Feeds

How many VMs are on your LAN – and how sure are you?

Server sprawl is virtually back

Internet Security Threat Report 2014

Server virtualisation is taking companies back to the bad old days when they had no idea how many PCs and servers they had, because employees were buying them unchecked.

Now it is all too easy to run up a new virtual Windows server, without realising that under Microsoft's rules, each virtual machine (VM) needs its own software licence. As a result, company bosses risk being hit with large fines for running unlicensed systems, warns Walter Scott, the CEO of backup software developer Acronis.

"Right now people are bringing up machines without management knowing – in my company we had 12 added without my knowledge," he said. "We see a lot of customers trying to balance their VM count – they're losing control of it. It's like the server sprawl we saw 10 or 15 years ago.

"My concern is people will bring up unlicenced machines, and that's a big fine for wilful infringement."

He suggested this could even be one reason why Microsoft has sought to limit the number of times a Windows licence can be moved from server to server as part of a VM.

"I think software asset management is why Microsoft is changing its licensing," he said. "My understanding is that you're only allowed to move a VM so many times a year, they own't let you move it to and fro."

He pointed out that you can't find VMs with a physical asset check - you have to audit the network and hope they are online.

Even then, much network auditing software was written with physical servers in mind, and it can have problems detecting VMs, simply because it is not looking for the right things.

Craig Isaacs, president of Neon Software, said that while it is no problem for his LANsurveyor auditing tool to track VMs once they have been detected, it needed work to enable it to pick them up in the first place.

"We put special hooks into LANsurveyor for discovering and identifying VMs because people were having so many problems with understanding exactly what was running on their networks," he explained.

"In most cases it actually is no more difficult to discover the VMs and what's on them," agreed Francis Sullivan, CTO of Spiceworks, which is about to release a new version of its free IT management and discovery software.

"Of course, just like physical assets, people can configure them incorrectly making them undiscoverable or they can do that intentionally," he said. "The good news is that that's a small percent of the time."

Isaacs added that it's possible a VM won't be spotted on the first scan, particularly if attempts have been made to hide it, although a continuous network scan should pick it up later.

The irony in all this is that Walter Scott's company is at least partly responsible for the growing virtual sprawl and his resulting sleepless nights – as part of its backup mission, Acronis sells software that makes it easy to convert physical servers into virtual and vice versa. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
NASA launches new climate model at SC14
75 days of supercomputing later ...
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS
Trio of XSS turns attackers into admins
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.