animind - Fotolia

Manage Learn to apply best practices and optimize your operations.

Managing virtual networks poses multiple challenges

Server virtualization offers network managers many advantages -- but those benefits come with some stiff challenges.

Virtualization's advantages have long been apparent. Server, compute and network capacity can be used more efficiently, reducing capital expenditures. Yet, despite virtualization's clear benefits, it has introduced new challenges for data center personnel charged with managing virtual networks. Among them, meeting and maintaining end-user performance requirements and protecting critical data.

Virtualization delivers improved server CPU utilization by supporting multiple virtual machines (VMs) simultaneously on a single server, each effecting a complete operating system environment and application. VMs can be moved from one server to another with excess capacity without disrupting ongoing processing.

In the past, adding an application or increasing capacity to an existing one often meant ordering a new server and installing and configuring it. With virtualization, a manager can simply bring up additional VMs on servers with excess capacity.

Eliminating VM sprawl: An important consideration

While the ease of bringing up VMs simplifies managers' tasks, it also creates challenges. Ordering and installing a new server requires time and money, but bringing up a VM is quick and requires no expense, causing VMs to be brought up without careful justification.

In other cases, VMs brought up for a short-term task are allowed to remain after the task has been completed. The result: VM sprawl. If left unchecked, large amounts of resources are consumed by VMs that are not providing any useful service.

This requires managers to form VM creation policies that can carefully balance quick responses to end-user requests with an appropriate level of justification and review. Identifying and closing down VMs that have completed their task requires an automated solution.

Management software vendors have responded with products to address VM sprawl. Managers must choose an approach that integrates with the VM creation process to record the requestor and justification for each VM. When the automated process detects an inactive VM, managers can check with the requestor to determine whether the VM is still needed.

Maintaining end-user performance expectations

Eliminating unnecessary VMs is just one challenge. Tracking and maintaining the performance of VMs that deliver valuable end-user services is another. Virtualized data centers support multiple services, all sharing processing resources on servers and network links.

Since there is no simple, foolproof method to predict future problems, administrators managing virtual networks have struggled to find tools to help them predict the impact of adding a service. There may be available capacity today, but many applications experience increased load at certain times of the month or year, and overall load tends to increase over time.

Problem solving methods that worked in the past are no longer effective -- and a new approach is required.

Adding to the challenge, finding the cause of a problem once it shows up can be difficult. The slowdown may be due to the cumulative impact of multiple other services, each with component VMs sharing servers, storage resources or network links with the affected service.

Managers have found problem solving methods that worked in the past are no longer effective -- and a new approach is required. Older application and network monitoring tools displayed reports on individual servers, switches and network links. Virtual environments with multiple points of possible contention are too complex for this technique to lead to a timely solution.

Instead of looking at the individual elements, managers need to examine the service as a whole. End-to-end delay comprises processing time in each VM, the queuing delay across each link, and database access delay. Identifying a delay requires a view of all of the components that make up a service.

Fortunately, management tools have become available to provide this top-down view. They generate a time-based record of each component making up the service and its performance. By comparing performance records, managers can identify which component slowed. Once the source of the problem has been identified, VMs can be moved to less heavily loaded servers or network traffic can be shifted to different links.

Protecting critical data becomes more complex

Virtualization's benefits -- among them multiple VMs sharing a server and the ability of VMs to move -- also contribute to increased risk. Employees' access privileges must be carefully controlled to limit access to specific applications and deny access to other applications executing on the same server.

Firewalls and intrusion prevention products installed on network links connecting the data center to the outside world and on links between servers are not sufficient. It's also necessary to protect the virtual switch that connects VMs within a server.

A successful malware attack on the hypervisor that coordinates VM operation within a server could infect all of the VMs. Managers must select and install a security platform designed for the type of hypervisor in use.

The Payment Card Industry Data Security Standard's regulations governing protection of credit card information contain detailed directions for card data security in a virtualized environment. Processing and storage must be confined to a specific set of servers located in a protected area. Other types of processing must not be permitted within the protected area. Managers must put controls in place so VM movement is strictly controlled; no VMs must be allowed to move in either direction across the protected area border.

Managers are dealing with virtualization's challenges, but also recognize more obstacles await them in the future. SDN by its very nature makes fundamental changes in the way network data paths are determined. As network equipment vendors and early adopters implement their own approaches to SDN, network managers will need to follow developments and choose carefully before adapting their data centers to take advantages of the topology's benefits.

About the author:
David B. Jacobs of The Jacobs Group has more than 20 years of networking industry experience. He has managed leading-edge software development projects and consulted to Fortune 500 companies as well as software start-ups.

Next Steps

Integrating physical and virtual networks

Virtualization: More than management

Top management tools

This was last published in September 2014

Dig Deeper on Network virtualization technology

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What's the biggest challenge you face in overseeing virtualization in your network?
Biggest challenge is to fight the battle with Network team who isn't willing to adapt new approach nor they want to change the status quo.  They don't like "server guy" telling them about the network virtualization