Application virtualization provides a rich solution for managing secure, multi-tenant operations in the data center and the cloud. Among the features that enable this solution is that of isolation. This feature functions on two levels:
- Isolating a single instance of an installed application into a package that can be automatically distributed to endpoints, based on provisioning policies; and
- Executing an application instance inside an environment that protects it from access from other instances.
The resulting benefits seem fairly straight forward. Among them, application virtualization eliminates the worry of application conflicts as well as data leakage, and greatly decreases the attack surface of applications. When combined with a solution that offers ease of packaging, application virtualization quickly becomes a solution to provisioning and managing all sorts of complex software environments. As a result, many enterprises are looking at application virtualization as their new method of application management and delivery.
At the same time, application virtualization needs a controlled environment, especially when applications have unexpected results, including not processing as intended and negatively impacting other applications. One solution answer is to provide a “sandbox”, where the application remains isolated. With a safe and controlled sandbox, the confined application is free to run.
What about secure multi-tenancy? There are multiple flavors of application virtualization. Of those I have reviewed, I have found instance-level isolation to be most compelling.
Running applications within instance-level isolation provides disciplined resource management. One can allocate system resources (such as CPU cores, disk space, etc.) to an instance, and allow access to the resources without conflict. Instance-level isolation has the advantages of providing very low overhead to the performance of each instance, so that one can run multiple instances on a single system with close to bare metal performance. Other advantages of instance-level isolation include basic monitoring, providing discrete view of the application stack. Providing administrators and developers with a very clear and precise picture of what is really happening enables isolated problem solving. Encapsulating problems within an instance by using instance-level isolation stops the spread and potential cascading effects.
One pervasive cascading effect is a runaway process, which consumes any and all available resources and can bring a server to a halt. Encapsulation prevents that from happening: with a safe and controlled allocation of resources, only that instance would be impacted, and potentially halted. Without impacting other services, the administrator can address a specific problem, as well as transparently manage change. It is easier to upgrade to a newer version of a core library, needed by one application, if one doesn’t have to test for any negative side effects on others. If, for example, memcached needs a newer version of libevent than that required by another application, one can easily upgrade the memcached instance. Try doing that on a machine where all applications are physically running, or without a 1:1 VM to application mapping.
Instance-level isolation carries multiple advantages over these. Among these are the superior scalability, reduced overhead and improved manageability on the side of instance-level isolation, as well as lower setup and maintenance costs over traditional virtualization of the full OS and HW stack. This is achieved by wrapping each virtualized application in its own protective bubble. In doing so, each application, for all intents and purposes, appears to be the only one running, and any writes or changes it makes to the base system are transparently virtualized, such that conflicts, collisions, and contention do not occur. Instance-level isolation had been developed to address the “unknown” of client devices, and provides a clean way to package apps to be sent to users such that the virtualized apps do not conflict with one another, or with local apps on the base system.
Reviewing various products, I have seen demonstrations showing how VPEP offers instance-level isolation. VPEP achieves this by virtualizing each component required to execute a complete service, storing the meta- and user data on the file system, and running components as needed, which provides greater scale out capacity. I am keen to delve further into how they achieve this – this blog entry provides more detailed information.
All in all, there are benefits when enlisting private cloud or public cloud providers to offer instance-level isolation. This is definitely what I see as another win on the path to true secure multi-tenancy.
Top Posts