Virtual machines are software that mimic a computer’s hardware and allows you to run multiple operating systems on one physical machine. One of the most common uses for a virtual machine is in system management and monitoring. Virtual machines are the key to the modern web.
The march of the use of Virtual Machines (VM) seems relentless. Offering so many advantages such as being able to store a testbed (or sandbox) that can be stored and then spun back up quickly to repeat testing alone, or having an environment that can be restored quickly if attacked offer massive productivity gains.
In the past 20 years, this has area of IT has gone from being a niche to the general model for operating a company. If you scan any study of the best companies to work you will be hard-pressed to find a company that does not make use of VM.
There are now companies solely dedicated to creating virtual environments for their clients, hosted on the internet. This has led to competition both for customers by internet hosting companies like GoDaddy, Amazon, and Microsoft as well as for the resources.
The allure of VM though has had some downsides. One of the biggest is that there are dozens of forgotten installations. Akin to bygone flyers for concerts and plays, these machines dot the landscape consuming resources.
Keeping these runnings detract from your bottom line. They are equivalent to letting somebody live rent-free in your house.
How does this happen
VMs are easy to deploy. There was, at one time, a business case for deploying a server. As expected, sometimes these are commissioned to test or plug a gap. Sometimes they are used to assist with a migration.
When the task is finished, like documentation rather than cleaning up, those who are aware move on to the next items on their lists. The additional, unused resource keeps on spinning.
There are also instances where a company deploys VMs with only a button click. Careless accounts staff, focused on closing a deal, can easily allocate resource that is then, not used, billed, or justified with a financial business case.
Moreover, VM deployment can be automated as part of a server, database, or firewall process. The design of these processes is unlikely to include subsequent validation that the server is then used. And as these processes run almost instantaneously, there is little chance that those who are accountable will notice.
Knowing which machines are supporting which processes can quickly become opaque. When that happens, it becomes more difficult to decommission a Virtual Machine as one is uncertain what the knock-on effect will be.
On large networks, servicing dozens of departments or processes, who in turn have dozens of ways to generate VMs, this can easily lead to sprawl.
Good practice, therefore, is to include in any process that involves provisioning a separate audit process that monitors the landscape for unused resources. Effectively, these would deprovision, store, and/or scrap unused VMs, reducing the strain on the actual hardware and the CPU pool such provides.
In theory, these practices monitor over a period, the number of VMs provisioned, their usage, business case(s), and ownership. Such would then re-assess and nominate those VMs for deprovision when they are no longer needed. And by knowing the owner and purposes a VM serves, those tasked with monitoring can trace the need to continue to run the VM.
Tracing requires a sensible naming convention. The names should help to trace purpose, author, and some other elements that make such unique. From the moment an application instance is provisioned, its unique identity must be determined.
This should be a formalized process that details the steps to take. In this way, not only is there information available, but also a clear set of guidelines on expectations when first setting up a VM as well as some responsibility after the resource is deployed.
As part of an overall strategy, one can define profiles of administrator types. These roles can then be associated with every VM tenant. By defining such in advance, one establishes the terms and responsibilities. Creating roles allows you, at a higher level, to establish who can create instances and also, limit the size of those instances centrally.
In tools such as Acronis Cloud Manager (formerly 5nine Cloud Security), one can go beyond this, defining templates which one can then allocate.
Operating in their own Bubbles
When designing the VM core, best practice should endeavor to make each instance of the application contained to its own silo. It should be impossible for a particular VM to gain access to other VMs as this in turn can expose a network to risk if a VM is compromised. In general, VMs should never be permitted to share resources.
While it may be useful for a business case, the chance that somebody could happen upon such a vulnerability would allow a would-be attacker to hop from VM to VM, having access to data and applications.
This article only scratches the surface of what one should keep in mind. To stay current, one should be subscribing to various forums, making use of communities such as StackOverflow and discussion servers (like vmware’s communities).
There are also Youtube channels that specialize in VM, as well as consultancies, like ATCOM Business Technology Solutions who advise on configuring cloud solutions and provisioning virtual hardware.
The best job search platform to find a VM and technology job in the USA is Lensa as it allows you to detail your soft and hard skills and have a broader view of what employers are seeking for.