Information Technology Reference
In-Depth Information
Who is using the VE? Which applications are they running? What is the processing
load caused by those applications? Are all of those loads expected and normal, and
can the system continue to provide sufficient resources if current trends continue
and expected changes occur?
Individual workloads inevitably grow and shrink over time; likewise, the set of
workloads on a system changes over time. If you don't monitor the performance
characteristics of your systems, you cannot make plans to avert a performance crisis
or system failure.
Although most data centers monitor CPU and memory utilization, other mea-
surements are important as well. Current resource utilization provides little in-
sight into the health of the system or VE. A system running at 85% CPU utilization
may be providing the response times needed, but one running at 10% may include
a workload providing unacceptable performance for reasons unrelated to CPU
performance. Further, the bottleneck in the latter case may be either a physical
limitation, such as I/O bus rate, or a configured limitation, such as a memory cap.
Consolidated systems, including those with multiple VEs, complicate this situa-
tion. Is a VE not meeting the desired response time because system resources are
insufficient, or because a resource control is overly aggressive, or because another
VE does not have a sufficiently tight resource control? If VEs are owned by dif-
ferent business groups, the initial complaint may come from one group that does
not have any visibility into another group's VE, and may simply report that “the
system is slow.”
Complete monitoring and tracking of resource utilization and transaction
times is necessary to diagnose performance problems. DCM tools should gather
and store the necessary data so that trends can easily be detected. After all, you
can avoid a problem only if you can predict it.
In addition to performance monitoring, tools are needed to detect inappropriate
access and take appropriate action. An audit trail is used as a record of accesses,
and can aid in the analysis of access patterns as well as intrusions and intrusion
attempts.
Some virtualization tools can audit only low-level I/O transactions such as net-
work connections. All other auditing occurs in the VEs, using the existing auditing
method of the OS. Other methods, such as operating system virtualization (OSV),
can perform auditing of VEs in the OS kernel, not in the VE. An intruder who
gains access to the VE would not know that there is an audit trail and, therefore,
might be less careful about the evidence being generated.
Recent changes in the computer industry have yielded a heightened awareness
of computer systems and their configurations. Conversations about compliance
enforcement are now common. One factor contributing to the increased attention
being paid to this area has been the lack of automation, which leads to human
error in security configuration, system standardization, and auditing.
Search WWH ::
Custom Search