mtellin.com

Notes from VMworld Day 2 – vCloud and Xsigo

August 31, 2010 By mike 1 Comment

In my previous post about the keynote today I had blogged about Steve’s announcement of vCloud. There are a number of KBTV articles from VMware on the topic already:

Also, since I work for a Xsigo partner, I thought I would mention Xsigo’s annoncement. Previously the only option you had for the server interconnect was InfiniBand, however they are adding Ethernet to the mix so you will be able to choose from the following interconnects:

10 Gbps Ethernet (32 ports)
24 Gbps InfiniBand (24 DDR ports)
40 Gbps InfiniBand (20 QDR ports)

The Ethernet option (utilizing either 1 Gbps or 10 Gbps ports) is an interesting one, not requiring you to add in an adapter card can allow you to do end-to-end connectivity for under $500 per server – a fraction of the cost of a CNA. I wonder how long before 40 Gbps will be supported for the interconnect?

I spent a good part of the day in the labs again today, I’ve done most of the vCloud ones as well as the View ones. The dashboard in the lab area is pretty cool:

It’s probably difficult to see (click the picture for a larger version) but you can in the top left gauge there has been over ~60,000 VMs deployed total. On the top right gauge there has been almost 6,500 labs started, bottom left shows there is currently about 400 VMs active and the gas gauge on the right shows they are almost at capacity.

Popularity: 2% [?]

Filed Under: VMworld 2010 Tagged With: vmworld

VMworld 2010 Keynote

August 31, 2010 By mike 5 Comments

The keynote was Tuesday morning and started out with a video asking “what is cloud” highlighting the fact that there isn’t a real definition of a cloud. The video made a reference to a cloud being like a pizza place – if you don’t have a kitchen at home you can use a dumb device (in this case a phone) to order your pizza.

The first speaker VMware’s Chief Marketing Officer who gave some stats on VMworld. This year there was 17,021 attendees and of those 55 have been to every VMworld since the inaugural one back in 2004. This year instead of having all the equipment onsite they are using a private cloud: some of it is onsite, some is at Terremark and some with Verizon. They are deploying 4000 virtual machines per hour from this hybrid cloud.

Paul Maritz, the CEO of VMware, spoke next and described the 3 phases of the IT journey. He said phase 1 is about IT production and focusing on hardware efficiency. Virtualizing things like file, print and web servers. Phase 2 was about the business resiliency core apps and finally phase 3 is having ITaaS agility and being able to enable the business. As we go through the phases, being able to migrate a workload from one virtual datacenter to another is important. With secure hybrid cloud computing you can migrate your workload from your virtual datacenter to a service provider cloud.

Finally Steve Herrod, the CTO of VMware, spoke about some of the new maximums in vSphere 4.1 which was released recently. He focused on increased vMotion performance and how this is important when we are migrating workloads. Some of the other new features to 4.1 are being able to place shares on storage and network resources and VAAI which I hope to blog on in more depth later.

One acquisition he mentioned was Integrien, which offers proactive analysis for VMware environments.

Another announcement was what was formally called Project Redwood is now VMware vCloud Director (also planning on blogging on this more later). He also mentioned the new vShield products which I had touched on in my previous post for a VMware View session I was in.

Finally Steve mentioned there is a new program called vCloud Datacenter Service which will have 5 partners at launch: Bluelock, Colt, SingTel, Terremark, and Verizon. More information about this is available by clicking here.

Popularity: 2% [?]

Filed Under: Featured, VMworld 2010 Tagged With: vmworld

VMworld 2010 Day 1 Recap

August 31, 2010 By mike 1 Comment

Sessions
The sessions were a little different this year as many have already noted. You didn’t need to register for a session, just show up and get in. After my first session I didn’t stand a chance on getting into my sessions I was hoping for and by that time it was too late to get to the others as well. Personally I would have preferred it like it has been other years – having to register before the event but knowing you will be able to get to the sessions you want. Having been to a VMworld before I wasn’t too disappointed by not getting into the sessions as I realized all the sessions will be available online and the true value of VMworld isn’t in the sessions (more on that later in this post).
Labs
The labs were great, albeit slow. I spent 43 minutes in the morning trying to get the installer to get to the license agreement step for the installer which was like step 2. I ended up leaving and coming back later to finish up. I did 2 labs today (was there 3 times, but had to finish the one I couldn’t my first time) and I think there is definitely value in doing the labs. Since the labs aren’t available post VMworld I think I will be spending more time in there and less time in sessions. These pictures don’t quite do justice to the size of the lab area but hopefully they can give a rough idea:

People
I can’t even begin to describe the people here, I have met some of the best VMware people that are out there and what really struck me is how friendly everyone is. There isn’t anywhere around Moscone you can go and not be able to strike up an impromptu virtualization discussion. I also thought it was funny how many of the MN VMUG people I have met for the first time while in San Francisco. I can’t say enough good things about the networking that is available at VMworld – worth the ticket price alone. As a side note, if you read this and I haven’t met you yet – shoot me an email, leave a comment on the post or preferably send me a tweet on Twitter.

That covers it for Monday, hard to believe it’s only the first day.

Popularity: 2% [?]

Filed Under: Featured, VMworld 2010 Tagged With: vmworld

SE7811 – VMware View Security Architecture and Best Practices

August 30, 2010 By mike 2 Comments

My second session of the day dove into VMware View. I wanted to attend a number of View sessions as I was interested in what was going to be new in 4.5 A few of the things mentioned early on in the session were:

Kiosk Mode: no user authentication, access is based on device MAC address
Delegated role-based access control
Smart card authentication for PCoIP
Online certificate status protocol support
vShield Endpoint

Some best practices that were mentioned for security in a View deployment:

Harden virtual desktops (no surprise)
- Set refresh intervals
- Patch base OS
- View agent: If in a high security environment, you may want to disable USB redirection, drive redirection, clipboard redirection and/or printer redirection
Harden Connection Server, Security Server, and Replica Server
- Standard Windows and database hardening:
- Password policy
- Patching
- Disabling unneeded services and network protocols (only IPv4 is needed)
- Changing default certificates (a self-signed certificate is installed by default) with a SSL certificate signed by a recognized CA
- Disable unneeded ciphers

One thing to note is View 4.5 changes TCP and UDP ports from 50002 to 4172.

Things to consider when deploying:

Proper authentication methods
Use of a security server or VPN for remote access (PCoIP would use VPN access)
Firewall requirements
Setup administrative role-based access controls
User entitlements
Desktop zoning considerations

Role Based Access Control:

Limit the root admin role to a small number
For large deployments organize pools into folders and delegate admin roles to the folders by geographic region, business unit, function or compliance requirement

Make sure to set appropriate entitlements for users, different types of users will likely have different desktops eg: internal, remote, contractor, suppliers, compliancy (HIPAA, PCI). Based on the entitlements assigned zone desktops and restrict access to resources accordingly, for example high risk activity desktops that can only browse the web and email or internal only desktops.

Also covered was vShield – vShield is actually 3 products that consist of:

vShield Endpoint
- This is the AV engine which allows you to take the engine out of the VM and do the scans from a central AV server.
- Can yield a 95%+ reduction in guest footprint and is included with VMware View Premier. Endpoint is what solves the issue of worrying about staggering Anti Virus scans or Anti Virus definition updates.
vShield App
- This is the vNIC level firewall, you can create firewall rules right at the vNIC level.
- You could, for example, create a rule that would disallow all VM to VM connectivity so that if one users VM was infected, it would not affect other users on the network.
vShield Edge
- This is similar to a layer 3 edge firewall for creating multiple virtual datacenters.

Popularity: 4% [?]

Filed Under: VMworld 2010 Tagged With: VMware, vmworld, vshield

TA8361 – Future Direction of Networking Virtualization

August 30, 2010 By mike Leave a Comment

My first session was TA8361, Future Direction of Networking Virtualization by Howie Xu. This is probably the session I was looking forward to the most (seemed like a lot of the great sessions were all scheduled for this time slot).

Xu started out by talking about current industry trends: Virtualization, Convergence, and Cloud (bet you didn’t see that one coming).

Virtual networking has grown, the the managed virtual switch was released in 2006, the distributed virtual switch in 2009 and the distributed virtual network.

When you deploy a new VM currently have you to deal with the vSwitch, the IP address management, the VLAN/QoS, load balancing etc. The Distributed Virtual Network is designed to coordinate layer 2 through layer 7.

This brings us to vChassis: ‘A platform to support and fulfill “distribute virtual network” vision by VMware and its ecosystem’ which consists of:

This is something I am really looking forward to, incorporating more of the stack into the virtualized environment to improve virtual machine mobility and ease management issues with multi-tenancy.

Popularity: 1% [?]

Filed Under: VMworld 2010 Tagged With: vmworld

VMworld Here I Come

August 29, 2010 By mike 1 Comment

Sitting in the MSP airport waiting for my flight out to SFO for VMworld. I think I have technology covered to be able to blog throughout the event – I packed the following:

@aarondelp

@toudin

@colinmcnamara

I land in SFO around 1pm and am planning on making it over to the Moscone to register and pick up my bag so I don’t have to do that tomorrow morning and then the VMworld Fun Run after that. Oh and hopefully there is some time in there to eat as well…

Now to sit and think about what I forgot to pack.

Popularity: 1% [?]

Filed Under: Featured, VMware, VMworld 2010

Replacing Optical Drive with Second Hard Drive on MacBook Pro

August 12, 2010 By mike 4 Comments

Previously I had blogged about replacing my 7200 RPM SATA drive in my MBP with an Intel X25M-G2 80GB SSD. So far it’s been great and I have no doubt it’s extended the lifespan of my laptop (MacBook Pro 2,2). Being a digital pack-rat the hardest thing has been going from a 500GB drive to 80GB, I can no longer keep my virtual machines, Music, Pictures etc on my internal drive. My solution at the time was to use my 500GB drive in an external FW800 enclosure, it works ok but the FW800 cable is pretty large and also needs a USB connection for additional power. Considering I only have 2 USB ports and one is in use by my Logitech receiver this was a pain as well. Basically I was sick of doing this all the time:

OptiBay from MCEtech, it was $99 which at first I thought was a bit high for just a piece of metal to fit another drive in there. However it also comes with a case/cables to turn the SuperDrive into an external DVD drive.

The adapter is the size of the DVD drive and has the same back end connector:

Filed Under: Apple, Mac OSX Tagged With: Apple

VMworld 2010 Schedule

August 10, 2010 By mike 1 Comment

I’m looking forward to attending VMworld this year, it will be the first one I’ve been to since VMworld 2007. I thought I would post my schedule (definitely subject to change) and I am planning on blogging most of the time I am out there (might need an extra laptop battery or three…). If you are attending I’d love to meet up! Drop me a line via the Contact Me page at the top or via Twitter.

Date	Time	Session ID	Session Name
Sunday	3:00 pm	n/a	VMworld Check In
	5:00 pm	n/a	VMworld Fun Run
Monday	9:00 am	DV8324	VDI Performance Benchmarking and Best Practices
	10:30 am	MA8030	Saving Time with VMware Orchestrator
	12:00 pm	DV8282	Your Laptop in the Workplace: Enabling Bring Your Own PC, Mobile Workers and Contractors with VMware View
	1:30 pm	DV7959	The Benefits of VDI and Implementation Strategies for Education
	3:00 pm	TA8018	Architecting for Performance
	4:30 pm	LAB03	VMware ThinApp 4.6
	6:00 pm	LAB12	VMware vCenter™ Site Recovery Manager – Extended Config & Troubleshooting
Tuesday	11:00 am	DV7778	Journey Through a 3000 Seat VMware View (VDI) Deployment Ensuring Business Continuance During Snowmageddon 2010
	12:30 pm	SP9656	Where is the ROI in Desktop Virtualization? How Can I Maximize It?
	2:00 pm	DV7757	VMware View Technical Overview
	3:30 pm	SS1005	From 500 to 50,000: Building a VMware View 4.5 Deployment that Scales
	5:00 pm	PA9980	Professional Services Opportunities on the Journey to the Private Cloud
Wednesday	9:00 am	MA6580	Bridge the ESX/ESXi Management Gap Using the vSphere Management Assistant (vMA) – Tips & Tricks Included
	10:30 am	DV8383	Troubleshooting ThinApp Applications
	12:00 pm	BC7773	VMware Site Recovery Manager: Misconceptions and Misconfigurations
	1:30 pm	SE7811	VMware View Security Architecture and Best Practices
	3:00 pm	TA8065	Storage Best Practices, Performance Tuning and Troubleshooting
	4:30 pm	DV7500	VDI Assessment & Migration
	7:00 pm	VMworld Party
Thursday	10:30 am	SS1007	VMware View 4.5 – Delivering on the End User Computing Vision
	12:00 pm	ALT2004	Building the VMworld Lab Cloud Infrastructure
	1:30 pm	ALT3001	VMware vCenter™ Site Recovery Manager – Extended Config & Troubleshooting
	3:00 pm	TA8218	VMware Storage Vision

Popularity: 1% [?]

Filed Under: VMware Tagged With: vmworld

Port Channels, ESXi 4.1 and the Management Network

August 2, 2010 By mike 3 Comments

Now that I have a few of our ESX hosts upgraded from ESX 4 to ESXi 4.1 I’ve noticed something about the Load Balancing policy on vSwitch0. Like a lot of people we have multiple GbE connections that go into vSwitch0 (at least on these specific hosts), as usual when you first install ESXi it will set the Load Balancing policy to be based on the Virtual Port ID.

Next I configured the other two adapters that are on this system into vSwitch0

Now I can see in the properties of the vSwitch that vmnic0, vmnic1 and vmnic2 are all listed as active adapters.

But when I go to Management Network it only shows two of the adapters as active and the third adapter is listed as unused.

In ESX I would set the vSwitch to use a Load Balancing policy of IP Hash to work with our port channel we have configured on our switches and it would also change the Load Balancing policy on the included portgroups.

In ESXi it changes the Load Balancing policy for the Virtual Machine network to IP Hash but it does not change the Load Balancing policy for the Management Network, this stays configured as based on Virtual Port ID.