We are attempting to implement a development environment using virtualization for a small team of 4 developers within an enterprise organization. This would allow us to set up separate development, testing, and staging environments – as well as allowing access to new operating systems that are requirements for systems or tools we are evaluating. We re-purposed an existing workstation-class machine, threw in 24GB RAM and RAID-10, and were doing fine until we attempted to get the machine added to the domain.
Now we are beginning the war that all enterprise developers since the beginning of time have had to fight – the fight for local control of a development and testing environment. The network and IT admins' have raised concerns ranging from "ESX Server is the enterprise standard" to "servers are not allowed on client VLANs" to "[fill-in-the-blank] is not a skill set currently possessed in the local or enterprise IT organization".
We could justify production-class hardware and formal IT support if we had to, but it would take time and involve a whole lot of headache. Even then it might take months to formally get IT resources assigned by treating this as a production system – and even if we did, we would likely lose the local control we need.
I imagine that many of you have had similar struggles over developer control of non-production environments – and virtualization in particular – so my questions are as follows:
- What strategies and arguments have helped you win over the infrastructure (IT & Network) folks to allow these types of silos to exist within enterprises which have standard network and security policies in place that would generally (and understandably) preclude this type of non-(centrally)-managed infrastructure?
- Have you found this to be a matter of technical justification – or more of a political struggle for control and ownership?
- If you ended up with a IT-managed development environment, how much of a roadblock has it been for day-to-day development and testing?
- Has anyone ended up moving their development environment to a disconnected VLAN or entirely separate network to avoid these network access struggles?
Also, this is not a Hyper-V vs. ESX holy war (we would be fine with either – but Hyper-V was selected since it is "free" with MSDN for these purposes [yes, VMWare has free tools too – but the good management tools generally aren't], and would be easier to manage by the local developers in a "Microsoft Shop") – so arguments for or against either are outside the scope of this question.
This is also less of a virtualization vs. physical hardware – I suppose the same question could be asked without the virtualization component to the equation.
Also assume that the dev team has already made assurances to either manage patch management and antivirus, or integrate with the existing enterprise systems if they will support it.
This scenario, with different questions, is also posted on SF to hopefully elicit the opposing viewpoint.
Best Answer
You've gone "off the reservation", and are trying to justify it.
This isn't about virtualization; It's about control and responsibility. The IT department has responsibility for the safety and reliability of the company's systems. To make sure they work, IT keeps them under their own control. You've built a system not under the control of IT, and it's now becoming a problem.
The usual reasons programmers want their own systems, in my experience, is:
Ultimately, when you go to production, you will want an IT-managed system that's completely locked down. But while you're developing, you need flexibility. Some suggestions: