The Peer Incite on May 3, 2011, featured a debate on the benefits of virtualization of Oracle workloads. A great synopsis of the positive reasons for migration were given by Nathan Briggs, CEO of House of Brick as a Wikibon article. Wikibon has also indicated its full support in a research note called "Damn the Torpedoes: Virtualize Oracle as Fast as Possible" for taking an aggressive approach to virtualizing product Oracle systems.
Bill Santilli, however, took a more cautious and pragmatic approach in saying that the risks of introducing an extra layer of complexity are not justified for many mission critical workloads.
Wikibon suggests five main areas for CIO focus when reviewing whether or not to virtualize mission critical applications:
Server Capacity Requirements of the Application
The business case for running multiple virtual machines on a single physical machine is overwhelming. The case for reduction goes down dramatically as the number of virtual servers on a physical server goes down. The CPU tax of 18%, the I/O tax of 20% for higher quality storage together with the cost of VMware licenses will eliminate cost reduction as a reason for virtualization as the size of the individual workloads increase to be a significant percentage of server capacity.
Application High-Availability Requirements
Virtualization and the use of VMware’s Site Recovery Manager can be very cost-effective methods of providing “good enough” high-availability solutions. However, the very highest levels of availability require the use of Oracle RAC and other solutions and are often based on non-X86 architectures. If the line-of-business can cost-justify the expenditure (and especially if a platform migration is required), virtualization is very unlikely to be an optimum strategy.
Application and Data Security Requirements
Current security practice for X86 systems is based on creating and defending walls around physical parts of the infrastructure. The walls and the defenses are not perfect, but there is significant experience within the security community on how to establish best practice in such an environment. To achieve very high levels of security, an integrated architecture involving hardware and software functionality is required: for example, mainframe systems from IBM and Unisys have much higher levels of security functionality based on their ability to define a complete, integrated security-stack including hardware and software.
At the recent EMCworld, Paul Moritz spoke of the requirement to develop virtual walls with both hardware function (from Intel) and software function. He pointed out the monitoring tools patrolling these walls would be creating so much data that completely new security analytic tools were required. VMware is making aggressive investments in security, but the bottom line is that VMware security is currently still a work in progress. The level of security that can be achieved by this new approach has yet to be assessed by the security community.
For systems requiring the highest levels of security, best practice for VMware will continue to be to create physical walls round the virtual resources, and isolate sensitive applications as much as possible. This may mean creating multiple VMware secure islands and may impact the business case for virtualization.
Potential for Optimization of Oracle Licensing
In a research note called "Oracle Negotiation Myths and Understanding Virtualization Adoption in Oracle Shops", Wikibon is on record as saying that achieving long-term significant reduction of Oracle licenses using virtualization is an illusion. Short-tem tactical savings can be made, but care should be taken in assuming that those savings will survive the next budget cycle. Oracle savings should not be a significant part of the business case for virtualizing an application.
Application Requirement for Oracle and ISV Support
For most customers, Oracle does not provide support and qualification for virtualized environments, with the exception of Oracle RAC. Oracle can and does insist on the recreation of new problems in a physical server environment. Wikibon has discussed these issues extensively. At the end of the day, the line-of-business and application development will have to decide if the threat or reality of reduced support is more significant than the reduced operational costs.
Action Item: CIOs should take a pragmatic approach and fully engage the different parts of IT and the lines-of-business in decisions on whether or not to virtualize production Oracle-based applications with high business value. There is plenty of low handing fruit for virtualization of production applications. Wikibon would recommend ensuring that every application virtualized is a success rather than pushing the envelope too quickly.