Virtualization: A first step to the cloud

For most agencies, server virtualization is a first step toward cloud computing. If you do virtualization right, a move to the cloud is that much easier. However, if you make a mess of it, your journey to the cloud could be tougher.

Some executives rightly view virtualization as a way to cut hardware and power costs by reducing the number of servers they need, but that means thinking about it only in tactical terms. Virtualization can also be an opportunity to modernize and expand the IT department’s role as a service provider to the rest of the organization.

Virtualization enables agencies to operate a more efficient infrastructure by replacing what had been multiple hardware servers with “virtual” or software versions of those servers that run on a single machine. Besides reducing the number of physical machines needed by a factor or five or even 10, virtual servers are much easier to set up, manage and move around than physical ones.

However, virtualization requires a different viewpoint, said Joe Brown, president of Accelera Solutions. “You go away from being builders and controllers of IT infrastructure to being retailers and orchestrators of business services,” he added.

That is also an apt description of the IT department’s role as cloud services become more common. And once an agency has virtualized its server infrastructure, it can move data processing tasks more easily to the platform that makes the most financial or operational sense, whether it is housed in an internal data center or operated by a cloud provider. But to get the most out of a virtualization investment — and pave the way for cloud adoption — agencies will need to do more than launch a few virtual machines.

Indeed, virtualization needs to be actively promoted within an agency to achieve the critical mass that makes a cloud shift possible. It will also take new tools and operating procedures that support a service-oriented approach. Overall, agencies should consider deploying technologies that can help them navigate between both private and public cloud resources because many observers foresee clouds that are a hybrid of the two approaches becoming a common model.

Furthermore, the virtualization-to-cloud trajectory is as much about people as it is about technical issues. Virtualized environments call for a different skill set, and the switch from providing servers to provisioning services calls for a new philosophy and new roles and responsibilities.

Read on for an overview of four steps to a smoother cloud transition via virtualization.

Step 1: Make virtualization a priority

To be successful, industry and government executives believe organizations need to actively promote the benefits of virtualization.

For some, that means instituting a formal policy. The Census Bureau’s IT Directorate launched its “virtualization first” policy in December 2011 as a first step toward implementing the Obama administration’s cloud-first approach.

The policy calls for Census divisions that use servers located in the bureau’s data centers to convert those servers to virtual machines by June 2013. Exceptions may be made for certain situations, such as applications that run on special-purpose hardware.

Brian McGrath, Census’ CIO, said the bureau now thinks of virtualization as the “go-to solution for all systems and applications...unless there are sound technical or engineering reasons that would justify a bare-metal or stand-alone solution.”

Step 2: Build an IT services storefront

Another strategy is to provide a browser-based interface through which IT support staff can manage the virtualized environment. Those employees can use the interface to handle server provisioning, rebuilds, activation, deactivation and deletion, among other functions.

Some organizations use popular tools such as Amazon Web Services (AWS) as a reference for building the interface, which can also serve as a tool for a cloud transition. Indeed, such a service interface, sometimes called a cloud broker, helps prepare IT staffers for a hybrid cloud setting by allowing them to use identical interfaces to manage resources provided through the agency’s data center and an external cloud vendor.

The Energy Department’s National Nuclear Security Administration is working on such a broker, dubbed YOURcloud, and expects to make it available this fall, said Travis Howerton, chief technology officer at NNSA.

“It is a Web front end that provides a single pane of glass for provisioning services [and] servers within approved cloud environments as part of our secure hybrid community cloud,” Howerton said.

NNSA’s broker will let users select the appropriate service for a given workload based on cost, security, energy efficiency and other parameters. “Think of it like Expedia.com,” Howerton said. “This travel website brokers services with airlines, hotels, etc., based on your defined parameters. YOURcloud provides a similar service for cloud computing.”

Howerton said the interface creates an internal marketplace for cloud services that can be used across the enterprise. “It provides the foundation for our digital strategy and is on the critical path to shared services within our agency,” he added.

The technology also gives government IT executives greater control over cloud services, particularly the external variety, said Kent Christensen, virtualization practice manager at Datalink, a provider of data center infrastructure and services. If users were to go directly to AWS, management would lose visibility. But the broker approach lets organizations control the gateway and use external cloud services as needed, he said.

Step 3: Standardize and automate

A virtualized data center needs to adopt standard processes as it heads for the cloud. That might require organizations to break down the traditional barriers between server, storage and networking groups in the IT department, Christensen said.

Therefore, agencies should create a unified architecture to provision services that cut across technology boundaries. “This all becomes one process,” he said.

Process standardization helps smooth the provisioning of virtualized IT as cloud resources. It also improves manageability as virtual machines proliferate in agency IT shops. And automation can help enforce those standards because the approach directs everyone down the same path.

Step 4: Maintain security in the cloud

Agencies planning to extend in-house virtualized environments to an external cloud must always keep security in mind.

“You have to consider...how to secure your environment once you get it out to an external cloud provider,” Brown said.

Products such as CloudSwitch (purchased by Verizon last year) and Citrix Systems’ CloudBridge can help agencies manage security as their virtualized environments head for the public cloud, Brown said. He likened such products to sophisticated virtual private networks that protect data moving between the enterprise and external clouds.

“They create this elastic wrapper that extends from your internal private cloud out to the public cloud infrastructure,” Brown said. That wrapper provides an encrypted bridge between internal and external resources.

Census has made security a key consideration of its virtualization-first directive. The IT Directorate is responsible for the security aspects of the bureau’s virtualization infrastructure and coordinates virtualization software and operating system patches with organizations that are running in virtual environments.

An agency’s security experts should be involved in every project that surfaces in a cloud-facing virtualized setting, said Bob Otto, former CIO/CTO at the U.S. Postal Service and now executive vice president of advisory services at solutions provider Agilex.

“They have to look at this outside their facilities based on whether it is an external cloud and the type of network it goes through,” Otto said. “They are looking at something that is more complex.”

Agencies should also take a closer look at data protection measures typically performed by data centers, such as storage and backup.

“It is very important to get your house in order and build a strong foundation in your virtualization architecture and be able to extend that into cloud computing,” Christensen said.

Helping IT staffers prepare for their new roles

Virtualization usually spells a healthy dose of cultural change for most government organizations and IT departments. It’s good practice for the even bigger changes that come with a shift to cloud computing.

To some observers, the organizational demands of virtualization outstrip the technical considerations. IT professionals accustomed to managing physical hardware must get used to managing resources more indirectly.

Here are a few ways to ready IT employees for new roles in virtualized and cloud environments.

• Dissolve traditional barriers. To efficiently provision virtualized technology, you will probably need to break down the divisions between server, storage and networking personnel. That could prove to be one of the hardest steps and could require leadership from the CIO and chief technology officer. “Don't think in silos,” said Ken Liska, a virtualization specialist at NetApp Public Sector. “Organizations often arrange IT environments around geopolitics. The cloud breaks down silos and involves collaboration of teams working together.”
• Encourage cross training. That same drive to break down barriers also necessitates a different training regimen. Accordingly, many IT staffers at agencies and contractors are pursuing cross training in operating system, server and storage administration, said Tom Simmons, an area vice president at Citrix Systems.
• Take advantage of vendors’ courses. Agencies might not have deep experience in Citrix, Microsoft, Red Hat or VMware virtualization technologies, depending on how long they’ve been at the task. Vendors offer training for organizations that want to update their employees’ skills. Red Hat, for example, offers four- and five-day courses on Red Hat Enterprise Virtualization.
• Promote skill sets for the automated environment. As agencies move beyond virtualization to the cloud, the environment could become more automated. At that point, agencies might need to cultivate skills that layer on top of virtualization, such as the ability to execute Web scripting to interface with cloud management tools, Liska said.
• Keep an eye out for IT management talent. Solutions architects, IT-savvy project managers and mid- to senior-level managers will be in high demand as IT departments begin providing IT as a service, said Sudhir Verma, vice president of consulting services at Force 3. “They will be in demand especially if they are able to bridge the gap between IT, business units and end users,” Verma said.

A cloud glossary

Mastering server virtualization could give agencies the functional capability and management skills to move their data processing workloads to whatever infrastructure model makes the most financial and operational sense. In the past, that usually meant agency-owned servers, but increasingly, it will likely be one of these cloud computing models, as defined by the National Institute of Standards and Technology.

• Private cloud: For the exclusive use of a single organization. It might be owned, managed and operated by that organization, a third party or some combination of the two, and it might exist on or off the organization’s premises. NASA’s Nebula Cloud Computing Platform is an example of a private cloud used by multiple customers in an agency.
• Public cloud: For open use by the general public. It might be owned, managed and operated by a business, academic or government organization or some combination of them, but it exists on the premises of the cloud provider. Amazon’s Elastic Compute Cloud, which offers resizable computing capacity via the Web, is an example of a public cloud service.
• Community cloud: For exclusive use by a specific community of consumers from organizations that have shared concerns, such as mission, security requirements, policy and compliance considerations. It is owned, managed and operated by one or more of the organizations in the community, a third party or some combination of them, and it might exist on or off the community’s premises. IBM operates a community cloud service tailored to government customers, and Microsoft recently announced plans for its own government-oriented community cloud service.
• Hybrid cloud: A composition of two or more distinct cloud infrastructures (private, community or public) that remain unique entities but are bound together by standardized or proprietary technology that enables the portability of data and applications. Stand-alone examples of hybrid clouds are more difficult to identify because they comprise services or capabilities from multiple sources.