Branch-in-a-box simplicity and security: 5 simple questions

Minimizing BiaB consolidation risks with simplicity and security

Last week I wrote about the convenient confluence of consolidating multiple applications - the branch-in-a-box (BiaB) - and the emergence of virtualization as a consolidation platform. As discussed, there are real benefits to a BiaB, including: reduced cost, streamlined operations and reduced footprint (power, heat and rack space).

As with all things IT there is always risk. As a means to minimize risk, I recommended following a variation on KISS (not the band!), or PASS: Performance, Availability, Simplicity and Security. This week I focus on simplicity and security.

Simplicity: With virtualization of multiple applications there are many moving parts. In fact, virtualization itself facilitates movement through the ability to move virtual machines around with relative ease. Enterprise IT participants in Nemertes’ virtualization benchmark research tell us it is this relative ease of movement and the ability to quickly provision new virtual machines that creates configuration challenges. Essentially, it’s so easy to fire-up virtual machines and load a new application that normal policies and procedures can be bypassed leading to nightmares down the road. Keeping configuration simplified and standardized on the front end will minimize configuration management headaches on the back end.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Last week I wrote about the convenient confluence of consolidating multiple applications - the branch-in-a-box (BiaB) - and the emergence of virtualization as a consolidation platform. As discussed, there are real benefits to a BiaB, including: reduced cost, streamlined operations and reduced footprint (power, heat and rack space).

As with all things IT there is always risk. As a means to minimize risk, I recommended following a variation on KISS (not the band!), or PASS: Performance, Availability, Simplicity and Security. This week I focus on simplicity and security.

Simplicity: With virtualization of multiple applications there are many moving parts. In fact, virtualization itself facilitates movement through the ability to move virtual machines around with relative ease. Enterprise IT participants in Nemertes’ virtualization benchmark research tell us it is this relative ease of movement and the ability to quickly provision new virtual machines that creates configuration challenges. Essentially, it’s so easy to fire-up virtual machines and load a new application that normal policies and procedures can be bypassed leading to nightmares down the road. Keeping configuration simplified and standardized on the front end will minimize configuration management headaches on the back end.

Security: Though security should be the first gate, in many organizations it’s the last gate before going to production. Ironically, the inherent advantages of virtualization (quick provisioning, movement of virtual machines for load sharing and DR, running multiple and diverse operating systems in one box, etc.) all increase the security complexity and risk of a virtualized BiaB. Most organizations still tackle virtualization security the way they do physical network security with virtual LANs, access control lists, firewalls, intrusion-detection systems and intrusion-prevention systems (Compare IPS products), despite this increased risk. There are two problems with this approach. First, most physical network security solutions are blind to what’s going on inside the virtual BiaB. And, second, approaching virtualized security like network security can actually negate the inherent benefits of virtualization!

Unfortunately, to explain all the in’s and out’s of virtualization security requires far more than just a single column. Hopefully, this column raises some eyebrows and prompts discussion around virtualization security in general and for the branch, in particular. To aid the discussion, here are five questions that must be addressed. These are reasonable and simple questions and if the answers you get are not, you need to dig deeper before going into production with your virtualized BiaB:

* How do our exiting security solutions support the virtualized BiaB?
* How do our existing security solutions interact with the virtualized BiaB configuration management?
* How does the virtualized BiaB affect our overall compliance posture?
* Do we need to add specialized virtualization security solutions?
* How does our security solution facilitate the benefits of virtualization?

Read more about small business networking in Network World's Small Business Networking section.