Network World - When it comes to sampling innovative technology, Schwan Foods, a multibillion-dollar frozen food producer, digs right in.
The Marshall, Minn., company became an early adopter of VMware ESX Server technology, beginning beta tests in 2001 and launching its formal virtualization project in 2002.
Schwan went on to become one of VMware's first enterprise licensees and by 2008 had virtualized two-thirds of its servers, says Cory Miller, the company's senior IT operations manager.
Schwan's virtual server infrastructure today comprises 55 ESX hosts running between 700 and 800 virtual machines. In addition, 44% of the company's 18,000 desktops are virtual, Miller says.
No wonder Schwan began hankering for virtualization-layer security years ago.
When Schwan began its virtualization implementation, it decided to run VMware's ESX on bare-metal hardware rather than selecting a hypervisor that would sit atop a Windows or Linux operating system.
That was a way to avoid having to worry about operating system patches or security flaws affecting the hypervisor, Miller says. "Still, initially, we used our virtualization for a lot of transactional data but not for credit-card processing or other sensitive data," he adds.
By 2005, Schwan felt comfortable moving sensitive data into the virtual environment. It used traditional physical firewalls to mask, protect and segregate user environments across the development, staging, quality assurance and production networks, Miller says.
But it didn't take long before problems appeared.
"I could put different kinds of sensitive data – credit card or HIPAA, say – on the same systems and lock them down because we followed the same processes, auditing and compliance for them. But I didn't want to put a SharePoint server on the same host that was processing credit cards," he says. "I could track the data going host to host, but I didn't have the control, monitoring or capabilities to see what was going on within a host."
Addressing that situation meant carving hosts out of the resource pool and creating lockbox environments for sensitive data. And that, in turn, meant Schwan wasn't getting enough throughput or efficiency out of its hosts, Miller says.
So Schwan immediately began looking for a virtual firewall that could sit at the virtualization layer and do the segregation. It selected vTrust Security from Reflex System, at the time one of the only companies offering a virtual firewall, Miller says.
Schwan can still segment sensitive environments, but now Miller does so out of the entire host pool rather than carving off sections of it, he explains. The virtual firewall inspects traffic on a host and blocks its movement from one guest machine to another.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- 4 Customers who never have to refresh their PCs again This paper illustrates a common theme: the combination of desktop virtualization and thin client computing helps organizations deliver an up-to-date user experience more...
- Mobile Devices: The New Thin Clients Get essential guidance for understanding the role thin clients plus virtual desktops play in the enterprise today.
- Taking Windows Mobile on Any Device Taking Windows applications mobile has many advantages, but the process of identifying a solution is complex. Learn how to solve this complex problem...
- PaaS - Powering a New Era of Business IT Why PaaS has suddenly become relevant and irresistible to many organizations. Dive into the opportunities and considerations associated with using PaaS from an...
- Redefine Your IT Operations: Remote Office IT Has Never Been Simpler Join us to see why PC Pro named Dell PowerEdge VRTX the "2013 Server of the Year." PowerEdge VRTX may be just what...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Hardware White Papers | Webcasts