Virtualisation brings real benefits

Virtualisation is a hot topic, and with good reason. The technology allows a computer to be partitioned so different operating systems can run on the same kit, allowing legacy applications to be kept running when old computers are replaced.

In servers, the advantages of virtualisation are well understood. Server hardware is often under-utilised, with processors sitting idle for much of the time. Using an architecture where each physical server runs multiple virtual servers enables a company to make better use of its assets. What’s more, it is much easier to add virtual servers than physical ones.

On the desktop, the benefits of virtualisation perhaps appear less clear. The technology allows new apps to be tested in a safe environment, but what about a more widespread everyday use? It all depends upon what you mean by “virtualisation”. VMware has built a flourishing business around its tools that create entire virtual machines in the memory of a host computer. But the term “virtualisation” can be applied to a range of technologies that make software less dependant on the minutiae of the underlying hardware.

A good example is the Java virtual machine (JVM) required to run Java applications on a computer, which should (ideally) mean that any Java program code will run on any system.

Similarly, the virtualisation of Windows apps promises to free IT staff from much of the hard grind of deploying and supporting PCs. Several vendors offer products that achieve this end, including Softricity (which Microsoft acquired last week); Altiris with its Software Virtualisation Solution; and Wyse with its Wyse Streaming Manager (WSM).

All these tools differ, but share a basic mode of operation that enables applications to run without affecting the Windows Registry on the target system.

Remember the days of MS-DOS, when installing an application was no more complicated than copying the program files onto the PC’s hard disk? Application virtualisation offers the same simplicity, but goes further by providing tools that enable applications to be deployed to end-users across the LAN.

But every silver lining has its cloud, and virtualisation may introduce new security weaknesses. Machine-level virtualisation might allow systems to be hijacked without users noticing. A proof-of-concept attack has been demonstrated using the “Pacifica” virtualisation support in AMD’s processors, and is undetectable to security tools running in the target system.

However, IT staff shouldn’t abandon a useful technology because of potential future risks. They should instead make systems as secure as they can, while pressuring vendors of virtualisation tools to make it as difficult as possible to take unauthorised control of the virtualisation layer.