Server virtualization is a broad term for a set of technologies that enable running multiple
operating systems, virtual machines, on a single physical machine. There are several different tools
and platforms for implementing server virtualization solutions, including but not limited to:
- VMWare ESX
- Microsoft Virtual PC
- Sun Solaris Containers
- Citrix Xen
Generally, all server virtualization solutions consist of a hypervisor, which manages and controls
resources, and virtual machines, which run under the hypervisor’s control.
Server virtualization provides several advantages to any enterprise. From a business view,
virtualization enables a company to maximize the return on investment for physical hardware. By
running multiple virtual machines on a single physical server, the utilization of the physical
hardware can be maximized. Without virtualization, enterprises were forced to either provision
multiple physical machines or run diverse workloads on a single server without the management
and control of resources provided by the hypervisor. Server virtualization has a technical
advantage of greater agility.
There are risks and disadvantages associated with server virtualization. As the Cummings article
discusses, there are security challenges associated with virtualized servers that do not exist
when dealing strictly with physical servers. (Cummings, 2006) There is also a “many eggs in one
basket” risk with virtualized servers. A physical machine outage in a virtualized environment has
the ability to affect many virtual servers due to the many-to-one nature of virtual machines. There
are technologies to mitigate these risks, but the risk is one enterprises considering Virtualization
must plan for and consider. Additionally, there are emerging threats with virtual machines that need
additional research. There are known attacks against the hypervisor layer that provide attackers
with control and access to the virtual machines. In some cases, these hypervisor attacks are
difficult, if not impossible, to detect once the system is compromised. (Ou, 2006) Finally,
virtualization does add to the complexity of the environment.
Most organizations can justify the deployment of virtualization technology, as the benefits are very significant. Businesses should ensure that they understand the risks as they make their analyses. The risks can be mitigated and controlled.
Cummings, Joanne (2006). Virtualization at every layer. Network World, 23(44), 64-67.
Ou, George (2006). Blue Pill: The first effective Hypervisor rootkit. Real World IT blog, ZDNet. Retrieved from the Internet on August 23, 2009. http://blogs.zdnet.com/Ou/?p=295&tag=rbxccnbzd1