387 Chapter 23: Introduction to Virtualization Install VMware Tools. Selecting this link immediately mounts a virtual CD-ROM into the virtual machine, which contains the software that you need to install. The VMware Tools virtual CD contains versions for Windows and Linux guest operating systems, both of which typically will automatically display the virtual CD’s contents. For example, Figure 23-19 shows the result in the Ubuntu virtual machine of selecting the Install VMware Tools option from the VMware management console. TIP When you install VMware Tools, you no longer need to press CTRL+ALT to release your mouse and keyboard from the virtual machine console. Instead, you can interact with the console and the guest operating system as if it were another window on the host computer’s desktop. Figure 23-19. VMware Tools in the Ubuntu virtual machine 388 Networking: A Beginner’s Guide Backing Up Virtual Machine Data In a production environment, you need to consider how you intend to back up the data on your virtual machines. There are several approaches: N You can shut down or suspend the virtual machines, and copy the entire virtual machine file from its location in your datastore to some sort of backup media. If the virtual machine contains a number of installed applications but little changing data, then this can be a good backup strategy. (Note also that virtual machines can be moved between computers, so to recover a virtual machine, all you need to do is move it to a computer running a compatible version of VMware Server, and then import the virtual machine file and start it up.) N From within the virtual machine, you can set up a process to copy its data files to another location on your network, which in turn might be backed up onto a tape drive or other backup media. N Most of the higher-end backup software solutions sell add-on products that let you back up files from within VMware virtual machines. Chapter Summary In this chapter, you learned the essentials of virtualization, and the benefits it can bring to networks. You learned about inexpensive virtualization solutions from Microsoft and VMware, and you learned how to set up a virtual machine in VMware Server running Ubuntu Linux. Virtualization has become very important in business networking, because ultimately it helps companies do more with less (a common corporate mantra). Accordingly, it is important that people working in the networking field understand virtualization, the benefits it can bring, and how to work with it. If you didn’t actually set up a VMware Server system as outlined in this chapter, I strongly recommend that you do so at some point. There’s no substitute for actually experiencing how powerful and useful virtual machines can be. 389 Appendix Understanding the Sarbanes-Oxley Act 390 Networking: A Beginner’s Guide D uring 2001 and 2002, a number of large accounting scandals—involving companies like Enron, WorldCom, Global Crossing, and Tyco—rocked the business world. These various scandals, which substantially reduced investor confidence in the U.S. equity markets, resulted in Congress passing a law called the Sarbanes-Oxley Act of 2002. The Sarbanes-Oxley Act of 2002, also known as SarbOx or SOX, establishes a framework that governs the accuracy and fairness of financial reporting for publicly traded companies in the United States, and implements a number of rules to help reduce the potential for accounting fraud. Because information technology (IT) systems and processes play an important role in a company’s accounting and reporting duties, the IT department is a critical part of a company achieving SOX compliance. Almost all of the impact from SOX that affects IT departments comes from a single section of SOX, called Section 404. However, before exploring the effects of Section 404 on IT departments, it is helpful for you to understand the basic contents of SOX. This appendix begins with a summary of SOX, and then covers key procedures for an IT internal control system, including compliance testing. The final section presents some examples of IT standard operating procedures (SOPs). Sarbanes-Oxley Act Summary SOX is divided into 11 main parts called titles, each further broken down into a number of sections. Each title contains between one and nine sections. NOTE You can download the entire text of the Sarbanes-Oxley Act of 2002 from the Public Company Accounting Oversight Board web site (http://www.pcaobus.org). On the home page is a link to a PDF containing the full text of SOX. You can also use a search engine to look for “Sarbanes-Oxley Act of 2002,” which should provide some alternative links from which you can download SOX. Title I: Public Company Accounting Oversight Board Title I mandates that a Public Company Accounting Oversight Board (PCAOB) be established. The PCAOB oversees the auditing of public companies. This includes setting up rules that control the auditing, quality control, ethics, independence, and other standards relating to audit reports. Under Title I, all public accounting firms must register with the PCAOB. Each accounting firm must provide the PCAOB with details on which public companies it audits, the fees it earns, and any complaints or adverse actions against the public accounting firm. Title I also includes a number of administrative details about the PCAOB, such as the composition of the board, how long the members serve, and so forth. 391 Appendix: Understanding the Sarbanes-Oxley Act Title II: Auditor Independence Title II specifies rules that are designed to increase the independence of public accounting firms and help ensure that their audit opinions are not clouded by other business dealings they may have with the company being audited. It includes the following rules: N The accounting firm may not provide, at the same time as its audit, any bookkeeping, computer system design or implementation, valuation services, actuarial services, or other nonaudit services for the company being audited. N The accounting firm may provide some nonaudit services that are not specifically prohibited for the company being audited, provided the company’s audit committee expressly approves such engagements. N The accounting firm’s partner that is engaged with the company being audited must be rotated to another partner every five years. N The key financial executives (CEO, CFO, and Controller) of the company being audited cannot have worked for the accounting firm for a one-year period prior to the audit. Title III: Corporate Responsibility Title III of SOX sets a number of rules regarding corporate responsibility. These rules, if they are not followed, can result in a public company’s stock being removed from the relevant stock exchange (such as NYSE or NASDAQ). Section 301 covers public company audit committees, as follows: N Audit committees are directly responsible for the appointment, compensation, and oversight of the accounting firm providing audit services, and for resolving any differences in opinion between the audit firm and the management of the company regarding accounting treatments and interpretations. N Accounting firms that are providing audit services to a company must report directly to the audit committee of the board of directors. N Members of an audit committee cannot accept any nonboard fees from the company for which they serve on the board of directors, and they cannot be “an affiliated person” of the company or any of its subsidiaries. N The audit committee must set up procedures for the receipt, retention, and treatment of complaints received by the company regarding accounting, internal accounting controls, or auditing matters. This is sometimes called a “whistleblower” system. NOTE An audit committee is a subset of a company’s board of directors. This committee is charged with ensuring the accuracy of the company’s financial reports and for reviewing key accounting and financial policies. . of backup media. If the virtual machine contains a number of installed applications but little changing data, then this can be a good backup strategy. (Note also that virtual machines can be. potential for accounting fraud. Because information technology (IT) systems and processes play an important role in a company’s accounting and reporting duties, the IT department is a critical part. substantially reduced investor confidence in the U.S. equity markets, resulted in Congress passing a law called the Sarbanes-Oxley Act of 2002. The Sarbanes-Oxley Act of 2002, also known as SarbOx