having to patch multiple areas, you just have to patch one.

Graham: The flip side is that it runs the same kernel code. So it is all consistent. But you can apply different patches into the user space. You can't have multiple kernels. If you make any changes, it is reflected across the containers. Then you may want to run VMware with several implementations of Solaris. Then you have a patch level in one instance of Solaris.

David: Can you leave us with a good customer example?

Graham: The one that gets my juices going is New Energy Associates.

Neal Tisdale, Vice President of Software Development of NewEnergy Associates, consolidated 22 Dell servers to 2 Sun servers. He cut down not just the number of systems, but he cut down on heat, power and physical space. He then managed a server consolidation environment.

That is the low-hanging fruit for customers. They can do better with modern technology and make a huge energy cost savings. Computing is underutilized by customers.

There are significant benefits to making that change and pushing people to experiment.

Posted by David Marshall on September 20, 2006 03:41 PM

April 22, 2006 | Comments: (0)

KernelTrap Interviews Andrey Savochkin - A Lead Developer on OpenVZ

KernelTrap.org offers an interesting interview with Andrey Savochkin, a lead developer of the kernel portion of OpenVZ, an operating system-level server virtualization solution. In the interview, Andrey goes into great detail about what virtualization is and how it works, the differences between hardware-level and operating system-level virtualization, and how OpenVZ compares to VServer, Xen, and User Mode Linux. Andrey is now focused on getting OpenVZ merged into the mainline Linux kernel because he believes virtualization is the next big step, "comparable with the step between single-user and multi-user systems."

Jeremy Andrews: OpenVZ is described as an "Operating System-level server virtualization solution". What does this mean?
Andrey Savochkin: First, it is a virtualization solution, that is, it enables multiple environments (compartments) on a single physical server, and each environment looks like and provides the same functionality as a dedicated server. We call these environments Virtual Private Servers (VPSs), or Virtual Environments (VEs). VPSs on a single physical server are isolated from each other, and also they are isolated from the physical hardware. Isolation from the hardware allows to implement on top of OpenVZ an automated migration of VPSs between servers that does not require any reconfiguration for running the VPSs on a very different hardware. A fair and efficient resource management mechanism is also included, as one of the most important components for a virtualization solution.

Second, OpenVZ is an operating system-level solution, virtualizing access to the operating system, not to the hardware. There are many well-known hardware-level virtualization solutions, but operating system-level virtualization architecture gives many advantages over them. OpenVZ has better performance in some areas, considerably better scalability and VPS density, and provides unique management options in comparison with hardware-level virtualization solutions.

...

Jeremy Andrews: How does OpenVZ improve upon other virtualization projects, such as VServer?

Andrey Savochkin: First of all, OpenVZ is a completely different project than VServer and has different code base.

OpenVZ has bigger feature set (including, for example, netfilter support inside VPSs) and significantly better isolation, Denial-of-Service protection and general reliability. Better isolation and DoS protection comes from OpenVZ resource management system, which includes hierarchical CPU scheduler and User Beancounter patch to control the usage of memory and internal kernel objects. Also, we've invested a lot of efforts in the creation of the system of quality assurance, and now we have people who manually test OpenVZ as well as a large automated testing system.

Virtuozzo, a virtualization solution built on the same core as OpenVZ, provides much more features, has better performance characteristics and includes many additional management capabilities and tools.

Jeremy Andrews: What are some examples of hardware-level virtualization solutions?

Andrey Savochkin: VMware, Xen, User Mode Linux.

Jeremy Andrews: How does OpenVZ compare to Xen?

Andrey Savochkin: OpenVZ has certain advantages over Xen.

OpenVZ allows to utilize system resources such as memory and disk space much more efficiently, and because of that has better performance on memory-critical workloads. OpenVZ does not run separate kernel in each VPS and saves memory on kernel internal data. However, even bigger efficiency of OpenVZ comes from dynamic resource allocation. Using Xen, you need to specify in advance the amount of memory for each virtual machine and create disk device and filesystem for it, and your abilities to change settings later on the fly are very limited. When running multiple VPSs, at each moment some VPSs are handling load burst and are busy, some are less busy and some are idle, hence the dynamic assignment of resources in OpenVZ can significantly improve the utilization of resources. With Xen, you have to slice the server for the worst-case scenario and maximal resource usage by each VPS; with OpenVZ you usually can slice basing on average usages.

OpenVZ provides more management capabilities and management tools. To start, OpenVZ has from out of the box ability to immediately create VPSs based on various Linux distributions, without preparation of disk images, installing hundreds of packages and so on. But most importantly, OpenVZ has the ability to access files and start from the host system programs inside VPS. It means that a damaged VPS (having lost network access or unbootable) can be easily repaired from the host system, and that a lot of operations related to management, configuring or software upgrade inside VPSs can be easily scripted and executed from the host system. In short, managing Xen virtual machines is like managing separate servers, but managing a group of VPSs on one computer is more like managing a single multi-user server.

Operating system inside Xen virtual machine is not necessarily able to use all capabilities of the hardware; for instance, support of SMP and more that 4GB of RAM inside virtual machines will appear only in Xen 3.0. OpenVZ is as scalable as Linux when hardware capabilities increase. SMP and more than 4GB have been supported in OpenVZ from the very beginning. Recently we've built OpenVZ for x86_64 platform, and it was a straightforward job not requiring going into architecture details. So, OpenVZ is far more hardware independent than Xen, and hence is able to start to use new hardware capabilities much faster.

There is one point where Xen will have certain advantage over OpenVZ. In version 3.0, Xen is going to allow to run Windows virtual machines on Linux host system (but it isn't possible in the stable branch of Xen).

Again, I need to note that the above describes my opinion about the main differences between OpenVZ and Xen. Virtuozzo has many additions to OpenVZ, and, for instance, there is Virtuozzo for Windows solution.

Jeremy Andrews: How does OpenVZ compare to User Mode Linux?

Andrey Savochkin:
What I've said before about advantages of OpenVZ over Xen also apply when OpenVZ is compared with User Mode Linux.

The unique feature of User Mode Linux is that you can run it under standard debuggers for studying Linux kernel in depth. In other aspects, User Mode Linux does not have as many features as Xen, and Xen is superior in performance and stability.

Read the entire interview, here.

Posted by David Marshall on April 22, 2006 08:40 AM

VIRTUALIZATION REPORT PODCAST

Listen to the latest podcast:

MP3 •

•

• Archive •

Technology White Papers

InfoWorld Technology Marketplace

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert