The Virtualization Room


May 9, 2008  11:18 AM

VMTN and ITKE communities offer free support

Eric Siebert Eric Siebert Profile: Eric Siebert

VMTN, VMware’s support forums are an excellent resource: You will find a very high level of participation in the forums from users all over the world with many experienced and talented users who volunteer their time to help others, not unlike our own IT Knowledge Exchange.

The forums are a free resource for anyone to use with many users using the forums as an alternative to contacting VMware’s technical support. It’s not unusual to get an answer to your question or a solution to your problem within minutes of posting to the forums. Most new users are surprised by the speed, quality and number of answers that they receive to their posts. The forums are also a great place for users to share experiences, build relationships and strategize with other members. Many VMware employees also regularly participate in the forums by lending their expertise.

Like the IT Knowledge Exchange, the VMware forums tend to be a little competitive with users competing to collect points for posting responses to questions. Six points can be awarded by the person who asked the question for up to two helpful responses and ten points can be awarded to one response that is deemed correct. The point system allows people to gain status levels as their points increase. There are nine status levels ranging from Lurker (0-5 points) all the way up to the elite Guru level (20000+ points). As of today, there are currently 442,452 forum members with an average of about 20,000 new members being added each month. The chart below shows the breakdown of users by status level.

Total # of Users

Status Level

Point Range

5

Guru

20001 – 50000 points

12

Champion

10001 – 20000 points

20

Virtuoso

5001 – 10000 points

52

Master

2001 – 5000 points

150

Expert

751 – 2000 points

358

Hot Shot

251 – 750 points

2,005

Enthusiast

51 – 250 points

439,850

Novice/Lurker

0 – 50 points

I would like to recognize a few of the talented VMTN members that consistently take time out of their day to help others with their only reward being recognition points and the satisfaction of knowing they helped out a fellow VMware user. Much thanks and appreciation to: Oliver Reeh (Oreeh), Dave Mishchenko (Dave.Mishchenko), Tom Howarth (Tom Howarth), Steve Beaver (Sbeaver), Edward Haletky (Texiwill) and Ken Cline (Ken.Cline).

Of course, these are just a few of the many forum members who help the VMware community. Judging from the numbers in the chart above, there are over 500 people at the Hot Shot level or above who answer the most posts from other forum users.

If you use any VMware product, I highly recommend that you check out the VMTN forums and check out the IT Knowledge Exchange. You’ll undoubtedly find that reading posts on the forums is a great way to expand your own knowledge.

May 9, 2008  10:52 AM

Staying vigilant about virtual security

Eric Siebert Eric Siebert Profile: Eric Siebert

With all the talk about virtual security these days , you would think that people actually are addressing the concerns over security in virtual environments. However, many administrators resist implementing strict and proper security measures in their environments because of administration inconveniences that tighter security usually causes.

For example, the default settings of VMware ESX prevent users from using secure shell (SSH) to log into the server as the root user. Yet, the first thing many users do is to modify the SSH configuration to allow root access via SSH because this is a more convenient way to log into Service Console. The correct and more secure way to do it would be to setup a separate SSH user account and then use the SU – command to gain root privileges. Xtravirt has published a good step by step guide on how to do this here.

When you virtualize servers, additional security measures should be followed in addition to standard ones that you would use for physical servers. Most importantly, the host system must be protected at all costs: If someone gains control of the host server then all of the VMs that run on the host can be compromised. The Center for Internet Security (CIS) has published some security guidelines for ESX and virtual machines that I would recommend you read through and follow to ensure your environment is secure. Xtravirt has a great security assessment template that they’ve put together that you should look at also.

Virtual networking is another critical area for securing virtual hosts. Virtual switches differ from physical ones and must be properly configured to ensure secure host and virtual machine network traffic. Often, simple recommendations like isolating Service Console and vMotion traffic are not followed, which creates unnecessary risk and exposure of your hosts.

Are you willing to risk losing your data? Data breaches can result in negative press exposure, lawsuits and fines. I would encourage everyone to please take security seriously. Security may cause some administration inconveniences and headaches, but they are a small price to pay to ensure that your servers, and more importantly your company’s sensitive data, is well protected and safe.

To help you with this I’ve included a list of some good virtualization security blogs and websites that you should check out:


May 8, 2008  9:10 AM

Citrix XenServer now shipping in Dell PowerEdge servers

Bridget Botelho Bridget Botelho Profile: Bridget Botelho

Citrix Systems, Inc.’s XenServer hypervisor is now shipping in Dell PowerEdge servers, following the partnership accouncement in October 2007.

With Dell, initial products available worldwide include the Citrix XenServer Dell Express Edition and Citrix XenServer Dell Enterprise, both of which include Dell’s management software, Dell OpenManage System Management. Express Edition is a free download that can be upgraded to Enterprise edition. 

By factory-integrating the Citrix XenServer hypervisor into Dell PowerEdge platforms, users can deploy virtual machines (VMs) when they start up their systems for the first time. Also, the XenServer Dell Enterprise Edition does not require additional management licenses or hardware. Also, upgrades for features like live migration on Dell’s MD3000 direct attached storage arrays can be made easily, by imputing a license key.

In March, Hewlett-Packard began shipping XenServer embedded in ProLiant servers. HP’s servers also have specific versions of XenServer called HP Select Edition, which differs from traditional XenServer in that it is tied into HP management tools, like HP Insight Control and HP Integrated Lights-Out for remote server management, according to a Citrix spokesperson.

In light of its partnerships with HP and Dell, Citrix simplified its licensing model recently to per-server, instead of per core, as reported on SearchServerVirtualization.com. This way, users can deploy an unlimited number of virtual machines or guest operating systems on each physical server for a single price, regardless of whether it has one, two or four CPU sockets.


May 6, 2008  8:11 AM

ClearCube spin-off focusing on desktop virtualization

Bridget Botelho Bridget Botelho Profile: Bridget Botelho

Austin, Texas-based ClearCube announced today that its desktop virtualization software business is being spun-off into its own company, VDIworks.

VDIworks will provide the VDIworks Sentral Virtual Desktop Platform for desktop computing and virtual desktop management, which includes connection brokering, virtual machine, host and thin client management, load balancing, health and asset monitoring, inventory management, disaster recovery and support for back-end hardware and user access devices.

ClearCube will continue providing desktop computing products, including desktop virtualization software, PC Blades and thin client terminal servers.

VDIworks and ClearCube will operate seperately but under an OEM agreement whereby ClearCube will continue to market and promote the VDIworks software under the Sentral VDI Management Software brand, and the Sentral management software will still be part of ClearCube’s centralized desktop computing offerings. ClearCube customers will still get support in their current license agreements with ClearCube, and VDIworks will add OEM relationships with third-party vendors, said Rick Hoffman, former president of ClearCube and now president of VDIworks.

“Users should not notice any changes, because the support, features, benefits, etc. will all be the same,” said Hoffman.

VDIworks will receive seed funding from current ClearCube investors and will seek additional funding to support growth. About 35 research and development employees in the U.S. and Pakistan will also move to VDIworks.

Because ClearCube’s Chief Executive Officer is taking over VDIworks, ClearCube’s Chief Operating Officer Randy Printz has been promoted to president and CEO. Rick Hoffman will be joined on the VDIworks side by Chief Technology Officer Amir Husain.

Desktop virtualization is a popular vendor offering right now, with companies such as Sun Microsystems Inc., Citrix., Pano Logic Inc. and VMware Inc all offering a flavor of desktop virtualization, but users report hesitation in using it due to cost.


May 5, 2008  8:15 AM

Ericom desktop virtualization now available on Oracle VM

Rick Vanover Rick Vanover Profile: Rick Vanover

Today, Ericom software announced the availability of Ericom PowerTerm WebConnect for Oracle VM desktop virtualization (VDI) software as a free download. This announcement of an Oracle VM for the PowerTerm VDI product extends Oracle VM’s footprint to the VDI space with an Ericom product that has excelled over the years in products based on terminal services.

Ericom currently offers support for the 14 largest hypervisors including Oracle VM through products such as WebConnect. In this configuration, the Oracle VM virtual host is managed by Ericom’s WebConnect instead of Oracle VM Manager. This configuration of Oracle VM is the base product without modification. WebConnect provides the address and credentials to the Oracle VM virtual host to start the configuration and management process.

I had an opportunity to hear from Oracle and Ericom about this release. Eran Heyman, CEO of Ericom said that his company “wants to remove the barrier of entry for a VDI solution,” as many organizations are considering implementing VDI, but do not know where to start in the selection process. “The cost is minimal, licenses will be zero and the equipment can be reused if another solution is chosen” when choosing a Oracle VM, according to Heyman.

The Oracle VM hypervisor and the Oracle VM Manager suite deliver template virtual machines, which model a virtual appliance for database products such as Oracle Database 11g.


May 5, 2008  7:54 AM

Microsoft extends virtualization management footprint with enhancements

Rick Vanover Rick Vanover Profile: Rick Vanover

Microsoft announced that the beta release of Virtual Machine Manager 2008 (VMM 2008 ) will now provide the ability to manage Microsoft Virtual Server, Windows Server 2008 Hyper-V and VMware ESX platforms as part of the expanding Microsoft System Center family of products.

In this beta release, VMM 2008 can interface into VMware Virtual Infrastructure to perform migrations and use a new feature called Intelligent Placement. This feature will identify the best host for a virtual machine using the key components of network, memory, processor and network usage information. Intelligent Placement will interact with a pre-defined set of business rules configured in with VMM 2008.

This beta is available for download now from Microsoft. The release is a welcome addition to the growing management space for virtualization platforms, including cross-platform solutions.  A summary of the new features available with VMM 2008 are available in a downloadable PDF document and from the System Center VMM website.


May 5, 2008  7:51 AM

VMware now officially supports single CPU licensing

Eric Siebert Eric Siebert Profile: Eric Siebert

VMware announced that they will begin support for running ESX on a single physical, multi-core (up to 4) processor.

Previously, the VMware end user license agreement was unclear about whether this was supported, creating much debate over this subject in the VMware forums (see ESX Pricing and VMware Planning). Customers were getting different responses from VMware with some representatives saying it was OK to do this and others saying it was not. One response from VMware on this issue was that it technically would work but that it was not officially supported.

Despite recent support, ESX is only being sold in two CPU increments while only being supported if a physical server is in on the VMware approved Hardware Compatibility List (HCL). This can be advantageous to customers who want to buy lower cost servers with a single processor and use them for less intensive applications. It also allows for smaller customers to buy two single processor, multi-core servers and split a ESX license between them, taking advantage of redundant hardware and features like High Availability and vMotion.

It’s good to see VMware changing their licensing policies to better adapt to customers needs. Multi-core processors have caused many other vendors to change their licensing policies to be more restrictive but VMware has stuck with their per socket licensing model. VMware currently only allows up to four cores per processor but with eight-core processors on the horizion, it’s probably inevitable that VMware will eventually change their licensing.

You can click on these links to read through VMware’s Multi-core and Single Processor licensing policies.


May 1, 2008  11:21 AM

Virtualization tools, advice focus on ROI

Bridget Botelho Bridget Botelho Profile: Bridget Botelho

The decision whether to adopt virtualization often comes down to the corporate bottom line. CFOs want to know how long it will be before they see return on investment from virtualization, and there are many considerations in determining ROI.

Yesterday, I spoke with Stephen Fink, senior infrastructure architect for the global IT consultancy Avanade, about a comprehensive tool he created that takes just about every inch of data centers under consideration to determine what the ROI for virtualization will be.

Fink has 14 years of experience as a consultant and created the virtualization model for ROI as a tool for his own clients, but it made its way around the company and is now used as the way to determine ROI by Avande consultants, he said.

There are 125 inputs in the Microsoft Excel-based tool – such as power and cooling, cabling, network, CPU, servers, floor space, and staffing costs – and each helps determine the impact of implementing virtualization at a customer’s location, he said.

“There will never be a one-size-fits-all solution, and there has to be a business case for virtualization; I look at their environment from a high-level approach and asses the inventory. We look at their apps, their network, the annual power costs, licensing costs for software, etc., to see what they pay for their environment, and we can now give a really good idea of the ROI with Microsoft Hyper-V and VMware,” Fink said.

Avande, which is partially owned by Microsoft, has the benchmark information on Hyper-V from the most recent release candidates and uses that to determine Hyper-V ROI. Hyper-V is scheduled for release in August.

“We look at the net costs of the environment without virtualization versus what they would pay if they virtualized, with specific server types, running ESX or Hyper-V. We can tell you how many systems can be virtualized, and you can see the cost of your virtual servers, the cost per OS and the cost of your virtual hosts, to determine your annual cost reduction from virtualized guests,” Fink explained.

Fink said consultants like him are often used to determine whether virtualization is worth the initial acquisition and licensing costs, which depends on businesses’ expectations when it comes to ROI. “If a company already operates efficiently and has a portfolio of apps that make them a poor candidate for virtualization – like very high CPU and high memory consuming apps or data base severs, virtualization may not be the answer for them,” Fink said.

Avanade uses the tool as part of its consultancy, and it is only available through Avande consultants – which, of course, comes at a cost to businesses.

Other virtualization calculator tools are available for free, like the one from VMware, but these aren’t as precise as Fink’s tool from what I can tell.

There are also plenty of experts offering advice on determining virtualization ROI that won’t cost you anything.

According to IT security and virtualization technology analyst Alessandro Perilli , to calculate ROI, “you need to apply simple math to the costs your company could mitigate or eliminate by adopting virtualization.”

He reported that virtualization can reduce some of the following direct costs:

* Cost of space (leased or owned) for physical servers
* Energy to power physical servers
* Air conditioning to cool the server room
* Hardware cost of physical servers
* Hardware cost of networking devices (including expensive gears like switches and fibre channel host bus adapters)
* Software cost for operating system licenses
* Annual support contracts costs for purchased hardware and software
* Hardware parts for expected failures
* Downtime cost for expected hardware failures
* Service hours of maintenance cost for every physical server and networking device

Scott Feuless, a senior consultant with Compass, based in Texas, wrote about how to quantify virtualization ROI recently, and IT consultant John Hayes of Avnet Technology Solutions also had some advice on figuring out the cost of virtualization that could help make the case for virtualization.


April 29, 2008  12:49 PM

No virtualization-specific requirements for PCI audits

Eric Siebert Eric Siebert Profile: Eric Siebert

If your company deals with credit cards, you are required to follow the Payment Card Industry’s data security standards (PCI DSS). The major credit card players – Visa, Mastercard, American Express and Discover — set forth these requirements in order to protect credit card data. If audits reveal that these regulations are not followed, fines or revocation of credit card processing privileges can result. Often, these audits force companies to implement basic security practices that should have already been in place; however, no virtualization-specific requirements have yet been put into practice.

Having just survived another annual PCI compliance audit, I was again surprised that the strict standards for securing servers that must be followed contain nothing specific concerning virtual hosts and networks. Our auditor focused on guest virtual machines (VMs), ensuring they had up-to-date patches, locked-down security settings and current anti-virus definitions. But ironically, the host server that the virtual machines were running on went completely ignored. If the host server was compromised, it wouldn’t matter how secure the VMs were because they could be easily accessed. Host servers should always be securely locked down to protect the VMs which are running on them.

It seems that much of the IT industry has yet to react to the virtualization trend, having been slow in changing procedures to adjust to some of the unconventional concepts that virtualization introduces. When I told our auditor that the servers were virtual, the only thing he wanted to see was some documentation stating that the remote console sessions to the VMs were secure. It’s probably just a matter of time before specific requirements for virtual servers are introduced. In fact, a recent webinar takes up this issue of whether or not virtualized servers can be considered compliant, addressing section 2.2.1 of the PCI DSS which states, “Implement only one primary function per server”; that is to say, web servers, database servers and DNS should be implemented on separate servers. Virtual servers typically have many functions running on a single physical server, which would make them noncompliant.

Looking at the PCI Knowledgebase, it seems many companies are confused on this and some are not implementing virtualization until this is cleared up. We’ll have to wait and see what develops and how the specification is modified to allow for virtual servers. It would be in the best interest of companies like VMware and Microsoft to work with the PCI to get this sorted out as soon as possible.

You can read the current PCI Compliance 1.1 specification here.


April 29, 2008  12:20 PM

Using ISO files with virtual machines

Eric Siebert Eric Siebert Profile: Eric Siebert

ISO files offer an advantage to virtual machines (VMs), chiefly as a means of loading operating systems and applications on virtual servers without the hassle of using physical media. Many tools for creating, editing and mounting ISOs are readily available and if you haven’t been creating ISOs already, keep reading.

An ISO file is an archive file format (ISO 9660), typically an image of a CD-ROM or DVD-ROM, similar to a .ZIP file but without file compression. An ISO can be any size, from a few megabytes to several gigabytes. Reading an ISO file is much faster than reading from physical media like CD-ROMs. Free from physical imperfections, ISO files are easy to mount on VMs and don’t require looking for a CD when it is needed.

I’ve created dozens of ISO files for different operating systems and applications. For my Windows servers, I no longer copy the I386 directory to the server since I can easily mount it as an ISO file on my virtual machines as needed, saving disk space on the VM. I also create ISO files with troubleshooting tools like the Sysinternals utilities, so I can mount them quickly to troubleshoot problems on my VMs. Once an ISO library is created, a central repository on a host datastore or remote server can be made using NFS or Samba to provide access to all VMs.

A number of applications are available to mount ISO files on a physical system by creating a virtual CD-ROM drive. Once mounted, contents of an ISO file can be accessed just like a physical CD-ROM drive. Linux and ESX systems can use the mount command to do this, while Microsoft provides for a little-known virtual CD-ROM driver that you can be downloaded for free. ISO files can be created and edited with other tools. Linux and ESX systems come installed with a command called dd that creates an ISO file from an input device like a CD-ROM or DVD-ROM. Microsoft provides a tool called cdburn in their downloadable Resource Kits. For your convenience, I’ve created a short list of some of the many tools available for creating, editing and mounting ISO files.

Tools to create and edit ISO files:

Free

  • cdburn.exe (available in Windows XP and Server 2000/2003 Resource Kits)
  • dd.exe (Linux utility)
  • ISO recorder
  • ImgBurn

Commercial

Tools to mount ISO files:

Free

Commercial

A more complete list of ISO resources can be found here.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: