VMware vSphere Cheat Sheet

April 22nd, 2009 by jason No comments »

I’m not exactly sure where this document came from – I was unable to locate it on the internet, but it looks to have been generated by VMware for the partner or sales channels. I’m an end user so I typically don’t have my hands on sales material. The document summarizes vSphere features, licensing, tiers, and more. It’s not marked VMware company confidential so I’m going to go ahead and post it.  Hopefully I won’t find myself begging for forgiveness.

I love the virtualization product comparisons. There’s a lot of smoke in the air coming from all three major virtualization camps. I think the product comparison charts really help answer the questions “Why VMware?” “Why not MS or Citrix?” “Is VMware’s price point worth it?” You bet it is. The data below speaks for itself.

4-22-2009 9-25-40 PM

4-22-2009 9-26-09 PM

4-22-2009 9-26-41 PM

vSphere licensing notables

April 21st, 2009 by jason No comments »

As Chris Grossmeier pointed out in the previous blog post comment, VMware’s vSphere 4 Pricing, Packaging, and Licensing Overview document has been made available. A few things that jumped out at me are:

  1. A new license tier for Mid to Enterprise size businesses has been added called Enterprise Plus. This is the premier and most feature rich tier available.
  2. Two new licensing tiers have been added tailored to the needs of Small Business (SMB):
    1. vSphere Essentials
    2. vSphere Essentials Plus
  3. Surely because of the advancements and popularity of multicore processors, host licensing is no longer sold in pairs of sockets, rather by the single socket.
  4. To my surprise, FT (Fault Tolerance) is not licensed per VM. Rather, it is included in all of the Mid to Enterprise class licensing tiers except for Standard. Wow. Given the added protection level, this could be the best bang for the buck (from a licensing standpoint anyway, extra infrastructure needed is a different discussion).  It is not included in the SMB tiers.
  5. Pluggable Storage Architecture (PSA) was added to the new Enterprise Plus tier. One new feature PSA will offer is 3rd party storage multipathing.
  6. Zero adjustments in vCenter Server pricing (as well as SnS). The high cost vCenter perception debate will continue although personally I think it’s worth every penny.
  7. Enterprise customers with current support will receive the following new feature entitlements:
    1. vStorage Thin Provisioning
    2. Fault Tolerance (FT)
    3. Hot Add (processors, memory)
    4. vShield Zones
    5. Data Recovery
  8. VMware draws the line in the sand on cores per socket licensing:
    1. vSphere Standard = maximum 6 cores per socket
    2. vSphere Advanced = maximum 12 cores per socket
    3. vSphere Enterprise = maximum 6 cores per socket
    4. vSphere Enterprise Plus = maximum 12 cores per socket

A random collection of what’s new vSphere eye candy

April 20th, 2009 by jason No comments »

I’ve been testing vSphere for a few months and have collected various samples of new and different management interfaces. VMware has informed me that I am no longer under vSphere NDA and bloggers are welcomed to help showcase VMware’s new vSphere product. In no particular order, here are some of my observations. By the way, the very first thing I noticed out of the gate when installing vSphere (other than I needed 64 bit hardware) was that although ESXi4 is small enough to fit on a CD, ESX4 is now a DVD. For those who install from physical media, you’ll want to be sure you’ve got a DVD-ROM reader in your host.

The VIC now has integrated authentication built into the GUI. We had this in VI3 but through command line parameters that launched the client:

4-20-2009 10-11-43 PM

A Hyper9-like quick search in the top right area of the vSphere Client:

4-20-2009 10-37-15 PM

Complete license management overhaul evident in many areas:

4-20-2009 10-22-14 PM

SNAG-0000

SNAG-0001

4-20-2009 10-44-57 PM

4-20-2009 10-45-38 PM

An improved Plug-in Manager:

SNAG-0004

Host Profiles will assist us with automated configuration and consistency. This may sunset much of the deployment scripting you have in place today and I think it’s especially helpful for ESXi users as it offers yet another option for automating the configuration of VMware’s console-less hypervisor.  Along with being responsible for making configuration changes across a container, it can also be used to verify compliance of host configurations.  It works similar to VMware Update Manager and remediation:

SNAG-0005

vCenter Server configuration Advanced Settings. Take a look at what’s highlighted: VMotion encryption. Those worried about vampire taps on their VMotion network can sleep better at night:

SNAG-0003

My favorite and most used – the Home button, which brings you back to the “root” of all configurable items in vCenter Server. This feature alone will reduce VI Administrator mousing carpel tunnel by 20%:

4-20-2009 10-39-54 PM

vCenter Service Status. Keeping vCenter Server healthy is becoming increasingly important in vSphere. This tool helps us keep tabs on it:

4-20-2009 10-41-59 PM

VMware HA configuration. Note the new Admission Control Policies:

SNAG-0006

Back on the Cluster view, VMware HA offers Advanced Runtime Info, while DRS offers some standard deviation numbers:

SNAG-0007

…along with fancy new bar charts for resource distribution:

SNAG-0008

4,088 ports supported on vSwitches… 3,000 more than VI3 supported:

SNAG-0009

Resource Allocation at the VM level. The bar graphs look similar to the old ESX or GSX MUI, I forget which:

4-21-2009 1-15-21 AM

That’s all for now. I wanted to get into vNDS (vNetwork Distributed Switch) but that in and of itself is about 35 screenshots. Good material for later. vSphere looks and feels very promising. I like most of the changes but there are still some lingering enhancements that I will continue to pester VMware about.

Disconnected VM templates

April 19th, 2009 by jason No comments »

I woke up in this morning to two failed Veeam backups in my email inbox. The two VMs were both templates I had recently created.

I launched the Virtual Infrastructure Client to see if the VMs had an open snapshot which can cause Veeam backup jobs to fail (it’s a VMware issue, not really a Veeam issue). No snapshots, but the problem was immediately obvious: the VMs were shown as “disconnected“. Typically a disconnected VM immediately ties back to a disconnected host. Not in this case. A quick look at the ESX host that was the owner of the VM showed that it was connected, online, and running powered on VMs.

New territory. How to fix? Right clicking on the VM showed no option to re-“Connect” the VM. Right clicking showed no option to remove from inventory and re-register it.  Hmm.

Solution. I placed the ESX host into maintenance mode which migrated off the running VMs to a different host in the cluster. The only two VMs left were the two disconnected templates. I then right clicked on the host and disconnected it. Immediately after being disconnected, I right clicked on the host and connected it. Both the host and VM templates changed from a disconnected to a connected state. Of course the final step was to remove the host from maintenance mode.

Update: 11/12/10:  Following is an entry from the vCalendar which has a few more options to resolve this issue:

Got a disconnected template? Several solutions exist to resolve the problem:
-Disconnect and reconnect the ESX host which owns the template
-Restart the mgmt-vmware service in the ESX Service Console
-Restart the vCenter service

Cloud Camp Minneapolis

April 18th, 2009 by jason No comments »

IMG00028-20090418-1006Today I attended Cloud Camp Minneapolis from 9:00am to 3:30pm on the University of Minnesota East Bank campus. I think the event was large success. Registration was SOLD OUT and it looked like there was somewhere between 100 and 150 attendees. I think it speaks well for the technology and the event organization when that many people will give up the majority of an absolutely gorgeous Saturday.

The event started with a continental like breakfast where people mingled and socialized for an hour before the speaking agenda began. I ran into a few familiar faces and also met with new people I hadn’t met before. The coffee was strong and the bagels looked good.

After breakfast, we were ushered into the main auditorium. George Reese (pictured top left), cloud book author and event organizer from enStratus Networks, kicked things off by briefly introducing himself as well as the premier sponsors: VISI, enStratus, Microsoft, Hosso The Rackspace Cloud, Aserver, and Right Scale.

Shortly after, the Lightning Talks began. This is where the premier event sponsors were allowed just a few minutes to deliver their cloud speech along with a little product marketing while literally whipping through their slide deck. When I say just a few minutes, I literally mean it. I think five vendors all got up and delivered their presentations in a total of 15 minutes. If you’ve ever watched the television program “Mad Money”, it was like cloud talk and offerings during the lightning round. It was both an interesting and refreshing approach.

Next we had a lengthy group discussion on hot cloud topics which were in turn used to dynamically develop the afternoon breakout session topics. We touched on things such as security, mobility, legal and liability implications, small business, etc.

We broke for lunch where I had discussions with a few locals on phone, cable, and internet service providers (ISPs) in the state of Minnesota.

After lunch the large group broke up into the smaller breakout sessions mentioned previously. I attended two sessions: Mobility and SMB.

The mobility session had a good crowd mixture comprised of service providers, application developers, and CEOs. The discussions jumped from topic to topic as people offered up their problems, questions, and philosophies orbiting cloud mobility and isolation. Not to my surprise, there was very little along the lines of answers or solutions. That’s ok. I wasn’t expecting any. Frankly, I found comfort among large numbers of industry experts who, like I, didn’t have the answers and were just as perplexed about figuring out how this is all going to work out. Developers seemed to be the most concerned about the application layer (Applications as a Service) as discussions touched on APIs and applications in the cloud and their impact on development techniques as it applies to mobility. I got a sense of less concern over platform in the cloud, also known as Platform as a Service. One developer talked about his current experience of using Amazon’s Elastic Compute Cloud (EC2). His direct benefits: he owns and supports nothing, and he pays only for what he uses. When he’s not using it, there’s essentially little or no cost. When he’s done, I imagine he saves what he needs, and the rest is destroyed. There is no traditional decommissioning and writing off of assets. There is no hardware that needs to be disposed of properly.

The SMB session was another good mixture of attendees nearly the same as above but with more of a concentration on small business, as well as micro and nano business (phrases coined during the session representing entities smaller than small business). The general idea of this session was if and how small businesses can benefit from cloud offerings. Talks began with the various ways to define a small business: by revenue? by headcount? by technology? There are examples of large manufacturing plants that have small technology footprints. Likewise, small operations can generate large amounts of revenue with the assistance of technology. Group members proposed that there exists many inefficiencies in small business, particularly in the technology and infrastructure. This is where renting platforms, applications, services, and infrastructure from cloud providers could make sense for SMBs. Wouldn’t small businesses rather focus their time and energy on developing their products and services instead of being tied down by the technology they need to run their business on? From a customer or partner credibility standpoint, does a business look more professional and equipped running their business in a certified cloud datacenter, or a broom closet? What impacts will regulation and legislation have? Decisions of how to securely store and deliver customer information in a small business shouldn’t be taken lightly. There are consequences that could easily break the trust and financial backing that a small business or startup’s survivability relies on.

In all, I had a great time at Cloud Camp Minneapolis. If you asked me six months ago what I know about the cloud, I would have had nothing to say other than “I don’t get it”. I’ve gradually been warming up to the concept and today Cloud Camp Minneapolis went a long way in delivering my first feeling of personal and professional accomplishment in that I think I’m actually caught up and on the same page as many of my peers and higher experts in the cloud community. However, I have to be honest in saying that I walked away somewhat disappointed and in disbelief that virtualization discussion was nearly non-existent. The last two VMworld virtualization conferences I attended in Las Vegas and Cannes were strongly focused on cloud computing and VMware’s Virtual Datacenter OS (VDC-OS). There was maybe one mention of VMware in one sentence and a brief reference to VDI. Microsoft was on site talking about Azure and there was no mention of Hyper-V. No mention of XenServer, Virtual Iron, etc. I’ve been led to understand that virtualization is key component to cloud infrastructure, applications, and mobility. I anticipated much of today’s discussions would revolve around virtuailzation. I couldn’t have been more wrong. After the event finished, I sent out a tweet re: no virtualization talk today. I received a response stating virtualization is merely a widget or one small component among many in the cloud. Virtualization is not really as integral as I’m being told by Paul Maritz of VMware. Maybe this is a case of Jason has been drinking too much VMware Kool-Aid for too long. The answers about the cloud are coming. Slowly but surely. Hopefully Paul is right and VMware does have a significant role to play in their version of global cloud computing. I’d like to see it, realize it, and experience it.

Tolly Group releases another Citrix vs. VMware comparison

April 15th, 2009 by jason No comments »

A few months ago, The Tolly Group released a report comparing Citrix and VMware VDI solutions.

They’re at it again. Today, The Tolly Group released another comparison. Today’s report compares Citrix XenServer 5 and VMware ESX 3.5.0 Update 3 with Citrix XenApp as the workload.

Citrix Systems commissioned Tolly to evaluate the performance of Citrix XenApp when running on Citrix XenServer 5 and compare that with XenApp running on VMware ESX 3.5u3.

Testing focused on system scalability and user quality-of-experience. This test report was approved for publication by VMware. The VMware End User License Agreement (EULA) requires such approval.

The testing was conducted in accordance with Tolly Common RFP #1101, Virtual Server Performance.

Summary of Results:

* Citrix XenServer 5 outperforms VMware ESX 3.5 by 41% in user scalability tests.
* XenApp, running on XenServer, retains a consistent user experience as load is increased to 164 users.
* Virtualizing 32-bit XenApp gives IT administrators a viable approach to increasing total user density on physical servers, without the need to re-certify their existing applications and drivers for a 64-bit platform.
* Consolidating XenApp farms on XenServer results in data center reliability benefits and cost savings.

Click here to download the report. You will need to register for the report download.

New ESX(i) 3.5 security patch released; scenarios and installation notes

April 11th, 2009 by jason No comments »

On Friday April 10th, VMware released two patches:

Both address the same issue:

A critical vulnerability in the virtual machine display function might allow a guest operating system to run code on the host. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1244 to this issue.

Hackers must love vulnerabilities like this because they can get a lot of mileage out of essentially a single attack. The ability to execute code on an ESX host can impact all running VMs on that host.

Although proper virtualization promises isolation, the reality is that no hardware or software vendor is perfect and from time to time we’re going to see issues like this. Products are under constant attack from hackers (both good and bad) to find exploits. In virtualized environments, it’s important to remember that guest VMs and guest operating systems are no different than their physical counterparts in that they need to be properly protected from the network. That means adequate virus protection, spyware protection, firewalls, encryption, packet filtering, etc.

This vulnerability in VMware ESX and ESXi is really a two factor attack. In order to compromise the ESX or ESXi host, the guest VM must first be vulnerable to compromise on the network to provide the entry point to the host. Once the guest VM is compromised, the next step is to get from the guest VM to the ESX(i) host. Hosts without the patch will be vulnerable to the next attack which we know from reading above will allow who knows what code to be executed on the host. If the host is patched, we maintain our guest isolation and the attack stops at the VM level. Unfortunately, the OS running in the guest VM is still compromised, again highlighting the need for adequate protection of the operating system and applications running in each VM.

The bottom line is this is an important update for your infrastructure. If your ESX or ESXi hosts are vulnerable, you’ll want to get this one tested and implemented as soon as possible.

I installed the updates today in the lab and discovered something interesting that is actually outlined in both of the KB articles above:

  • The ESXi version of the update requires a reboot. Using Update Manager, the patch process goes like this: Remediate -> Maintenance Mode -> VMotion VMs off -> Patch -> Reboot -> Exit Maintenance Mode. The duration of installation of the patch until exiting maintenance mode (including the reboot in between) took 12 minutes.
  • The ESX version of the update does not require a reboot. Using Update Manager, the patch process goes like this: Remediate -> Maintenance Mode -> VMotion VMs off -> Patch -> Exit Maintenance Mode. The duration of installation of the patch until exiting maintenance mode (with no reboot in between) took 1.5 minutes.

Given reboot times of the host, patching ESX hosts goes much quicker than patching ESXi hosts. Reboot times on HP Proliant servers aren’t too bad but I’ve been working with some powerful IBM servers lately and the reboot times on those are significantly longer than HP. Hopefully we’re not rebooting ESX hosts on a regular basis so with that in mind, reboot times aren’t a huge concern, but if you’ve got a large environment with a lot of hosts requiring reboots, the reboot times are going to be cumulative in most cases. Consider my environment above. A 6 node ESXi cluster is going to take 72 minutes to patch, not including VMotions. A 6 node ESX cluster is going to take 9 minutes to patch, not including VMotions. This may be something to really think about when weighing the decision of ESX versus ESXi for your environment.

Update: One more item critical to note is that although the ESX version of the patch requires no reboot, the patch does require three other patches to be installed, at least one of which requires a reboot.  If you already meet the requirements, no reboot will be required for ESX to install the new patch.

In closing, while we are on the subject of performing a lot of VMotions, take a look at a guest blog post from Simon Long called VMotion Performance. Simon shows us how to modify VirtualCenter (vCenter Server) to allow more simultaneous VMotions which will significantly cut down the amount of time spent patching ESX hosts in a cluster.