There is one central belief behind how network change and configuration management (NCCM) works: IT teams must have a basic blueprint of all of the network components, how they are configured, their connectivity and which applications or business processes they are linked to. With that information intact, IT can make informed decisions about implementing change without causing conflicts with existing systems that result in downtime. That whole concept is fully challenged with server and network virtualization.
The beauty of virtualized machines (VMs) is that they are easily migrated between physical hosts according to need. What's more, within a server, memory and space resources are constantly reallocated depending on application demand. That means that NCCM tools, including monitoring devices and databases, must adapt in order to document and archive this fluidity. That's a tall order.
The stakes are higher in virtualization change and configuration management
NCCM is more crucial than ever in a virtualized environment. When change causes outages in a virtualized environment, the ripple effect is much greater than it is in a physical network. After all, if one x86 server (physical host) supporting six virtual application servers goes down, you've lost seven servers rather than one.
In an average network, most outages are not a result of poorly working hardware, but rather of incidents that result from upgrades or troubleshooting. In a virtual environment, approximately 80% of repair time is spent investigating what changed in a system.
Server virtualization challenges the NCCM process, lifecycle management
That's because it's not always easy to monitor an environment with virtual servers. First, VMs are often automatically migrated from one physical host to another. That can cause a range of problems. Movement of virtual machines must be recorded and mapped so that they can be located for troubleshooting. After all, virtual servers need all the same software updates, security patches, hotfixes, memory, CPU and disk upgrades as physical servers.
But it's also important to record the configuration of the new host. That physical server may have a different configuration than the previous one. Network managers must confirm that the configuration of the new host keeps applications in compliance with government regulations and internal policy. That means if an Exchange server is moved to a new host, inbound and outbound messages will still have the same security protection they had on the previous host, for example. This is especially important when servers are hosting databases with health or financial data that must meet HIPAA and Sarbanes-Oxley Act regulations.
The ultimate goal is to create a geographic map of VMs regardless of how often they are moved. That map must be tied to information about the business processes and applications linked to the VMs. Once there is an outage, there is no time to look for this information. VM lifecycle management tools increasingly aim to better control automated provisioning according to policy, and they focus on configuration and change management. Many of these tools are new and evolving.
Should you limit live migration for NCCM in virtualized environments?
While a number of software applications promise to monitor VMs and record their locations as they move, it is questionable how well they keep up in an environment with lots of automatic migration. While live migration of VMs between physical servers is considered one of the most helpful elements to using virtual servers, network managers may want to limit this use until they are sure they have tools that can document changes in real time.
While limiting automatic migration may put a damper on virtualization potential, it helps to simplify the mapping of applications to physical resources and makes troubleshooting and performance management easier.
Tracking resource allocation
In addition to mapping the location of servers, it's also important to archive the allocation of resources -- such as memory -- within physical servers. If, for example, one application demands more memory than others on a specific server, it is common to reallocate resources. A committee often makes allocation decisions -- or at least a staff member is charged with change management using an archive of past changes.
Network virtualization and NCCM strategies
The real problem with NCCM strategies in a virtual environment may actually stem from network virtualization. While network virtualization eases management in some ways, it can be difficult to find end-to-end monitoring and mapping tools that track all of the connectivity and components in a virtual network.
Network virtualization enables the separation of network behavior from the underlying physical network resources. It allows network aggregation and provisioning, combining portions of different physical networks into a single virtual network or breaking a physical network into multiple virtual networks. These can be used as synthetic networks between virtual machines or run as isolated networks.
Network virtualization eases management in that several virtual switches, for example, can be pulled together and managed as one virtual switch. But for NCCM purposes, each of these virtual components, their configuration, their connectivity and the business processes that are linked to them must be mapped and archived. Several software applications promise to do this, but many engineers have found inconsistencies in monitoring tools that offer a holistic view. As a result, there is a long way to go in creating universal policy in relation to virtual networks.
Virtualization change and configuration management tools
The holy grail of NCCM tools for virtualization is a solution that has an end-to-end network view to monitor all virtual servers, network components and data paths. That, of course, would link to a configuration management database (CMDB) that would include configuration information, links to business processes and applications and so on. Also, tools that control VMs would be loaded with policy, ultimately enabling features like automatic migration without causing conflict.
A number of companies claim to have these tools, though users are still testing them to find what really works. Most of the solutions are still evolving as virtualization of servers and the network becomes more prevalent.
Some NCCM tools for virtualization focus on one element, such as virtual server monitoring and control. Others claim to offer a holistic network view and assessment. Either way, ultimately these virtualization monitoring and assessment tools will be integrated into existing CMDBs and other change management applications.
Existing tools generally aim to offer the following features:
- Virtual machine monitoring: These tools monitor specified host servers and their virtual machines. They can track performance of a server and the applications that are tied to these servers.
- Enterprise-wide monitoring: It monitors all virtual servers as well as virtual network devices. This tool checks the health of the physical server as well as each virtual machine, and it monitors the use of virtual resources and provides live reporting.
- Lifecycle management
- Central control of configuration changes
- Monitors for compliance with internal policy and government regulations
- Real time reporting through a Web interface
To continue reading this series, view our SAN change management primer.
This was first published in September 2009