Recently, SearchVMware.com sat down with VMware book author and nine-year virtualization veteran David Rule to chat about his book and virtualization trends. In this Q&A, you'll learn what Rule thinks about virtual machine security and management products, and get top considerations for designing a VMware infrastructure.
Syngress Publishing has been kind enough to give SearchVMware.com readers a free chapter preview from Rule's latest book, How to Cheat at Configuring VMware ESX Server. Download Chapter 9 of his book
Modifying virtual machines today.
SearchVMware.com: What does your latest book offer to system architects and those interested in VMware?
David Rule: It teaches you how to implement VMware, but not at a high level, from start to finish. Consider it more of a technical build document. It was designed for people just getting introduced to VMware ESX for the first time and who want to evaluate the software. It's more of a beginner level book as opposed to some of the other ones that I've done.
I wrote one for Microsoft Virtual Server 2005 that was contracted by the publisher, one other VMware book that was a collaborative effort with a few other authors, but this one I suggested to the publisher and wrote on my own.
What are the top three concerns when designing a VMware infrastructure?
Rule: At the forefront is planning appropriately; making sure to adequately size the ESX host from a CPU and memory perspective. A close second is planning out storage configuration, as well as networking configuration. It's hard to be more specific than that not knowing the size and details of an infrastructure, unfortunately. VMware is relatively easy to install and get up and running. A customer can run through the wizard and they will technically have an up and running, but it won't be close to a production level virtual server environment.
The third thing would be to make a good assessment of the environment up front. Assessment is a prerequisite to design. Typically, at Forsythe we assess, then design, then implement. You need to decide exactly what you're going to do before you do it, especially when it comes to backup methodology-that definitely changes.
Speaking of backup methods, what do you recommend to your clients for backing up virtual machines?
Rule: For most people, VMware Consolidated Backup (VCB) is pretty attractive for an agentless backup solution. But whether you want an agentless backup solution or not depends on the assessment and design steps. There are different pros and cons to each of the various backup solutions. The second kind of backup is a backup agent with normal backup software installed inside each virtual machine. You'd then back up the VM the same way you would a physical server. That's how most people are doing it today. But people are moving toward using VCB. The third type of back up involves products that act as a bridge between the agent variety and VCB, like installing an agent on an ESX server to backup to the VMDK.
What virtual environment management tools do you recommend, or are third-party tools more of an unnecessary add on?
Rule: There are a plethora of different tools out there. A lot of them are just bells and whistles. That said, there are a few that do have value. Vizioncore has a good history with VMware. They do capacity planning, replication and generally have a good product base. PlateSpin has another good one, but it takes a little bit of a backseat to Vizioncore's products. PlateSpin was also just acquired by Novell, so their position is up in the air for now. I've also heard that VKernel is good. It offers a really nice charge back and analysis tool, and customers tend to have a lot of interest in their other products, as well.
Other than that, it's a lot of clone products. Those are the three that stand ahead of the pack. They offer more innovation in the virtualization space as opposed to copying what other people are doing
How big of an issue is security? Are virtual machines as safe as they're thought to be?
Rule: With virtualization, there's network security and then virtual machine security. From that side, I think we'll see more security-focused products. VMware has done a good job and has always had security as a priority. There have been very few security issues around VMware. VMware has plans to add more enhanced security and firewalls in the future.
Attacks on the hypervisor are always going to be a concern, but it's more up to Citrix, Microsoft and VMware to make sure that they look out for the vulnerabilities before they are exploited. Historically, VMware has done a very good job of doing that. Back when the Linux-based service console was exploited, which got some fair media coverage, VMware did a pretty good job of getting it patched. I don't think there are any known exploits other than that.
Chapter download printed with permission from Syngress, a division of Elsevier. Copyright
2008. "How to Cheat at Configuring VMware ESX Server" by David Rule. For more information on this
title and other similar books, please visit www.elsevierdirect.com.
This was first published in May 2008