The Virtualization Room


November 28, 2007  4:38 PM

Forging past the server incrementally

Joseph Foran Profile: Joe Foran

Today marks an host-oric day, as the first virtual desktops are ready in the lab for my most forward-thinking users (and, as temporary machines, any who happen to suffer hardware failure). As my company is a mid-sized firm, taking this plunge is a bit of “bleeding edge” for us, but it’s too promising to pass up. The early test environment was pretty basic – a few desktops with souped up memory, CentOS 4, VMware Server, and our XP build. First a side-note on CentOS – I love CentOS because it’s almost 100% binary compatible with Red Hat Enterprise Linux. In fact, it’s compiled from their SRPMs, with the copyrighted materials (the logo, some artwork, etc.) removed. On the client-side, ThinStation or any of the other many thin-client linux distros meant to communicate via RDP will work just as well (perhaps better). The roots of this initiative lie in my wanting to have my XP desktop available from where I was — my Macbook Pro, My Freespire 2 desktop, or my Vista desktop. All have desktop virtualization on them, but since they don’t all have the “same” products, mounting a share somewhere wasn’t going to work — and performance might be a bit… underperforming.

The best route was to have it available via RDP. I also wanted to build virtual desktops rfor users. The result, to kill an old commercial’s memory, is that VMware got their peanut butter in my chocolate, or I got my chocolate in VMware’s peanut butter. Either way, I liked the results. It was simple enough to do, and it performed well under even the limted circumstances. Best of all, it’s not complicated to manage. ESX and VirtualCenter more than did the job (though I thinkg a fortune 500 would have need for enhanced management tools, if only for filtering and tracking users to desktops).

After that worked out well for me, I started trimming it back to a more common user-centric desktop build as opposed to the IT-Centric build, taking temporary desktop replacement as a start-in point. The big first was security, while limiting complexity ran a close second. Thanks to AD’s Group Policy handling profile and folder redirection, there’s really no perceivable difference between the user’s original computer and the server-hosted VD. When their PC is fixed, they get it back, and we move on to the next broken-box situation.

The VD solution proved its value there, beating our 2X application server thin-clients (which fared well, but less well than VDs because of the difference in user experience between a linux desktop running a full-screen browser and an XP PC). The next step is to see if we can make this permanent. So, a few IT-savvy first-adopter types are going to get some very old PCs with some very new tricks. I can’t wait…

November 27, 2007  7:07 PM

Why managing VMs is hard: Virtualization Log

Alex Barrett Alex Barrett Profile: Alex Barrett

There are a lot of vendors talking about virtualization management, but their pitches can sound frightfully similar. One exception is ManageIQ, whose co-founder Joe Fitzgerald lays out some concrete examples of what makes managing virtual machines so complex — and so important.

Curious about Microsoft’s forthcoming Hyper-V, formerly Viridian? So is Anil Desai, our resident Microsoft virtualization expert, who weighs in with a discussion of the Microsoft Hyper-V architecture. Among the key differences he finds between it and VMware ESX is how drivers are handled: “With Hyper-V, drivers are installed within the guest OS, not within the hypervisor layer,” Desai writes. “This allows vendors and administrators to use drivers that were designed for the server’s physical hardware, rather than the virtualized hardware.”

Is it safe to serve up both Internet and intranet content from VMs on the same ESX host? That depends on whether you trust VMware’s networking stack, writes site expert Andrew Kutz. If not, you’re better off segregating them, he writes.

Also, for the VMware value-added resellers (VARs) among you, I just noticed an interesting “VMware FAQ for Resellers” guide on our sister site SearchSystemsChannel.com, which caters to the channel set. Among other things, learn about VMware’s incentives for resellers, the value of the VCP (VMware Certified Professional) certification, and how VARs can sell services on top of the embedded ESX 3i. Good stuff.


November 27, 2007  2:13 PM

VirtualBox – Another Open Source Virtualization Product

Joseph Foran Profile: Joe Foran

VirtualBox, built by a German company called Innotek, is the underdog of the virtualization market. They are receiving very little press and very little market share, yet it’s a fairly robust, if young, platform.

Like VMware Server and Parallels Desktop, VirtualBox isn’t a type-1 hypervisor, but rather a type-2 that sits on an existing operating system (OS). I’ve been running it on my Mac and my PC for a bit and have tried out a few virtual machines, some migrations, etc. It shows excellent performance, stability, and usability, but does have a few caveats. Like most open source projects aimed at business users, VirtualBox has two sides — a purely open source side that’s beloved by the community and some proprietary additions geared towards enterprise customers that puts bread on the table for Innotek’s staff.

Like most virtualization platforms, VirtualBox supports USB devices, audio, and most of the other features typically expected of a virtualized computer. There’s no OpenGL / DirectX support as of yet, but I imagine that’s not a long stretch to implement now that Parallels has released the modified source code that they used to accomplish the task, and VMware has put 3D acceleration into Fusion. Snapshotting is there, which of course is key in any virtualization platform. I don’t see much on the management side, making it similar to where Xen and it’s ilk were not too long ago – the hypervisors were in place but the management apps were still in development and came to market later in the game, once the initial splash of “hey, there’s a new hypervisor in town” flattened out a bit. This isn’t a big deal for me, since I’m using it in a very raw test environment and don’t need much in the way of managing my own personal playground, but a real lab might want better management tools. Still, the basics are there, and the product compares favorably to VMware server and Workstation. I’d even go so far to say that it’s a got a slight edge in out-of-the-box usability, since the guest machine can act as RDP servers, meaning that you can use an RDP client to remotely view the desktop, regardless of what’s installed on the guest (no need for rdesktop packages or other client-side tools) and without having VBox installed on your local machine.

One neat item I liked on the Mac version: They mapped the Apple key to release the keyboard and mouse from input capture. OK, that’s about as important as what color they made the icon, but it was a neat touch and shows that they really are playing well in the Mac space. Personally, I hated Fusion so much that I wiped it off my system after about a week, going back with each subsequent beta until I get fed up with it for the last time after general release. I love Parallels, but it’s nice to have a hand in all of the pies, even if it’s only half-a-finger deep or so (mmm… pumpkin). Most of my testing was done on a Vista host, so there may be caveats in the Mac beta I don’t know about yet.

Documentation is first-rate. The user manual is very clearly organized, very clearly stated, with excellent screen captures and a walkthrough approach that is meant to get the job done. Technical documentation is likewise well-organized and stated, with an eye towards how the system is meant to work. I didn’t read the whole of the user manual; my familiarity with other products was enough to get me through everything until it came time to install the VirtualBox Additions software (like VMware Tools and Parallels Tool, these are for timesync, keyboard, mouse, and video performance improvements). I read through, did the installs, and moved on to using my guests.

Using the software was easy. If you can navigate in Parallels Destkop or in VMware’s Fusion or Workstation or Server, then you’ll have little problem with using the product. One caveat I noted right away when I tried to open a VMware VMDK machine containing XP Pro with VMware tools made under Server 1 (not the beta) was well-documented in their wiki. It repeatedly bombed out trying to boot because of hardware changes. On attempting the same thing with a Linux install (DSL), it booted and was fully functional. I made a few native guests, and found that the compatibility page for Vbox is quite accurate – as expected, my Ubuntu 7.10 failed miserably because Vbox doesn’t support PAE and Ubuntu uses it without checking for support. All my CentOS Linux installs (4 and 5) worked nicely, as did Fedora Core 7 and Windows XP. I didn’t try Vista or FC8, but that’s more a matter of time than any concern about them working.

Overall, it’s gets a solid 8 pokers out of ten as a competitor to VMware Workstation / Fusion and Parallels Desktop.


November 27, 2007  11:35 AM

Dell offers VMware alternative: Virtualization Log

Alex Barrett Alex Barrett Profile: Alex Barrett

Here’s one that slipped through the cracks last week: Dell has signed on to resell Virtual Iron, following in the footsteps of Hewlett-Packard and IBM. Virtual Iron’s new CEO, Ed Walsh, has been beating the channel drum, so this should come as no surprise.

In a far-reaching tip, contributor Anne Skamarock opines on how to avoid virtual sprawl. Hint: It involves doing a proper inventory of your environment before undertaking consolidation.

If backup is your bag, Burton Group analyst Chris Wolf has the lowdown on issues affecting VM backup: CPU, disk I/O and network I/O bottlenecks, and he offers an overview of where backup options like image-level backups; VMware Consolidated Backup, or VCB; file-level backups; and continuous data protection fit into the data protection continuum.


November 27, 2007  10:34 AM

VMware Server 2.0 – GPL v3 Compliant

Kutz Profile: Akutz

A while back I reported on what was a sticky issue for many people: VMware Server 1.0.4 did not work with the latest Linux kernel (2.6.23+) because the VMware Server memory module used the dumpable bit which had been removed in 2.6.23+ in favor of the GPL v3 exported set_dumpable and get_dumpable functions. Because the VMware Server memory module is not GPL v3 compliant (it does not use the MODULE_LICENSE macro to declare itself such), either a kernel recompilation was required in order to redact the GPL v3 changes to the set and get dumpable functions or a vmmon module recompilation was required in order to lie about its license type. Unlike the writer’s strike, a compromise has been reached.

The Linux Kernel development team has not removed set and get dumpable’s GPL v3 requirements and VMware has not made the vmmon memory module GPL v3 compliant (which in turn would require VMware Server to be licensed under GPL v3). VMware did not even future proof themselves by creating a Kernel module shim licensed with LGPL. VMware simply access the dumpable bit directly with set_bit and clear_bit now. Lines 1663 of the vmmon source file driver.c begins with:

<code>
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 23) || defined(MMF_DUMPABLE)
/* Dump core, readable by user. */
set_bit(MMF_DUMPABLE, ¤t->mm->flags);
clear_bit(MMF_DUMP_SECURELY, ¤t->mm->flags);
</code>

While some may hail this change as a good thing, I do not. What happens next time when there is no work-a-round? Both VMware and the Linux Kernel Development team have a chance to showcase that closed-source and open-source can work together. That closed-source companies are open to listening to the reasons for things like GPL v3. And proponents of GPL v3 have an opportunity to show that they are not just zealots whose blind actions damage the usefulness of their software to end users.

I think it is great that VMware listened (whether or not it was to me) and fixed this issue. I just wish that the opportunity for two communities to come together could have been embraced instead of side-stepped.

Until next time.


November 27, 2007  10:33 AM

VMware Server 2.0 at First Blush

Kutz Profile: Akutz

They say the best laid plans of mice and men rarely succeed. It is clear to me then that some of the development team that VMware has working on Server must be what Mulder and Scully were searching for — not the truth, the other thing, human/alien, (wait, scratch that,) human/mouse hybrids. I figure if a double-negative makes a positive and Mars is in the orbit of Venus, then a human/mouse hybrid probably succeeds a little more than it fails. And that is my poetic, round-a-bout way of saying that at first blush, VMware Server 2.0 hits the mark more than it misses.It is nice that VMware Server 2.0’s installer attempts to uninstall VMware Server 1.0.x for you, except that 1.0.x’s uninstaller is famous for not working! It does not like to shut down VMs in a timely manner. I tried to manually shutdown the daemon, but the vmnet1 NIC arrived in some type of hung state. A reboot was eventually necessary as countless console messages prevented me from accessing the server even from the console. I know this is not indicative of a 2.0 problem, but it sure soured me to upgrading right off the bat.

However, once I finally resolved that issue, 2.0 installed like a champ! No problems at all. That is more than I can say for previous versions of VMware Server. VMware even bypassed the nasty problem on non-GPL3 compliance by not using the GPL3-ified version of set_dumpable in their vmmon memory module. Instead they call the set_bit function directly:
<code>
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 23) || defined(MMF_DUMPABLE)
/* Dump core, readable by user. */
set_bit(MMF_DUMPABLE, ¤t->mm->flags);
clear_bit(MMF_DUMP_SECURELY, ¤t->mm->flags);
</code>

It’s nice to see that someone listened to me (I’ll pretend someone did — most likely VMware just saw that this was a problem and fixed it — good on them!)

So far so good, VMware Server 2.0 installed great. But then it comes time to manage it. The very first thing I do is open a Web browser and point it to the Tomcat instance being used by Server 2.0. However, it does not ever authenticate me. I get a funky malformed URL error. That’s like, totally bogus, dude. I mean, cryptic error messages? Who does VMware think they are? Every other software developer in the world? VMware — we hold you to higher standards — better error messages please.

Luckily, Server 2.0 is manageable by the VirtualCenter client, which I happen to have. Unfortunately the Server 2.0 Website does not make that an available download for users without said client. 🙁 . I started up the VI client and tried to connect to my Server 2.0 instance until I realized that the VI client is subject to the same issues connecting to Server 2.0 as it is with ESX — it does not accept pass phrases. My pass phrase is over 70 characters long and the VI client rejects it. Or it is using the trim function (if you know what it does you know I gave something away, otherwise, LOOK, a rainbow!). I ssh into my Linux box and change my password to something less secure and then attempt another VC connection and this time it works.

The VirtualCenter client is a great way to manage VMware Server. The VirtualCenter client is a terrible way to manage VMware Server. I am sensing some dichotomy here. I am glad we (do not) agree! While the VI client is a great improvement over the MUI (we finally get meaningful statistics!), it would have been nice to get a client version that did not constantly throw .NET errors about objects not initialized or null this and weak reference that just because VMware Server 2.0 does not fully implement everything that ESX does. That is annoyance number one. Oh, click “Continue” instead of “Quit” or watch the VI client close on you!

That brings me to annoyance number two, and this one is far worse. There is no intuitive way to add existing VMs into VMware Server 2.0! You have to double-click on a configured data store in order to explore its contents, navigate to the VM’s vmx file, and then click “Add to Inventory.” However, if you right-click on the data store you get an error. If you look for an “Explore data store” option you will not find one. There should be a “Search this server for VMs to import” option. At the very least, when the installer asks you where to store VMs (from which it creates the first data store), it should ask if you wish to import existing VMs.

Overall I am happy with VMware Server 2.0. It seems much faster and you can finally create more administrative users than just “root”. However, there is much spit and polish needed before VMware Server 2.0 is ready. Most of that focus needs to be on what VMware already knows — its management. The VIX API and increasingly integrated Virtual Infrastructure client functionality are a good first step, but VMware Server 2.0 is not there yet.


November 27, 2007  10:27 AM

Why You Must Evaluate Citrix XenServer

Rick Vanover Rick Vanover Profile: Rick Vanover

With two clear players emerging in the premier virtualization space, VMware’s ESX Server platform and the Citrix XenServer, every serious virtualization shop needs to evaluate XenServer for fair comparison. Why? Well, right now ESX is the top product in the popular opinion, but after attending a summary of the recent Citrix iForum it became clear that XenServer will pose a significant challenge in all areas to the VMware offering as the resources of Citrix are integrated to the XenServer platform as the products mature.  Just to be fair, VMware is constantly working to improve their offerings as well.

Following in the Footsteps of Free Software

Just as Microsoft and VMware released virtualization products as free pieces, XenServer Express Edition is available to use as a free download. The full enterprise management pieces are not available on the free download (as is the case with VMware Server vs. ESX), but this is a great way to get started with being familiar with the XenServer platform.  This is critically important as virtualization in the x86 world is relatively young in the data center, so in my opinion there will be many arrivals quickly onto the scene and I do not want to entrap myself into one product without full knowledge of the other offerings.

Explore Additional Management

In part of your evaluation, it may be a good idea to determine the differences from the management side between VMware ESX and Citrix XenServer Enterprise edition. There are some differences, and as the next release of XenServer that has had the Citrix touch on the whole build, there should be some exciting new features that will surely give VMware a challenge for the best enterprise virtualization product. Regardless, we all win, as a better suite of products will be made available to the enterprise.


November 21, 2007  2:24 PM

Client-side virtual desktop technology: Unnecessary?

Ryan Shopp Ryan Shopp Profile: Ryan Shopp

Two weeks ago, I wrote an article about VMware ACE virtual desktop alternatives Kidaro and vThere. Michael Brennan, a SearchServerVirtualization.com reader and a principal at the 17-year-old Barrington, Ill.-based consulting company Advanced Logic Corp., wrote in with an interesting point of view:

I find it puzzling that the industry is now considering client-side virtualization at all. It will doubtlessly add to the total cost of ownership of the most expensive computing devices in the environment and poses a security risk for the data in the virtual machines (VMs). (Unless you truly believe that the security of a VM can’t or won’t be an issue.)

It also adds a layer of complexity to the user experience that has already been eliminated by the secure deployment of applications and information on corporate portals.

While the client-side virtual desktops could provide application delivery, how will you reconcile the data component on a desktop image?

If you are using only virtual desktops to deliver applications, I would offer that there are several tried-and-true mechanisms for doing that today.

Even virtual desktops running on servers, like VMware Virtual Desktop Infrastructure and Citrix’s XenSource products are essentially trying to reinvent thin client computing with a small twist: by letting the user customize his or her desktop. Using Citrix published applications on PCs rather than Microsoft’s Terminal Services or Citrix’s published desktop, you can achieve the same result. On the client side, you still need the same device for virtual desktops, either a PC or a thin-client device.

(The cost differential between these device types has nearly vanished.)

For mobile computing devices, without technology in place that prevents users from copying corporate data to it in the first place, the whole security enhancement allegedly provided by desktop virtualization is negated.

The issue of lost mobile devices is another serious problem. It can be best handled by existing technologies that automatically disable the device if it doesn’t “phone home” within a configurable time.

The key for our clients: provide appropriate access to corporate applications and data securely and cost-effectively while being sensitive to where the client is and what device he or she is coming in on.

We can deliver on that need cost effectively without client-side virtualization.

Server virtualization blog readers of the world: What are your thoughts? Are client-side virtualized desktops necessary, or did the previously existing technologies serve the needs remote workers well enough?

Are you looking at client-side virtual desktops in your company? What technologies are you looking at (VMware ACE, Kidaro, vThere)?


November 21, 2007  10:49 AM

The Xengine Keeps on Chugging Along

Joseph Foran Profile: Joe Foran

Just a few days after my last post about Virtual Iron and their wheeling-and-dealing, they sign an OEM agreement with Dell. This little train is starting to sound more and more like a serious contender to the Triad of Virtualization – VMware, Microsoft, and Citrix, with their bargain-basement prices attracting the big OEM deals from the Triad of Server Hardware – IBM, Dell, and HP. Perhaps I’m wrong about them playing in the small sandbox for a while to come – I really expect to see a big bump in their sales numbers, maybe even an IPO someday. While their CEO says they have no intention of direct competition in the Fortune 500 space, the SME space is wide open. Taking on that small-to-midsize enterprise market can mean big bucks, just as much, if not more, thant the F500 if they can get enough market share. The way to do it – OEM deals. Putting their prices in their with VMware’s prices on a web-based server configuration tool is sure to make any manager pause and think.


November 20, 2007  2:51 PM

When VMware doesn’t cut it anymore: Virtualization Log

Alex Barrett Alex Barrett Profile: Alex Barrett

For most shops, VMware Inc.’s Virtual Infrastructure is plenty scalable — but not for all. Managed service provider Mosso expects to outgrow VirtualCenter within the year, so the company is evaluating the alternatives. It will probably choose something based on Xen. As virtualization matures, I suspect we’ll hear a lot more about the problems plaguing truly large VMware deployments.

In most virtual environments, all the virtual machines on a box share hardware devices, but what if you want to isolate a PCI device to a specific virtual machine? This tip by Xen expert Sander van Vugt shows you how.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: