Virtualized Infrastructure – What is it?
Virtualized infrastructure is taking all the typical components in the enterprise/data centre environment; compute (CPU & memory), storage, networking – abstracting and consolidating these into managed virtual environments.
Why would we do that?
Lots of reasons! Scalability, resource optimization, energy consumption reduction, improved disaster recovery and prevention, ease of management, deployment agility and reduction in maintenance and downtime requirements, not to mention the cost savings associated with several of these factors. There could also be deployment-specific benefits such as lifespan improvements to legacy applications for example. With the above in mind, you’d be right in thinking that there are many reasons to consider virtualizing your infrastructure.
So how do we use virtualization in the data centre?
Here at Vinters, we make heavy use of Hyper-V and KVM alongside Proxmox and VMware solutions. Each of these has unique strengths and we aim to ensure our customers’ needs are met in the categories we mentioned in the above section. We collaborate closely with customers to design solutions tailored to their business needs, while aligning with IT best practices, including security and performance.
What performance considerations are there?
Introducing a hypervisor comes with its own performance considerations and these should not be overlooked. The hypervisor itself creates an additional layer between the hardware and the customer’s business software stack. This added layer brings resource overhead, primarily in CPU and memory consumption. This is typically the first area we would consider the customer’s needs and ensure we deploy a suitable hypervisor and ensure the configuration supports the requirements while managing the impact on performance that comes with it.
Resource contention can impact performance and it’s vital to understand your existing environment and plans for near-term scaling if you’re opting for dedicated hosting. While there is often the capability of scaling-up, scaling-out is generally easier, less disruptive and can further support resiliency. Ongoing system monitoring (at both the hypervisor level and the guest level if desired) and reporting against the performance of your infrastructure is also key to identifying performance issues before they impact your environment. One final performance consideration worth mentioning here is the capability of prioritizing resources for specific VMs in the event of contention. This can be useful if you know some processes are critical and others are less-so.
These are the types of considerations that Vinters can help you define and plan for if you or your business are looking to change from local/bare metal infrastructure.
How about security challenges?
The scope of security challenges can be vast when considering a change to virtualized infrastructure. Often the same security challenges you’d face in a typical bare metal environment are still there in a virtualized environment but in addition to that, the hypervisor itself may prove to create a wider surface area to attack/compromise. As you can imagine, compromising a hypervisor is a high-value prize, giving access to all hosted systems within it and potentially spread laterally within the environment. To combat this, hypervisor hardening and microsegmentation could be employed.
Another common area overlooked when first looking towards virtualized infrastructure is the concept of East-West traffic. This refers to traffic moving between guests, typically on the same physical host. In a traditional environment, traffic is likely easier to direct to/through an Intrusion Detection/Prevention System (IDS/IPS) or may do this by default due to the connectivity topology, making traffic inspection easier. In a virtualized environment, that may not be the case. There is no physical or logical reason for the traffic to egress the hardware, travel through an IDS/IPS and then return to the same hardware. To combat this, internal traffic monitoring solutions can be deployed, leveraging hypervisor-level Software Defined Networking (SDN) features and agent-based security solutions can be used at the OS-level.
OK, so where does balancing performance and security come in?
As we’ve discussed in just a couple of examples above, it is clear that there are considerations in both the performance and security categories to take into account. To make matters more complex, it’s quite common for those considerations to conflict with one another. For example, deploying multiple EDR agents across multiple VMs on a single hypervisor could cause significant CPU and/or storage contention on that hypervisor. A balance between hardware capability, EDR activity and security requirements would need to be found in this scenario.
Is virtualization right for my business?
Having read the above, you’d be forgiven for thinking that virtualization is the clear answer to every challenge in the IT sector! Well, as with most solutions, it’s not quite that simple…
If your business is scaling rapidly (or expecting to), seeking rapid and robust disaster recovery capabilities or has a sprawling physical infrastructure overdue for reassessment then these are great reasons to look towards virtualization. Conversely, if you’re a relatively new business and uncertain of your growth trajectory or have concerns around the initial costs for deploying the additional hypervisor layer – particularly if your compute needs are modest, then bare metal may still be the better decision for you and your business.
Ultimately, whichever route you take your business, Vinters is perfectly positioned to work with you on your enterprise needs. Whether you would like to utilize bare metal infrastructure or lean towards virtualization, with two decades of experience supporting customers with infrastructure design and management, virtualization and many other IT services, we’d love to hear from you. Contact us using the below form to speak to us about our Infrastructure Management options.
