Server virtualization is a technology that allows the transition from distinct physical servers each running different operating systems and applications to a virtualized server that enables multiple physical servers to run concurrently as independent virtual machines (VMs) on one single physical server (the “virtual server”). The software component that allows multiple guest operating systems (“guests”) to run simultaneously on the virtual server is the hypervisor (e.g., the VMware® ESX Server, Citrix® XenServer, and Microsoft® Hyper-V). The hypervisor is responsible for creating, releasing, and managing the resources of the guest VMs installed.
Server virtualization offers savings over traditional dedicated physical servers. Using virtual servers minimizes up-front capital costs, requires less hands-on management, and may even reduce software costs since most software that runs on a given operating system can be installed on virtual servers, often with fewer restrictions than for software installed in shared hosting environments. Due to the number of VMs typically running on a single machine, however, a virtual physical server tends to have limited processor time, RAM, and disk space available.
Storage and security products that have worked well in the physical computing world, however, are not well suited to server virtualization and cloud computing environments. The cost benefits of server virtualization are offset by poor storage utilization which results in increased storage costs and a new set of security threats that did not exist in the physical computing world. These security threats are one of the major reasons why information technology (IT) organizations are reluctant to use VMs for storing sensitive data and have turned instead to cloud service providers (CSPs) who provide computation, software, data access, and storage services without requiring end-user knowledge of the physical location and configuration of the system that delivers the services.
Storage vendors, as a group, have done little to accommodate the influx of server virtualization. Lack of innovation and security capabilities has resulted in the use of traditional and expensive storage solutions that are ill-equipped to deal with the new virtualization and cloud computing worlds. Placing cloud-stored sensitive data in the hands of strangers (unknown CSPs) is not just unnerving, but could also engender major legal issues when dealing with auditors and regulatory bodies (e.g., the Payment Card Industry (PCI) Security Standards Council), especially in light of data breach laws now common across the United States and in other countries.
Virtualization servers are typically set up as shown in FIG. 1. A guest operating system 101 (e.g., Microsoft® Windows XP VM) is accessed and managed by a hypervisor 102 on a virtualization server 103. The hypervisor communicates with a physical file system 104 which organizes VM files 105 stored on a local disk or via network-attached storage accessed via protocols such as an Internet-based Small Computer System Interface (iSCSI) protocol or a Network File System (NFS) protocol.
In the older, physical hardware-based computing world when mainframes and mini-computers ran in the data center and Intel-based PCs were found at home, an average consumer was not sophisticated enough to access mainframes and mini-computers to steal stored data. Current virtual servers are more vulnerable, however, both because VMs are very mobile and because home and office computing hardware (Intel® x86 architecture) is often the same as that used in a data center so an average computer user is often knowledgeable enough to access a VM which is stored in a folder on a disk. In short, what would be the operating system's physical disks (for example C: and D:) are now regular files that are easily viewable and easy to copy. Stealing a VM then, is simply a matter of copying (e.g., to a USB thumb drive) 106 the set of VM files, and carrying them out of a data center without authorization. Alternatively, the set of files can be copied over a network (107) to another machine, again without authorization. These appropriated files can run on a home personal computer using free tools from all the major hypervisor vendors.
Virtual servers can be secured, but that security comes at a cost. And, if that security impedes the technological benefits that virtualization provides, some companies will avoid virtualization when sensitive data is being processed and thereby miss out on the benefits of virtualization and cloud computing.