Redmond Roundup

Controlling Virtualized Server Sprawl

These four tools provide excellent capabilities for reining in runaway virtualized servers.

• By Alan Maddison
• 04/01/2010

As virtualization technologies have matured and become ubiquitous in many organizations, IT professionals have begun to lose control of the number of virtualized servers they have to manage. Commonly known as server sprawl, the phenomenon that's currently on the mind of a lot of IT managers comes in different forms. The form that's most readily recognized as server sprawl exists when provisioning of virtual machines (VMs) occurs without proper justification or understanding of the costs involved.

Resource sprawl is another form of sprawl that affects many organizations. A one-size-fits-all approach to provisioning has created the scenario in which companies deploy VMs with pre-determined resources that don't necessarily match the actual requirements of the VM. In this situation, there are two factors at work. The first is a lack of insight into actual usage within the existing environment; the second is a lack of capacity planning.

Fortunately, many of the tools vendors that provide management capabilities for virtualized environments have taken up the challenge of controlling virtualized server sprawl. However, as a general rule, it's important to remember that all these tools treat server sprawl as a symptom of more fundamental problems in a virtualized environment. Consequently, tackling server sprawl is just one feature of much larger system-management solutions. Simply put, IT pros are probably not shopping for tools that solely address server sprawl, though that's a key feature of various types of vertical management solutions. In this report, we look at those currently offered by Embotics Corp., DynamicOps, Hyper9 and Catbird Networks Inc.

Embotics V-Commander
V-Commander from Embotics has functionality that surpasses the basic requirements of providing the information necessary to rein in server sprawl. With thorough and clear documentation and a straightforward installation process, V-Commander lends itself to rapid deployment.

IT pros deploying V-Commander will appreciate the product's documentation. While many companies do a good job of documenting installation and configuration for their products, Embotics has produced exceptional documentation for V-Commander and provides worksheets to help with planning the installation and configuration process. Currently at version 3.1, V-Commander is designed to manage the entire lifecycle of a VM. It offers a policy-driven approach to management that provides both flexibility and granularity.

With support for up to 10 VMware vCenter servers, automated discovery of both online and offline VMs, and enterprise-wide role-based access control, V-Commander can support the largest of environments. As a sophisticated tool, V-Commander offers several approaches to solving the problem of server sprawl. Perhaps the most basic approach involves the capabilities of its reporting and analytical engine. Built-in reports are extensive, and examples include the ability to spot trends in VM provisioning, as well as storage over-provisioning on individual VMs. Also included is activity reporting, which provides historical details on changes to VMs.

Extending and enhancing this reporting capability is the ability to add metadata to VMs. This metadata, in the form of custom attributes, offers a tremendous amount of flexibility in the information that can be associated with a VM. It's easy to track information such as owner, cost center, auditing requirements and much more. However, identification of VMs that are no longer in use, have been over-provisioned or were never authorized in the first place is just the first step in controlling server sprawl. Providing the tools to easily deal with these VMs or to prevent them from ever having been created represents another level of capability.

V-Commander offers this capability by providing a policy-based approach to automating VM management. There are a number of possible policies offered by default. For example, a policy for VM expiration provides IT managers the ability to temporarily provision VMs in response to specific needs. Once these VMs have "expired," V-Commander provides a number of options to deal with them: They can be deleted, removed from inventory or simply suspended. Administrators can also use the reporting functionality to track VM expiration or use built-in e-mail alerts to respond to upcoming expiration. This ability to automate the lifecycle management of a VM is a critical process in controlling server sprawl.

DynamicOps Virtual Resource Manager
Virtual Resource Manager (VRM) from DynamicOps is a sophisticated and powerful management tool that offers a great deal more functionality than simply being able to help control server sprawl within a virtualized environment. Currently at version 3.3, VRM started out as a prototype of a tool that Credit Suisse Group AG was asking vendors to provide to it. Because no vendors were forthcoming, Credit Suisse pushed ahead on its own and developed VRM into a complete application.

Two years ago, that effort resulted in Credit Suisse spinning off DynamicOps as a commercial entity, and VRM became one of the leading virtualization-management and -provisioning tools on the market. VRM provides a flexible and highly granular policy-driven approach to virtualization management that can solve many of the operational challenges IT pros currently face. The product is focused on medium to large enterprises. Some of VRM's key capabilities include automated provisioning and lifecycle management for VMs, in-depth reporting, support for workflow-driven processes and chargeback capabilities. As it relates to server sprawl, VRM offers a comprehensive approach to VM management and provisioning. Specifically, it offers three different capabilities that are each powerful in their own right.

The most basic of these capabilities is reporting and analytics. VRM offers in-depth reporting with highly flexible filtering to accurately identify and track VMs and segment reporting in many different ways. This reporting capability alone would provide sufficient information to allow IT people to be much more proactive in the identification and management of surplus VMs.

However, VRM goes further by allowing IT pros to create sophisticated workflow processes to automate the handling of VMs. For example, when the goal is to remove VMs, VRM makes it possible to create a workflow process to notify the owner of the VM of IT's intention to delete it. Among other options, it's also possible to choose to archive the VM. Perhaps VRM's most sophisticated solution for controlling server sprawl is its powerful provisioning process that provides a high degree of granularity in defining VM builds so that IT managers can optimize use of resources. Moreover, VRM uses the concept of leases to ensure that IT can reclaim a machine automatically once its lease has expired if a VM is only needed for a specific length of time. Taken together, all three capabilities offer a comprehensive approach to controlling sprawl.

Hyper9 Virtual Environment Optimization
The third tool in this roundup comes from Hyper9, which, although a relative newcomer to the virtualization-management tools space, has a strong management team with years of virtualization experience. This experience shows in the quality of the Hyper9

Virtual Environment Optimization (VEO) product. From a learning perspective, this product has a unique capability in that it offers short instructional videos built into the application interface. For IT pros new to the product, this is an excellent time-saving tool, as the videos focus on common tasks. Instead of searching through a help file, an IT pro can simply watch the video and then go directly to the task.

Using a framework based on a sophisticated and powerful search engine, Hyper9 offers a number of core capabilities that make VEO an excellent tool to control sprawl. The company has also made integration a key part of its product. Hyper9 has published an open Web services API and has provided a Windows PowerShell wrapper to this interface. For many organizations, this will be of tremendous importance given the amount of flexibility this approach offers.

Moreover, the development team has clearly gone to some length to make VEO easy to use and deploy. The effectiveness and intuitiveness of its Web-based interface is surprising given the powerful reporting and analytics engine that lies at the heart of the product. Using what Hyper9 calls Agile Analytics, VEO offers tremendous data-analysis capabilities. With a comprehensive approach to data collection, this analytical capability is significant and at the heart of the product's ability to rein in server sprawl.

Using the built-in reports or ad hoc reporting capabilities, IT pros can quickly identify all of the VMs in an environment and drill down to the VMs that are powered off, have not been accessed recently or are on but not utilizing any resources. In fact, it's possible to segment the data in nearly any way imaginable. Add in the ability to associate metadata with each VM through the concept of labels, and organizations can attain a new level of insight into their environments. This insight goes beyond just the virtualization team because VEO also offers integration with other business users by allowing them access to data that's relevant to their needs. By making information readily available to all of the relevant parties, IT can go a long way toward regaining control of the virtual environment.

Catbird vSecurity
The final product in this roundup is from Catbird, a company with a stellar reputation in the virtualization industry -- particularly in relation to its security products. Building on strong roots in securing physical infrastructures, Catbird developed vSecurity to provide the same high levels of security and control in a virtualized environment. With the product, Catbird has achieved a great deal of recognition within the industry.

As one of the leading vendors of virtualization security products, Catbird also has a very interesting view of server sprawl and the underlying issues that can cause it to be a problem. This view centers on Catbird's belief that server sprawl is a security issue. While at first this view might seem somewhat counterintuitive, it's actually quite compelling upon closer examination.

Consider a common example of server sprawl. An IT manager creates a VM, which serves a temporary function and is then powered off but not deleted. This VM will pose a security risk if it's ever powered on again, as it's unlikely to be patched while it's offline. Moreover, this unique insight into the problem provides compelling justification for tackling the issue of server sprawl. As part of the process of securing an environment, vSecurity has a deep insight into the disposition and configuration of the virtualized

infrastructure. Virtualized appliances called vSecurity agents, which are deployed within the virtualized infrastructure Catbird provides, offer a sophisticated discovery and monitoring capability that's extremely effective at tackling server sprawl.

Once IT has completed its discovery processes using a wizard-driven interface, Catbird places what it calls HypervisorShield Asset Discovery VM into TrustZones, where they're closely monitored. This initial discovery and classification process is a critical first step in providing the information to identify and remediate existing server sprawl. However, it's vSecurity's sophisticated monitoring and control functionalities that provide the ongoing management capability to prevent server sprawl from happening again.

Four Solid Products
During testing, which involved taking an in-depth look at the product from installation to basic configuration, it became clear that each of the four products reviewed here is effective in providing the tools and processes necessary to rein in server sprawl. In fact, they're all more than capable of tackling a host of other issues that are common to virtualization management, and their real value lies in what other management challenges they tackle.

As a result of these differences in product capabilities and in the quality of each tool, it's difficult to make a general recommendation because so much of the justification for purchasing such a tool is organization-specific. As such, we've replaced our usual Redmond rating system with the Management Discipline chart. The chart categorizes the management disciplines in which these tools excel.

A note of caution: While the offerings from DynamicOps and Catbird are sophisticated enterprise-class tools, they will almost certainly fall outside the budget of many smaller organizations.

Still, it's definitely time to implement a tool to control server sprawl, and any of the tools in this roundup would provide a great starting point.