I recently had the pleasure of speaking with Andi Mann, Senior Analyst at Enterprise Management Associates. For those of you who may not know them, EMA is a leading IT Analyst firm specializing in IT management issues. Andi heads up EMA's Systems Management practice, and is the author of several reports on virtualization, including last year's ground-breaking 130-page research study "Virtualization: Exposing the I recently had the pleasure of speaking with Andi Mann, Senior Analyst at Enterprise Management Associates. For those of you who may not know them, EMA is a leading IT Analyst firm specializing in IT management issues. Andi heads up EMA’s Systems Management practice, and is the author of several reports on virtualization, including last year’s ground-breaking 130-page research study “Virtualization: Exposing the Intangible Enterprise“, and the recent 4-page advisory note “Is Virtualization Right For You? The Top Ten Questions You Should Ask.” Q. What do you think is behind the current boom in virtualization?A. Well, some ‘common wisdom’ – which seems to be based on little more than guesswork – says it is all about cost savings – server consolidation, floor space, things like that. But EMA’s research actually shows pretty convincingly that is not true. For most businesses it is primarily about strategic business values like flexibility, agility, and business continuity. You can never ignore direct costs, but they appear to be secondary to these more strategic goals. That’s one reason why we advise our clients to look at virtualization as a strategy, not a project. Q. What do you mean by that – can you explain the difference a little bit more?A. I have been telling my clients for almost 18 months that virtualization is a strategy, not a project; it is about the whole business, not just about IT; it is about long-term benefits, not necessarily short-term savings. For example, once you have finished a server consolidation project with virtualization, you are left with a half-empty data center, and a sunk cost in virtualization technologies and skills – so how do you keep leveraging that investment? Enterprises need to consider how they can use virtualization to make their entire business better for the long-run, not just about how they can finish their server consolidation project.Q. Where are the biggest problems with virtualization? A. My research last year showed that the key issues are management challenges, and human issues. For management of virtual systems, integration is a major challenge – integrating the management of physical and virtual systems, of heterogeneous platforms, and of different virtualization types. Configuration management, capacity planning, and workload orchestration are also key disciplines, to get the most from virtualization while preventing or delaying VM sprawl. On the human side, the politics of sharing resources and prioritizing performance can be difficult. Virtualization also requires a new set of skills and methodologies, not just within IT, but in the end-user community. And it requires new and creative thinking, not just new training and skills. These are key issues right now.Q. What about security – is that as big a problem as people are saying?A. Well, it is important, but it is not as big a problem as some people make it out to be. As far back as 2006, I pointed out many different security challenges in a virtualized environment, based on my research data. For example, there are some entirely new threats like the so-called blue pill/red pill attacks, hypervisor attacks, hypervisor malware, etc. But it has security benefits too. For example, virtualization also makes it easy to overcome virus infection by recovering from a “golden image”. So security becomes a bit of a double-edged sword. Q. So should businesses be concerned about these security exposures? Should they delay virtualization initiatives?A. There are some self-styled experts saying things like that – but they come across like Chicken Little saying “the sky is falling, the sky is falling”, when really they should know better. Sure, businesses need to be aware of the potential risks, and we do need better tools for security management for virtual environments – but there is no need for some of the panic I have seen from other analysts. There are some straightforward ways to deal with the threats; they just require some informed thinking and good process controls. Once you understand the new exposures, you can implement processes and technology to close the gaps. Controls like continuous discovery, configuration management, change management, and other positive procedures can be very effective. Virtualization can be quite secure, if you know what you are doing.Q. So finally, what do you see as the next big thing in virtualization? A. It will be all about the end user impact of virtualization. In fact, that is the topic of my next virtualization advisory note. Way back in 2006, way before some other writers picked it up, my research was showing that desktop and application virtualization would be the next big thing. You can see it in how the primary vendors have focused on various desktop initiatives – like desktop virtualization, application virtualization, streaming, etc. You can see this in moves like VMware picking up Propero, Citrix acquiring Ardence, Microsoft taking Softricity, and LANDesk and Altiris both building in application virtualization technology. I think you will see pure-play vendors like Thinstall, Endeavors Technologies, Kidaro, and AppStream becoming even more important too. These are some really exciting technologies for cost saving, agility, business value, security, and so on. Q. And long-term? Where is this all heading?A. Eventually, we will see virtualization as the basis for a truly dynamic IT infrastructure, which will allow businesses to be more agile than ever before. SOA, Web Services, grid architectures, and virtualization will come together to provide business services that are truly platform independent, thin and agile, and available ‘on tap’ with extreme scalability and mobility. Automation and management will be critical success factors, but IT will eventually be able to deliver discrete, flexible services across a highly dynamic compute fabric as and when they are needed – internally or externally; through the Web or locally; on desktops or handhelds; wireless or tethered. It is going to be a way off, but you can see it coming. It will be exciting to watch these technologies continue to develop. Q. Thanks Andi, it was great to talk to you.A. My pleasure David, as always. Software Development