Virtual appliances

How do your virtual machines compare with your peers’? Find out

A small virtual appliance company in Portsmouth, N.H. called vKernel first grabbed my attention last year with its virtualization management software, and they have it again with a new online virtualization community called Compare My VM.

The site gives users a way to annonymously compare their virtual machine (VM) configurations, by application category, with peers to see how others are allocating resources, and hopefully, take something useful back to your own environment.

vKernel’s Founder and CEO, Alex Bakman, came up with the CompareMyVM idea to help the IT community learn from each other about allocating resources for specific application VMs. 

“How to properly allocate resources in a virtual environment is still a trial and error process.  Simply using the same allocations of a physical server when virtualizing it can quickly lead to resource capacity issues caused by either over or under allocations,” said vKernel’s communications director, Christian Simko. “Ultimately, users can come to the site to learn how to ‘right size’ VMs so that they can drive higher VM densities without impacting performance.”

By setting Compare My VM up as a community site, visitors are more apt to share with and learn from their peers, than to have a product vendor tell users how and what to do, Simko explained.

So far, Compare My VM has around 300 submissions. Users typically enter their VM info either because they think their VM set up is da bomb, or because they need some help, which is why vKernel added a peer to peer ranking system on the site, Simko said. 

“One person may think their set up for an MS SQL VM supporting X number of users is allocated just perfectly,” but it might not be so hot when viewed outside the four wall of that users data center.  “We give others a chance to rank what they think is the right way, much like how Blog sites give others the ability to rank stories,” Simko said.

As is vKernel’s style, the site is designed so that it is simple to navigate and submit information to, allowing users to find similar profiles and compare them.

“It is a tool to help admins learn, share, and improve,” Simko said. “VKernel has only set up the framework of this site; we are not populating it or dictacting how people should be doing things.  It’s purely a community tool.”

I encourage you to check out the free CompareMyVM.com site and anonymously compare your VM resource allocation profiles with that of your peers. You will either feel pretty good about what you are doing, or really bad - and in that case, you’ll probably learn something.

VKernel SearchMyVM appliance delivers VI3 information in a browser search

Portsmouth, N.H.-based VKernel has released a beta of the SearchMyVM appliance to allow administrators to make queries of their VMware Virtual Infrastructure 3 (VI3) virtual environment through a browser search-style interface. The SearchMyVM appliance keeps VKernel’s tradition of delivering very quick and easy-to-use solutions for managing virtual environments.

I had a chance to download the beta and within two minutes of completing the download I was able to see data being collected. Once the SearchMyVM appliance was connected, making queries was a snap. These queries can be a quick list of the canned queries or you can use the built-in query builder to get specific information for your environment. For example, let’s take one of my most frustrating configuration issues with VMotion, the connected optical (CD-ROM) device. Within SearchMyVM, you can determine which VMs have a connected optical drive within the hardware inventory by a simple query. The query below will return the list of VMs in the entire environment that have a connected optical drive:

vm.cdroms.object.cdroms.connected=true

When the query is run, the result is a list of VMs that have a connected media. This VKernel appliance does this one better in that it also returns to you the path in terms of clusters and resource pools. Finding the VM becomes quite easy with the query results. The screen shot below shows this query:

This can save incredible amounts of time in looking for specific log entries, configuration parameters, determining which VMs have snapshots and endless other possibilities. Needless to say, this is a very simple appliance to stand up and can save time in the ongoing administration of a VMware virtualization environment.

This beta release of the SearchMyVM appliance and the upcoming release of the Modeler product at VMworld later this month build a strong portfolio of products for VKernel. The SearchMyVM beta appliance is available for download from the VKernel website.

Using virtual appliances with VMware

VMware’s Virtual Appliance Marketplace has over 800 appliances available for download over a wide range of categories that can be used in your VMware environment. For those who may not be familiar, virtual appliances are pre-built, pre-configured virtual machines for use in virtual environments that are built to serve specific functions.

Some of the type of appliances available with VMware include anti-spam, database/app/web servers, firewalls, network monitoring, operating systems and administration tools. There is even an appliance for running DOS-based games from the early 90s. Most of the appliances are free to download and use except for some of the certified appliances from vendors such as IBM, Symantec, VMSight, Bluelane and Bea which must be purchased. Almost all of the appliances run various distributions of Linux to avoid operating system licensing costs and many utilize free open-source applications.

These appliances are compatible with any of VMware’s products including Player, Workstation, Server, Fusion and ESX. Appliances range in size from a few megabytes for some of the small router or firewall appliances to a few gigabytes for some of the bigger, more featured applications. A typical appliance download will usually include the virtual disk (vmdk) file(s), configuration (vmx or ovf) file and usually a few companion files. Once you locate an appliance that you want to use, simply download it and copy the files to your VMware server or workstation. After adding the VM via your management interface, you’re ready to power it on and start using it. Most appliances are pre-configured to use DHCP to automatically assign an IP address to the VM but they will usually allow you to manually configure a static IP address if needed. A new feature in VirtualCenter 2.5 allows you to automatically download and import ovf file-format appliances via a simple wizard interface. You can also use VMware Converter to import virtual appliances into ESX.

Below are a couple of notable appliances that you might want to check out:

ESX Deployment Appliance – (free) Makes deploying new ESX servers simple and fast

X-M0n0wall – (free) A great little firewall for protecting virtual networks

Network Security Toolkit – (free) Contains many open-source network security applications

NagiosVMA – (free) All-in-one open-source host and network monitoring system

LAMP Appliance – (free) A complete web environment including web server (Apache), database (MySQL) and scripting language (PHP)

Remote CLI – (free) Remote command line utility for managing ESXi servers

Browser Appliance – (free) Safely browse the internet inside a virtual machine to prevent malware from infecting your desktop.

LeftHand Virtual SAN Appliance – ($) Converts internal storage of VI3 servers into a iSCSI SAN

SpamTitan – ($) A full-featured email security appliance

VM Sight – ($) Provides virtual network reporting and analytics

VMware Infrastructure Perl Toolkit 1.5 – (free) Provides a Perl interface to manage and control a VI3 environment

vKernel – ($) ESX resource monitoring and reporting including chargeback reports

Virtual environment architecting requires network zone placement

Almost every virtualization admin that I interact with has materially changed their strategy at some point with their first generation of server virtualization before the entire project is complete. Among the strategy changes are those related to network zoning, which will become a more important consideration as organizations approach higher levels of virtualization.

Specifically, the placement of external facing systems on the same virtual host as systems which house internal systems can put both sides of the network at risk if a compromise is made to the hypervisor from the external facing systems. This becomes especially important as the virtual appliance space allows organizations to easily consider firewall, intrusion detection, VPN and other external facing roles to be placed into the virtual environment as well as the frequent goal to virtualize everything.  

A more isolating strategy creates a separate environment with hosts dedicated to hosting virtual machines (VMs) that are external facing and not simultaneously host VMs on the internal network. While the hosts may be connected both to the internal and external networks in a DMZ network role, a compromise to the hypervisor or host system would not have as direct of an impact to the VMs running only on the internal networks. This also helps in emergency remediation by allowing a virtual host to be fully isolated or powered off until the issue is identified without impacting the internal network VMs.

When planning your next generation of server-side virtualization, consider the risks of placing internal and external network zones on resources that may contain external facing and internal only VMs. This type of architecture can bake in some inherent security into your environment that may save the day in the event of a zero-day vulnerability situation that affects the guest operating system or the virtualization hypervisor.

VKernel Capacity Bottleneck Analyzer for ESX virtualization available

Portsmouth, NH-based VKernel announced availability of its Capacity Bottleneck Analyzer Virtual Appliance, which allows system administrators to see capacity issues in VMware ESX Server-based environments so they can make necessary changes for optimum performance.

Network bottlenecks are issues in virtual environments due to increased capacity from virtual machines. A number of networking vendors have developed network products specifically for virtual environments to alleviate these issues.

A newer vendor called Altor Networks Inc. introduced a Virtual Network Security Analyzer last month that also lets IT view what is happening in virtual environment.

VKernel’s software monitors CPU, memory and storage utilization trends in VMware ESX environments across hosts, clusters and resource pools. The virtual appliance gives users a single-screen management dashboard that displays all of the details on capacity to help plan for new hosts, clusters and resource pools. Users can also receive alerts via email and SNMP.

The VKernel Capacity Bottleneck Analyzer Virtual Appliance is currently available with pricing starting at $199 per CPU socket.

Chris Wolf: VMsafe is cool because …

VMsafe, the new security technology created by VMware Inc., gives virtualization users the ability to monitor and secure virtual machine resources in ways never before possible.

After I wrote a short article on VMsafe last week, I received feedback from Burton Group analyst Chris Wolf, who was at the VMworld conference in Cannes, France. His comments weren’t included in the story, but they put things in perspective, so here they are:

“VMsafe is a very important technology in my opinion, as it changes how virtual environments are secured. Today, security appliance virtual machines (VMs) typically monitor other VMs by connecting to them over a virtual switch. The result is virtual network monitoring that resembles physical network monitoring,” Wolf said. “The current model is fine until VMs begin to dynamically move across a virtual infrastructure. Dependent security appliances always have to follow their associated VMs as a VM is relocated. This can complicate the live migration and restart processes.”

“With VMsafe, you would typically configure a security appliance per physical host, such as an [intrusion prevention system] virtual appliance. The security appliance vendor would leverage policies to determine what to monitor (such as by VM, virtual switch, subnet, etc). With VMsafe, the appliance can connect to any virtual switch by accessing it through the hypervisor; you no longer have to configure a special promiscuous port group for network monitoring,” Wolf said. “With security configured at the host level with no direct attachment to virtual networks, VMs can move freely about the virtual and physical infrastructure and still have their related security policies enforced.”

Wolf continued, “VMsafe also provides the framework for offloading many security activities to special-purpose security VMs, including roles such as antivirus monitoring. As we move to an automated or dynamic data center, having special-purpose security appliances that are capable of enforcing security policies at the hypervisor level can ease security management in an environment that will be constantly changing. Sure, it’s possible to enforce security policies with special purpose network-based appliances, but such configurations would be substantially more complex to deploy and manage than comparable solutions based on VMsafe technology.”

Thoughts on the ‘top five’ trends in virtualization

I recently received a press release from London-based TechNavio, the creator of a Web-based information and research tool, that outlines the top five virtualization trends. Here they are, along with my own thoughts on these trends:

1. Business process automation.
TechNavio’s take. “Virtualization is expected to speed up the wider movement toward business process automation and remote collaboration. The TechNavio findings appear to indicate that the market in general is expecting a major investment in this area within the next two to three years.”
My thoughts. On the subject of business process automation, if TechNavio means “scripting,” I can agree with this trend. SearchServerVirtualization.com contributor Andrew Kutz has received a few questions from readers about automation, which suggests that there are plenty of other IT pros with similar questions. Also, he increasingly writes tips about scripting for X or Y, often concerning disaster recovery or hot backups. Most recently I’ve seen questions about scripting virtual machines (VMs) to power on and off at a certain time.
Food for thought. If scripting VMs advances, what will happen to the number of system admins and data center managers needed to run a data center? Perhaps all you IT programmers should slow down the scripting process before you script yourself right out of a job!

On the subject of remote collaboration, I definitely agree with TechNavio. I wrote an article on emerging client-side desktop virtualization technologies. In response, I received comments from readers who said that they had found a surprising number of companies that are exploring client-side virtual desktop infrastructure (VDI) technologies for implementation in 2008. I think it’s due time for VDI; just consider the number of stolen or misplaced laptops, or CDs that went missing in the mail containing personal information. . . .I don’t know about you, but identity theft certainly isn’t on my holiday wish list. And I certainly would appreciate company investment in this kind of technology, considering the increasing mobility of technology.

2. Network-delivered computing.
TechNavio’s take. “Virtualization is also expected to boost the move toward network delivered computing or what is being termed PC-over-IP. This in turn will place vendors such as Cisco, NEC and Sun at the heart of the market, but interestingly leaves the door open for a host of innovative start-ups.” <br>
My thoughts. I would agree here as well. My aforementioned article discusses vThere, which focuses on primarily providing client-side virtual desktops via their own (i.e., third-party) servers that a client notebook would connect to when opening the virtual desktop. During interviews, my subjects all mentioned the trend of software vendors moving to providing their software via virtual machine. We have already seen a few virtualization companies provide beta versions of newer software via VM. As virtualization continues to grow in adoption, I can easily see all kinds of independent software vendors providing their products via virtual machine download.

3. Legacy applications and virtualization.
TechNavio’s take. “As application virtualization speeds up, applications development and maintenance or ADM, vendors have a real opportunity to grow into a new market defined as optimizing legacy applications for virtualization.”
My thoughts. We haven’t focused much on application virtualization on SearchServerVirtualization.com and SearchVMware.com, so I don’t have an informed opinion on this subject. Readers, do you?

4. Small and midsized businesses (SMBs).
TechNavio’s take. “The biggest long-term opportunity for virtualization vendors lies in the SMB space, specifically end-to-end solutions that allow SMBs to outsource and virtualize their entire network.”
My thoughts. I disagree here. Clearly. there is opportunity and space for virtualization in the SMB market, but to say it’s the biggest long-term opportunity? That’s a stretch. I doubt that larger businesses, once virtualized, will stop virtualizing. I think that a more accurate statement would be that virtualization vendors should target SMBs to further extend virtualization.

5. Labor market and skills.
TechNavio’s take. “As the market for server virtualization heats up, finding people with the right skills is set to get harder. With this environment TechNavio predicts that there will be increased opportunities for IT services companies as well as for IT staffing solutions providers.”
My thoughts. I don’t know if I agree that finding people with the right skills will become more difficult; it depends on the IT workers and their drive to stay on top of certifications that prove their worth. (Cough, the VMware Certified Professional (VCP) exam, cough, cough.) And whenever technology advances, desired skill sets change, so this prediction isn’t all that impressive. As far as increased opportunities for IT services companies, yes. It’s easier to go to a business and say, “Get me a sys admin with a VCP stamp of approval!” than it is to shuffle through résumés looking for those who are VCPs. And I definitely think that those who have the right credentials will find themselves in increasing demand: So stay on top of what you’re worth salary-wise given the move toward virtualizing mission-critical servers. Just because your current company doesn’t realize your worth, it doesn’t mean that Company Y — which has more virtualized servers and a greater need for those with virtual environment management experience — doesn’t.

TechNavio’s press release also included a quote after these “top five trends.” Co-founder of Chicago-based Infiniti Research S. Chand (who conducted the research for this report) said, “Currently the biggest beneficiaries of server virtualization are the enterprise users whose businesses tend to be dependent on running compute-heavy, high availability, application intensive data centers. These include: ISPs, hosting and managed service providers, bank’s trading divisions, gaming, online retailers and the like.”

So if you are looking to get the most (read: more money) from your virtualization experience, check job offers with companies that deal with these types of services.

VMworld Awards: Printing for the virtual computing age

Good-bye to pesky print drivers, hello to virtual printing. ThinPrint’s VDI-focused printing approach won recognition in the SearchServerVirtualization.com VMworld Awards’ Utilities category.

Is virtualization where Linux will top Windows…perhaps stealthily?

Virtualization is the theme of the LinuxWorld 2007 Conference & Expo this year, and that’s as it should be, according to industry veterans I’ve interviewed recently. Virtualization a big boon for Linux adoption and a way to steal some of Microsoft Windows’ thunder, they say. Overall, they agreed that succeeding in that space is a make-or-break proposition for Linux.

“It’s appropriate that LinuxWorld focuses on virtualization this year, because virtualization is a must-have for Linux,” said Jim Klein, Information Services and Technology Director for Saugus Union School District in Santa Clarita, Calif. “Without virtualization, Linux will fade away in the data center.”

Klein doesn’t think doomsday scenario is going to happen, however.

“From my experience, Linux and open source virtualization technologies are top-notch, certainly superior to Microsoft’s and reaching parity with VMware’s. The openness of Linux virtualization technologies make it easier to run multiple operating systems in one box.”

On the other hand, some industry vets think that Linux and Xen in its various forms have a lot of catching up to do, and they hope to see some significant announcements at LinuxWorld. Summing up this side of the equation, Alex Fletcher, principal analyst for Entiva Group Inc., said:

“Xen is definitely mature enough to warrant consideration by corporate accounts. Recent moves, such as Red Hat Enterprise Linux (RHEL)5.0 adding Xen as its fully-integrated server virtualization functionality are intended to spur corporate adoption of Xen, but will need time to play out. Granted, RHEL is a fully-robust operating system, but this is the first release that’s included Xen, giving risk-adverse decision makers reason to hesitate. Efforts like libvirt, an attempt to serve as a stable C API virtualization mechanisms, have potential but need to mature.”

Then again, others said, many factors weigh in Linux’s favor in the virtualization arena. For one thing, RHEL and SUSE are very robust enterprise-level operating systems. For another, Linux is not fully-dependent on Xen’s success, because VMware is optimized for Linux. The proven reliability of Linux in data center deployments is another plus. Indeed, consultant and author Bernard Golden believes that virtualization will pave the way for wider usage of Linux. Virtualization makes stability much more important, he said, because after virtualization more systems run on a single piece of hardware. In this situation, he thinks Linux is a better choice than Windows, as Linux has a better track record for both stability and uptime.

Virtualizing Windows-centric applications on top of Linux is a good path to follow, said Golden, author of the soon-to-be-released book, Virtualization for Dummies:

“For those companies that need to move aging Windows applications onto new hardware and want a more stable underlying OS, virtualizing Windows on top of Linux is a perfect solution. Also, Linux’s scalability marries well to two trends driving virtualization: the increasing power of hardware and Linux’s ability to scale across multi-processor machines.”

Microsoft-centric IT organizations probably won’t rush into virtualizing on Linux. In particular, said Golden, sticking with Windows could suit companies that are not ready to make a full commitment to building a virtualization-based infrastructure. He explained:

“The upcoming virtualization capability in Windows Server 2008 — and beyond, given that much of the previously-targeted functionality for Server 2008 has been dropped — will enable [those organizations] to extend the life of aging Windows-based apps. Of course, being able to extend the life of those apps will, to some extent, reduce pressure to migrate those apps to Linux or replace those apps with Linux-based apps.”

Such IT organizations usually move to virtualization using their existing hardware, rather than bringing in more modern, highly scalable hardware, said Golden. In these cases, there is less need to move to Linux. This strategy and the efficacy of using old hardware will be short-lived, in his opinion.

Microsoft-centric shops will also be encouraged to stay that way if Microsoft delivers the promised virtualization-friendly licensing terms for its upcoming Longhorn-plus-hypervisor release, said John Lair, business development manager for Prowess Consulting.

Linux may not gain even if Microsoft’s operating system and virtualization platform price tags are more than those of Linux and, say, Xen, according to Fletcher.

“There is a chance that the savings gained from consolidation will actually work to make Linux’s lower software acquisition costs less of a selling point,” Fletcher said. “Higher licensing costs for Windows aren’t as much an issue when fewer servers are running.”

Then again, Lair and others noted, virtualization will probably decrease the importance of operating system (OS) selection, shifting attention to application and virtualization platform choices. Kamini Rupani, product management director at Avocent, summed up this side of the equation, saying:

“Virtualization doesn’t help or hinder adoption of either Linux or Windows on the server side, because virtualization isn’t directly related to operating systems. Virtualization is about the hardware, about adding more virtual machines running on top of an existing hardware environment.”

In this point-counterpoint discussion, others said that Linux stands to gain even if virtualization devalues OS selection. These folks think that Linux will be the power, or platform, behind the scenes in virtualized enviroments.

“Linux is so easy to use and reliable that I think it will be used ubiquitously and not get much attention,” said Klein. “People won’t care that their VMs are running on Linux. Choosing Linux will stop being a big deal. Also, I believe that the majority of virtual appliances will be running on Linux, so that people will just drop them in without a thought about which operating system is inside.”

If this scenario plays out, Linux will return to its roots as a stealth OS. IT managers brought Linux into IT shops through the proverbial back door to use for applications that didn’t need top-level approvals. While it moved up to a more visible position in data centers, Linux also infiltrated cell phones and numerous other devices without fanfare. Today, Linux appears to be a front-runner as ISVs’ top OS choice for virtual appliances. Perhaps even Microsoft’s resistance is futile.