With all the work going into things like OVF and working out how we’re going to make sure that the applications/servers operate in the way we want across supplier there is a few critical things that have yet to be addressed… These are Network related, specifically, Network portability, QoS and Security zone transference.
Currently OVF supports information around the virtual system i.e. Virtual Hardware Selection which could include a number of different components including Ethernet adapters, system requirements and a range of other options. Currently there isn’t a way to specify more detail.
For example the Ethernet Adapter section only allows for Logical Name grouping (OK and MAC address specification, but I won’t go there just yet), where all VMs with the same Ethernet Logical name are placed in the same segment. That’s well and good but how does that translate from my private, or corporate, network to a hosted one? Currently it doesn’t.
Whilst there is nothing on QoS, it is a very complex piece of negotiating ensuring that something gets the correct network priority (also only really applicable when looking at private links between hosting company and customer) when dealing inter-company (Then again priority of 1 VM over another in your sub domain, is a very real thing).
How about security zoning? Surely there could be a simple untrusted, semi-trusted and trusted/secure model put forward, ensuring that applications bundled in the OVF framework could be virtually segmented and separated by firewalls or just basic ACLs? I’m not saying that the rule base needs to be passed on, seriously, when have application developers been that switched on that they unerstand what port is on what, etc? But it would allow for smarter integration with something like Chris Hoff’s A6 idea. and ease some of the regulatory compliance pain.
I’ll be watching the standard closely as it progresses and more so once VMware’s vCloud platform is officially launched.