October 30, 2008 10:26 PM
Posted by: Texiwill
Edward L. Haletky
, Virtualization security
, VMware ESX
There’s more to VMware’s purchase of Bluelane than meets the eye. Touted as a means to beef up VMware’s security and high availability options within the virtual infrastructure, this purchase is instead more of a move to a full VDC-OS…and not just a concept as presented at VMworld 2008.
The concept of VDC-OS is to better define the various roles and to change how we as administrators view and manage our virtualized data centers. However, with tools like Bluelane the view begins to muddy.
An operating system provides the basic security and fundamentals to run applications and perform tasks as the users dictate. Users do not want to worry about security, they want to have the system just work. Bluelane helps this by allowing VMs to run even if they are not patched yet reap the benefits of some of these patches. Granted not all patching happens by Bluelane, but those patches that are network related will. Less patching means less downtime.
However, are there diminishing returns? Yes, you get protection but at what cost? Higher CPU utilization to handle all the myriad of network related patches that are necessary? Are you protected by zero day attacks? What if Bluelane is attacked directly?
Even with these questions to be answered, VMware’s purchase of Bluelane shows an intriguing picture of a true data center operating system that just works regardless of the application being run; one that has its basic security handled for them. This is one more tool that can be used with the distributed virtual switch that will span the data center.
Picture a ThinApp running as a virtual appliance with Bluelane to handle the network patching required? Where is the operating system in this picture?
October 30, 2008 2:53 PM
Posted by: Eric Siebert
, VMworld 2008
VMworld 2008 is over, but you can still get useful advice and information from it. Here’s my list of must-click VMworld 2008 links. This list offers helpful info for VMware users, whether you attended VMworld or not. It contains webcasts of the two VMware keynotes, live blogging perspectives, new product announcements, feature demonstration videos and much more.
So, enjoy VMworld from other perspectives as you go through the links on this list and enjoy some of the great information that came out of VMware’s annual conference. For hundreds of additional links to the conference including audio, video and photos check out my special VMworld 2008 page on my VMware-land website.
1 – Day 1 (Tuesday) Paul Maritz Keynote -
Several links from the Day 1 keynote including the official webcast and live blogging with commentary. This keynote introduced some of the new concepts and products that VMware has planned for the future.
2 – Day 2 (Wednesday) Stephen Herrod Keynote –
Several links from the day two keynote including the official webcast and live blogging with commentary. This keynote was much more technical then the previous days keynote and contained many details on upcoming features in VMware products.
3 – Virtual Data Center OS
Several links on the new VDC-OS concept that VMware introduced at VMworld including the official VMware page that describes the many new components included in it.
4 – Cisco Nexus 1000V vSwitch -
The long awaited Cisco vSwitch was announced at VMworld, these links describe its features and technical specifications.
5 – Virtualization.info wrap-up
Great conference wrap-up coverage from Alessandro at Virtualization.info providing information and commentary on the events, products and announcements at the show.
6 – TechTarget coverage
TechTarget provided many good blog posts, news reports, videos and more at VMworld, this link is to the page that contains all the links to their coverage.
7 – Best of VMworld 2008 awards announced -
The Best of VMworld awards showcased many great products at VMworld, this link details all the winners and finalists in a multitude of categories.
8 – Brian Madden’s roundup of the desktop/application vendors at VMworld 2008 -
Brian Madden’s great coverage of some of the many vendors that displayed their products in the Solutions Exchange at VMworld.
9 – New feature demonstration videos -
Demonstration videos for some of the exciting new features that are planned for the next major release of ESX.
10 - VMworld 2008 – EMC Wrap-up
• Chad Sakac’s wrap-up summary of VMworld including summaries and links to the many session presentations provided by EMC.
October 30, 2008 1:11 PM
Posted by: Bridget Botelho
, SQL Server
, VMware High Availability (VMware HA)
, Windows Computing
VMware, Inc. announced last week that another Windows customer is using VMware Infrastructure 3 (VI3) instead of Microsoft Hyper-V to consolidate servers and reduce costs.
Independence Blue Cross (IBC), the largest health insurer in Philadelphia, has grown quickly in recent years, and their computing demands and costs have grown along with its business. Physical server sprawl and increasing power consumption has plagued the hospital and the cost of acquiring and managing new hardware was growing out of control, VMware reported.
To reverse these issues, IBC turned to virtualization. The company looked at Microsoft Hyper-V, but ultimately chose VMware because “it offered a more complete solution and robust tool set, rather than simply a hypervisor,” VMware’s spokesperson said on behalf of the customer. Another plus for VMware was that is offers VMotion to live migrate virtual machines (VM), which Micrsoft’s Hyper-V product won’t offer until the next version, as well as high availability, resource pooling, manageability and automation, VMware said.
So far, IBC’s Windows application environment is approximately 70% virtualized, including applications like Active Directory, Exchange, SharePoint and SQL Server, PeopleSoft and Oracle 9i. There are 386 VMs are running on 48 physical hosts, and CPU utilization has increased from 5% to 75%, VMware reported.
Michael Garber, director of distributed infrastructure, at IBC, stated in the release that VI3 paid for itself in less than 16 months and helped IBC avoid more than $1 million in hardware costs.
VMware currently has over 3,000 hospitals on its list of customers, according to VMware.
VMware release lots of customer case studies to show the world how great they are, but when they announce Windows users as customers, Microsoft Hyper-V takes a bullet. Hyper-V is built right in to Windows Server 2008, so why wouldn’t a Windows user just virtualize with Hyper-V? That’s Microsoft’s argument, and it looks like people aren’t buying it.
There is a ton of speculation on whether Hyper-V will be able to surpass VMware in the virtualization market, but I haven’t seen anything from Microsoft (like Hyper-V customers!) signaling that possibility.
October 29, 2008 8:28 PM
Posted by: Bridget Botelho
, Microsoft Windows
, Windows Computing
Palo Alto, Calif.-based VMware, Inc. announced that Nationwide Services Co., which provides shared services to the Nationwide family of companies, has deployed VMware Infrastructure 3, to consolidate Nationwide’s Windows-based server environment and undo physical server sprawl.
Nationwide Services Co., a unit of Nationwide Mutual Insurance Company, initially deployed VMware Infrastructure to reverse the effects of server sprawl and lower power consumption. Using a mixture of VMware and zLinux virtualization software that are complementary to each other, Nationwide reduced over 700 physical hosts.
So far, Nationwide has achieved a virtual-to-physical consolidation ratio of 13:1 and virtualization has helped Nationwide increase server utilization from an average of 15 percent to 70 percent.
Nationwide started its consolidation project with over 5000 HP servers, mostly DL385 and DL585 servers in 2004, and are now down to around 3,300 physical servers with over 1,200 virtual servers, said Scott Miggo, vice president of infrastructure engineering at Nationwide Services Co.
Nationwide has not upgraded to Windows Server 2008, which has Microsoft’s hypervisor Hyper-V built in, and Miggos said he has no immediate plans to move there.
“We may look at Hyper-V in the future when it is more tested and mature, but for know we feel VMware is more mature and my staff is fully trained on Vmware,” Miggos said. “Since we have been using VMware for over 4 years with good success, no major issues and an enterprise licensing agreement with VMware that help hold down our costs, we feel very comfortable staying with Vmware for the near term future. ”
In addition, Nationwide has already saved $2.2 million in hardware and expects to save even more by replacing additional physical servers with virtual machines. The company is also saving on its power bills, because they have reduced energy consumption and streamlined system administration.All of this was done without affecting availability, VMware reported.
October 23, 2008 3:22 PM
Posted by: Rick Vanover
, VMWare Server 2.0
VMware Server 2.0 has quite a different interface than previous versions of the popular free hypervisor, and sometimes accessing familiar configurations becomes more difficult with a new interface.
One difference between the prior 1.0.x versions of VMware Server and the version 2 release is the virtual machine power-on settings.
In versions 1.0.x, the option to have a VM power on when VMware Server boots was a property of the VM itself. With version two, this property is actually a configuration value of the server. Further, there are a good number of additional options around VM startup order with VMware Server 2.
The first thing in configuring VM automatic power on is to go to the ‘Edit Virtual Machine Startup/Shutdown Settings’ configuration option link from the top page of the VMware Infrastructure (VI) Web Access. The figure below shows the area of the interface that this link is located:
In this area of VI Web Access, VMs can be configured to boot up automatically when the server powers on. One of the great new features of VMware Server 2 is that in this console, a sequence of VMs to be automatically started can be configured. This is important for many configurations where there are dependency services on one VM that provides something like DNS and DHCP on the network to the other systems.
In my VMware Server 2 implementation, there are two VMs configured to automatically start when the server powers on. Further, the startup delay can be configured for subsequent VMs. The figure below shows the VMware Server startup and shutdown options panel:
The move of this configuration to a server property instead of being per-VM is a good move for situations where VMware Server could carry more critical workloads. The added functionality around startup sequencing is also a welcome addition for better management options for the product.
October 17, 2008 1:49 PM
Posted by: Rick Vanover
, VMware Workstation
Having a virtual machine or series of virtual machines start up from a script or remote command can be a time saver, especially when compared with logging into the Web interface. VMware Server 2 and prior versions offer the vmrun command for six major tasks that you can perform on a virtual machine: starting, stopping, resetting, pausing, unpausing and suspending. Let’s run through an example that I recently saved as scripts on my VMware Server 2 (build 116503) installed on a Linux server.
The following command will start the virtual machine named ScriptStart1:
vmrun -T server -h https://dhcp-122:8333/sdk -u root -p rootpass start "[standard] ScripitStartVM1/ScriptStartVM1.vmx"
Once that command is launched, the receipt of this command is represented in the scrolling log accessible through VMware Server Web Access. This is shown in the figure below:
One important note that in this example the command is case sensitive to the datastore path, so the VM name of ScriptStart1 cannot be represented any way other than its location in the datastore. The path and .vmx file name may vary in situations where the VM has undergone name changes or copy operations from another VM.
There are quite a lot of parameters passed to the VMware server with the vmrun command, and it is important to note a few attributes of the command. The parameters are designated below:
- T – VMware platform, server is the designation for VMware Server
- h – This URL is the host system. Note the port assignment will be set during installation. This example was a default configuration
- u -p – username and password sent to the host
- start – the command sent to the host
The last parameter is the path to the virtual machine within the datastore.
Aside from this quick example of a basic start command, vmrun has many other features, such as installing VMware Tools, adding shared folders, killing a process in a guest VM and reverting to a snapshot. One positive point about vmrun is that it can be used in both VMware Server (versions 1 and 2) and VMware Workstation products. There is a lot more to vmrun, and the full command documentation can be found in the vmrun control document available on the VMware website.
October 8, 2008 2:37 PM
Posted by: Bridget Botelho
Palo Alto-based VMware Inc. announced this week that the Interior Health Authority (IHA) of British Columbia has standardized on VMware’s virtualization and management suite VMware Infrastructure 3 to improve manageability and performance of mission critical applications, and dramatically cut costs for the western Canadian government agency. Savings from consolidation and power and cooling costs are estimated to be in the millions over the long term.
IHA provides healthcare services to 750,000-pooohlus residents of British Columbia through a network of 183 hospitals and offices across the southeastern portion of the province.
IHA found itself adding an astounding 10 physical servers each week to keep pace with business demands over the past few years and the space requirements and costs made that pace unsustainable. IHA brought in VMware to gain control over its IT environment by reversing the physical server sprawl and providing a more efficient way to manage critical applications and data stores, VMware reported.
Kris Jmaeff, information system security specialist, IHA, stated in the release, “We wanted to get handle on our hardware requirements and, just as importantly, we wanted an application environment that could scale reliably…Over the long run, it should deliver millions in cost savings by slashing server procurement dramatically.”
By substituting VMware virtual machines (VM) for physical servers, IHA will avoid purchasing another 200 physical servers. The health authority is now running about 250 VMs in two datacenters that are fully redundant for disaster recovery, and all the VMs are managed centrally via VMware VirtualCenter.
About 95% of the virtualized applications are Windows-based, including Microsoft Exchange, SharePoint and SQL Server. They also virtualize Oracle databases and various custom applications for billing, scheduling and patient care.
The side effect of IHA virtualizing is that the organization is greener; the amount of power required to run and cool IHA’s data centers has been cut by nearly 85% using virtualization. Not only does this reduce carbon emissions by millions of tons, it has generated an annual power savings of over $70,000 for IHA, according to VMware.
Jmaeff said in the statement that IHA looked at other virtualization platforms, including Microsoft Hyper-V before choosing VMware. “VMware[s] platform could provide simplified and centralized management for all our VMs as well as the high availability, automation, and performance that we needed. And our decision has paid off with massive savings and big advances in IT resiliency. Now that we’ve abstracted the applications from the commodity hardware, we can relocate a VM in seconds if a box breaks. Users aren’t impacted. That’s invaluable in a healthcare environment.”
It’s obvious that VMware publicizes use cases like these, from hospitals where sensitive citizen data is kept and life saving technology is used, to dispell fears about virtualization performance and security. I think by now, in 2008, doubts about the performance of virtualization have been put to rest, though it seems security concerns still exist.
October 6, 2008 5:56 PM
Posted by: Rick Vanover
, VMware ESX
On October 1, VMware posted two important documentation updates related to the storage and compatibility guides for VI3 environments. The most visible indicator is that VMware has split the compatibility guides for ESX Server 3.0.X and ESX Server 3.5 including ESX Server 3i into separate guides. Both guides are available from the VMware website as a PDF. Here are links to both the ESX Server 3.0.X and ESX Server 3.5 and 3i guides.
The support matrix for storage and SAN configuration is an absolutely critical component to planning additional storage purchases or expanding current environments. Among my small circle of peers, I have been a little critical of VMware for releasing documentation that covers ESX 3 in a blanket format. This is a big step in the right direction, as the supported environments and their functionality vary by platform which was the crux of my frustration with blanket documentation.
This split in documentation is likely due to ESX 3i and Storage VMotion related supported environments. At first glance at the two guides they seem similar, but the following was taken from the 3.5 and 3i guide:
You will note that this guide is sparsely populated at present. The reason for this is that storage arrays require re-certification for ESX Server 3.5 and ESX Server3i, and while many re-certifications are in process or planned, relatively few have been fully completed to date. In contrast, servers and I/O devices do not require re-certification.
While this is somewhat of a surprise for a nearly 11-month-old product line, I still welcome the split documentation. Be sure to check these guides when making storage related infrastructure decisions, as they change frequently and based on the excerpt above should be updated. VMware’s supported configurations for storage are important to not only deliver a solution that works as expected, but to lay the framework for the virtual machine file system or VMFS, which I touched on during a prior blog post of why the proprietary drivers are important.
October 6, 2008 5:51 PM
Posted by: Eric Siebert
, VMware ESX
, VMware High Availability (VMware HA)
On Friday, VMware released the latest version of VirtualCenter, Update 3 (no update 3 for ESX yet). Unlike Update 2 (which contained some great new features), this version is mainly focused on fixing bugs. VMware administrators may be a little leery of installing this update after the time-bomb debacle that occurred several months ago with Update 2, but there are a few fixes (including many for HA) outlined below that make it worth installing.
- Permissions Can Be Configured for Individual Virtual Machines and Resource Pools in VI Client – Starting with this release, when the VMware Infrastructure Client is connected directly to a host running ESX Server 3.5 or higher, the Permissions tab is available for individual virtual machines and resource pools.
The first notable fix is for displaying a login password in clear-text. You may not think this is too big of a deal, but if someone were to be standing near you when this happened they could see your password (or at least the one you entered) displayed in clear-text.
- VMware VirtualCenter password might display in error window – This release resolves an issue where a user’s password can be displayed in clear text on the login screen. When logging into VirtualCenter Server 2.0 with Virtual Infrastructure Client 2.5, the user password might be displayed in a dialog box on the VI Client in clear text if the login fails. The dialog box alerting the user to the failed login might be hidden under other windows.
The next fix updates the JRE used on the VirtualCenter server to the latest version which is 5.0 Update 16 (1.5.0_16) which fixes some security issues.
- WebAccess component JRE updated to version 1.5.0_16 – The currently installed version of JRE depends on your patch deployment history. For more information about security issues fixed in version 1.5.0_16 and in earlier versions, see the JRE release notes at http://java.sun.com/j2se/1.5.0/ReleaseNotes.html.
An update to the Flex License Manager server is included. This update is not installed automatically when upgrading existing installations and must be installed separately.
- FLEX license server upgrade – This release of VirtualCenter upgrades the FLEX license server to version 10.8.6 in order to resolve known issues with previous releases of the license server and to provide enhance debugging capabilities. The new FLEX license-server is packaged with the VMware Infrastructure Management Installer. Fresh installations of the license server will use the new version but the license server will not be automatically upgraded when using the VMware Infrastructure Management Installer to upgrade an existing installation. To upgrade an existing license server installation, use the standalone installer (VMware-licenseserver.exe) that can be found in the /vpx folder of the installer directory structure.
This one caused some issues with HA because of a network compliance check that was introduced in Update 2. A new HA advanced setting has been added to bypass this check.
- HA network compliance check – During the configuration of HA in VirtualCenter 2.5 Update 2, the Task & Events tabs might display the following error message and recommendation: HA agent on in cluster in has an error Incompatible HA Network: Consider using the Advanced Cluster Settings das.allowNetwork to control network usage. Starting with VirtualCenter 2.5 Update 2, HA has an enhanced network compliance check to increase cluster reliability. This enhanced network compliance check helps to ensure correct cluster-wide heartbeat network paths. VirtualCenter 2.5 Update 3 allows you to bypass this check to prevent HA configuration problems. To bypass the check, add das.bypassNetworkVerification=yes to the HA advanced settings.
In addition to the fixes and updates to the Update Manager and Converter, plug-ins have been released. If you upgrade to Update 3 you must also update these plug-ins or they will no longer work.
This one has caused a few people who upgraded to Update 2 some grief — thankfully VMware has quickly addressed it.
- In HA-DRS cluster, the enter maintenance mode task stalls and VMs do not migrate – In previous releases of VirtualCenter, virtual machines might not be automatically migrated off a host entering maintenance mode if there is not enough failover capacity in an HA-DRS cluster. The enter maintenance mode task stalls at 2% indefinitely and does not complete even if HA admission control was disabled. In this release, the issue has been resolved by allowing the evacuations if HA admission control is disabled. Note that admission control is enabled by default, see Implications of enabling or disabling VMware HA strict admission control when using DRS and VMware DPM (KB 1007006) for more information. Note that the task might also stall if the virtual machines cannot be evacuated for other reasons. And finally a minor one with not being able to delete HA advanced settings.
- Once HA advanced settings are created, they cannot be deleted – In previous releases advanced settings created on the Advanced Options page for an HA cluster cannot be deleted. Attempts to delete the advanced setting would result in an object reference error dialog box being displayed. This release resolves the issue and advanced settings can be deleted normally.
As always read the release notes before upgrading. This release may not have all the cool new features of the previous release but bug fixes, while not glamorous, are a necessary evil to ensure a stable product.