The advent of virtualization has changed the very fabric of IT, and has ignited a new era in computing. Virtualization has been a significant catalyst for change – promoting every IT organization to rethink the methods by which they provide computing services to their customers. Today…virtualization and cloud based technologies are becoming much more mainstream, transforming the way IT functions – providing a means of both reducing costs, and driving up efficiency and productivity.
That said…there are corresponding challenges as well. As VM’s continue to sprout up in just about every organization…the dilemma is the ability to manage what’s there. Let me elaborate:
1) Do you know the extent of your virtual infrastructure? VM images that get spun up – that aren’t visible for any reason to IT presents a risk.
2) Are you able to discover VM’s that are offline. An VM image that is maintained in an offline state, and then brought online after an extended period may be improperly secured.
3) Once discovered, can you quickly assess the current state of the VM’s you’ve now discovered – are they patched and configured properly? The ability to manage and secure these images is critical!
4) Additionally, do you know what software assets have been deployed to these systems…that may impact any current software license agreements?
So…to ensure the proper level of security, and facilitate the management of your virtual infrastructure – you’re going to need the right set of tools. That said, the tool should be both easy to use, as well as comprehensive in what it will discover (virtual and non-virtual machines). It should be able to clearly illustrate;
1) The extent of your virtual infrastructure – including systems that are both online and offline.
2) It should also be able to provide a perspective on the complexion of the risk you might be facing…missing security patches, systems configuration issues, unnecessary services that may be running, etc.
3) It should provide a detailed list of your current software assets – to ensure that you’re not over or under spending.
4) Last but not least…if there are risks that are discovered, the ability to remediate or remove the risks (or vulnerabilities) is critical!
As reference to the above, I wanted to comment on an excellent article I just read that really does a good job of illustrating the challenge I’ve just described – which is the gap between the complex new requirements of virtual machine management and the ability of systems tools vendors to meet them. Enjoy
So…to summarize, the proper tools exist to ensure you can keep your virtual environment in check…and you don’t have to look to far 😉
Thanks for reading!!