Even the name is a sort of a misnomer.  Not that there isn’t a lot of physical security around most data centers.  The doors are locked and not even regular employees have access.  This is necessary, and if someone gained physical access they could really mess things up. But, this is not where the big risk typically occurs.

The growing challenge is data security – i.e. protection from threats that come across the wire.  With ubiquitous networks, and data moving everywhere, protecting the crown jewels is a full time job.  Hackers, malware, employee abuse, and other threats can lead to data exposure that is potentially devastating, and almost undoubtedly embarrassing for the IT manager.

Gartner recently declared IT security the number one worry of fortune 1000 companies. This is not surprising when a report from Symantec showed exponential growth in internet security threats.

There is no silver bullet, and there is no system that can never be defeated.  We need to do the best we can with the tools we have.  Doing anything less could be seen as negligent.

Like security in the physical world, data security is a combination of business process and technology.  Neither can be effective alone.  Business processes must make clear what roles deliver data access, data steward ship, data ownership, and data disposal.

<sidebar>Data disposal is going to be one of the biggest challenges to the promises of cloud computing.  If we consider a hosted app like “gmail” to be part of the cloud, then we either must accept privacy policies like “all data belongs to the host” or try to stick to using internal systems. </sidebar>

The other half of the security solution is technology.  Intel, and others, are delivering new technologies to the server to assist with security enforcement.  New string accelerator functions dramatically speed content scans for malicious data.  Technologies like execute disable & SM range registers provide improved protection against buffer and cache attacks.  The next generation of Intel server processors will introduce new features that can validate that code is un-altered and remove much of the overhead from encryption.

Security can not be an occasional focus any longer.  Every security manager will need to be up to date on the state of technology and tools, and have the social skills to drive good data practices into the work environment.

I spend a lot of time thinking about computing efficiency, but there's an interesting statistic that really blows the doors off of what computing represents to the world's sustainability.  According to Gartner, if you measure all of the energy savings that computing can bring to our planet, 2% is from making computing platforms more efficient.  A whopping 98% stems from how we utilize computing resources make how we work and live more efficient.  The sources of this efficiency are vast but many come immediately to mind...telecommunting, design of products via workstations vs. physical prototype models, downloading music via iTunes negating the need to produce millions of CDs.  If more proof were needed you just need to look through the government stimulous package to see how critical the role technology plays in driving more efficiencies across industries.

When we created the Data Center Efficiency Challenge we specifically pointed out that part of this competition would be judged not on the efficiency of the datacenter but on how the datacenter was making the organization more efficient.  To take this notion further we've started a new competition...on JustMeans.com...to spur more discussion on how companies are utilizing technology to re-map the way they do business for an energy-aware 21st century world.  Check it out.

Virtualization 1.0 is yesterday’s news; the days of virtualization being used only as a tactical tool to drive consolidation and higher system utilization are quickly ending. For the most part, companies have figured out how to get improved utilization, and are using server virtualization in a wide range of usage models across development, testing and some rather interesting production/mission-critical scenarios.   Its use is gradually maturing from simple partitioning and encapsulation to leveraging the mobility of virtual machines to improve management and operations of IT environments. This is allowing the change in deployment models for virtualization from typical scale-up approach (SMP with large Memory servers) to a scale-out model.

Virtualization 2.0 includes a host of new use cases (shouldn’t be surprising to anyone) that include:

·         Load-balancing for SLA Mgt

·         Power-optimization

·         High availability (no downtimes)

·         Disaster recovery and business continuity

·         Hosted clients

·         SOA & Utility computing.

I see three key foundational tenets as the underpinnings for these usages.  First are the “abstraction” and the “convergence” of compute servers, storage and networks. It has been happening, but virtualization 2.0++ is driving (and will continue to drive) a seismic rethink in how Data centers are architected, and the data center would be a “Fungible” pool of infrastructural resources, for a wide variety of services that IT provides to run the businesses.   I will get deep into the implications of this to IT operations, etc, in a follow on blog, but will leave you with this thought.  The new control point in the data center, both architecturally and operationally, would be the integration of compute, storage and network virtualization architectures.  Key industry players like IBM, HP, Cisco, EMC, VMWare and Microsoft are introducing integrated solution architectures targeted at positioning themselves as the first vendor of choice for this emerging direction.  This foundational tenet, coupled with the merits of Service-Oriented Architectures (SOA), is providing an infrastructure for ‘Cloud Computing’.

The Second core tenet is the mobility of Virtual machines - The migrate-ability of the ‘encapsulated’ Virtual machines on this abstracted infrastructure for the best performance, operational cost and SLA management.  They are no longer tied to a server or a set of servers. In some cases they are not tied to a datacenter; hybrid models are emerging where these VMs would execute in the ‘enterprise’ data center, or on external clouds – the optimal place for the best TCO, and SLA management  (Yes, yes, there are security, compliance, accounting, performance concerns… I agree)

The third core aspect is Manageability.  The abstraction and the mobility, coupled with IT’s job of ensuring security, reliability and compliance brings a totally new set of requirements for Manageability.   

If done right, the benefits of Virtualization 2.0 (and 2.0++) to IT shops would be in the form of reduced administrative costs, improve productivity even as demand goes, reduce energy and cooling costs, etc,   however, there are quite a few challenges with the adoption of Virtualization 2.0.  Let us briefly look at these.

Challenges with Virtualization 2.0

1.      There is a significant challenge in the management of large scale virtual infrastructures. There are no clear boundaries and responsibilities in terms network, storage and datacenter management teams.  The emphasis on monitoring and management in Virtualization 2.0 is shifting from virtual machine (VM) management to service management; i.e., knowing how a business service is performing and which components of the Data Center (network, server, VM, applications) are working properly and which are not. Hence, it's no longer sufficient to just monitor the uptime or resource usage levels of virtual machines and physical servers and conclude that the entire IT infrastructure is working right.   More granular monitoring and management of resources would be needed to provide precise QoS and SLA management.

2.      VM Mobility – The Mobility of Virtual machines puts requirements on the underlying server CPU architectures, and has challenges with networks and storage.  Such mobility occurs via either a cold migration - which simply copies the virtual machine and restarts a copy somewhere else. Or a live migration, which moves a live running virtual machine, while maintaining state.  There are clear cases where cold migration is sufficient, but the flexibility and agility that is inherent with the virtualization 2.0 use-models requires the ‘live migration’ of VMs. 

·         VM Mobility and the ‘Compatible CPU Architecture’ requirements: Successful migration relies on compatibility between the processors of the host servers within a cluster. For live migration to take place, the source and destination servers must be in the same cluster and must have processors that expose the same instruction set., In the past, it has not been possible to mix servers based on different processor generations, each of which support different instruction sets, within the same cluster without sacrificing the ability to live migrate VMs across hosts supporting different instruction sets. As a result, IT organizations have needed to create separate clusters for different server generations. This has limited our ability to provide an agile data center environment because it creates islands of compute capacity, resulting in data center fragmentation.  Intel’s VT FlexMigration assist, together with VMWare’s Enhanced VMotion, provide a solution. These products are designed to allow IT to maximize flexibility by creating a single pool of compute and memory resources using multiple generations of Intel processor-based servers within the same cluster.  This can reduce the number of pools, increase the efficiency and utilization of servers.

·         VM Mobility & networks: Today, when Virtual machines move on the virtual infrastructure, its network properties and policies are not retained.  Connection state, ACL, Port Security properties, ACL Redirect, Qos Marking, etc are lost as these VMs move across hosts.   Technologies like the VMWare distributed switch, and Cisco’s Nexus 1000v are specifically targeted to address the ‘Network and Security’ aspects of VM Mobility.

3. Licensing in Virtual environments:  Licensing rules for applications, development tools, data management tools and operating systems often make a completely virtual environment more costly than the organization expects.   Most all ISVs are looking at ‘virtualization’ friendly licensing models, but they are far from being there.  Example:  With Oracle database servers, if you have a 16core server as your host, it doesn’t matter if you database VM uses 4 vCPUs, you would still need the license for 16 cores.  If you would “Live Migrate” the VM, you would need the license on each of the host… This gets prohibitively expensive and impractical.

4. 10G Networks and Converged Fabrics: The Compute power on the servers has increased dramatically, and with the advent of 8 core processors, the bottleneck clearly moves out of the server, and on to the network and storage bandwidths and throughput.  Virtualization 2.0 will require the consolidation of network traffic and will also increase the need for more bandwidth to the server, both of which will be possible as enterprises make the move to converge and consolidate data, storage, and inter process traffic on 10GbE networks.  10GbE and the converged networks need new switches, access cards, and also a rethink of how applications view the network I/O.  

5. Security and Isolation guarantees – The hosting of multiple ‘services’ on an abstracted virtualized infrastructure has very specific needs on Security and isolation, multi-tenancy isolation, compliance and audit requirements..  In addition to providing these on a server (for a given service), the infrastructure has to guarantee these across the infrastructure – doesn’t matter on which server (and where) the service and data reside/execute, they need to be secure and isolated. 

In conclusion, Virtualization 2.0 would have a dramatic impact on the architecture of the data center, and also IT architectures and operations.  IT shops will use virtualization for administrative cost reduction, better resource allocation, and more flexibility in a mobile world.   Coupled with Service Oriented Architectures,, the promise of true service-oriented/utility computing might be closer than it has ever been with Virtualization.

Would love to hear your thoughts and views on this..

I recently spoke with a large financial customer that has several hundred sparc boxes ( mostly inherited from an acquisiton). These systems are a challenge in that they are aging - some running out of available maintenance, slow, old, and the expertise in the company just doesn't extend to this architecture.

They were also very proud of there virtualized Xeon architecture where they could move vm's quickly to maximize efficiency and optimize resources. I think it is time to bring these two together.

So given 500 solaris servers:

about half of these are running enterprise applications - like Oracle(tm) - that run just great under windows or linux. Move these today.

Of the other half, most of these are - performance wise - tiny servers. You could put dozens of them - maybe all of them - in VMs on just a few large xeon servers. ( Don't forget about the phenominal virtualization perofrmance on the Xeon 7400 that Intel announced last week at IDF )

So how do I move these custom solaris sparc based physical servers into my super efficient Xeon based virtual machines?

Three ways:

1) recompile the apps for solaris 10 - which runs great in a vm on your virtualized pool

2) Use transitive quicktransit and move the binaries to Solaris 10 or Linux vms in the pool

3) Move to the windows or linux version of the software, or replace it with software that does the same business function.

Presto - 500 physical legacy servers - collapsed into a more efficient, more manageable, more modern pool of resources. What will you do with all the free space?

In part one of this "series" ( ok, mini-series) I spoke about the benefits of Server refresh. It is pretty huge for most installed servers. In many cases an IT manager could see a 5x jump in compute capacity by replacing depreciated servers. If these are older single core processor based servers, the number is probably even greater. Hopefully a 5x increase in capacity can push out your data center construction needs.

My next recommendation revolves around virtualization, or more specifically consolidation through virtualization. You can skip the words now and jump to the video below.... but since you are still reading, here is an intro to the video. I have seen a lot different data on "enterprise server utilization" but most of it pegs the meter at 10-15% utilization for volume landscape servers. ( By the way, that is a low number, not something to be proud of) Now, if you follow my advice and replace all these less-efficient older servers with cutting edge high efficiency Intel quad core machines, on a one for one basis, you are going to see some pretty un-pleasant utilization. Think single digit. In a nutshell, it is time to virtualize and consolidate. If you both virtualize and carefully manage and balance your workloads, it is reasonable to expect another 5x capacity boost through improved utilization. AND 5x5x=25x* more capacity ( in the same space and power!) (Try out the Intel consolidation calculator) vid 2

Ok, nothing is free, but some things are a pretty good deal. I spoke last time about the capacity boost delivered through virtualization. I threw out some big numbers, so here is a bit more detail. More accurately this capacity comes from applying virtualization to a new model for data center management ( you will have to do more than install a hypervisor). I felt pretty conservative with my 5x multiplier in five years.

Even if all you ever read is the in-flight magazine, you know virtualization is a big deal. Hype aside, virtualization is the foundation for realizing the "next generation data center-NGDC". Utilization on enterprise servers is pathetic. The number I used was 15%, but I have heard many customers talk of 5% or even less. The target I used for a super efficient data center was 75% utilization - hence the 5x.

Getting to 75% average utilization will take a lot more than simple consolidation of physical servers onto a virtualized server. This is why I jump to NGDC requirement. Reality says server utilization is all over the place, with odd spikes and many differences in where the bottle neck is. Capacity limitations can be in CPU, Memory, Disk, or Network.

The key to maximizing consolidation is in achieving what I call "Dynamic Resource Management" or sometimes Dynamic Resource Pooling. DRM is what moves the NGDC beyond simple consolidation to Policy Based Balancing of data center resources. In the DRM model a server has become a virtual collection of compute, storage, and network resources. This model is beginning to emerge in commercial offerings from VMware, Microsoft, Sun, Cisco, Virtual Iron, and others.

The trick here is to couple the ability( like in vmotion from VMware) to move a VM from one set of hardware to another, with policy based moves. In my view this makes DC efficiency "just" another logistics optimization problem, not unlike airline scheduling or package delivery. "A game to maximize the utilization, minimize energy use, maximize availability, gracefully handle exceptions, and meet all my SLAs". i.e. a really hard problem. I have tried to capture this journey to NGDC in a compelling graphic, but all seem to fall short. (Thinly veiled request for better pictures of NGDC)

For now achieving the NGDC requires complex software stacks, coupled with management heroics. Intel, IMHO, has the best roadmap and view of this future as shown in the addition of virtualization features across compute, storage, and network. I would like to hear from others where you see barriers and bridges to NGDC. Who are the rabbits leading the way to this dynamic data center?

I read recently that 50% of data centers will exceed capacity by 2012 - capacity being some variable combination of physical space, available power or available cooling. I am skeptical. I agree that if you project the current growth rate and available capacity and such, you could come up with the 50% number, but, we are far from status quo in our data center opportunities. I would hesitate to break out the wrecking ball. Today I see three, sort of distinct, opportunities that every data center manager should be looking at very hard before they write the big check for new real estate.

The first is efficiency. There are numerous avenues available here including consolidation (through virtualization), server refresh with more powerful ( and more efficient ) servers, and new approaches to cooling. If we quit thinking of the data center as a room, and start thinking of it as mainframe in a really big box, our approach to cooling can become radically different. Why make a data center comfortable? Instead just keep it within the boundaries of warranties. Nobody wants to be in there anyway. Data center optimization should be your first initiative - learn more opportunities for effiency from Werner.

The second path to capacity containment is external hosting. Improvements in network speed and reliability have nearly negated the need for local data centers, and many businesses already rely on geo distributed data centers. The shift to letting someone else build and run the raised floor area just makes sense. I think of the shift from self run data centers to commercially hosted data centers much like the shift from private to commercial suppliers for power and communications. It is also a shift that can be executed incrementally, moving just some of the application hosting to a service provider. A variation on this theme is the SAAS( software as a service) model - for example salesforce.com*. Virtually everyone in the application business is offering, or planning to offer soon, down the wire applications. Can you really run an email system for your staff better than a commercial system? By applying data center optimization and taking advantage of targeted hosting and SAAS, a data center owner can squeeze at least a few more years out of the current raised floor real estate.

For some businesses, or at least for some of their applications, commercial hosting or SAAS is not seen as viable. The application is too important a value differentiator, or the data is too big, or the work to special, or, whatever. This is especially prevalent in engineering and finance where large amounts of "top secret" compute are executed. Well, there is a solution here as well. When you need to "own every line of code, and how it is run" you can still shift some of the work to machines outside your data center and defer capacity expansion. I am referring to "cloud computing". The most recognized example of this is in the compute service offered by Amazon* that uses spare cycles in their server structure. I think we will see a growing number of large scale internet and service companies offering up clouds. With cloud computing you push a "unit of work" to be executed in a service providers compute cloud. With appropriate encryption and obfuscation, the "unit of work" can remain as secret and secure as you wish. The application, database, and work results remain under local management and control.

If I were looking at a shrinking capacity window( any type of capacity) in my data center, I would pay attention to these opportunities, and their variations. I would be looking very hard at my next $25,000,000 data center expansion to understand if an alternate approach and architecture could shift those funds to better use.

_{*Other brands may be claimed as the property of others}