Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Questions for analyzing virtualization-cloud products

Gregory Machler | Feb. 22, 2011
There are many security issues to consider when selecting virtualization cloud products for your organization. Gregory Machler suggest questions to ask when you're examining your choices

What about information security within an infrastructure layer? For database applications, data encryption is defined by the database administrator for specific tables or rows. So, this database data is already encrypted within the cloud storage associated with the database. But what about data that is not stored within a database like files or cloud storage blobs. It is beneficial for the storage management layer to apply a storage encryption policy to a given application's cloud storage.

What types of real-world examples do virtualized infrastructure products address? In my current consulting role as a risk assessment consultant, the corporation periodically upgrades their infrastructures. They insert new hardware and upgrade software for platforms (web servers, operating systems, and server hardware) and infrastructure platforms (virtual machines and associated server hardware) beneath the applications. Often-times the network and storage infrastructure has already been upgraded before this occurs. In other words, corporations want their infrastructure layer to be invisible if possible. They want the virtualization infrastructure product to greatly facilitate application growth, inexpensively support existing applications, allocate network and storage resources dynamically, and support disaster recovery.

In summary, corporations want virtual machines to be protected in a similar fashion as current servers are protected. They want the virtualized bandwidth to be carved up and tethered to a given virtual machine. This bandwidth is attached to a given virtual machines unless it needs to failover to another local or remote server. Likewise the storage capacity needs to be mapped to one or more storage subsystems simultaneously so that disaster recovery is supported. The mapped storage capacity also needs to float so that a virtual machine can be migrated to another cloud and the application can continue in real-time. Centralized management of an applications virtual machines, network, and storage capacity enables infrastructure disaster recovery. All of this complexity exists to make the infrastructure appear to be invisible.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.