Here’s one that slipped through the cracks last week: Dell has signed on to resell Virtual Iron, following in the footsteps of Hewlett-Packard and IBM. Virtual Iron’s new CEO, Ed Walsh, has been beating the channel drum, so this should come as no surprise.
In a far-reaching tip, contributor Anne Skamarock opines on how to avoid virtual sprawl. Hint: It involves doing a proper inventory of your environment before undertaking consolidation.
If backup is your bag, Burton Group analyst Chris Wolf has the lowdown on issues affecting VM backup: CPU, disk I/O and network I/O bottlenecks, and he offers an overview of where backup options like image-level backups; VMware Consolidated Backup, or VCB; file-level backups; and continuous data protection fit into the data protection continuum.
A while back I reported on what was a sticky issue for many people: VMware Server 1.0.4 did not work with the latest Linux kernel (2.6.23+) because the VMware Server memory module used the dumpable bit which had been removed in 2.6.23+ in favor of the GPL v3 exported set_dumpable and get_dumpable functions. Because the VMware Server memory module is not GPL v3 compliant (it does not use the MODULE_LICENSE macro to declare itself such), either a kernel recompilation was required in order to redact the GPL v3 changes to the set and get dumpable functions or a vmmon module recompilation was required in order to lie about its license type. Unlike the writer’s strike, a compromise has been reached.
The Linux Kernel development team has not removed set and get dumpable’s GPL v3 requirements and VMware has not made the vmmon memory module GPL v3 compliant (which in turn would require VMware Server to be licensed under GPL v3). VMware did not even future proof themselves by creating a Kernel module shim licensed with LGPL. VMware simply access the dumpable bit directly with set_bit and clear_bit now. Lines 1663 of the vmmon source file driver.c begins with:
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 23) || defined(MMF_DUMPABLE)
/* Dump core, readable by user. */
While some may hail this change as a good thing, I do not. What happens next time when there is no work-a-round? Both VMware and the Linux Kernel Development team have a chance to showcase that closed-source and open-source can work together. That closed-source companies are open to listening to the reasons for things like GPL v3. And proponents of GPL v3 have an opportunity to show that they are not just zealots whose blind actions damage the usefulness of their software to end users.
I think it is great that VMware listened (whether or not it was to me) and fixed this issue. I just wish that the opportunity for two communities to come together could have been embraced instead of side-stepped.
Until next time.
They say the best laid plans of mice and men rarely succeed. It is clear to me then that some of the development team that VMware has working on Server must be what Mulder and Scully were searching for — not the truth, the other thing, human/alien, (wait, scratch that,) human/mouse hybrids. I figure if a double-negative makes a positive and Mars is in the orbit of Venus, then a human/mouse hybrid probably succeeds a little more than it fails. And that is my poetic, round-a-bout way of saying that at first blush, VMware Server 2.0 hits the mark more than it misses.It is nice that VMware Server 2.0’s installer attempts to uninstall VMware Server 1.0.x for you, except that 1.0.x’s uninstaller is famous for not working! It does not like to shut down VMs in a timely manner. I tried to manually shutdown the daemon, but the vmnet1 NIC arrived in some type of hung state. A reboot was eventually necessary as countless console messages prevented me from accessing the server even from the console. I know this is not indicative of a 2.0 problem, but it sure soured me to upgrading right off the bat.
However, once I finally resolved that issue, 2.0 installed like a champ! No problems at all. That is more than I can say for previous versions of VMware Server. VMware even bypassed the nasty problem on non-GPL3 compliance by not using the GPL3-ified version of set_dumpable in their vmmon memory module. Instead they call the set_bit function directly:
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 23) || defined(MMF_DUMPABLE)
/* Dump core, readable by user. */
It’s nice to see that someone listened to me (I’ll pretend someone did — most likely VMware just saw that this was a problem and fixed it — good on them!)
So far so good, VMware Server 2.0 installed great. But then it comes time to manage it. The very first thing I do is open a Web browser and point it to the Tomcat instance being used by Server 2.0. However, it does not ever authenticate me. I get a funky malformed URL error. That’s like, totally bogus, dude. I mean, cryptic error messages? Who does VMware think they are? Every other software developer in the world? VMware — we hold you to higher standards — better error messages please.
Luckily, Server 2.0 is manageable by the VirtualCenter client, which I happen to have. Unfortunately the Server 2.0 Website does not make that an available download for users without said client. 🙁 . I started up the VI client and tried to connect to my Server 2.0 instance until I realized that the VI client is subject to the same issues connecting to Server 2.0 as it is with ESX — it does not accept pass phrases. My pass phrase is over 70 characters long and the VI client rejects it. Or it is using the trim function (if you know what it does you know I gave something away, otherwise, LOOK, a rainbow!). I ssh into my Linux box and change my password to something less secure and then attempt another VC connection and this time it works.
The VirtualCenter client is a great way to manage VMware Server. The VirtualCenter client is a terrible way to manage VMware Server. I am sensing some dichotomy here. I am glad we (do not) agree! While the VI client is a great improvement over the MUI (we finally get meaningful statistics!), it would have been nice to get a client version that did not constantly throw .NET errors about objects not initialized or null this and weak reference that just because VMware Server 2.0 does not fully implement everything that ESX does. That is annoyance number one. Oh, click “Continue” instead of “Quit” or watch the VI client close on you!
That brings me to annoyance number two, and this one is far worse. There is no intuitive way to add existing VMs into VMware Server 2.0! You have to double-click on a configured data store in order to explore its contents, navigate to the VM’s vmx file, and then click “Add to Inventory.” However, if you right-click on the data store you get an error. If you look for an “Explore data store” option you will not find one. There should be a “Search this server for VMs to import” option. At the very least, when the installer asks you where to store VMs (from which it creates the first data store), it should ask if you wish to import existing VMs.
Overall I am happy with VMware Server 2.0. It seems much faster and you can finally create more administrative users than just “root”. However, there is much spit and polish needed before VMware Server 2.0 is ready. Most of that focus needs to be on what VMware already knows — its management. The VIX API and increasingly integrated Virtual Infrastructure client functionality are a good first step, but VMware Server 2.0 is not there yet.
With two clear players emerging in the premier virtualization space, VMware’s ESX Server platform and the Citrix XenServer, every serious virtualization shop needs to evaluate XenServer for fair comparison. Why? Well, right now ESX is the top product in the popular opinion, but after attending a summary of the recent Citrix iForum it became clear that XenServer will pose a significant challenge in all areas to the VMware offering as the resources of Citrix are integrated to the XenServer platform as the products mature. Just to be fair, VMware is constantly working to improve their offerings as well.
Following in the Footsteps of Free Software
Just as Microsoft and VMware released virtualization products as free pieces, XenServer Express Edition is available to use as a free download. The full enterprise management pieces are not available on the free download (as is the case with VMware Server vs. ESX), but this is a great way to get started with being familiar with the XenServer platform. This is critically important as virtualization in the x86 world is relatively young in the data center, so in my opinion there will be many arrivals quickly onto the scene and I do not want to entrap myself into one product without full knowledge of the other offerings.
Explore Additional Management
In part of your evaluation, it may be a good idea to determine the differences from the management side between VMware ESX and Citrix XenServer Enterprise edition. There are some differences, and as the next release of XenServer that has had the Citrix touch on the whole build, there should be some exciting new features that will surely give VMware a challenge for the best enterprise virtualization product. Regardless, we all win, as a better suite of products will be made available to the enterprise.
Two weeks ago, I wrote an article about VMware ACE virtual desktop alternatives Kidaro and vThere. Michael Brennan, a SearchServerVirtualization.com reader and a principal at the 17-year-old Barrington, Ill.-based consulting company Advanced Logic Corp., wrote in with an interesting point of view:
I find it puzzling that the industry is now considering client-side virtualization at all. It will doubtlessly add to the total cost of ownership of the most expensive computing devices in the environment and poses a security risk for the data in the virtual machines (VMs). (Unless you truly believe that the security of a VM can’t or won’t be an issue.)
It also adds a layer of complexity to the user experience that has already been eliminated by the secure deployment of applications and information on corporate portals.
While the client-side virtual desktops could provide application delivery, how will you reconcile the data component on a desktop image?
If you are using only virtual desktops to deliver applications, I would offer that there are several tried-and-true mechanisms for doing that today.
Even virtual desktops running on servers, like VMware Virtual Desktop Infrastructure and Citrix’s XenSource products are essentially trying to reinvent thin client computing with a small twist: by letting the user customize his or her desktop. Using Citrix published applications on PCs rather than Microsoft’s Terminal Services or Citrix’s published desktop, you can achieve the same result. On the client side, you still need the same device for virtual desktops, either a PC or a thin-client device.
(The cost differential between these device types has nearly vanished.)
For mobile computing devices, without technology in place that prevents users from copying corporate data to it in the first place, the whole security enhancement allegedly provided by desktop virtualization is negated.
The issue of lost mobile devices is another serious problem. It can be best handled by existing technologies that automatically disable the device if it doesn’t “phone home” within a configurable time.
The key for our clients: provide appropriate access to corporate applications and data securely and cost-effectively while being sensitive to where the client is and what device he or she is coming in on.
We can deliver on that need cost effectively without client-side virtualization.
Server virtualization blog readers of the world: What are your thoughts? Are client-side virtualized desktops necessary, or did the previously existing technologies serve the needs remote workers well enough?
Are you looking at client-side virtual desktops in your company? What technologies are you looking at (VMware ACE, Kidaro, vThere)?
Just a few days after my last post about Virtual Iron and their wheeling-and-dealing, they sign an OEM agreement with Dell. This little train is starting to sound more and more like a serious contender to the Triad of Virtualization – VMware, Microsoft, and Citrix, with their bargain-basement prices attracting the big OEM deals from the Triad of Server Hardware – IBM, Dell, and HP. Perhaps I’m wrong about them playing in the small sandbox for a while to come – I really expect to see a big bump in their sales numbers, maybe even an IPO someday. While their CEO says they have no intention of direct competition in the Fortune 500 space, the SME space is wide open. Taking on that small-to-midsize enterprise market can mean big bucks, just as much, if not more, thant the F500 if they can get enough market share. The way to do it – OEM deals. Putting their prices in their with VMware’s prices on a web-based server configuration tool is sure to make any manager pause and think.
For most shops, VMware Inc.’s Virtual Infrastructure is plenty scalable — but not for all. Managed service provider Mosso expects to outgrow VirtualCenter within the year, so the company is evaluating the alternatives. It will probably choose something based on Xen. As virtualization matures, I suspect we’ll hear a lot more about the problems plaguing truly large VMware deployments.
In most virtual environments, all the virtual machines on a box share hardware devices, but what if you want to isolate a PCI device to a specific virtual machine? This tip by Xen expert Sander van Vugt shows you how.
As reported in a number of other places, Virtual Iron has been making some great deals lately. They’ve picked up a new CEO, received a large sum (13m) in their most recent round of financing, and have been releasing products fast enough to keep the buzz going even though some (including me) have questioned their viability in light of the Xen/Citrix merger. While there’s no clear word on VI’s strategy for dealing with the merger’s consquences to the codebase, it’s clear that they’re doing the rigjht thing – focussing less on the merger and more on continuing their campaign against VMware. Namely, they’ve been forging ahead with their partnership with Platespin. This partnership has interesting benefits – for those few unhappy VMware customers who are happy with virtualization but not with VMware itself, it’s quite easy to make the change to Virtual Iron VMs using Platespin. It also lends VI an enterprise-credibility because of Platespin’s pervasiveness in the enterprise P2V / V2P / P2P / V2V market.
Then there’s always the price-war Virtual Iron started with VMware. Virtual Iron is not kidding when they say their prices are 20% of the cost of VMware’s VI3 Enterprise. Couple this to the fact that VMware still can’t manage to get the SKU out for their Mid-Sized Acceleration Kit, and Virtual Iron has a strong chance of remaining a serious (if small) competitor to VMware over the long term. In the end, this can only be good for the consumer in the smaller enterprises that Virtual Iron targets. With the backing of Intel, AMD, Platespin, and the of OEM alliances VI has made (HP and IBM offer Virtual Iron and VMware on their hardware), Virtual Iron is looking strong in the face of all comers – Citrix and VMware included.
What about Viridian? I’m waiting on that… given what I think of Virtual Server (nice toy), Vista (insert expletives here), and Server 2k8 (hyper-hype), I’m not any near convinced that Microsoft will put out a real hypervisor to compete with VMware or Xen. Truthfully, I’m more interested in what Phoenix is doing… but that’s for another blog. Time will tell.
Is VMware a better product? Yes, it’s far more mature, and has a much greater support based, it’s also not being limited the way Virtual Iron is by Xen’s requirement to have newer AMD or Intel virtualization-friendly CPUs to run Windows natively. I think real question is this – Is VMware a superior product? On that, I’d have to say no – the little Xengine That Could has caught up quickly, serves similar markets, and beats them on price.
How “three times less overhead” became “three times better performance” is beyond me; but whatever the case, the issue of database performance in a VM is hot again, with VMware bloggers firing back at Oracle’s superiority claims. But with Oracle’s clout in the enterprise, analysts seem to think that IT shops will take a good, hard look at the latest Xen variant.
If you’re testing Xen, we have a new tip for you on hardware drivers in a paravirtualized Xen environment, and the vagaries of dom0, domU, QEMU and the like. And the takeaway is this: Hardware-driver issues become quite complicated on a platform that supports both paravirtualized and fully virtualized drivers.
Meanwhile, over at SearchVMware.com, we learn that VMware’s brand of paravirtualization — paravirt-ops and the Virtual Machine Interface (VMI) — is wowing early adopters. By running paravirtualized Ubuntu on VMware Workstation, blogger Mark Mayo witnessed impressive performance gains compared with running it with VMI disabled.
Also, for those of you following the Microsoft Viridian — ahem, Hyper-V — developments, SearchWinIT news director Margie Semilof uncovers some inconsistencies in Microsoft’s claim that Hyper-V will be a “standalone” and “bare metal” hypervisor. “The reason for all the guessing,” she wrote, “is that Microsoft has offered an architectural picture of Hyper-V that runs on Windows certified hardware and drivers. Since that’s the case, ‘something like Server Core or PE must be inside.'” she quotes Nelson Ruest, a Microsoft MVP and principal at Resolutions Enterprise, a consulting firm in Victoria, B.C., as saying.
Chris Wolf and I were presenting Virtualization 101 in Seattle yesterday when something he said sparked an idea in my usually dormant brain. Okay, it’s not usually dormant, but Seattle is so cold I think half of my synapses aren’t firing! In the process of discussing virtual machines (VMs), Chris mentioned that each major virtualization solutions provider has registered itself with the Institute of Electrical and Electronics Engineers (IEEE) and received one or more Organizationally Unique Identifiers (OUIs). An OUI is 24-bit number that makes up the first half of all of the Media Access Control (MAC) addresses assigned by an organization to devices it produces. MAC addresses are most frequently associated with Ethernet adapters, so why are virtualization vendors registering with the IEEE to obtain OUIs?
Virtualization vendors also produce Ethernet adapters — virtual network interface cards (NICs). Most VMs would be rather useless if they could not access some sort of network, so virtualization vendors must create virtual NICs in order for the VMs to get on the big wide world of Webs. And since these virtual NICs have to participate on the network just as if they were physical, they must use MAC addresses. Because the first 24 bits of these MAC addresses, the OUI, is organization-specific, there is a real potential for network administrators to detect not only if a machine on the network is virtual by its MAC address, but also what type of virtual machine it is (what vendor’s software is hosting it). While best practices dictate that you do not change the MAC address of VMs, enterprise virtualization solutions do present this as an option, and, because of this, here is the scenario I see occurring.
One way to harden the Apache Web server is to use mod_security to alter the Web server’s signature. For example, you can fool clients into thinking that the Web server hosting their favorite videos is actually a Microsoft Internet Information Systems (IIS) 5.0 server instead of Apache 2.2. Administrators do this in order to fool attackers into attempting the wrong types of attack vectors. Even though best management practices dictate that administrators NOT alter their VMs’ MAC addresses, I forsee them doing so anyway in order to fool would-be hackers into attempting the incorrect attack vectors on VMs. For example, if a VM is hosted on ESX and its MAC address has an OUI registered by Microsoft, then a would-be attacker may try known Microsoft Virtual Server or Hyper-V exploits on the VM instead of ESX exploits.
Who knows? Twelve months from now altering a VM’s MAC address to be that of another vendor may be considered a best practice, but right now, with the already complex problem of managing virtual hardware, IT administrators are best served to leave their VM MAC addresses well enough alone.
Of course, that doesn’t stop the idea from being completely and utterly cool!
Hope this helps!