WEBVTT

00:00.769 --> 00:04.780
>> Virtualization.
The idea about

00:04.780 --> 00:06.250
virtualization is we can have

00:06.250 --> 00:07.990
a single physical machine that

00:07.990 --> 00:10.540
is virtually divided into
individual systems with

00:10.540 --> 00:12.420
individual operating
systems with

00:12.420 --> 00:14.475
individual functions and so on.

00:14.475 --> 00:17.145
Virtualization is
about isolation.

00:17.145 --> 00:19.350
I'll give you an
example, back with

00:19.350 --> 00:21.730
DOS stories from
the '80s and '90s.

00:21.730 --> 00:23.180
When we had DOS,

00:23.180 --> 00:25.895
we had applications that
wanted to run in DOS.

00:25.895 --> 00:27.695
A developer designs an app,

00:27.695 --> 00:29.890
often a specific
operating system,

00:29.890 --> 00:31.675
so when Windows 95 came out,

00:31.675 --> 00:33.610
we invested in all
these applications

00:33.610 --> 00:35.645
that didn't want to
run on Windows 5.

00:35.645 --> 00:38.445
What the developer
of Windows 95 does,

00:38.445 --> 00:40.930
is he created a new
operating system called

00:40.930 --> 00:44.430
DOS virtual machine, or a DVM.

00:44.430 --> 00:47.810
The DOS applications run
within that virtual machine,

00:47.810 --> 00:49.670
were able to function
while we still took

00:49.670 --> 00:52.130
advantage of other
features of Windows.

00:52.130 --> 00:54.330
Virtualization is nothing new.

00:54.330 --> 00:56.275
It's been around
for a long time.

00:56.275 --> 00:58.355
But of course, as
we're seeing it now,

00:58.355 --> 01:00.560
we're really extending
beyond that.

01:00.560 --> 01:01.790
Virtualization came out of

01:01.790 --> 01:03.260
that time period
when we had a lot

01:03.260 --> 01:04.790
of apps that we
were very specific

01:04.790 --> 01:06.244
>> to operating systems.

01:06.244 --> 01:07.775
>> I remember back at home,

01:07.775 --> 01:09.800
I had a Windows 98 and I wanted

01:09.800 --> 01:12.139
to upgrade it to Windows 2000.

01:12.139 --> 01:14.120
I was teaching a class on 2000

01:14.120 --> 01:16.430
so I wanted to get a lot of
hands-on practice with it.

01:16.430 --> 01:18.890
I installed Windows 2000

01:18.890 --> 01:21.380
and all of a sudden my
printer would not work.

01:21.380 --> 01:22.700
I just dropped a lot of money on

01:22.700 --> 01:24.680
this printer, like 500 bucks.

01:24.680 --> 01:27.290
Five hundred bucks is a
lot of money even today.

01:27.290 --> 01:28.970
What happened is, because there

01:28.970 --> 01:30.860
wasn't a driver
for Windows 2000,

01:30.860 --> 01:33.860
if I wanted to print I had
set up a dual boot system.

01:33.860 --> 01:36.540
I had go back and
reinstall Windows 98,

01:36.540 --> 01:39.140
then I had to re-install
Windows 2000 and set it up

01:39.140 --> 01:41.795
as a dual boot so that every
time I turn on my system,

01:41.795 --> 01:43.270
I'll get a startup menu.

01:43.270 --> 01:45.210
Would you like to
load Windows 98?

01:45.210 --> 01:47.190
Would you like to
load Windows 2000?

01:47.190 --> 01:48.990
What I actually did is I loaded

01:48.990 --> 01:50.639
>> Windows 2000 every time,

01:50.639 --> 01:52.095
>> and then if I
wanted to print,

01:52.095 --> 01:53.410
I had to save the file and

01:53.410 --> 01:55.760
reboot into Windows
98, so I could print.

01:55.760 --> 01:57.725
Clearly, not the most efficient.

01:57.725 --> 01:59.060
But now we have tools like

01:59.060 --> 02:01.460
Hypervisor with
Microsoft Virtual PC,

02:01.460 --> 02:05.325
Oracle's VBox, we have all
sorts of alternatives.

02:05.325 --> 02:06.825
This is much easier.

02:06.825 --> 02:08.590
Rather than having to reboot,

02:08.590 --> 02:10.250
I can open up a
system that's running

02:10.250 --> 02:12.800
specifically Linux-based
applications,

02:12.800 --> 02:14.060
another system that's running

02:14.060 --> 02:16.370
iOS and I have a lot
of flexibility on

02:16.370 --> 02:18.380
the same system with
a single boot to have

02:18.380 --> 02:19.790
the variation from operating

02:19.790 --> 02:21.919
>> system to operating system.

02:21.919 --> 02:23.690
>> Because of the isolations

02:23.690 --> 02:25.325
provided with virtual machines,

02:25.325 --> 02:27.320
this is great in
lab environment.

02:27.320 --> 02:29.420
I've software when a
test out and see how

02:29.420 --> 02:31.280
it's going to work on
a specific system,

02:31.280 --> 02:34.370
I'd never load that into
a production environment,

02:34.370 --> 02:36.080
but I have this great
little environment

02:36.080 --> 02:38.940
where I can test software
and mess around with it.

02:39.140 --> 02:41.410
Another beautiful thing about

02:41.410 --> 02:43.630
virtualization is snapshots.

02:43.630 --> 02:46.345
We've always been able to
backup and restore our data,

02:46.345 --> 02:48.130
then as the operating systems

02:48.130 --> 02:49.495
throughout the
years have evolved,

02:49.495 --> 02:52.025
we can do complete
computer resource.

02:52.025 --> 02:53.410
But the problem
with that is that

02:53.410 --> 02:54.880
it always takes some time.

02:54.880 --> 02:56.290
If I could take a snapshot of

02:56.290 --> 02:58.510
my virtual machine,
make whatever changes,

02:58.510 --> 03:00.520
and later discover those
changes don't work,

03:00.520 --> 03:02.440
it's very quick and very easy

03:02.440 --> 03:04.960
to revert back to a
previous snapshot.

03:04.960 --> 03:07.950
Yes, virtualization
solves a lot of problems,

03:07.950 --> 03:10.660
it makes a lot of elements
much easier to do.

03:10.660 --> 03:13.405
But we still have a tax
that are targeted at VMs.

03:13.405 --> 03:14.830
We have to make sure
we don't look at

03:14.830 --> 03:17.650
virtualization as the
key to all problems.

03:17.650 --> 03:20.660
We said one of the big
elements is great.

03:20.660 --> 03:22.640
Instead of having 17
different servers,

03:22.640 --> 03:24.155
I can go down to five.

03:24.155 --> 03:25.850
This is what we
did at the Foreign

03:25.850 --> 03:27.800
Service Institute
when I worked there.

03:27.800 --> 03:29.420
We had 17 servers,

03:29.420 --> 03:31.655
we moved things down to a
virtualized environment

03:31.655 --> 03:33.010
and reduce them to five.

03:33.010 --> 03:34.410
It took up less space,

03:34.410 --> 03:36.120
costs less money
to heat and cool,

03:36.120 --> 03:38.220
and it was a really
good situation.

03:38.220 --> 03:40.315
We had more room in
our server room.

03:40.315 --> 03:42.680
Great. But the problem
then was that we had

03:42.680 --> 03:44.450
multiple critical
services running

03:44.450 --> 03:46.060
on a single physical machine,

03:46.060 --> 03:47.360
meaning that we can never

03:47.360 --> 03:49.580
underestimate the likelihood
of these systems going

03:49.580 --> 03:51.320
down and not just taking down

03:51.320 --> 03:53.605
one service but
taking down many.

03:53.605 --> 03:56.060
We have to think about
physical security.

03:56.060 --> 03:58.760
We have to think about
physical performance because

03:58.760 --> 04:01.655
one system scan takes
down a lot of services.

04:01.655 --> 04:03.470
We also have to think
about things like

04:03.470 --> 04:05.990
multi-leniency and
virtualization is

04:05.990 --> 04:07.850
really what makes
the Cloud work.

04:07.850 --> 04:10.130
It wouldn't be
profitable to Google or

04:10.130 --> 04:11.300
Microsoft if they had

04:11.300 --> 04:13.465
detected hardware
for every customer.

04:13.465 --> 04:15.455
I want hard drive space,

04:15.455 --> 04:17.780
they have what I need,
and they sell it to me.

04:17.780 --> 04:20.180
That's not profitable.
Of course,

04:20.180 --> 04:22.310
what the major cloud
service providers do,

04:22.310 --> 04:23.810
is they take these
massive systems

04:23.810 --> 04:25.325
with lots of capabilities,

04:25.325 --> 04:26.750
divvy it up, and essentially

04:26.750 --> 04:29.430
sell virtualized environments.

04:29.800 --> 04:32.540
The problem with that
is that many hosts or

04:32.540 --> 04:35.245
organizations are sharing
the same physical equipment.

04:35.245 --> 04:37.150
We call that multi-leniency.

04:37.150 --> 04:39.950
Anytime I have another
organization that I know nothing

04:39.950 --> 04:41.510
about on the same
physical machine

04:41.510 --> 04:43.055
as my resources I have,

04:43.055 --> 04:46.225
I want to protect, that
gives cause for concern.

04:46.225 --> 04:49.640
We can't say any virtualization
solves every problem.

04:49.640 --> 04:51.500
We have to be very mindful.

04:51.500 --> 04:52.940
One of the things
we'll talk about in

04:52.940 --> 04:54.860
the next slide is
the Hypervisor.

04:54.860 --> 04:56.870
The security of our
virtual machine has

04:56.870 --> 04:59.720
to start with the security
of the Hypervisor.

05:00.100 --> 05:02.330
Another nice feature
that comes with

05:02.330 --> 05:05.860
virtualization is the virtual
desktop infrastructure.

05:05.860 --> 05:08.930
The way this works, is we
start out with a master image.

05:08.930 --> 05:11.990
That is sometimes called the
golden image because it's

05:11.990 --> 05:15.470
configured exactly how we
want it. It's our baseline.

05:15.470 --> 05:16.940
This is our image with

05:16.940 --> 05:19.340
an operating system,
all the applications,

05:19.340 --> 05:21.905
the security modifications,
whatever we want,

05:21.905 --> 05:24.310
and we save that
as a golden image.

05:24.310 --> 05:26.510
The Virtual Desktop boots off

05:26.510 --> 05:28.970
that image and executes
it in that image,

05:28.970 --> 05:30.590
and the beauty of this
is even though they

05:30.590 --> 05:32.525
can make changes while
they're logged on,

05:32.525 --> 05:35.435
all the changes are reverted
within system reboots.

05:35.435 --> 05:37.010
This keeps users from storing

05:37.010 --> 05:38.855
files places that
they shouldn't.

05:38.855 --> 05:41.445
It keeps them from
cluttering up their desktop.

05:41.445 --> 05:43.460
Keeps them from making
some of the mistakes

05:43.460 --> 05:45.260
that users do and this gives

05:45.260 --> 05:46.970
me as an administrator really

05:46.970 --> 05:49.550
great control over
the baseline systems.

05:49.550 --> 05:51.470
Do what you want to
while you're logged

05:51.470 --> 05:53.420
in but next time you reboot,

05:53.420 --> 05:56.100
you go back to the golden image.

05:57.130 --> 06:00.590
Another implementation
of virtualization

06:00.590 --> 06:02.855
is the virtualizing
applications.

06:02.855 --> 06:04.520
The idea here is I might have

06:04.520 --> 06:07.085
multiple applications that
conflict with each other.

06:07.085 --> 06:08.630
Maybe I need to run Office

06:08.630 --> 06:11.675
2016 and Office 2020
on the same system.

06:11.675 --> 06:14.270
Now, if you install
both of those,

06:14.270 --> 06:15.890
Office 2020 is going to

06:15.890 --> 06:18.335
overwrite some of
the files in 2016,

06:18.335 --> 06:20.975
and 2016 isn't going
to work right.

06:20.975 --> 06:24.425
What I can do is use
application virtualization.

06:24.425 --> 06:26.390
This is ultimately
where a package is

06:26.390 --> 06:28.280
created based on
the application,

06:28.280 --> 06:30.085
and it's installed
on the server.

06:30.085 --> 06:32.990
Now as a client, when I
access that application

06:32.990 --> 06:34.520
it's running on the server as

06:34.520 --> 06:36.655
opposed to on my local machine.

06:36.655 --> 06:39.275
This is a lot like
software as a service,

06:39.275 --> 06:41.690
this is a lot like terminal
services if you use

06:41.690 --> 06:44.060
that back in the
day, and ultimately,

06:44.060 --> 06:45.860
that keeps me from
having to install

06:45.860 --> 06:47.765
this application
on my local system

06:47.765 --> 06:49.690
where I might have conflicts.

06:49.690 --> 06:53.050
We refer to that as
software virtualization.

06:53.050 --> 06:54.845
Microsoft has a product called

06:54.845 --> 06:57.390
App V that'll help with this.