We used to segregate our services, each on their own server (http/smtp/ftp/etc) so if one get broken into the remaining others would be relatively safe (this ofcourse depends on the type of exploit used to get into server X and the availability of this hole on the remaining servers). Herding your servers onto one big server in the form of virtual might result in the big bad wolf penetrating the fence and finding a nice flock of easy pray.

Rafal Los has a point ,with ‘green’ pro environmental thinking have found it’s way into the IT world, managers seem quite concerned about trying to cut down power consumption which, according to the vendors mentioned, can be achieved through virtualisation.
We are currently suffering such a manager being convinced VM will save atleast 30%. The only fun is the server fit to run all virtual environments itself consumes already 10% more when idle. (Our first ‘shepherd’ server which did consume 30% less power quickly ran out of resources resulting in a DoS of the smtp VM)
Regarding the rising oil prices the manager does have a point, but this adds little to security which should be prime in a 5000+ user environment.

It is worth noting that the risks do not just stem from the risk of compromise of the underlying hypervisor, but the risks to availability, with many servers being hosted on the same physical hardware, are also increased.

Unfortunately security is always behind the hype & marketing machine… so we have no choice but to figure out how to secure virtualized environments; likely this means a continuing flood of tools and services which companies will be unwilling to pay for.

Merry Christmas.