New VMware ESXi Server - Configuration Checklist

Introduction

In this article, VMware ESX Video author, I will provide a step by step configuration checklist for the proper planning, installation, configuration, and security of a new ESXi Server. While installing ESXi is not difficult, installing it properly is.

Let us begin

One of the best things about VMware ESXi (besides being free) is that it is quick and easy to install. However, there is more to properly configuring it than just getting it installed. Not only do you want it installed but you also want it configured to function for all your future needs and to do so securely. Let us see how to do just that.

VMware ESXi New Server Checklist

I will break this new VMware ESXi Server Installation Checklist into 3 phases:

1. Installation
2. Console Configuration
3. VI Client Configuration

Let us get started with the Installation phase…

Installing VMware ESXi Server

1. Verify that your hardware is compatible with VMware ESXi. Use the VMware HCL (hardware compatibility list).
2. If you do not have it already, you will need to download an evaluation copy (or purchase a copy) of VMware ESXi. Fortunately it is free and not too terribly large to download. You can download it at the VMware ESXi Server free download site.
3. Prior to the ESXi Installation, you should review your server BIOS settings. You will want to enable VT if you want to have 64 bit guests and disable BIOS controller power management. As with the installation of any operating system, you want to make sure that the boot order is going to allow you to boot from the ESXi installation media.
4. Insert your installation media and boot up ESXi. In my case, I performed the Installation inside VMware Workstation using my video instructions on Installing VMware ESXi inside VMware Workstation which allowed me to get these installation snapshots.
5. Typically, you will take all the defaults in the installation. Here are some sample screen shots with comments of what to do at each port, below them in the comments:

Figure 1: ESXi Installation

Figure 2:  Press Enter to begin Installation

Figure 3:  Press Enter to Accept the default hard drive for install

Figure 4: Press F11 to Install ESXi

Figure 5: Press Enter to 

VMWare ESXi Console Configuration

Once ESXi has successfully installed and rebooted, we have a list of tasks to perform at the console level to properly configure it. This “ESXi Console” as I call it is technically called the Direct console user interface (DCUI) but for the purposes of this article, let us just call it the “ESXi Console”.

Press F2 to customize the ESXi Server using the console (below).

Figure 6: Once booted, press F2 to Customize

Going down the list from the top to bottom of the console interface, here is our list of what we need to configure at the console level:

1. Configure the root password

Figure 7: Configuring the root password on a VMware ESXi Server

1. Configure Management Network – the networking for the ESXi Server is called the “management network” so in this step, you need to configure the IP address, subnet mask, and default gateway. While your server will likely start out with an IP address obtained from DHCP, as this is a server, you need to configure a static IP address.

Figure 8:  configuring the static IP Management in ESXi

1. Configure DNS Servers on this ESXi Server – Just as you tell your PC what DNS Servers to use and what the domain is that it should use, you also need to tell your ESXi Server. Go into DNS Settings inside DNS Configuration to give this server the DNS Server IP’s and its hostname.

Figure 9: Assigning DNS Server Installation for ESXi Server

1. Next, you need to add a Custom DNS Suffixes to assign the DNS Suffix for this ESXi server.

Figure 10: Assigning a Custom DNS Suffix

Now, Exit the Management Network Configuration by pressing ESC. You will be prompted to confirm that you want to save this new configuration. Make sure that you accept the new configuration with a Y for YES.

Figure 11:  Accepting Changes to the Management Network

1. To ensure that this server is properly configured, you should use theTest Management Network function in the console, like this:

Figure 12: Testing the Management Network

What is this? Our Management Network Test failed? This points out that we need to make sure that this ESX host is able to resolve DNS and above to resolve its own DNS hostname. Now, let us add it.

1. To resolve the fact that this ESX host is not in DNS, go to your DNS Server and make a host entry for the new ESX host, like this:

Figure 13:  Adding a Windows DNS Server host entry for the new ESXi host

From here, we are done with the console configuration so let us move onto administering the new server using VMware’s VI Client.

VI Client Configuration

1. Connect to your vCenter Server and add the new ESXi server to vCenter. Authorize as the root user and I recommend enabling lock down mode at this time.

Figure 14:  Adding the new ESXi Host

1. Configure Licensing – if you have the vCenter Server licensing configured to “change host license server settings to match these VirtualCenter Server settings whenever a host is added to the inventory” then the new ESXi Server licensing should be automatically configured. Still, you should check your licensing for the new server and verify that it is properly licensed (not an evaluation) and that any optional features you need (like VCB or VMotion) are enabled.

Figure 15:  Checking Licensing for an ESX host

1. Connect ESXi Server to SAN – iSCSI or FC. For more information on ESX Server and iSCSI, see my articles How to create an inexpensive iSCSI SAN for VMware ESX and Connect VMware ESX Server to a free iSCSI SAN using Openfiler.
2. Configure NTP Server & Start NTP – it is important to have the proper time configured on your ESXi Servers for a variety of reasons (logging, security, iSCSI authentication) and NTP is the correct way to do this. To enable NTP, go to the Configuration for your server, click on Time Configuration, and then click Properties.

Figure 16

Add a new NTP Server such as pool.ntp.org

Figure 17

Then set NTP to Start Automatically and then Start NTP.

1. Consider Security - while ESXi is a very secure OS already (even more secure than the regular ESX Server), I encourage you to consider the security implications of it. Here are a couple of things you can do-a. Read the VMware VI Security Hardening Guide and consider what it recommends. This guide was recently updated to cover ESXi (ESX 3i 3.5).b. Get on the update list to be notified when the new version of TripWire ConfigCheck will be released which will support ESXi (3i). This is a very powerful tool and I highly recommend it but, so far, it only supports ESX Server (not ESXi). They have an email notification list you can joint to be notified when the new ESXi version is released.
2. Consider Documentation & Communication – these are two areas that are too often forgotten. When adding any new server, you need to update your documentation, hardware inventory, network management, and more. You also need to notified other administrators that the new server is available and how to administer it.
3. If you will be wantig to gain access to the command line on your ESXi server, read my article How to Access the VMware ESXi Hidden Console
4. Configure options features, such as vMotion, VCB, and/or other backup solutions.

Conclusion

In conclusion, adding a new VMware ESXi Server should be quick and easy. However, there are often many parts of adding that new server that are forgotten until later. By having a quick checklist for installation and configuration, adding that new server can be easier and you will save time in the long run.

Using Roles to Secure your VMware ESX Infrastructure

Introduction

If you think about it, both Windows and Linux have security roles. In Windows, you might be a print server operator, server administrator, or backup operator. These are some of the built-in roles that Windows calls “built-in groups” (which has been assigned special Windows rights to perform some actions). VMware is no different from these operating systems in the sense that it has its own build in security roles and that you can also create your own security roles. Let us learn more about them.

How does VMware ESX Infrastructure security work?

In VMware ESX & Virtual Infrastructure, security is configured at various levels using permissions. Permissions are the core of VMware infrastructure security. These permissions are a combination of a user/group and a security role that is applied to some level of the VMware Infrastructure.

If you are using VMware ESX or ESXi without vCenter, permissions are assigned at the ESX host and VM guest level. If you are using VMware vCenter, you have additional levels of security that permissions can be applied to.

For example, there is a permission tab, shown in Figure 1 below, at the VM Guest level.

Figure 1: VMware Infrastructure Permissions Tab

Notice in Figure 1, how the permission tab shows the user/group and the roles that form the permission that is applied to this VM Guest. The permissions tab also shows where this permission is defined at.

In the case of the permission tab in Figure 1, this permission is not actually applied at the level of this VM Guest. This permission is applied at the Hosts & Clusters level (the highest level in the VMware Infrastructure Inventory).

But what about roles? That’s what this article is about so let us get on with that…

How do you use Roles to Secure your VMware ESX Infrastructure?

While VMware Infrastructure Security Roles are used in the Inventory section of the VI Client, they are not defined there. Roles are defined by clicking the Administration view, shown below in Figure 2.

VMware Infrastructure Administration view contains:

• Roles – what we are covering in this article
• Sessions – who is logged into vCenter and the message of the day
• Licenses – what licenses are in use, what types, by what servers, and how many remain
• System Logs – VMware ESX & vCenter system logs
  
  

  Figure 2: VI Client Administration view to add a role

On the Roles tab, you will see the currently defined security roles for your VMware Infrastructure. If this is the first time you have been in here, likely these are the default roles. Some of the more important default VMware Infrastructure Roles are:

• Read-Only – just what it says, for any object that has the read-only role defined, the security group user associated with it will have only the ability to view (read) the status of that object. For example, perhaps the IT Support Help Desk group should have read-only access to all VMs so that they can check status to see if a VM is up or down.
• Administrator – by default, the virtualization omnipotent power role that the administrator user will have across the entire infrastructure. Very likely, you shouldn’t assign the administrator security role to anyone or any group because you need to be more selective. You need to apply the “principle of least privilege” and assign the least amount of privilege required for someone to do their job. For example, if someone just needs access to administer a single virtual guest machine, then they just need the virtual machine administrator role, below.
• Virtual Machine Administrator – this is the ideal role to assign to a user or group of users that need to manage a virtual machine (or group of VMs) that are specific to their area. For example, perhaps you have database administrator (DBA) who needs to manage four SQL Server VMs. You could assign that DBA (or the DBA group) the virtual machine administrator role on those VMs. Even better, you could create a folder in your virtual infrastructure, put the SQL servers inside, and assign the DBA group the Virtual Machine Administrator role on the entire folder.
• Data Center Administrator – in larger virtual infrastructures you will have multiple virtual datacenters administered by multiple groups of administrators. To properly secure and design this in vCenter, you create virtual data centers, move the appropriate ESX hosts and VM guests into them, and apply the data center administrator role to them, combined with the proper security group for the administrators who will manage that virtual data center.

Again, these are just a few examples of default roles. A couple common examples of how these roles would be assigned are:

• Administrator Role could be assigned to the Windows Administrators security group
• Read only role could be assigned to a help desk group

While the default roles are very usefully, likely you will want to create custom roles. To add custom roles, click Add Role, select a set of privileges, and give the role a name. Alternatively, you can also clone an existing role and modify it.

Let us add a new SQL Server DBA Support Role by cloning an existing role. To do this, I go to Administration, select the Virtual Machine Administrator Role, and click on Clone Role. A new role is created called Clone of Virtual Machine Administrator. Now, I right-click on this role and click Edit Role. I then rename it and call it SQL Support.

Figure 3: Cloned Security Role

Now that we have our new role, we need to apply it to some VM guests, a folder, or cluster in our virtual infrastructure. In our case, let us say that we have a DRS/HA cluster of SQL Servers called SQL Server Cluster. Back in the Inventory view, I click on my SQL Server Cluster, then on the Permissions tab. On the permissions screen, Iright-click in the white-space area and click Add Permission, as you see in Figure 4.

Figure 4: Adding Permission to the SQL Server Cluster

I now select the new custom role we created, SQL Support and click Add to add a user or group. In my case, I select the SQLServer2005Admin Group that was already created and click OK. We now have our new custom role assigned to the entire cluster. As we close to propagate this permission, this permission also applies down to all the objects in this cluster. However, as we copied the virtual machine administrator role, this group of SQL Admins should only have permission to manage the virtual guest machines in the cluster, not the cluster itself or the ESX servers in the cluster. Here is what it looks like:

Figure 5: Assigning Permissions

Instead of cloning an existing role, you can also create your own role. This is also done by going into the Administration view. From there, just click on Add Role.

As you see in Figure 6, you just give your role a name and check off the privileges you want to assign to it.

Figure 6: Creating a custom role

Here are a couple examples of other ways that custom roles could be used:

• Virtual Machine Power Off / On – assigned to an admin for a particular virtual machine application (using the principle of least privilege by assigning only what the user needs vs assigning the virtual machine administrator role)
• Console Interaction – this is likely to be combined with the virtual machine power off/on privilege. This privilege allows the user to perform VM guest console remote control.

Conclusion

In this article, we learned what VMware ESX Server security roles are and why you need them. If you think about it VMware ESX Server security roles and permissions are no different than any other operating systems that you are likely already familiar with. I highly recommend you plan and implement security, using ESX roles and permissions, in your virtual infrastructure.

Can Terminal Services be considered Virtualization?

Virtualization is a hot topic and at the moment very hyped up. Manufacturers would like to use that hype to boost their products by linking it to the virtualization market. In this craze Terminal Services was also labeled as a “Virtualization product”. In this article let’s look at the facts and I’ll also give my opinion about this virtualization label.

Introduction

Although virtualization techniques were mentioned a long time ago (around 1960), within the ICT market the launch of VMWare caused the big success of the virtualization market. Their server virtualization product, which made it possible to run multiple servers on one physical system, started the virtualization space. After server virtualization other virtualization products and fields followed quickly like application virtualization, operating system virtualization and desktop virtualization. Products which were already available before the virtualization market want to hitch a ride on the virtualization craze. I was a bit surprised when both Microsoft and Citrix determined that Terminal Services and Citrix Presentation Server are virtualization products.

What is…?

Before we can start determining whether Terminal Services can be labeled as a virtualization product, we need to first find out what the definitions of virtualization and terminal services are.

Virtualization

Virtualization is a broad term that refers to the abstraction of computer resources. Virtualization hides the physical characteristics of computing resources from their users, be they applications, or end users. This includes making a single physical resource (such as a server, an operating system, an application, or storage device) appear to function as multiple virtual resources; it can also include making multiple physical resources (such as storage devices or servers) appear as a single virtual resource.

Terminal Services

Terminal Services is one of the components of Microsoft Windows (both server and client versions) that allows a user to access applications and data on a remote computer over any type of network, although normally best used when dealing with either a Wide Area Network (WAN) or Local Area Network (LAN), as ease and compatibility with other types of networks may differ. Terminal Services is Microsoft's implementation of thin-client terminal server computing, where Windows applications, or even the entire desktop of the computer running terminal services, are made accessible to a remote client machine.

Terminal Services Virtualization?

Both Microsoft and Citrix are using the virtualization space to position their Terminal Services/Citrix Presentation Server/XenApp product features. Microsoft calls it presentation virtualization, while Citrix used the term session virtualization. Microsoft also describes Terminal Service virtualization as follows:

Microsoft Terminal Services virtualizes the presentation of entire desktops or specific applications, enabling your customers to consolidate applications and data in the data center while providing broad access to local and remote users. It lets an ordinary Windows desktop application run on a shared server machine yet present its user interface on a remote system, such as a desktop computer or thin client.

If we go a bit deeper, Microsoft is describing their interpretation of presentation virtualization as follows: Presentation virtualization isolates processing from the graphics and I/O, making it possible to run an application in one location but have it controlled in another. It creates virtual sessions, in which the executing applications project their user interfaces remotely. Each session might run only a single application, or it might present its user with a complete desktop offering multiple applications. In either case, several virtual sessions can use the same installed copy of an application.

Ok, now we have the definitions of virtualization, terminal services and the way Microsoft explains why terminal services are a virtualization technique, it is time to determine if Microsoft is right with their assumption.

Terminal Service Virtualization

Reading the explanation of virtualization, two important definitions are mentioned: abstraction and hiding the physical characteristics.

From the user perspective the application is not available on his workstation/thin client, but is running somewhere else. Using the definition of hiding physical characteristics, Terminal Services can be seen, from a user perspective, as virtualization. Because the application is not installed locally the user does not have any physical identification with the application.

With the IT perspective in mind Terminal Service can also be seen as virtualization based on the definition that (physical) resources can function as multiple virtual resources. Traditionally, installed applications on a local workstation can be started by one user at a time. By installing the application on a Terminal Server (in combination with a third party SBC add-on) applications can be used by more users at the same time. Although an application cannot be seen as a 100% physical resource, you can see Terminal Services as a way of offering a single resource that will be shown as multiple virtual resources.

In summary, Terminal Services can be seen as virtualization because the application is abstracted from the local workstation and the application appears to function as multiple virtual resources.

Terminal Services is not virtualization

However, let’s take a closer look at the physical resources. Hardware virtualization, application virtualization and OS virtualization really do separate from the physical resource. With application virtualization the application is not physically available on the system, OS virtualization does not need a hard disk to operate, and with hardware virtualization the virtual machine does not communicate (directly) with real hardware. However Terminal Services, from an IT perspective, still needs physical resources. Terminal Services is not really virtualising anything, only the location where the application/session is started and the methodology of displaying the application to the user are different. In other words, as Microsoft describes in their explanation, Terminal Services isolates processing from the graphics and I/O, but this is still done using another device without an additional layer in between.

Conclusion

Back to the main question: is Terminal Services virtualization? And the answer is …… it depends. It depends how you look at the concept of virtualization and your point of view on Terminal Services. Terminal Service can be seen as virtualization if you check it from the user perspective view (the application is not running physically on the workstation or thin client) or the view that a single application/session can be used at once by more than one user. If you look at how other virtualization techniques work, Terminal Services does not function the same way and physically nothing is running in a separate layer.

So there is no clear answer and the answer is subjective depending on how you look at virtualization and Terminal Services. My personal opinion is that Terminal Services cannot be labeled as virtualization, because it is not comparable with other virtualization techniques. Through my eyes Terminal Services is not adding an additional (virtualization) layer, but is only dividing the processes between two systems. I think both Microsoft and Citrix are using the "virtualization" term to gain advantages through the current boom of the virtualization market, but both know that if you look at the IT techniques it is not "real" virtualization.

Can Terminal Services be considered Virtualization?

Virtualization is a hot topic and at the moment very hyped up. Manufacturers would like to use that hype to boost their products by linking it to the virtualization market. In this craze Terminal Services was also labeled as a "Virtualization product". In this article let’s look at the facts and I’ll also give my opinion about this virtualization label.

Introduction

Although virtualization techniques were mentioned a long time ago (around 1960), within the ICT market the launch of VMWare caused the big success of the virtualization market. Their server virtualization product, which made it possible to run multiple servers on one physical system, started the virtualization space. After server virtualization other virtualization products and fields followed quickly like application virtualization, operating system virtualization and desktop virtualization. Products which were already available before the virtualization market want to hitch a ride on the virtualization craze. I was a bit surprised when both Microsoft and Citrix determined that Terminal Services and Citrix Presentation Server are virtualization products.

What is…?

Before we can start determining whether Terminal Services can be labeled as a virtualization product, we need to first find out what the definitions of virtualization and terminal services are.

Virtualization:

Virtualization is a broad term that refers to the abstraction of computer resources. Virtualization hides the physical characteristics of computing resources from their users, be they applications, or end users. This includes making a single physical resource (such as a server, an operating system, an application, or storage device) appear to function as multiple virtual resources; it can also include making multiple physical resources (such as storage devices or servers) appear as a single virtual resource.

Terminal Services:

Terminal Services is one of the components of Microsoft Windows (both server and client versions) that allows a user to access applications and data on a remote computer over any type of network, although normally best used when dealing with either a Wide Area Network (WAN) or Local Area Network (LAN), as ease and compatibility with other types of networks may differ. Terminal Services is Microsoft's implementation of thin-client terminal server computing, where Windows applications, or even the entire desktop of the computer running terminal services, are made accessible to a remote client machine.

Terminal Services Virtualization?

Both Microsoft and Citrix are using the virtualization space to position their Terminal Services/Citrix Presentation Server/XenApp product features. Microsoft calls it presentation virtualization, while Citrix used the term session virtualization. Microsoft also describes Terminal Service virtualization as follows:

Microsoft Terminal Services virtualizes the presentation of entire desktops or specific applications, enabling your customers to consolidate applications and data in the data center while providing broad access to local and remote users. It lets an ordinary Windows desktop application run on a shared server machine yet present its user interface on a remote system, such as a desktop computer or thin client.

If we go a bit deeper, Microsoft is describing their interpretation of presentation virtualization as follows: Presentation virtualization isolates processing from the graphics and I/O, making it possible to run an application in one location but have it controlled in another. It creates virtual sessions, in which the executing applications project their user interfaces remotely. Each session might run only a single application, or it might present its user with a complete desktop offering multiple applications. In either case, several virtual sessions can use the same installed copy of an application.

Ok, now we have the definitions of virtualization, terminal services and the way Microsoft explains why terminal services are a virtualization technique, it is time to determine if Microsoft is right with their assumption.

Terminal Services is virtualization!

Reading the explanation of virtualization, two important definitions are mentioned: abstraction and hiding the physical characteristics.

From the user perspective the application is not available on his workstation/thin client, but is running somewhere else. Using the definition of hiding physical characteristics, Terminal Services can be seen, from a user perspective, as virtualization. Because the application is not installed locally the user does not have any physical identification with the application.

With the IT perspective in mind Terminal Service can also be seen as virtualization based on the definition that (physical) resources can function as multiple virtual resources. Traditionally, installed applications on a local workstation can be started by one user at a time. By installing the application on a Terminal Server (in combination with a third party SBC add-on) applications can be used by more users at the same time. Although an application cannot be seen as a 100% physical resource, you can see Terminal Services as a way of offering a single resource that will be shown as multiple virtual resources.

In summary, Terminal Services can be seen as virtualization because the application is abstracted from the local workstation and the application appears to function as multiple virtual resources.

Terminal Services is not virtualization!

However, let’s take a closer look at the physical resources. Hardware virtualization, application virtualization and OS virtualization really do separate from the physical resource. With application virtualization the application is not physically available on the system, OS virtualization does not need a hard disk to operate, and with hardware virtualization the virtual machine does not communicate (directly) with real hardware. However Terminal Services, from an IT perspective, still needs physical resources. Terminal Services is not really virtualizing anything, only the location where the application/session is started and the methodology of displaying the application to the user are different. In other words, as Microsoft describes in their explanation, Terminal Services isolates processing from the graphics and I/O, but this is still done using another device without an additional layer in between.

Conclusion

Back to the main question: is Terminal Services virtualization? And the answer is …… it depends. It depends how you look at the concept of virtualization and your point of view on Terminal Services. Terminal Service can be seen as virtualization if you check it from the user perspective view (the application is not running physically on the workstation or thin client) or the view that a single application/session can be used at once by more than one user. If you look at how other virtualization techniques work, Terminal Services does not function the same way and physically nothing is running in a separate layer.

So there is no clear answer and the answer is subjective depending on how you look at virtualization and Terminal Services. My personal opinion is that Terminal Services cannot be labeled as virtualization, because it is not comparable with other virtualization techniques. Through my eyes Terminal Services is not adding an additional (virtualization) layer, but is only dividing the processes between two systems. I think both Microsoft and Citrix are using the "virtualization" term to gain advantages through the current boom of the virtualization market, but both know that if you look at the IT techniques it is not "real" virtualization.

Virtualization

Virtualization has rapidly become the hottest technology in IT, driven largely by trends such as server consolidation, green computing and the desire to cut desktop costs and manage IT complexity. While these issues are important, the rise of virtualization as a mainstream technology is having a far more profound impact on IT beyond just saving a few dollars in the data centre. The benefits and impact of virtualization on the business will be directly correlated to the strength of an organization’s application delivery infrastructure. Application delivery is the key to unlocking the power of virtualization, and organizations that embrace virtualization wrapped around application delivery will thrive and prosper, while those that do not will flounder. As virtualization takes centre stage, shifting roles in IT will require a new breed of professionals with broader skill sets to bridge IT silos and optimize business processes around the delivery of applications.
Going mainstream
We are moving into a new era where virtualization will permeate every aspect of computing. Every processor, server, application and desktop will have virtualization capabilities built into its core. This will give IT a far more flexible infrastructure where the components of computing become dynamic building blocks that can be connected and reassembled on the fl y in response to changing business needs. In fact, three years from now, we will no longer be talking about virtualization as the next frontier in enterprise technology. It will simply be assumed. For example, today we normally assume that our friends, family and neighbours have high-speed Internet access from their homes. This was not the case a few years ago, when many were using sluggish dialup lines to access the Internet or had no access at all. High-speed Internet is now in mainstream, as it will be for virtualization. Virtualization will be expected; it will be a given within the enterprise. As this occurs, the conversation within IT circles will shift from the question of how to virtualize everything to the question of what business problems can be solved now that everything is virtualized.
Virtualization and application delivery
The most profound impact of virtualization will be in the way organizations deliver applications and desktops to end users. In many ways, applications represent the closest intersection between IT and the business. Your organization’s business is increasingly represented by the quality of its user facing applications. Whether large ERP solutions, custom web applications, e-mail, e-commerce, client-server applications or SOA, your success in IT today depends on ensuring that these applications meet the business goals. Unfortunately, trends such as mobility, globalization, offshoring, and e-commerce are moving users further away from headquarters, while issues like data centre consolidation, security and regulatory compliance are making applications less accessible to users.
These opposing forces are pushing the topic of application delivery into the limelight. It is forcing IT executives to consider how their infrastructures get mission-critical, data centre-based applications out to users to lower costs, reduce risk and improve IT agility. Virtualization is now the key to application delivery. Today’s leading companies are employing virtualization technology to connect users and applications to propel their businesses forward.
Virtualization in the enterprise
The seeds of virtualization were first planted over a decade ago, as enterprises began applying mainframe virtualization techniques to deliver Windows applications more efficiently with products such as Citrix® Presentation Server™. These solutions enabled IT to consolidate corporate applications and data centrally, while allowing users the freedom to operate from any location and on any network or device, where only screen displays, keyboard entry and mouse movement traversed the network. Today, products like Citrix® XenApp™ (the successor to Presentation Server) allow companies to create single master stores of all Windows application clients in the data centre and virtualize them either on the server or at the point of the end user. Application streaming technology within Citrix XenApp allows Windows-based applications to be cached locally in an isolation environment, rather than to be installed on the device. This approach improves security and saves companies millions of dollars when compared to traditional application installation and management methods.
Virtualization is also impacting the back end data and logic tier of applications with data centre products such as Citrix® XenServer™ and VMware ESX that virtualize application workloads on data centre servers. While these products are largely being deployed to reduce the number of physical servers in the data centres, the more strategic impact will be found in their ability to dynamically provision and shift application workloads on the fl y to meet end user requirements. The third major area concerning the impact of virtualization will be the corporate desktop, enabled by products such as Citrix® XenDesktop™. The benefits of such solutions include cost savings, but they also enable organizations to simplify how desktops are delivered to end users in a way that dramatically improves security and the end user experience (compared to traditional PC desktops). From virtualized servers in the data centres to virtualized end users desktops, the biggest impact of virtualization in the enterprise will be found within an organization’s application delivery infrastructure
Seeing the big picture
The mass adoption of virtualization technology will certainly require new skills, roles and areas of expertise within organizations and IT departments. Yet the real impact of virtualization will not hinge on the proper acquisition of new technical skills. Rather, by making the most of the virtualization opportunity, organizations will have to focus on breaking down traditional IT silos and adopt end-to-end virtualization strategies. Most IT departments today are organized primarily around technology silos. In many organizations, we find highly technical employees who operate on separate IT “islands,” such as servers, networks, security and desktops. Each group focuses on the health and well-being of its island, making sure that it runs with efficiency and precision. Unfortunately, this stand-alone approach is debilitating IT responsiveness, causing pundits like bestselling author Nicholas Carr to ask whether IT even matters to business anymore. To break this destructive cycle, IT employees must take responsibility for understanding and owning business processes that are focused horizontally (from the point of origin in the data centre all the way to the end users they are serving), building bridges from island to island. IT roles will increasingly require a wider, more comprehensive portfolio of expertise around servers, networking, security and systems management. IT personnel will need to have a broad understanding of all these technologies and how they work together as the focus on IT specialization gives way to a more holistic IT mindset.
Seeking experts in delivery
The new IT roles will require an expertise in delivery. IT will need to know how to use a company’s delivery infrastructure to quickly respond to new requirements coming from business owners and end users alike. IT specialization will not completely disappear, but it will not look anything like the silo entrenchment and technical specialization we see today. From this point forward, IT professionals will increasingly be organized around business process optimization to serve end users and line of business owners, rather than around independent technologies sitting in relative isolation. Across the board, the primary organizing principle in IT will shift from grouping people around technology silos to organizing them around common delivery processes. The companies that make this transition successfully will thrive, while those that do not will struggle to compete in an increasingly demanding and dynamic business world. IT organizations of the future will need to develop professionals who can see the parts as a whole and continually assess the overall health of the delivery system, responding quickly to changing business requirements. Employee work groups will continue to form around common processes, but the focus will be less about highly specialized knowledge and more about the efficiency of frequently repeated processes. IT professionals who understand the deep technical intricacies of IP network design, for example, will be in less demand than those who understand best practices in application delivery.

Guidelines for Staying in and Ahead of the Game
If you are not testing the waters of virtualization, you may already be behind. Experiment with virtualization now. Acquire applications and consider how to deliver them as part of your IT strategy. Three key recommendations are: n Change the mindset of your IT organization to focus on delivery of applications rather than installing or deploying them. Think about “delivery centres” rather than data centres. Most IT organizations today continue to deploy and install applications, although industry analysts advise that traditional application deployment is too complex, too static and costs too much to maintain, let alone to try to keep up with changes in the business. Delivering on the vision of an IT organization that is aligned with business goals requires an end-to-end strategy of efficiently delivering business applications to users.

• Place a premium on knowledge of applications and business processes when hiring and training IT employees. IT will always be about technology, but do not perpetuate today’s “island” problem by continuing to hire and train around deep technical expertise in a given silo. If that happens, IT will continue to foster biased mindsets that perceive the world through a technologically biased silo lens, the opposite of what is needed today. IT leaders will increasingly need to be people who understand business processes. Like today’s automotive technicians, they will have to be able to view and optimize the overall health of the system, not the underlying gears and valves - or bits and bytes.
• Select strategic infrastructure vendors who specialize in application delivery. Industry experts agree that the time is right to make the move from static application deployment to dynamic application delivery. IT will continue to use vendors that specialize in technical solutions that fit into various areas, such as networking, security, management and even virtualization. What is important, however, is forming a strategic relationship with a vendor that focuses not on technology silos, but on application delivery solutions. The vendor should be able to supply integrated solutions to incorporate virtualization, optimization and delivery systems that inherently work with one another, as well as the rest of your IT environment.