by Edward L. Haletky

VMware Products May Take Time, But IT Teams Should Integrate Immediately

Sep 29, 20083 mins

The next generation of VMware products, whether they're called VI4 or VDC-OS, will make integration of security, storage, networking and other disciplines easier. Waiting until then to train the people responsible for that integration is just asking for trouble, or delays or both.

There are many new features coming down from VMware that will aid in integrating the networking, storage and security teams into your virtual environment or ecosystem. Do not wait for product changes to upgrade the way your technical teams work together.

Waiting for the Cisco Nexus 1000V or the next-generation VMware Infrastructure 4 (VI4 or, alternately, VDC-OS) to integrate these teams into the entire virtual environment’s design, architecture, and implementation may be too late. When VI4 does come out you will want to just upgrade to it and go.

Yes there will be some changes to how we do things, but it is possible now to have multiple teams doing everything that is required in these spaces.

VDC-OS promises to provide better integration of security and networking functions and the teams that monitor them, into the ecosystem by providing interfaces to which security and networking people are familiar. But, they must know they are working within the virtual environment.

At VMworld there were no bones made about the need to train the individuals within the networking and security teams to use the new tools and what is acceptable within the virtual environment.

This training can start now. The virtualization administrator must be the glue that binds these disparate teams together. The facilitator that asks the advice of the other teams, gets them involved, and heeds their advice or educates when that is not possible.

For example most networking folks will stop where the wire ends; working in virtual infrastructures, however, they have to lean that beyond the wire there is a bridge and then more network. You need their help to set up the real and virtual networks and you need to educate them on what is possible: the restrictions and benefits of the virtual network.

The top levels need to be involved as well. The CTO should assist with this endeavor. VI4/VDC-OS/whatever it will be called is not just around the corner, but if you wait until then, you miss the perfect opportunity.

VDC-OS will not change how virtualization works very much. It will change how you administer it.

But the basic understanding of how it works needs to be a part of every team from the support folks to ever administrator that touches or indirectly touches the environment.

The Cisco vSwitch is seen as a huge improvement in virtual networking, but it does not mean virtual networking disappears, or that you can still treat it like the physical network. If you do, then you may open up a weakness you never knew existed.

Security within the virtual network and environment requires understanding of the virtual environment and network. Get your security and network teams up to speed sooner rather than later.

Virtualization expert Edward L. Haletky is the author of “VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers,” Pearson Education (2008.) He recently left Hewlett-Packard, where he worked in the Virtualization, Linux, and High-Performance Technical Computing teams. Haletky owns AstroArch Consulting, providing virtualization, security, and network consulting and development. Haletky is also a champion and moderator for the VMware discussion forums, providing answers to security and configuration questions.