Do we really need to go that deep into virtualization? I may sound dumb to try to reason against something that everybody is embracing, but that's usually what I like to do about hypes :-)
OK, you'll probably throw a lot of advantages of virtualization on me. And I agree that most of them are true. I was reading that some companies are being able to increase their hardware processors utilization from 10 to 60% through virtualization. There is also all that high availability stuff from VMotion and other new products that are being released everyday. OK, but...
Let's go back some years and see how we end up where we are. Imagine that you had to put two new applications in production, A and B. To ensure proper segragation you decide to put both applications on their own servers, X and Y.
Of course, are they are both critical apps, you also build servers Z and V for high availability purposes.
In a few months, people start to complain the servers utilization is too low. They are consuming too much power, rack space, blah blah blah. Ok, then someone gets a nice rabbit from a hat called virtualization. Wow! Now you transform the hardware X and Y into VM servers (or whatever you wanna call it), build separate VMs for A and B and as you VM product has a nice feature of dynamically moving images from a box to another, you don't need Z and V anymore. Wow! You've just saved 50% of servers related cost!
OK, could probably be worried about putting those application in the same "real" box. After all, you decided before that they should be running on different servers, and here they are on the same box! But you look into the problem and notice:
- One virtual server cannot interact with the other- Problems caused by application A still can't cause problems on application B server- A security breach on virtual server A will not affect virtual server B
Ok, everything is still good and you go to bed happy with the new solution.
No, people are greedy!
Seriously, now that we have all those servers on the same box, why can't we have a little more control over their access to resources available? Like, if one server is not using all memory allocated to it, why can't the other one use that when it needs? Same for processing power, storage? But in order to do that the Hypervisor would need a better view into what is happening into those black boxes...why not make them aware of the VM environment? Build APIs that allow communication between the guest OSes and the hypervisor? Nice! Now things are starting to get really advanced!
But where is that segregation that was mentioned before? Won't all this interaction between the HV and the guest OSes reduce the isolation? Of course it will! Some attacks from guest OSes to the HV or to other guest OSes are now possible. Anyway, it's the price for better management and better resource utilization. Isn't it?
Yes, it is. We already knew it! Isn't it the price to put two application on the same REAL box? Let's see. We want hardware resources to be shared by the applications and something controlling it. One application shouldn't be affected by the other or access non-authorized resources. And we want high availability too.
Well, please tell me if I'm wrong, but for me these things are just the requirements of a good Operating System with cluster capabilities!
Virtualization guys usually refer to mainframes as a virtualization success case. They are right about it. But on mainframes LPARs (their name for VMs) are usually used to isolate completely different environments, like development and production. It is very common to find several applications running on the same LPAR, being segregated only by the OS and Security Manager (that can be seen as part of the OS). Usually, LPARs are used because organizations can't afford different hardware for things like, testing, certification and development, whilst on the "new virtualization" world VMs are used to optimize resource utilization. As far as I remember from my Operating System course classes from university, that was the Operating System role.
Are we creating this beast because we couldn't produce a Operating System that does its job?