2009-02-25

New Maximums for vSphere

Announced by Steve Herrod today on stage in Cannes today:
  • 8 virtual CPUs
  • 256GB per VM
  • 40 GB/s network throughput
  • up to 64 nodes per cluster
  • up to 4096 cores to manage
  • full support for Distributed Power Management (DPM), which saves 50% Watts consumption during VMwark benchmarks
So much info flying around and coming in so fast, that I am sure, that most of it will be dealt with in more detail, once everyone has the time
more to follow


2009-02-23

vCenter Server Heartbeat - VMworld Europe

Well even though the announcement was only today at VMWorld Europe 2009, the cat was let out of the bag, (not by me..but here here and here) so I will provide a bit of what I learned about the product from the webcast on February 10th. We were asked not to disclose anything until the announcement in VMWorld in Cannes.

Session will be at the upcoming VMworld in 2 weeks in Cannes - (DC10 - Chosing a Solution for vCenter Server Availability)

vCenter Server Heartbeat will be a High Availability Add-on that will allow you to keep your vCenter up and running at all times - a Fault tolerance (FT) solution if you wish for vCenter.

Q&A from the session follows but here are some highlights
  • GA - Sometime in March
  • Will protect one instance of vCenter Physical or Virtual.
  • Will protect the SQL instance that vCenter is using (be it on the vCenter server or a remote SQL server).
  • Does not work with Oracle
  • Will work over the WAN
  • Will come as an additional Application not a plugin
  • Estimated Price ~$10,000 per vCenter instance + SNS (Bundle of vCenter + Heartbeat - ~$13,000

Q: When does / did vCenter Server Heartbeat announce?
A: Annouced at VMworld Europe 2009 with early March GA

Q: Which critical Components of the Infrastructure will this protect?
A: vcenter heartbeat will provide complete protection of the vCenter Server, installed components and SQL server (local or remote)

Q: Will there be an acceleration kit upgrade or bundle with the acceleration kits?
A: an acceleration kit will be available at GA

Q: What about oracle, is this simply a SQL solution?
A: SQL is 95% of the vCenter Server Market

Q: vmware recommends running the virtualcenter server in a vm. i'm really not convinced about it....this may be not the focus os this vmlive, but could you please talk about running the vcenter in vm x physical server a little bit?
A: around 60% of vCenter license have been deployed on a physical machine where protection has been limited until now

Q: replication between product and disaster recovery site?
A: both LAN and WAN configurations are supported

Q: Support would include SRM ?
A: SRM is typically on a seperate server, however if installed locally protection can be achieved with vCenter Server Heartbeat

Q: is the failover instantaneuos?
A: The failover is automated and transparent

Q: Does this mean, vCenter running on Linux will not support vCenter Heartbeat
A: at this point in time, no support for Linux

Q: in passive, do we need a second licences for SQL Windos etc..?
A: second license required for Windows only, vCenter and SQL do not require additional licenses

Q: If I understand it will substitude HA?
A: no, its a point solution to protect vCenter Server only

Q: Is the failback a manual task or done automatically?
A: failback will default to manual but is a single click process

Q: what if the heatbeat fails, as is the synchronization process
A: the heartbeat process occurs when replication is idle

Q: (not sure if this was asked) Is this a plugin to vCenter or separate GUI
A: This is an addin to the vCenter server but not delivered as a plugin

Q: How will software updates made to the active vCenter Server be reflected on the secondary vCenter Server? Is it a manual process?
A: software updates will be delived as a manual process to the passive server (or alterntively the system can be switched to automate if necessary)

Q: This seems like a subset of what FT might be doing, but specific to vCenter, any huge benefit over one or the other? Was this based on what FT does?
A: 60% of vCenter licenses are deployed physically where FT will no be an option

Q: Is there a minimal version level of VC to implement this?
A: vCenter 2.5 and up including KL when released

Q: about oracle, not supported, but what would be the option, there is 5% of installations
A: you can select to protect vCenter only and use Oracle HA tools to protect the DB
Q: Which version of MS SQL is recommended?
A: MS SQL 2000 SP4 and higher is supported including SQL 2008

Q: If tools such as LCM or SRM are used. Will the Heartbeat be able to start them on the secondary vCenter ?
A: there is customization ability to add additional functionality

Q: If the Vcenter heatbeat is a tool of protection, how to interact with other backup tools? SRM.
A: vCenter Server availabilty is required for SRM and third party tools

Q: How does this compare to VMware running on a Stratus ftServer?
A: vCenter Server Heartbeat is a software solution providing protection from application and hardware failures. StratusFT provides hardware level protection

Q: what does this protect on the SQL only the one specific database ? If this on a remote SQL server?
A: the entire SQL environment on the one server, all databases and all instances

Q: Can the vCenter have option to have mutiple VCs managed to 1 DR server?
A: vCenter server can be utilised as many to one when the passives servers are virtualized. Each server requires a corresponding server (physical or virtual)

Q: Will this be managable trhough the VI client?
A: there will be a seperate client interface to manage but can be ran remotley

Q: If I have an active active datacenter running SRM with 2 copies of VC, do I need to purchase 2 copies of heartbeat to protect these sites?
A: two license will be required to complete


Q: Must the vc, SRM, etc databases reside on the VC server to be protected?
A: if the SRM database is on the same server this will be protected as well

Q: Is the purpose to become a general HA product for servers and applications both in and out of VI?
A: this is primarily geared at vCenter Server only to date


Q: "if the SRM database is on the same server this will be protected as well" So, you can only protect databses residing ON the VC server. The VC database cannot be on a consolidated SQL server? Thanks!
A: the entire SQL server will be protected whether local or remote


Q: so is there an ability to have mulitple active servers with one passive servers in a multiple VC environment.
A: each server requires a corresponding server, as the passives can be virtual and a many to one can be achieved

Q: Does the hearbeat monitor network usage and the type of traffic on the network; or just monitor for network availability?
A: the solution provides network connectivity checks, but does not get granular to the packet level



vCenter on Linux - Beta

As was mentioned by Duncan Epping - the beta for Virtual Center on Linux is out.

  • Comes an OVF package so it can be imported easily into all Vmware products.
  • It is based on Centos using Just Enough Operating System (JEOS)
  • You will need a an Oracle 10 Database
  • Does Not support

    • Monitoring
    • Alarms
    • No LDAP
    • No VM Customizations
    • No VI Web Access
    • No Plug-ins
    • No Local DB
    • Scheduled Tasks
    • Maps
    • Update Manager
    • SRM
    • Converter Enterprise
    • Guided Consolidation


More info here

2009-02-22

Hyper-V Technologies - Wrong Information

Well this is nothing new, we see this all the time, but today it really annoyed me. During a lecture I participated in today with a Microsoft Partner at Microsoft offices in Israel today, one of the slides were comparing costs between VMware and Hyper-V.
1 Host - 4 guest VM's
 Hyper-VVmware
Windows 2008 Server
$2,500
$2,500
Hypervisor
- (Built-in)
$5,800 (3.5 Enterprise)
System Center
$1,500
-
Virtual Center
-
$5,800
Total
$4,000
$14,100
Now Come on!!!!! - Where did they get these numbers? I guess that Microsoft think that people do not know how to compare technologies one to another.
  1. If you are only using one host - then why do you need Virtual Center?
  2. Let's say you need the functionality to deploy templates etc. - then you cannot get away with a Standalone License - but the Bundles are much cheaper than what was presented above.
  3. For one host - you will not need an Enterprise License ($5,800) - for the same features that Hyper-V provides - a Foundation license ($1,000) will be more than overkill - you will probably be able to get away with a ESX3i free license (if you do not need central management).
  4. Comparing System Center to Virtual Center is not accurate (and if I was to put it less diplomatically - pure nonsense!!!).
Get your facts straight - and as I have said more than once - compare apples to apples - not apples to oranges.


2009-02-19

Hyper-9 Has a new addition to their team

Hyper-9 is a company that is working on field of retrieving more detailed information from your Virtual Infrastructure. I have beta tested their product over the past month and have to say that it looks promising.

They announced today that Andrew Kutz has joined their Team. Andrew was the one who wrote the GUI plug-in for Storage vMotion.

They will be in Cannes next week, so be sure to look them up.

Here is the original announcement.


2009-02-18

Small Present for you all - VMware Visio Stencils

*****Update June 11, 2012******

The new version is available here

*****************************

Remember a few days ago VMware released a nice present for us all a great set of graphics that we can use Library VMware Icons and Diagrams?? Well the first thing that I heard was - WOW! Great! Wonderful! Thanks! Uhmmmm... Can we get this to use in Visio? So here you all are! My contribution to VIOPS VMware Icons and Diagrams - Visio Stencils Enjoy!!!

Debian 5.0 VMware Image

Duncan Epping posted on twitter a few days ago Debian now has a new version out, and of course in no time at all, Simon has released a VMware image of the OS.

If you would like to receive the announcements here the link.

Below is the announcement.

Thanks Simon!
Good evening!

== Debian Lenny (Debian 5.0)

The Debian Lenny ThoughtPolice VMware image is available for immediate
download:
http://www.thoughtpolice.co.uk/vmware/#debian5.0
Torrents and http downloads available, the torrent faster.

Press release (with lots of technical info)
http://www.debian.org/News/2009/20090214

Release information
http://www.debian.org/releases/lenny/

Release notes
http://www.debian.org/releases/lenny/releasenotes

This release is the first release with OpenJDK, and features fewer setuid binaries, gcc hardening for security critical packages.
Also the FHS v2.3 and LSB v3.2.

Review from The Register
http://www.theregister.co.uk/2009/02/16/debian_lenny_review/

This is the first ThoughtPolice release in both 32-bit and 64-bit! More to follow.

Enjoy,

Simon
www.thoughtpolice.co.uk/vmware/



2009-02-17

OPSCHECK is now live

Tripwire (or vWire) have released a new tool - OPSCHECK - that will check your VMotion configuration between your hosts.

OpsCheck helps ensure your systems are configured to support VMware VMotion by rapidly analyzing ESX 3.0, 3.5, and ESXi hypervisors, and provides troubleshooting guidance for VMware VMotion.




How useful will this tool be? Will let you know after I have tested it.

VNC Built-in Backdoor - Part #2

In continuation of my previous post about this issue with VNC and direct access to a vm through the service console.

In my original findings, I stated that this was possible with both ESX3i and ESX 3.5.

I opened a SR with VMware on this issue. Together we have been trying backward and forward to troubleshoot the issue and try and re-create the scenario on ESX 3.5 hosts. Now we came across the fact that it was not consistent, some hosts would allow direct VNC access and others would not.

Thanks to lots of help from Edward I have managed to to find why it was not consistent.

On the hosts that would allow VNC into a guest VM - if you would run the command
iptables -L -n | wc -l

output would be 8

On the hosts that would not allow VNC into a guest VM - if you would run the command
iptables -L -n | wc -l
output would be a higher number (78, 120...)

Now as Edward pointed out to me the first case where the output was 8 meant that iptables was disabled on the ESX host, and therefore it would allow the VNC in by default. On a host that had the firewall enabled properly VNC connection to the VM was not possible.

A quick
esxcfg-firewall -r
reset the firewall on the problematic hosts and VNC "backdoor" was closed.


2 things to note.

  1. This "Backdoor" still works on ESX3i - firewall configuration is minimal at best, more like non-existent.

  2. Even though the traffic traveling through the port that was opened up by the changes in the VMX file was not forwarded to the VM, the port was still opened on the ESX 3.5 and ESX3i hosts as soon as the VM was powered on.


2009-02-11

vCenter Physical or Virtual?

Every now and again, this comes up. It did again 2 Days ago on Dave Lawrence's Blog

I still feel that in spite of all the benefits and extra redundancy you get with vCenter as a VM, it still feels like putting too much of my precious eggs in one basket.

According to VMware - 60% of all vCenters are Physical - and 95% run of them use an SQL database.

Seems that the majority feel the way I do..

2009-02-09

The Future of Cluster Services

For those of you don't already know, VMware have a new feature coming out in there next version. I am lucky enough to be part of the Beta group who is busy testing this. The feature is called Vmware Fault Tolerance. All of this info has been publicly exposed and even demonstrated.




Fault Tolerance Demo - VMware Roadmap

In a nutshell. We all know that one of the greatest features that are available today with VI is HA (High Availability). If you do not know what HA is, then I suggest you should start here. In short HA removes your dependency from physical hardware. If you physical host goes down (hardware failure / power ... you get the picture) then within a pre-defined timeout, your VM's that were running on that host will automatically be powered on across the other hosts in the cluster (if you have it configured correctly of course).

Fault tolerance will come and either compliment / replace Microsoft Clustering. This feature will protect your VM with another VM up to the level of resident memory and mouse movements that are replicated between the primary and secondary machine. And you know what the best part of it all is? No need for cluster configuration, no dependence on any Clustering solution, it is all built into your Virtual Infrastructure. This can be implented on any supported VM OS, no shared storage between VM's and you are not limited to certain editions of software for the clustering solution.

So if you have HA, why would you need to use a Microsoft Cluster? (I hear you back there over in row 10..) Well, yes you could argue that HA covers most cases of failure, but not all.

HA will not kick in if there is an OS failure - only Host failure (you could probably achieve that with Virtual machine monitoring - but that is still an expiremental feature).

If the host goes down, then your OS will reboot on a new host. Now how healthy is that for Databases that did not close properly, I would think - not ... that ... good!

If your host goes down then your server / application will be unavailable until the OS comes back up. Now I do not want to picture you when your Exchange/SQL server goes down and your whole organization is waiting for it to come back up (Truth be told - it can be pretty quick - sometimes less than 120 seconds, but no-one likes downtime. Especially not Management). So any good Exchange/SQL Admin will plan in advance for this kind of scenario and cover that with a redundant Cluster.

Now there are several things here (let's take Microsoft for example).

  1. You will need a Windows Enterprise Server license (actually two of them)
  2. Most probably (depending on the technology) also shared storage between the two hosts.
  3. You will need two Physical servers.
  4. If your OS does the Harakiri - the other cluster node will take ownership of the shared resources, and will kick in with the minimum amount of downtime.

You can see where I am going here can't you?

 

Now of course there are limitations with FT, not all of them can be divulged at the moment, but I gather the product will only get better in the future.

So what do you think? Will Fault Tolerance replace a decent amount of clustered systems we use today? Or will we as VI Admins, provide even higher availability for our Virtual servers than we do today and continue using physical clusters for our critical services?

2009-02-05

Now how do you like this - Built-in Backdoor

Firstly let's start with how this came about. I was trying to allow permissions to a user to a certain VM on an ESX3i Server. This is a the free edition. There is no option to allocate permissions on the VM/Resource pool level. Here you can see what I mean: OK so how do you give some console access to a specific machine? Well there is a small little trick that is from way back. As you all know, you have the option of opening a VNC session to a specific VM which is built into VMware Workstation. So we what the heck why not try it with ESX? So first I wanted to see if the ESX3i host was listening on port 5900.
[VI Toolkit] C:\> telnet msaidelk-esx 5900 and I got RFB 003.003 as an answer
That was a yes!! So what I did was took a the settings from the VMX file from my workstation machine which were relevant to VNC:
RemoteDisplay.vnc.enabled = "TRUE" RemoteDisplay.vnc.key = "<..VERY LONG STRING..> ... CcdEDwdAww=" RemoteDisplay.vnc.port = "5900"
And I pasted it in a VMX file that was sitting on my ESX3i machine. Lo and Behold!
Now I was shocked. That means that someone can allow remote access to a VM without me actually knowing it and without any kind of control as an administrator. True they actually need access to the file system and the VMX file, what scares me though is that it was totally open in the firewall!! So what I tried straight after that was to see if this was the same for the full-blown version of ESX - if that would be true then I would really be shocked. So we did the same procedure - and you know what? Exactly the same.. Netstat from the Host:
[root@xxxxx ~]# netstat -a | grep 90 tcp 0 0 *:5900 *:* LISTEN
So what do you think? Is this a feature? An oversight? VI Admins beware!! Small update.. I found these references to this issue on the forums here and here Awaiting a reply from a SR that I logged with VMware..

So when will we see the get the next version of ESX?

Rumors rumors.......

This came up on SearchVMware (Hannah Drake - Associate Editor of SearchVMware.com)

The release of VMware Infrastructure 4 is slated for first half of this year. What will happen to the current VCP exam, which focuses on VI3?

Typically, when an updated product is released, the older product will continue to be the focus of the exam for the greater part of a year. In this case, VMware would make the announcement that it's retiring the VI3-focused VCP exam in a year. The new exam usually won't become available for six to nine months after the product is released. Also, it takes a short while for people to shift platforms and upgrade to a new release.

Original post


So Hannah was asked where the information was from and the reply received was:

"actually right from Bogomil Balkansky (sr dr. product marketing, VMware)...he stopped by to interview two weeks ago."
So do think we can all expect a new version of VI before June 30th??

What do you all say? Will the release be ready or is VMware jumping the gun?

So how do you like your feeds?

There are those who like to get updates immediately when something changes in a feed, there are those who like to get notified once a day (something like a daily digest idea from Yahoogroups)


Well I actually like a bit of both. I like to receive a daily mail that I can over the articles on the commute to work each morning, and during the day while I am connected to get updates in my browser.

So for the browser I use Firefox with a plugin called Brief which I find does the work very well.

For "Daily Digest" I use Feedburner. With Feedburner (which is moving everything over to Google - so if you have feeds there - it would be advised to transfer them) you have many options on how to manipulate the feed, one of them is email syndication. So for all of you who would like to receive a daily email of PlanetV12N feed (which for those of you who do not know is a comprehensive list of virtualization related Blogs/Feeds) be my guest.

Click here to subscribe and you will receive a daily mail (between 03.00-05.00 GMT +2).

Let me know how this turns out for you and if you find it useful.

Night all...

2009-02-03

So where is virtualization heading?

Chad Sakac works for EMC, and has blog of course.

He wrote a wonderful post last week about getting the most you can out of IP storage for ESX. The post itself was great because it was a joint project from 6 different people from 5 different companies all working together to share great info for the virtualization community. The post can be found here.

Another great post he made today - So... What's the "BIG picture stuff " going on under the covers?

I highly recommend it!