IT infrastructure virtualization is hot. Companies large and small are racing to virtualize their servers, storage, desktops, and networks in an effort to simplify and consolidate, mainly for the purpose of saving money.

At one level, virtualization appears to simplify the IT infrastructure by masking the complexity IT deployment. However, as organizations expand their virtualization efforts, these environments pose significant management risks. As a result, “organizations with the most mature and complex virtualization implementations (more than 50 virtual machines in operation) are demanding more sophisticated tools to help manage these environments,” reports leading researcher International Data Corp. (IDC), Framingham, MA, in a study titled Virtual Infrastructure Management Priorities.

With various compliance mandates requiring managers to sign off on how their data is being created, used, processed, stored, managed, and protected, the lack of effective virtualization management itself presents a substantial risk.

The need for serious virtualization management has not gone unnoticed. The three leading virtualization proponents — VMware, Microsoft, and IBM — have stepped up with management strategies and tools. These tools, however, tend to focus on deploying virtualization with the goal of automating the deployment process.

From a compliance standpoint, managers really want tools that track the entire life cycle of virtualized IT resources, from their creation to removal. Surprisingly, many virtualized resources are never actually removed even when the organization stops using them, which is a big reason why the compliance folks are taking notice.

Another compliance concern is the mobility of virtualized IT resources. A key benefit of virtualization is the ability to easily move resources to other locations on the network or to quickly deploy multiple copies of the same resource. It doesn’t take too long before the organization loses track of these resources.

Embotics, a virtual machine (VM) life cycle management tool provider, estimates that 30 percent of the VMs may be redundant. In response, the company uses policy-based controls to manage and control VMs throughout their life cycle. Embotics works only with VMware although the company promises to someday add Microsoft’s Hyper-V and Citrix’s Xen to the virtualization environments it manages.

For example, Embotics identifies ghost VMs that have been removed from the virtualization directory but have not been physically removed from the network. These ghost VMs become an auditor’s worst nightmare and pose serious compliance risks.

Besides Embotics, a number of vendors offer similar tools, including Dynamic Ops, Fastscale, Fortisphere, Hyper9, ManageIQ, Platform Computing, Reflex Systems, Tripware, Surgient, Veeam, and VizionCore.

IT virtualization brings considerable benefits. While relishing the benefits, however, make sure that you recognize and address the potential compliance risks. ###