From a security perspective, virtualization is a mixed bag. On the one hand, it centralizes server and storage management and can shore up security weaknesses in distributed computing. On the other, consolidating physical servers using virtual servers creates distinct security challenges.

First the pluses: Fewer physical servers should be easier to manage. The shared storage that accompanies virtualization is likely to be more reliable and manageable than distributed direct-attached storage. Shared storage also complements the business continuity features of virtualization technology. Using VMware's VMotion, for instance, virtual machines can be migrated to backup servers in real time if the storage is shared.

Desktop virtualization can enhance security as well. In this scenario, traditional PCs can be replaced with less expensive thin clients from vendors such as Wyse Technology, which draw virtual desktop images from servers, centralizing data management and increasing security.

These positives are persuasive enough to help sell virtualization solutions. "Virtualization is hard to sell on its own," says Michael Aaron, managing director of client experience at E-ternity Business Continuity Consultants and a VMwarecertified engineer. "But if you tie it to security and explain that virtualization can minimize risk, there's a better chance of making the sale."

To deliver on this promise, virtualization providers must ensure that virtual machines, and the servers they run on, are truly secure. That means adding security controls to every virtual machine, just as you would on a physical server, says Jim Potts, technology solutions engineer at Ingram Micro. "If you don't employ standard security procedures on each virtual machine, you are creating a vulnerability."

Another concern relates to "dormant" virtual machines, a problem because virtual machines are so easy to create. "Let's say someone creates a virtual machine, but then doesn't use it for six months," Potts says. "That machine may not have been given all the security patches while lying dormant. When you bring it back up, it can become a vulnerability." To avoid such dangers, Potts advises carefully policing virtual machine creation, as well as deploying virtualization-aware security solutions from ISVs such as Check Point, McAfee and Symantec.

Security holes also can arise when virtual storage and networking aren't configured properly. Especially dangerous are virtual network links that could enable unauthorized communications among virtual servers. "If untrained personnel attempt virtualization configurations without understanding the security implications, business-critical data such as e-mail or customer information could be exposed to hackers and malware," Aaron says.

The solution to such problems, of course, is expertise. Solution providers who need assistance can call on Ingram Micro Virtualization Services, virtualization assessment and delivery services provided by the Ingram Micro Services Network (IMSN). The service supports leading virtualization vendors such as Citrix Systems, EMC, Hewlett-Packard, IBM and VMware. For more information, contact your Ingram Micro sales representative.