S 3.71 Virtual environment training for administrators

Initiation responsibility: IT Security Officer, Top Management

Implementation responsibility: Head of IT, IT Security Officer

Virtual infrastructures constitute an important infrastructure element in a computer centre. They offer significant potential savings when compared to traditional server structures and are prevalent in computer centres. Therefore, it should be ensured that all persons commissioned with the administration of the virtualisation components possess sufficient knowledge of the products the virtual infrastructure is based on.

Virtualisation servers are characterised by high degrees of complexity. Along with virtual IT systems, they also contain a hypervisor, as well as network components such as virtual switches and proprietary services. Since misconfigurations on virtualisation servers often have severe consequences for the virtual IT systems operated thereon, there are higher requirements for the administrators of the virtualisation environment. Therefore, it is important that these administrators are sufficiently trained so that they avoid problems by their own actions, detect technical problems early on and eliminate them, and make optimum use of the functions and security features of the virtualisation tools. This way, they are in a position to to master the functions of the respective virtualisation product and to assess the consequences of changes to the configuration.

The training measures should impart sufficient knowledge for planning, designing, and operating the virtualisation environment selected for use.

Even if the administrative tasks are separated (see S 2.446 Separation of administrative tasks for virtualisation servers), all administrators must be familiar with the basic principles of the selected virtualisation technology, since the previous separation of specialised areas such as server, network, and storage operations will be terminated.

When planning a virtualisation environment, a sufficiently large budget must be planned for the training measures. Likewise, the periods for the training measures should be scheduled in good time in order to avoid personnel resource bottlenecks.

Training measures regarding the virtualisation of IT systems should at least include the following elements:

• Basic principles and concepts of the respective virtualisation system
• Creation and implementation of internal policies and regulations for computer centre operations
• Knowledge of the commands and user interface of the respective components
• Planning of a virtualisation environment regarding network dimensioning and protection, as well as hardware dimensioning for CPU, RAM, network, and storage network resources
• Preparation of the virtualisation server's operating system
• Installation and configuration of the virtualisation system
• installation of the operating systems in the virtual IT system
• Network configuration of the virtual IT system
• Operation
• Monitoring, administration
• Logging
• Securing and administrating configurations
• Securing virtual machines
• Automation processes
• Analysis and troubleshooting

It should be ensured that the training measures include sufficient practical parts, along with the theoretical parts.

Review questions:

• Are training measures conducted for the administrators of virtual environments which contain the recommended minimum contents?
• Have the administrators been trained sufficiently so that they are able to avoid problems by their own actions, to detect technical problems early to, and to make optimal use of the functions and security features of the virtualisation tools?