Virtualization Technology News and Information
Symantec CIO vies with virtualization, device policy

Quoting TechTarget

As the CIO of a Fortune 1000 company, David Thompson has more resources than most technology managers. And given that the company Thompson works for is Symantec Corp., the security and data protection expertise at his fingertips is the envy of most of his peers.

But for all of his advantages, Thompson still faces many of the same everyday challenges and concerns that other CIOs and CSOs grapple with. In an interview over lunch recently, Thompson said that he has spent much of his time since joining the company in February on finishing the technology integration with the former Veritas Software Corp., which Symantec acquired in late 2004. But, with that project nearly complete, he has a number of large initiatives looming on the horizon.

"The back-office infrastructure has merged and right now I'm working on data center consolidation. That's typically the last thing you can get to," said Thompson. "We're shutting down some labs and consolidating data centers now through the end of the year."

Virtualization's unknowns

As part of that project, Thompson is beginning to invest in virtualization technology as a way to save money on servers and reduce energy consumption in the data centers, both of which are key concerns for Symantec CEO John Thompson. The rising cost of power in the last year or two has coincided with wider deployment of dual-core servers, which require more power and throw out more heat than traditional single-core machines.

This confluence of events has led to a dramatic increase in the amount of money required to run a typical data center. As a result, many enterprises have begun trimming costs by using virtual machines to reduce the number of physical servers needed in a data center.

Thompson sees virtualization as a key part of Symantec's infrastructure going forward.

"Virtualization hasn't been a part of it in the past, but we're doing that now," he said. "We're starting to invest now, preparing an architectural plan. It'll not only save us a ton of money, but also increase productivity and that's the kind of innovation we have to do in IT."

But along with the many advantages virtual machines can deliver, they also bring questions about their security. Some researchers have raised concerns about the safety of running multiple virtual machines on a given server, saying that it's difficult to monitor and understand the interactions among the virtual machines, largely because they are not tied directly to the hardware in the way that Windows or other operating systems are. Developer or testers can quickly bring up a virtual machine on a test box without notifying IT, leading to other potential security issues.

But Thompson said Symantec has developed a policy that requires all virtual machines to be of a standard configuration and to be deployed by IT.

"In our training environment for customers, in the past we had servers all over the country. We brought that back into the central environment and we use a certified configuration," Thompson said. "The image has been pen-tested so the environment is secure out of the box.

"If you don't start with the right image that has all of the patches, et cetera, it's a problem," he added. "All the standard security practices around the infrastructure apply to the boxes that host virtual machines. The team is focused on that master image."

Read the rest of the article, here.

Published Thursday, August 31, 2006 8:46 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<August 2006>