INTEROP: Focus on virtualization as financial world shakes
- — 19 September, 2008 09:29
Virtual technology itself presents weak spots for attackers to take advantage of, he says. In particular, virtual environments are a "management nightmare" where each virtual machine may spawn another that could appear virtually anywhere. This makes instances of servers hard to find let alone protect, he says, and this "server sprawl" can lead to catastrophic failures, he said.
Individual virtual machines, called guests, can fall into vulnerable configuration due to a feature of virtualization that suspends them when they are not used, he says. When the applications these guests host are needed, they are brought back online, but in the meantime may have missed critical security updates and are left open to exploits.
Hypervisors that oversee virtual servers are designed to be small and simple to make them more difficult to attack. But they can be exploited according to publicly announced research, and that allows unlimited access to all the virtual machines they control, Corman says. "If they get into the hypervisor, the game is over," he says.
While grappling with the rigors of virtual security, show-goers were encouraged to embrace green networking principles, if not for actual costs savings then for the goal of reducing corporate carbon footprints.
"It's about efficiency as much as it is about anything else," said Johna Till Johnson, president and senior founding partner of Nemertes Research, of the dual-pronged impetus for green initiatives.
The drivers are there: Most servers use 50% of their rated power even when idle, so they're using 50% of electricity but doing 5% work, Johnson said.
That means that for every 100 servers only five are in use. Turning off the other 95 would result in 47.5% efficiency, she said. In addition, for every productive dollar gained from servers, almost two dollars are wasted in UPS, AC/DC conversions and fans, Johnson said.
Even so, 80% of companies recently surveyed by Nemertes have no corporate green policies; only 13% knew data center energy costs; only 3% turn off their servers when not in use; and desktops are left on 50% of the time.
Miami-Dade's public schools started a green initiative as a cost-saving measure. But it required the cooperation and support of the faculty and students at each school, said Paul Dunn, senior network analyst for the schools, said.
"We had to go to the CFO to get the project and funding approved," he said. "We were spending [US]$8 million per year in electricity just to keep computers going. But the buy-in had to be from grass roots, the school sites. Their cooperation made it happen. Kids don't care about saving money but they do care about green initiatives."
Dunn said that cooperation will help the school district establish custom scheduling per site to try to save even more money from energy efficiency.
Johnson said green IT initiatives have to start like that -- with corporatewide policies or mandates to consolidate IT assets, encourage telecommuting and virtual work, establish sustainable supply chains, and recycling.
Half the total carbon footprint for KPMG's back-office campus is from electricity, and half of that goes to power the data center, says the firm's CIO, Rowan Snyder. "I'm not a tree hugger, but it's a significant issue," said Snyder, who spoke on a panel about the status of IT in corporations.
If IT projects don't actually save money, they'd better help generate some, says Joanna Young, CIO of insurance company Liberty Mutual, who spoke on the same panel. "There are no IT projects anymore, there are business projects. The question we always ask is, 'What is the smallest IT investment we need to make to have this [business result] happen for you?'"
As Wall Street sagged, she clung to the hope that her company in particular might be spared some of the stock-trading volatility. "We are not a public company, which might be good today," she said.