Server Virtualization, a Must from a Security and Recovery POV
The Standard license of Windows Server OS allows for one physical OS instance and one virtualized instance at no additional charge. The offering is perhaps a cue by the tech behemoth wherein it lays emphasis on virtualization. Weighing in the security benefits of virtualization over visualization, consolidation and service provisioning, it is always regarded as a healthy practice to wrap up even the simplest of processes (as running a single app atop an OS) in a virtualized environment.
Consider rebuild-ability for instance, traditional backup and restore options through Bare-Metal Recovery (BMR) were tedious given their approach which is principally based on creating and leveraging an image based restore of primary partition. One would have to install a new clean OS before attempting to restore the actual OS, applications and data. Tools and mechanisms of restoring a BMR image on to a dissimilar hardware were aberrant and suspicious in terms of security. On the other hand, a virtualized server is portable with all properties wrapped up inside of Virtual Hard Disk (VHD) and Virtual Machine Disk (VMDKs) thereby imparting isolation, multi-latency and segmentation all of which translates to ease of use and magnified security.
Snapshots being a copy of the Virtual Machine’s (VM) disk file (VMDK), can be used in restoring VM as they maintain the change log over time. They bypass disruptive, long running backup procedures thereby offering a fast recovery for the systems. Unlike traditional backup software that changes the format of the backup data, snapshots maintain the original disk-based format. Snapshot types include hypervisor, file-system, storage-infrastructure and backup-application snapshots. Many data centers resort to multiple snapshot methods. The method of saving storage snapshots on to another secure location is termed as Flat Backup and can be perceived to amplify the benefits of snapshots while being cheaper than traditional backup procedures. Many vendors also offer seasoned software to manage flat backup and recovery.
Vendors like VMWare offers the functionality of taking VM snapshot from the hypervisor management User Interface (UI). As in the case of Hyper-V, snapshots are taken in the background and can be etched out of the VHD. The snapshot feature make rolling back VMs to previous version as easy as clicking undo on a word document. It is a feature that is equivalent to having a rewind button in real life. Virtualization can thus be improvised as a security and back up option.
In the absence of a virtual environment, migration would be a rather tedious task especially at the scenario of an outgrown hardware. Though virtualization creates an illusion of having ‘many’ systems atop a physical infrastructure, it is still bound by the Law of Conservation because clouds are basically big server farms that operate together to host virtual servers. vCPUs allocated to VMs are queued and scheduled by the hypervisor to wait for a physical CPU in order to process instructions and data for the VMs. Most hypervisors support live migration with close to zero downtime, a snappy shutdown followed by a boot is all that would be required to get going in the new environment bypassing the need to build, reconfigure server and migrate the data.
Additionally, the hypervisor ecosystem could very well translate to Disaster Recovery (DR) as a Service given restoration of whole systems or single files can be done in a short period of time which would otherwise have demanded hours or days in case of a physical server restore. Business Continuity (BC)/Disaster recovery (DR) are the bundled advantages that come with the portability aspect of server virtualization such that it would be imprudent for the IT administrator in not bringing up VMs on alternate hosts within a cloud-based host.
As a matter of fact, the only remotely legit reason to not employing a virtualized server, would be when the OS/application interacts directly with hardware, such as a USB key, tape drive or peripheral. And that aspect too has a diminishing relevance given modern compute hypervisors shows very little latency in I/O performance between physical access to resources and virtualized resources.