As we are going through a virtualized world, we have to be more concern about the security of our important data from the vulnerabilities. The more functions in an operation system means , there is more chance to get affected by the external threats.
10 years ago, every single Server operating system was connected to different hardware/physical server boxes like in a server room for an enterprise we can see an DC, application server, FTP server, Web server, print server etc in separate machines, is more cost effective, consume more power, need more space and more over difficult to manage. Several functions/roles in a single server also more expose to the external attacks and if one service get compromised all other or the whole server affect. The high capability of the server can have more functions but may don’t have enough security.
A Hypervisor can contain multiple instance and can facilitate separate operating systems in different platforms in a single hardware/physical box. Each functions or service can install in separate instances with required operating systems. The less functions in a single server lead to less vulnerable and more secure for the other instances or functions. Even if one instant get compromised with external attack, the other instances will be safe as long as they having firewall protection. The communication between the programs inside the different instance can be happen by allowing opening the required port to the required destination in the firewall. For example, if One Hypervisor is having three separate instances – web server(apache), Database server(Mysql) and FTP server(IIS), We can facilitate the communication between the web server and database server through port in the firewall. Through this an attacker have no chance to get into the server because all other ports will be protected by the Firewall. Even if one instance or server get compromised, the remaining servers or instance will be safe.
We can have multiple physical boxes and can cluster together by the Hypervisor management software, so in case any physical server is down the same instance migrated into the other Esxi will function.
Through the management software like vSphere/Esxi, we can make the multiple physical server in a cluster and all the instances in a single physical server will synchronize periodically with the other corresponding instance in the secondary physical server. Through clustering, servers will never down and will always up even if once instance fail other corresponding server will up at the same time.
We can utilize the storage also through the clustering technique by using powerful SAN storage which will be having multiple storage disks configured through RAID technology and connected to the instances through iSCSI protocol. Even if one disc fail the remaining will function properly without any data/time loss.