September 10, 2010

You are here: Home / VMware

VMworld 2010 Recap

September 6, 2010 By mike View Comments

quite as far as I initially thought I did on Friday.  It turns out it was more like 15 miles after I redid my Google walking directions (makes up for the fact I missed the VMworld Fun Run):

aftermath of the VMworld Labs and I thought it was interesting that the VMware View 4.5 Install and Config lab was the #1 lab.  Perhaps 2011 will finally be the year of the desktop?  Or was that this year or the year before?  I touched on this in a previous post but some of the big topics this year were:

I’m looking forward to doing some blogging on NetApp integration with some of these new announcements (namely vCloud and View 4.5) so keep checking back for them.  I’m also looking forward to taking the VCAP-DCA exam, originally I had heard there might be an opportunity to take it at VMworld but now it sounds like it might be able to be scheduled starting September 13th.

Overall there was a lot of great information this year, makes me wonder what will be in store for next year….

?]

Filed Under: VMworld 2010 Tagged With: vmworld

ALT 2004 – Building the VMworld Lab Cloud Infrastructure

September 2, 2010 By mike View Comments
Dan Anderson, a Principal Architect for VMware, spoke about the infrastructure behind VMworld 2010.  This was a very entertaining session and Dan was fun to listen to.  There are 3 datacenter locations used to power VMworld, one is here at Moscone, another at Terremark in Miami, FL and the third is at Verizon in Ashburn, VA.  All sites connect over the public internet through IPsec VPN connections.  Having some of the equipment onsite made this a ‘hybrid cloud’ deployment.  Since VMware says the cloud is the future of computing they decided to practice what they preach and deploy it in a cloud.  All lab stations are PCoIP zero clients and the room is divided into 8 sections.  Of those 8 sections 3 connect locally, 2.5 go to Verizon and the other 2.5 go to Terremark.  One of the problems during setup was moving data around, and Dan mentioned as an industry we need to figure out an effective way for moving data between clouds.
Some specs on the setup:
Networking:
10 Gbe core
2 x DS3 links at Moscone
Redundant 100 Mb connection at Terremark and Verizon
All connections go over public internet through IPsec VPN
Storage:
329TB Raw
244TB Usable
Compute:
352 ESX hosts
736 CPU sockets
3072 CPU Cores
7.5 THz Clock cycles
Memory:
14.6 TB
Clients:
480 PCoIP enabled zero clients
The two other locations were picked on the east coast because they will also be used for VMworld Europe which is coming up soon, Moscone equipment will be moved and the others will remain in place.
Lab Stats:
30 labs
44 hours of lab time over 4 days
480 seats
22070 lab hours
Also mentioned was that 4000 virtual machines are built and destroyed every hour!

Popularity: 7% [?]

Filed Under: VMworld 2010 Tagged With: vmworld

BC8449 – Using VMware Site Recovery Manager with NetApp

September 2, 2010 By mike View Comments
Larry Touchette from NetApp and Arturo Fagundo from VMware presented this session on using SRM with NetApp.
Overview of VMware Site Recovery Manager
SRM allows you to do non-disruptive DR testing.  In order to do this you group VMs you want into protection groups.  Protection groups are the minimum level you can failover.  Once you have created your protection groups you build a recovery plan – a recovery plan is similar to an electronic runbook.  Site Recovery manager handles failing over the storage for you, promoting a replica image at the recovery site, registering the VMs at the DR site from the replicate storage and powering them on.  There are two different mods for SRM: Test and Failover.  When using test mode, it won’t affect your production virtual machines and it will create a separate, isolated network in the recovery site to bring the VMs up for testing.  Another thing to be aware of, SRM supports bi-direction protection since a lot of customers would be running production out of both locations.
High Level Configuration Info of VMware Site Recovery Manager
SRM leverages array replication technology and requires the use of a Storage Resource Adapter (SRA) that is provided by the vendor (NetApp, EMC, etc)
You must have a vCenter at each site, since its likely the two environments are not identical you configure inventory mappings with SRM to map resource pools, networks, folders from one site to another.  The protection groups correspond 1:1 to datastore groups but it is not configured by datastores, rather it is configured by virtual machines.  The recovery plan contains protection groups.
NetApp Specific SRM Info
When performing a test recovery, SRM will request a temporary copy of the storage which in this case is a Flexclone and then add the LUNs to igroups or create NFS exports AND the SnapMirror replication will still continue.  The next release of Site Recovery Manager will optionally allow requesting synchronization of replicated devices – what this will give you is if you are the Virtualization admin you wouldn’t need to contact the storage admin to have them update the SnapMirror if you wanted to do a DR test with the very latest data.
A recovery workflow is similar to a test but it actually breaks the SnapMirror and then promotes the destination volume to be read/write.  If using LUNs it adds them to the appropriate igroups and if using NFS it creates the exports with appropriate permissions for ESX hosts.
The latest version (as of this post) of the NetApp SRA is 1.4.3 which is a unified adapter, it works for either SAN or NAS (meaning the VM can have a system VMDK on NFS and an RDM device via iSCSI – this is common when using SnapManager products within VMware).  Some of the new features in 1.4.3 are:
  • Unified Adapter
  • Fully thin provision the DR test environment
  • Multistore vfilers as storage arrays
  • Non-quiesced SMVI snapshot recovery
If you are upgrading to the unified adapter you should be aware of the following:  If you are currently a SAN only environment it requires no SRM reconfig, the ONTAP version on the NetApp should be 7.2.4 or newer and you would simply need to uninstall 1.4.2 SAN and install 1.4.3.  If you are currently in a NAS environment you need to delete the protection groups and array managers prior to uninstalling the 1.4.2 adapter, then after you install 1.4.3 you must re-create your protection groups.
The next version of SRM will have a new re-protect workflow to reverse replication and synchronize storage in the opposite direction.  Any changes made at the DR site would be populated back to the original primary site.  If the storage itself wasn’t destroyed in the disaster it will only transfer the delta changes (as it will find a common storage snapshot and transfer changes made since then).  More details on that were available in BC8372 – SRM Futures: Failback and more.  The next major version of SRM should be released in the second half of 2011.
Also see NetApp’s Technical Report on using VMware Site Recovery Manager with NetApp storage: http://media.netapp.com/documents/tr-3671.pdf
Also, just as note at the end – one mentioned use case for SRM (other then the obvious) was for testing Application/Windows Updates:  You can run a DR test and apply all the updates or make the configuration changes, do your testing and then once it’s been validated make the changes to your production systems as well.

Popularity: 3% [?]

Filed Under: VMworld 2010 Tagged With: vmworld

Some Pics from VMworld Day 3

September 1, 2010 By mike View Comments

The labs were packed and my sessions I wanted to hit weren’t until this afternoon so I decided to get out and try and get some pictures of VMworld before it was too late.  All of the labs were in Moscone West building, the lines were pretty long already at 9am:

This is a shot of the registration area, I checked in on Sunday – the lines were pretty long but moved quickly.

This is a shot of the Roadside stop that had snacks and pop:

Note to my employer:  I did not blow off VMworld to try and get into the Apple announcement today:

Everybody is trying to figure it out:

Xsigo was giving away a ride in your choice of 3 sports cars, here was the Bugatti:

That is it for now! Back to the labs for me.

Popularity: 7% [?]

Filed Under: Featured, VMworld 2010 Tagged With: vmworld

Notes from VMworld Day 2 – vCloud and Xsigo

August 31, 2010 By mike View Comments

In my previous post about the keynote today I had blogged about Steve’s announcement of vCloud.  There are a number of KBTV articles from VMware on the topic already:

Also, since I work for a Xsigo partner, I thought I would mention Xsigo’s annoncement.  Previously the only option you had for the server interconnect was InfiniBand, however they are adding Ethernet to the mix so you will be able to choose from the following interconnects:

  • 10 Gbps Ethernet (32 ports)
  • 24 Gbps InfiniBand (24 DDR ports)
  • 40 Gbps InfiniBand (20 QDR ports)

The Ethernet option (utilizing either 1 Gbps or 10 Gbps ports) is an interesting one, not requiring you to add in an adapter card can allow you to do end-to-end connectivity for under $500 per server – a fraction of the cost of a CNA.  I wonder how long before 40 Gbps will be supported for the interconnect?

I spent a good part of the day in the labs again today, I’ve done most of the vCloud ones as well as the View ones.  The dashboard in the lab area is pretty cool:

It’s probably difficult to see (click the picture for a larger version) but you can in the top left gauge there has been over ~60,000 VMs deployed total.  On the top right gauge there has been almost 6,500 labs started, bottom left shows there is currently about 400 VMs active and the gas gauge on the right shows they are almost at capacity.

Popularity: 6% [?]

Filed Under: VMworld 2010 Tagged With: vmworld

VMworld 2010 Keynote

August 31, 2010 By mike View Comments

The keynote was Tuesday morning and started out with a video asking “what is cloud” highlighting the fact that there isn’t a real definition of a cloud. The video made a reference to a cloud being like a pizza place – if you don’t have a kitchen at home you can use a dumb device (in this case a phone) to order your pizza.

The first speaker VMware’s Chief Marketing Officer who gave some stats on VMworld. This year there was 17,021 attendees and of those 55 have been to every VMworld since the inaugural one back in 2004. This year instead of having all the equipment onsite they are using a private cloud: some of it is onsite, some is at Terremark and some with Verizon. They are deploying 4000 virtual machines per hour from this hybrid cloud.

Paul Maritz, the CEO of VMware, spoke next and described the 3 phases of the IT journey. He said phase 1 is about IT production and focusing on hardware efficiency. Virtualizing things like file, print and web servers. Phase 2 was about the business resiliency core apps and finally phase 3 is having ITaaS agility and being able to enable the business. As we go through the phases, being able to migrate a workload from one virtual datacenter to another is important. With secure hybrid cloud computing you can migrate your workload from your virtual datacenter to a service provider cloud.

Finally Steve Herrod, the CTO of VMware, spoke about some of the new maximums in vSphere 4.1 which was released recently. He focused on increased vMotion performance and how this is important when we are migrating workloads. Some of the other new features to 4.1 are being able to place shares on storage and network resources and VAAI which I hope to blog on in more depth later.

One acquisition he mentioned was Integrien, which offers proactive analysis for VMware environments.

Another announcement was what was formally called Project Redwood is now VMware vCloud Director (also planning on blogging on this more later).  He also mentioned the new vShield products which I had touched on in my previous post for a VMware View session I was in.

Finally Steve mentioned there is a new program called vCloud Datacenter Service which will have 5 partners at launch: Bluelock, Colt, SingTel, Terremark, and Verizon.  More information about this is available by clicking here.

Popularity: 8% [?]

Filed Under: Featured, VMworld 2010 Tagged With: vmworld

VMworld 2010 Day 1 Recap

August 31, 2010 By mike View Comments

Sessions
The sessions were a little different this year as many have already noted. You didn’t need to register for a session, just show up and get in. After my first session I didn’t stand a chance on getting into my sessions I was hoping for and by that time it was too late to get to the others as well. Personally I would have preferred it like it has been other years – having to register before the event but knowing you will be able to get to the sessions you want. Having been to a VMworld before I wasn’t too disappointed by not getting into the sessions as I realized all the sessions will be available online and the true value of VMworld isn’t in the sessions (more on that later in this post).
Labs
The labs were great, albeit slow. I spent 43 minutes in the morning trying to get the installer to get to the license agreement step for the installer which was like step 2. I ended up leaving and coming back later to finish up. I did 2 labs today (was there 3 times, but had to finish the one I couldn’t my first time) and I think there is definitely value in doing the labs. Since the labs aren’t available post VMworld I think I will be spending more time in there and less time in sessions. These pictures don’t quite do justice to the size of the lab area but hopefully they can give a rough idea:


People
I can’t even begin to describe the people here, I have met some of the best VMware people that are out there and what really struck me is how friendly everyone is. There isn’t anywhere around Moscone you can go and not be able to strike up an impromptu virtualization discussion. I also thought it was funny how many of the MN VMUG people I have met for the first time while in San Francisco. I can’t say enough good things about the networking that is available at VMworld – worth the ticket price alone. As a side note, if you read this and I haven’t met you yet – shoot me an email, leave a comment on the post or preferably send me a tweet on Twitter.

That covers it for Monday, hard to believe it’s only the first day.

Popularity: 4% [?]

Filed Under: Featured, VMworld 2010 Tagged With: vmworld

SE7811 – VMware View Security Architecture and Best Practices

August 30, 2010 By mike View Comments

My second session of the day dove into VMware View.  I wanted to attend a number of View sessions as I was interested in what was going to be new in 4.5  A few of the things mentioned early on in the session were:

  • Kiosk Mode: no user authentication, access is based on device MAC address
  • Delegated role-based access control
  • Smart card authentication for PCoIP
  • Online certificate status protocol support
  • vShield Endpoint

Some best practices that were mentioned for security in a View deployment:

  • Harden virtual desktops (no surprise)
    • Set refresh intervals
    • Patch base OS
    • View agent: If in a high security environment, you may want to disable USB redirection, drive redirection, clipboard redirection and/or printer redirection
  • Harden Connection Server, Security Server, and Replica Server
    • Standard Windows and database hardening:
    • Password policy
    • Patching
    • Disabling unneeded services and network protocols (only IPv4 is needed)
    • Changing default certificates (a self-signed certificate is installed by default) with a SSL certificate signed by a recognized CA
    • Disable unneeded ciphers

One thing to note is View 4.5 changes TCP and UDP ports from 50002 to 4172.

Things to consider when deploying:

  • Proper authentication methods
  • Use of a security server or VPN for remote access (PCoIP would use VPN access)
  • Firewall requirements
  • Setup administrative role-based access controls
  • User entitlements
  • Desktop zoning considerations

Role Based Access Control:

  • Limit the root admin role to a small number
  • For large deployments organize pools into folders and delegate admin roles to the folders by geographic region, business unit, function or compliance requirement

Make sure to set appropriate entitlements for users, different types of users will likely have different desktops eg: internal, remote, contractor, suppliers, compliancy (HIPAA, PCI).  Based on the entitlements assigned zone desktops and restrict access to resources accordingly, for example high risk activity desktops that can only browse the web and email or internal only desktops.

Also covered was vShield – vShield is actually 3 products that consist of:

  • vShield Endpoint
    • This is the AV engine which allows you to take the engine out of the VM and do the scans from a central AV server.
    • Can yield a 95%+ reduction in guest footprint and is included with VMware View Premier.  Endpoint is what solves the issue of worrying about staggering Anti Virus scans or Anti Virus definition updates.
  • vShield App
    • This is the vNIC level firewall, you can create firewall rules right at the vNIC level.
    • You could, for example, create a rule that would disallow all VM to VM connectivity so that if one users VM was infected, it would not affect other users on the network.
  • vShield Edge
    • This is similar to a layer 3 edge firewall for creating multiple virtual datacenters.

Popularity: 4% [?]

Filed Under: VMworld 2010 Tagged With: VMware, vmworld, vshield

TA8361 – Future Direction of Networking Virtualization

August 30, 2010 By mike View Comments

My first session was TA8361, Future Direction of Networking Virtualization by Howie Xu.  This is probably the session I was looking forward to the most (seemed like a lot of the great sessions were all scheduled for this time slot).

Xu started out by talking about current industry trends: Virtualization, Convergence, and Cloud (bet you didn’t see that one coming).

Virtual networking has grown, the the managed virtual switch was released in 2006, the distributed virtual switch in 2009 and the distributed virtual network.

When you deploy a new VM currently have you to deal with the vSwitch, the IP address management, the VLAN/QoS, load balancing etc.  The Distributed Virtual Network is designed to coordinate layer 2 through layer 7.

This brings us to vChassis: ‘A platform to support and fulfill “distribute virtual network” vision by VMware and its ecosystem’ which consists of:

    A standard network management framework
    A platform to enable scale-out, on demand, distributed end to end virtual network services like vChassis L2 Switch line card or vChassis Intrusion Detection card.

This is something I am really looking forward to, incorporating more of the stack into the virtualized environment to improve virtual machine mobility and ease management issues with multi-tenancy.

Popularity: 4% [?]

Filed Under: VMworld 2010 Tagged With: vmworld

VMworld Here I Come

August 29, 2010 By mike View Comments

Sitting in the MSP airport waiting for my flight out to SFO for VMworld.  I think I have technology covered to be able to blog throughout the event – I packed the following:

    iPad with Bluetooth keyboard for blogging
    Sprint Overdrive 3g/4g
    iPhone
    New Trent IMP880 which has 8900mAh of charging for everything (thanks to tips from @aarondelp @toudin and @colinmcnamara )

I land in SFO around 1pm and am planning on making it over to the Moscone to register and pick up my bag so I don’t have to do that tomorrow morning and then the VMworld Fun Run after that. Oh and hopefully there is some time in there to eat as well…

Now to sit and think about what I forgot to pack.

Popularity: 3% [?]

Filed Under: Featured, VMware, VMworld 2010
« Older Posts