The Virtualization Room

A SearchServerVirtualization.com and SearchVMware.com blog


January 9, 2009  12:59 PM

With VDI, has VMware barked up the wrong tree?



Posted by: Alex Barrett
VDI, virtual desktop infrastructure, Virtualization

When it comes to the desktop, it’s clear that virtualization has a huge role to play. But is the desktop best served by VMware’s server-based virtual desktop infrastructure (VDI) model? Some people don’t think so.

At Virtual Computer, a new startup in Westford, Mass., the thinking is that for desktops, the virtualization layer belongs directly on the client, in the form of a bare-metal hypervisor. There the hypervisor brings management benefits like simplified provisioning and patching of images, but without of the mobility and performance limitations of VDI, said Doug Lane, Virtual Computer’s director of product marketing and management.

When VMware announced its intention to deliver a client hypervisor for “offline VDI” this fall, the company tacitly acknowledged VDI’s shortcomings, according to Lane. Meanwhile, the company is still focused squarely on delivering the desktop from the server.

“With VMware, offline VDI is the niche case,” he said. But when Virtual Computer looks out at the enterprise, it sees a preponderance of laptops and thick clients. “Our model starts there, and we think that server-hosted desktops are the niche case.”

To that end, Virtual Computer is developing NxTop, a PC management suite pronounced “nextop.” It consists of a Xen bare-metal hypervisor called NxTop Engine optimized for laptop-class hardware and that runs Windows virtual machines. Those are managed by its NxTop Control console from which administrators can configure and provision images, set up access and protection policies, and the like. NxTop is currently in beta and is scheduled to ship by the end of the first quarter of 2009.

Without making a stake in the ground and validating one strategy over another, Gartner senior research analyst Terry Cosgrove agreed that there several  issues with hosted virtual desktops (Gartner-speak for VDI). “Hosted virtual desktops are an immature, adolescent technology” that won’t be ready for mainstream use for a number of years, he said. In the meantime, “there’s a place for alternative architectures to achieve the same thing – centralized management and control, but that gives users some autonomy.”

Cosgrove also said that several stealth-mode startups working on VDI alternatives will emerge over the next couple of months. There is also speculation that Microsoft and/or Citrix are developing client hypervisors of their own, and questions about which tack laptop OEMs like Dell and Lenovo will promote. One thing is clear, though: With laptop sales now exceeding desktop sales, those OEMs “are highly motivated to have a solution that will not prohibit the sales of laptops,” Cosgrove said.

December 12, 2008  5:23 PM

VMware: We are not an island



Posted by: Alex Barrett
Virtualization

This week, when VMware announced its partnership with Hewlett-Packard to integrate its Lab Manager with HP’s Business Technology Optimization software, more specifically, HP Operations Orchestration, it showed that the company realizes that it’s not an all-virtual world — yet — and that there are large pockets of physical systems not under its direct control.

“Lab Manager is a great tool from the point that you already have a physical box with ESX, storage and networking installed,” said Bogomil Balkansky, the senior director of product marketing at VMware. “From there, developers can self-deploy all these virtual configurations. But without that, Lab Manager can do nothing for you.”

To that end, the integration between VMware Lab Manager and HP’s orchestration software aims to offer “one seamless process to do all this [provisioning] from the same place,” he said, enabling the provisioning of bare metal, in addition to virtual, resources.

The target market for the Lab Manager/HP Orchestration suite, to be delivered sometime in 2009, will be the same as the target market for Lab Manager today, namely large independent software vendors (ISVs) and “nonsoftware companies that nevertheless develop a lot of software in-house, for example, telcos and banks,” Balkansky said.

VMware also plans to OEM HP’s Discovery and Dependency Mapping (DDM) Inventory software for use in a new VMware product to be announced in 2009.

The HP deal marks the third time in four months that VMware has partnered with one of the big four systems management companies (HP, BMC, CA and IBM). In September, BMC and VMware said they would collaborate on integrating VMware’s Lifecycle Manager with BMC’s Atrium Orchestrator (formerly Run Book Automation) and Remedy IT Service Management, such that joint customers could make change requests or initiate automation processes from either Lifecycle Manager or BMC products. Then, just last month, CA announced that it would OEM and resell VMware’s Stage Manager as part of its Data Center Automation suite.

“A core tenet of our virtualization management strategy is to integrate our products with the larger systems management offerings,” Balkansky said. That approach should appeal to “larger companies that aspire to a single pane of glass” while at the same time giving them the benefit of “the feature-rich products our tools provide,” he said.

This all seems logical enough, but one question I have is whether there is customer demand for these integrations. Frequently, these sorts of product integrations are a result of customer clamoring for them, but at least in the case of the HP/VMware partnership, a request for a customer reference came up short. “The idea of a single pane of glass resonates very well,” Balkansky said, “but honestly we haven’t solicited quotes and validation given that the integration hasn’t happened yet.”


December 4, 2008  4:57 PM

Virtual appliances: What goes up can also come down



Posted by: Alex Barrett
Virtualization

Let’s face it: Spam filters are usually asked to do more, not less. But when McColo’s ISPs shut off its Internet service last month, sending global spam volumes plummeting, a lot of spam filtering applications found themselves, well, twiddling their proverbial thumbs.

That’s just one more reason that spam filtering company SpamTitan can breathe a sigh of relief because it packages its app as a virtual appliance. As volumes of spam go up or down, “you simply add or remove processing power or memory resources, effectively getting a bigger or smaller appliance without having to go back to the vendor,” said Ronan Kavanagh, SpamTitan’s CEO. The process is largely manual, but it’s still more efficient than the alternative.

As an independent software vendor, SpamTitan sees enormous benefits to packaging its software as a virtual appliance rather than as a hardware appliance or as a standalone application, Kavanagh said. “We don’t have to support any hardware. The entire sales cycle can happen online. We can send out evaluation units at no cost to us. The customer can take charge of their evaluation on their own time.” This list goes on.

But Kavanagh said that SpamTitan hasn’t experienced as much adoption of the virtual appliance version of its software as it might have liked. In 2006, it launched its first virtual appliance package on VMware’s Virtual Appliance Marketplace, and today about 50% of the units it sells ship as virtual appliances. The remainder ship as full ISO images, or bootable CDs.

Part of that may have to do with customer size, Kavanagh said. “Some people don’t use VMware, particularly in [small and medium-sized enterprises]. If they have less than 100 users, they tend to have very limited VMware deployments and are just as happy to use the ISO.”

Spam volumes, on the other hand, are very much on the upswing. “Yeah, they’re on their way up again,” Kavanagh said. Oh, well. It was a nice while it lasted.


December 2, 2008  4:16 PM

Virtual desktops: Do your own math



Posted by: Alex Barrett
Desktop virtualization, thin clients, VDI, Virtualization, virtualization costs, VMware, Why choose server virtualization?

We can talk until we’re blue in the face about universal clients, ubiquitous data access and streamlined image management, but ultimately the question of whether virtual desktops make sense comes down to what IT decisions always come down to: money.

Johnathan,  a Server Virtualization blog reader, recently posted a comment on one of my posts detailing the math for a 250-seat virtual desktop infrastructure (VDI)/thin-client implementation, which amounted to a $350 per-desktop-capex advantage for VDI; a three-times faster deployment schedule and troubleshooting times that were orders of magnitude faster (albeit harder to quantify). Not too shabby.

Of course, that was before VMware announced new pricing for its re-branded VDI suite, View 3. At $150 per seat for View Enterprise or $250 for View Premier, capex savings would decrease to $300 or $200 per desktop. That’s assuming you pay list price, which is highly doubtful. But it also doesn’t account for the storage capacity savings you might  realize by using View Composer to share desktop images: an average of 70%, according to VMware.

Suffice it to say that assigning ROI dollars to an IT project is a highly personal, subjective affair. And that the numbers posted by others are often suspect, as Bernard Golden points out in his article “Virtualization Projections Deserve Scrutiny.” Here, Golden looks into a Butler Group report that reports client virtualization savings of $159,000 for 1,000 desktops, or $159 per desktop, per year. Come to find out, the $159 savings was in energy costs alone. Who knows what the overall cost of the deployment really was?

At any rate, if you’ve done the math on a VDI implementation, and believe that your numbers bear scrutiny, go ahead and post the numbers in the comments section of our blog.


November 21, 2008  4:31 PM

Some remaining thoughts on VDI



Posted by: Alex Barrett
Desktop virtualization, Pano Logic, thin clients, VDI, Virtualization, Why choose server virtualization?

There’s a lot of virtual desktop news these days, and before too much time passes, I want to share some tidbits on VDI that I picked up this week and that had never occurred to me before.

  1. VDI can save you money on software licenses. At least, that’s what I hear from Jeff Cunningham, a network administrator at the Agricultural and Resource Economics department at the University of Maryland, who implemented about 70 virtual desktops for faculty, staff and graduate students. For instance, an individual license for the data analysis and statistical software package Stata runs about $700. In contrast, a 10-seat network license costs the university $2,000, for a savings of $5,000, and the budget to deliver interesting software to a greater number of students.
  2. Thin clients can withstand a long power outage. Kunal Patel, the IT director at Nina Plastics, whose VDI project I wrote about earlier this week, told me that during a recent power outage, the company’s regular desktops drained their APC battery backups in less than 10 minutes. Their Pano Logic thin clients, on the other hand, stayed on for four hours. In a similar vein,  the University of Maryland’s Cunningham stuck a kilowatt meter on a bank of five Pano devices and a bank of five regular desktops and discovered that the Pano devices consumed one-fourth the power of the regular desktops.
  3. Some IT managers are skeptical of thin clients’ supposed cost advantages. As an example, check out Basilm’s comments on the Server Virtualization Blog. What about you, dear Server Virtualization Blog readers? Have you done the math on VDI and thin clients? What’s the verdict?
  4. Big companies need big security. With their strong security and compliance needs, verticals like finance, health care and government are a natural fit for VDI. But in order for them to adopt it, the VDI community needs to support biometric authentication mechanisms, such as fingerprint readers and face recognition software.

That’s all for now, folks. Brace yourself for a lot of news on virtual desktops. Things are about to get interesting :)


November 20, 2008  12:04 PM

Where regular desktops fear to tread



Posted by: Alex Barrett
Desktop virtualization, hardware, Pano Logic, thin clients, VDI, Virtualization

Have you ever marveled at how fast desktops and laptops start breaking down, even under normal working conditions? Try putting a desktop on the floor of a plastics manufacturing facility. You’ll be lucky if you get a week out of the desktop before something fails, said Kunal Patel, IT director at Nina Plastics USA in Orlando, Fla.

The production facility at Nina Plastics performs a process called plastics extrusion, which releases all manner of dust and grime into the atmosphere, clogging up fans and power supplies, and settling down on hard drives, Patel said.

At first, Patel’s staff would try and fix the broken desktops, which production workers used to log their job start and stop times. “But it became too much of a hassle for IT to constantly fix stuff,” Patel said, so the company eventually gave up on trying to computerize its production facility.

“We shouldn’t be maintenance men,” said Patel, who also oversees application development for the firm. “We all went to college and should be working on more important problems.”

However, that was before Patel, with a handful of administrative staffers, spearheaded a virtual desktop trial using a combination of VMware virtualization plus thin clients from Pano Logic.

By going with virtual desktop infrastructure (VDI), Nina Plastics derived all the usual benefits you’d expect: faster desktop provision, easier patching and upgrading, simplified troubleshooting, etc. At the same time, Patel also found that the Pano Logic devices were robust enough to withstand the harsh conditions of the production floor. “There’s no CPU, no memory, no fan. There’s really nothing in there to break or get old,” he said. The company has since reintroduced computers into its production facility, giving customer service staff real-time visibility into the status of a particular job.

Patel also plans to add touch-screen monitors to the Pano devices, a feature v and supported in the Pano Virtual Desktop Solution (VDS) 2.5 software.

Patel had lots of other interesting stuff to say about his VDI deployment, but for now, suffice to say that he’s a fan. “It’s easy to fall in love with, especially when you have suffered so much,” Patel said. “I have fewer gray hairs, fewer lost girlfriends, and a lot of time given back to me because of virtualization.”


November 17, 2008  5:27 PM

Adding virtualization to the PCI standard



Posted by: Eric Siebert
Eric Siebert, Virtualization, Virtualization security

Earlier this month, I wrote about how the PCI standard was recently updated but still failed to take virtualization into account. Shortly after, VMware announced its participation in the PCI council to help address virtualization within the PCI data security standards. While this is certainly good news and will help tighten up the security standards around electronic credit card payments, the outcome of this announcement remains to be seen. The following are a few improvements that shouldn’t be too difficult to implement right away:

1) First and foremost, the PCI council needs to recognize virtual hosts and include them in the scope of the standard if any of the virtual machines (VMs) that reside on the virtual hosts fall within the boundaries of the standard. Currently, any server, network or device that has anything to do with cardholder data would be included in the standard and any audits that occur.

Additionally, if any virtual machine is included in the scope, then all of the virtual machines on a host should be considered in the purview of the standard because they all reside on the same physical server. Finally, as virtualization allows for VMs to be easily moved between host servers for failure recovery and load balancing, all of the virtual hosts in a cluster should be included within the boundaries of the standard as well.

2) Clarify the confusing item (2.2.1) that dictates that you can only implement one primary function per server. All they have to do is exclude virtual hosts from this item.

3) Most of the security items that are listed in the standard can be applied to virtual hosts as well. This includes things like audit logging, password policies and applying vendor patches.

4) Address virtual networking. Ensure that the security settings on virtual switches do not allow things like promiscuous code, forged transmits and MAC address spoofing.

By simply addressing these four areas, the Payment Card Industry (PCI) standard would be moving in a better direction. From there the council could delve deeper and address other specific areas on virtual hosts using some of the existing security guidelines. Another distinction it should make is between bare-metal and hosted virtualization products. Hosted virtualization products are typically less secure because the underlying operating system is not optimized for virtualization. As a result, they should be subject to tighter scrutiny and control.



November 17, 2008  4:20 PM

Virtualization tool bundles assist older OSes



Posted by: Rick Vanover
Rick Vanover, Virtual machine, Virtualization, Virtualization management, Virtualization platforms

Virtualization administrators are in a unique situation where older operating systems (OSes) can potentially “live forever” in the virtual world. While we may not wish to enable older OSes to remain in our environments indefinitely as virtual machines (VMs), situations arise where we need to do just that.

Recently, I had a situation where an older OS had been removed from the installable toolkit platform — in this case it was VMware Tools. The older operating system, Windows ’98, had been removed from the VMware Tools installation with the release of VMware Server 2.0. While the need for a Windows ’98 virtual machine is rare, it does exist.

To solve the immediate problem, I was able to install a VMware Tools .ISO image from the 1.0.3 version of VMware Server that I’d been using on another host system. Once installed, the older tools are listed as ‘out of date’ as expected, but the basic features of driver optimization are present on the guest VM.

At first this dilemma did not appear to be much of an ordeal, but it started an important thought process. While Windows ’98 was the first occurrence of platform removal from a guest toolkit installation that I have observed directly, I don’t expect Windows NT or 2000 guestOSes to be that far from the chopping block of supported platforms.

One way to prevent this issue is to hold onto the tools installations for each platform of the hypervisor. VMware Tools, XenTools and Hyper-V Integration Services all exist as virtual CD-ROM .ISO images that you can hold onto for re-installation on another guest VM. Also, keep in mind that there may not be support from the host side either, so check to see which supported guest operating systems are available.

As you might expect, configuring an environment in this fashion may be met with some skepticism, as it could possibly divert resources. As a result, it may be worth placing this type of guest workload on a free hypervisor like VMware Server or on a similar lower tier of virtualization and storage. Having a flat file backup (.VMDK or .VHD) of the VM is a good idea as well.

While this situation is less than ideal for truly obsolete guest operating systems, the rare instance may arise where archiving toolkits can prove very beneficial.


November 14, 2008  12:47 PM

Move over, Minitel; here come virtual desktops



Posted by: Alex Barrett
Virtualization

Le minitel, VDI's precursor

I was just a teenager visiting family in France when I saw my first Minitel, France Telecom’s widely distributed teletext terminal for looking up phone numbers, viewing train schedules, and perusing naughty (!) message boards. While it looks hopelessly archaic now, in those pre-Web days, it was très cool.

Now I hear France Telecom is at it again through its subsidiary Orange Business Services. But this time, instead of targeting every French man and woman, it’s targeting small and medium-sized business (SMB) users with hosted IT services based on virtual desktop infrastructure (VDI) and low-cost access terminals (i.e., thin clients).

Judging from its website, the OBS Forfait Informatique seems to be based on Citrix XenDesktop, and starts at 99€ (about $125) per user, per month for a basic Microsoft Office pack. Virtual desktops can be accessed from existing desktops, or if you’d rather, OBS will subsidize a thin client from Wyse Technology, much in the same way cell phone carriers will give you a phone when you enter in to a long-term contract. Tarken Maner, Wyse CEO, tells me that Australian carrier Telstra is engaged in a similar project with Google to offer IT services to SMBs.

The idea that cable, telephone etc. providers might someday start offering hosted desktop services isn’t exactly novel — it’s certainly a logical progression — but is nevertheless an interesting development. How long can it be before the France Telecoms, Verizons and Comcasts of the world set their sights back on regular consumers, and offer virtual desktops as a monthly subscription, along with phone, cable and internet? Now that would be très très cool.


November 13, 2008  10:52 AM

Virtual machine security threat levels; don’t believe the hype



Posted by: Bridget Botelho
SunGuard Availability Services, Virtual machine, virtual machine security, Virtualization, Virtualization security, VMware

I received an email the other day from Wayne, Pa.-based SunGard Availability Services outlining some “essential” steps for addressing virtualization security challenges. In their email, the company urges users take certain measures, including installing security software, to make sure their virtual machines (VM) are safe from security threats.

There are many virtualization security products on the market today, yet reports of major VM security breaches are nil. In fact, the largest virtualization vendor, VMware Inc., asserts that its software is completely secure – possibly more secure than physical machines.

And even though the majority of VM security breaches I’ve heard about were hypothetical, performed by scientists through demonstrations or at hacker conventions, not in real data centers, I still receive a steady flow of press releases and product announcements addressing VM security issues.

So now, when I see security vendors warning users about un-named threats they need to prepare for, I am reminded of the U.S. Homeland Security Threat Level warning system. TSA graphic of the Homeland Security Threat Level System.

Unfortunately, there are no published criteria for the threat levels of the Homeland Security system, so there is no way to tell whether the current threat level is accurate. And by the way, the threat levels have never been green or blue.

Because of this, the system can be manipulated by government officials. For example, during the Presidential election of 2004 when Republican President George W. Bush was running against Senator John Kerry, the Homeland Security Threat Level was bumped up, prompting some academics to speculate this was done by the Bush administration to scare voters into re-electing him. If so (and we will never know), it worked.

Unfortunately, decisions based on fear are usually not well thought out.

But I haven’t heard of any 9-11-style attacks on virtual infrastructures, and the virtualization users I speak with aren’t convinced they have anything to worry about. The thing that gets people to buy into virtualization security software is that haunting “what if” question that makes everyone default to the”better safe than sorry” mantra. After all, there is no harm in taking proactive steps to protect against the unknowns - just in case.

For instance, according to this article on the security benefits and risks of virtualization, “the [virtualization] drawback is based on fear of threats that aren’t around today but could become serious problems in the future.” Natalie Lambert, a security analyst with Cambridge, Mass.-based Forrester Research, continues in the article:

“One big concern is about what could happen if a flaw were found in a hypervisor, which would give attackers access to thousands of desktops sitting on a virtual server…That’s not a reality today, but it’s certainly a fear for the future.”

And as Sunguard said in its email, “With many organizations focusing on virtualization benefits, they must also examine core risks before it is too late – meaning security needs to be built in from the start.”

It is why we buy life insurance and car insurance and fire insurance for our homes. (Those damn what ifs and their expensive safeguards).

So, for the paranoid among us, check out SunGard’s suggestions for securing your virtual infrastructure here. As they say, better safe than sorry, right?


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: