ESX

When will VMware retire the ESX service console?

VMware has been stating that the ESX Service Console (COS) will go away ever since it released ESXi, but so far this has not happened and it doesn’t seem likely to happen any time soon. Despite the session at VMworld this year entitled “How to survive in a COS-less world”, VMware doesn’t seem to be moving that fast to retire the service console. Doing so would be a big change and is only likely to happen with a major new release; VMware had the chance to do this with vSphere but chose not to.

If VMware eliminates the ESX service console, VMware would basically have to retire ESX as ESX without the service console is essentially ESXi. Before I go any further, however, I’ll explain what the service console is and the architecture differences between ESX and ESXi.

Continued »

Using Storage VMotion to keep critical servers up when shared storage is down

What a great tool Storage VMotion is. I may not use it every day, but when certain situations arise I really appreciate having this feature available.

The other night our storage area network (SAN) admininstrators shut down both of our SANs so they could do a microcode upgrade. Part of this process involved shutting down all of our production virtual machines (VMs) that were on shared storage before the SAN was shut down.

But there are certain servers that you want to have available at all times. In my work this includes at least one DNS and Active Directory server as well as our VPN authentication server. Because these VMs are all on shared storage I decided to use Storage VMotion to move them temporarily to local storage so they would be available while the SAN was down. With Storage VMotion I was able to do this while all the VMs were powered on with no interruption to service.

What Storage VMotion is and how it works

Introduced with VMware ESX 3.5 and vCenter Server 2.5, Storage VMotion allows you to move VMs from one storage data store to another while the VM is running. The difference between VMotion and Storage VMotion is that VMotion simply moves a VM from one ESX host to another but keeps the storage location of the VM the same; Storage VMotion changes the storage location of the virtual machine while it is running and moves it to another data store on the same ESX host. The source and destination data stores can include any storage volume that is configured on an ESX host, which includes local and shared storage. The magic behind Storage VMotion involves several behind-the-scenes steps, which are outlined below: Continued »

VMware ESX Web access in vSphere

With VMware Infrastructure 3, Web access was enabled by default. VMware chose to disable it in vSphere for security purposes. If you access an ESX 4 host with a Web browser you will see the default welcome page but if you click the log-in link you will get a 503 Service Unavailable error message.

This only affects ESX hosts (VMware vCenter Server has this enabled by default; ESXi does not have a Web access user interface (UI) to manage the host and virtual machines).

There is a tech note that describes the process for enabling this feature in ESX 4.0, but before you go ahead and do this you should ask yourself if you really need this feature enabled on all your hosts. VMware disabled this feature for a reason — Web based access methods are inherently insecure and are subject to numerous vulnerabilities that could potentially compromise your VMs and hosts.

The Web admin UI is very limited as you can only administer guest VMs and not host servers. Leaving it disabled removes a potential attack vector for your ESX hosts and makes them more secure. This is also true of other configuration settings that are disabled by default in ESX such as root access using SSH.

The first thing many administrators do is enable this because it is easier than setting up another user account and using su or sudo. So resist the urge to enable web access and utilize the vSphere client instead. If you must use web access for a specific reason only enable it on the hosts that need it. If you are using a vCenter Server use the web access on vCenter instead and use the roles and permissions built into it for additional security. By leaving vSphere web access disabled you are helping to make your ESX hosts and your whole virtual environment more secure.

Monitoring vSphere adoption: A forum moderator’s perspective

As an active moderator and VMware Communities Guru, I’m in a unique position to see the level of vSphere adoption from an interesting vantage point — topic activity in the forums.

Take one morning’s statistics from this past week:

• 3 pages of new VMware vSphere Forum Posts vs 1.5 pages of VMware ESX 3.5 Forum Posts.
• VMware ESX 3.5 Forum posts used to be around 3 pages
• The majority of VMware vSphere Forum Posts that dealt with ESX 4 vs ESXi 4 was in favor of ESXi 4 by a wide margin (I did not actually count posts but noticed there were more ESXi posts than ESX posts in those 3 pages)

So using this as a rough measurement and in a completely unscientific way, we do see that VMware vSphere is being investigated for use at least by those activie within the VMware community forums. The same thing happened when ESX v3.5 was released, and over time ESX 3.0 community posts dropped to less than a dozen per day. (I say per day because I review the vSphere, ESX 3.5, and ESX 3.0 communities once about every 24 hours give or take an hour or so.)

Given the types of questions, it looks like two things are happening:

• VMware vSphere is being investigated
• VMware ESXi 4 is the packaging of choice

The second item could be because many people believe that when the next version of ESX comes out, it won’t have a service console, and these users want to get a head start on the adjustment.

What we do not know from this type of adoption measurement is whether these are adoptions for use within production, enthusiasts, or testing within lab environments.

What we do know is that the increase in volume and the drop in ESX v3.5 forum posts is that vSphere is definitely gaining traction. This is not surprising, but what is to me is that ESXi 4 has a constant flow of posts while ESX 4 does not. This will shift the security model people employ to protect virtualization hosts as well.

Scheduling virtual CPUs

Recently someone asked me what VMware scheduling is, so I thought I would cover that in this blog post. Scheduling, or virtual CPU scheduling, happens behind the scenes and is not a very visible component of virtualization, but is absolutely critical for virtualization to work properly. You should have at least a basic understanding of how it works so you understand how it impacts virtual machine (VM) performance and what to look for when troubleshooting malfunctions.

Scheduling 101

The scheduler is a component of the VMkernel that schedules requests for the virtual CPUs assigned to virtual machines to the physical CPUs of the host server. Whenever a virtual machine (VM) uses its virtual CPU, the VMkernel has to find a free physical CPU (or core) for the VM to use. On a typical host server, the number of virtual CPUs usually outnumbers the number of physical CPUs, so the VMs are all competing to use the limited number of physical CPUs that the host has. The scheduler’s job is to find CPU time for all the VMs that are requesting it and to do it in a balanced way, so performance for any one VM does not suffer. This is not always an easy task, especially when VMs are assigned multiple virtual CPUs (virtual symmetric multiprocessing, or vSMP) as this further complicates the scheduling.

Continued »

The key to successfully virtualized Domino servers

Although there are several tech notes that suggest otherwise, most Lotus Domino workloads can be successfully virtualized. I thought I’d review some of the tech notes as they seem to be discouraging people from virtualizing Domino servers. Both of the notes I’ll review blame the virtualization layer as the cause of poor performance, but as Domino servers are resource intensive, the issue could very well have been improper architecture or the versions of Domino and vSphere. If you do virtualize Domino, make sure that the underlying architecture is sufficient and make sure to have the latest versions of Domino and vSphere, as the latest versions provide I/O and performance enhancements.

The first tech note, High CPU usage by router and poor performance of Domino under VMware, is about two years old. Here’s a summary of the problem, cause and solution. Continued »

Should you upgrade to VMware vSphere 4?

Since I am an independent consultant and VMware Communities Guru, I have recently been asked many questions about whether or not to upgrade to VMware vSphere 4. My answers depends on the following items:

• The hardware involved. VMware vSphere has certain hardware requriements, if your target hosts do not support these minimal requirements, then they are not good candidates for running VMware vSphere. The basic requirements are:

- 64 Bit CPU support. This does mean that some EMT64 machines will work. However they may not be on the VMware Hardware Compatibility Guides.

- Intel-VT or AMD-V support. This pretty much goes without saying; it is impossible to use VMware vSphere if these features are not enabled within the BIOS.

- No eXecute (NX) or eXecute Disable (XD) support within the BIOS. In some cases you are required to enable this bit to allow VMware vSphere to run.

• Continued »