To some IT departments, virtualization is at the server level, running multiple operating systems on one server. To others, it enters at the network level, consolidating multiple servers, managed from one logical entity. Still others apply it at the application level, keeping applications isolated from each other while operating on the same environment.

Regardless of how virtualization is used, it can impact the way organizations run their business, and will likely grow in the coming years. According to research firm IDC, spending on virtualization software and services is expected to exceed $15 billion worldwide by 2011, up from $6.5 billion in 2006.

A number of key considerations and challenges exist with virtualized server environments that IT managers should understand. Enterprise requirements, for example, in terms of application availability, performance and security, are not addressed by virtualization solutions.

Mission-critical applications should be fully available, regardless of the underlying infrastructure. Though software-based high-availability capabilities are integrated into many server virtualization solutions, they suffer from several deficiencies:

Typically, availability is monitored at the virtual machine level. Action is taken only when a server or a virtual machine fails, but not when there is a failure of the OS or application software running on top of the virtual machine. Failure in the network connection to the server also may not be detected.
Since all server virtualization solutions are software-based, they monitor availability by implementing a software agent on each physical server, thus consuming resources of every server in the virtual infrastructure for this purpose only.
Failure recovery time is typically as long as it takes to start a virtual machine on a different server. This may vary based on the machine load and can, in some cases, take up to several minutes. During this period, service is denied to people who were using applications on the failing virtual machine.
Additional spare resources must be allocated for failure occurrences to run the additional virtual machine. These resources are not utilized when all servers and virtual machines operate properly.

To ensure business application availability, all of the above challenges should be addressed. Failures at all levels (server, OS, network, application and data) should be detected, and users need to be instantly serviced by an alternate resource when a failure occurs.

Mission-critical applications are dynamic, change to accommodate company growth and fluctuate in terms of users (employees, partners and customers). There may also be a requirement to increase application capacity due to changing market conditions, such as seasonal peaks in business application usage, including end-of-quarter or annual financial activity. This translates into the need for building the application infrastructure so that capacity can be changed and resources, such as servers, storage or bandwidth, can be added or removed transparently, without application service interruption or application code changes.

Server virtualization's capacity for quick and transparent virtual machine mobility from server to server addresses this need. The integrated clustering capabilities in many server virtualization solutions, however, have the following limitations:

Integrated clustering is based on load-balancing functions performed by software running on all servers. Requests are broadcast to all virtual machines in a cluster and the selected virtual machine is chosen accordingly.
Clustering software on the respective virtual machine forwards the request to the application. This solution wastes resources and requires changes in server configuration.
All servers have to handle all packets, even if not processing them in the application, causing a traffic peak to impact all servers in the cluster unnecessarily. Scalability is typically limited to 32 virtual servers in a cluster.

In a virtualized server environment, there is an inherent performance hit as a result of the virtualization layer overhead, which impacts end-user response time. Additionally, users can be anywhere, accessing applications over the wide-area network (WAN) from remote offices, home offices or mobile devices. User location, access point and bandwidth can introduce further bottlenecks that may impact the actual application response time.

Virtualized server environments are considered secure, since all operating systems and applications are executed within a closed environment. Even while running on a virtual server infrastructure, however, critical business applications should be open to external users and networks for standard business operations. Therefore, they are exposed to denial-of-service (DoS) attacks, which can target any server on the network by generating an increased demand for the application, overwhelming application resources.

DoS attacks such as SYN floods and other transmission control protocol floods can paralyze critical applications for the length of the attack, deny service from legitimate business users and translate into downtime. This security threat should be taken into consideration as part of the overall business continuity strategy of an organization.

In a virtual application environment, there are management requirements that go beyond server management. No matter which physical server or virtual machine it runs on, each application needs to be managed by authorized administrators allowed to modify its infrastructure. Full user and access management is required at the server level and at the application infrastructure level.

Running servers at 60 percent to 80 percent utilization requires careful capacity monitoring and planning. A standard interface that features statistics reporting, visibility and alerts is a requirement of any management system.

In addition to value and cost savings achieved by implementing server virtualization, look for application delivery solutions offering additional virtualization capabilities that translate into further costs savings, greater flexibility in application provisioning and improved capacity planning of application infrastructure, such as:

Application resources virtualization is possible through the abstraction of virtual machine groups running on top of physical servers into logical server farms. Any aspect of the application infrastructure is completely transparent to end-users and application developers, including how many virtual machines and physical servers are used and whether they are located in single or multiple data centers. Resource usage is optimized through load balancing and redirection of sessions to the virtual farm, without adding processing overhead to the servers.
Full application service virtualization can be achieved through the ability to represent services/applications with one virtual IP address, advertised and managed through DNS/anycast from multiple locations. This enables multiple protocols to target the same IP address, providing simplification in terms of traffic and policy management, reducing further cost of infrastructure ownership.
Resources such as bandwidth and the number of connections can be managed as a pool and are allocated either per application (regardless of the physical infrastructure serving it) or physical resource, ensuring that each server is not overwhelmed with traffic and can continue serving the virtual machines running on it.
Peak surge operation enables the definition of backup servers, per application or physical server. This means that upon failure or reaching a defined capacity limit, more servers are added to the farm immediately and automatically, using virtual machine instances already installed but normally not serving traffic, thus enabling physical server resources to be used by other applications.
Management permissions and controls are defined according to the virtual application structure, regardless of underlying resources.

Amir Peles is chief technology officer for Radware, Mahwah, N.J.

For more information (click here)