July 2008

My colleague and friend, Aaron Delp, recently published a post titled Hyper-V for the ESX Engineer. It’s a good post, and provides a good overview of Hyper-V for someone who might already be familiar with VMware Infrastructure 3 (VI3). With sincere apologies to Aaron for plagiarizing his title, I thought I might add a few thoughts, comments, or clarifications to his post.

• Aaron mentions that Hyper-V is paravirtualized. Well, sort of. Hyper-V does support a paravirtualization interface (Hypercall, I believe?) for guest operating systems (i.e., Linux) that support it. In addition, future Windows guests will be “enlightened” as well. The confusing part about this is the fact that Microsoft (and Citrix, too) use the term “paravirtualization” to refer to the use of paravirtualized drivers instead of referring to the guest OS itself. Paravirtualized drivers are really nothing more than virtualization-optimized drivers, and it’s possible to use paravirtualized drivers even when the guest OS has no idea it’s being virtualized. In my mind, that’s not the same as “true” paravirtualization. Note that VMware ESX supports VMI, another paravirtualization interface, for guests (i.e., Ubuntu Linux) that support it. Also keep in mind that every major virtualization vendor offers optimized/paravirtualized drivers, including VMware, Microsoft, Citrix, Virtual Iron, and Novell.
• You’ll also see the base Windows Server 2008 (or Server Core) installation referred to as the “Parent Partition.” All I/O travels through this installation. Whereas ESX uses a direct I/O model (drivers embedded in the virtualization engine), Hyper-V uses indirect I/O (drivers residing in the parent partition). Each side thinks their approach is the best, of course.
• Aaron makes some comparisons between Quick Migration and VMotion, which is understandable but not entirely appropriate. Quick Migration is not live migration, but is really more comparable to VMware HA. Quick Migration has some advantages over VMware HA (can be configured on a per-VM basis), but also has some disadvantages (requires a dedicated LUN for each VM for which Quick Migration is enabled). I’ve discussed Quick Migration vs. Live Migration before.
• Aaron briefly mentions SCVMM and expresses some doubt regarding using SCVMM 2008 (currently in beta, due to be released Q4) to manage VI3. It’s certainly possible, and it does require VirtualCenter in order to work. Whether it’s the home run that Microsoft hopes it will be is another story.

Thanks to Aaron for providing a good overview of Hyper-V. For more information, I’ll refer readers to some of my Hyper-V and SCVMM session liveblogs from Tech-Ed back in June:

VIR367: Hyper-V Security and Best Practices
A Discussion with Jeff Woolsey
VIR253: Microsoft System Center VMM 2008, Part 1 of 2
VIR360: Microsoft System Center VMM 2008, Part 2 of 2
VIR250: Advanced Storage Connectivity for VMs
VIR358: Hyper-V Architecture, Scenarios, and Networking
VIR350: System Center VMM Advanced Integration

For even more resources, readers can also use the HyperV tag to browse the site for all articles tagged for Hyper-V.

Oh, and if you don’t have Aaron’s RSS feed in your RSS reader, you’re missing out. He’s producing some really great stuff that you need to be reading. Go subscribe now!

A whole lot has been buzzing around in the virtualization space over the last week or so, a lot of it as a result of the release of VMware Infrastructure 3 version 3.5 Update 2 (what a mouthful!). Anyway, here are some links I found interesting or about which I wanted to comment.

• I found an article discussing the use of NetApp FlexClones and deduplication along with VMware Infrastructure for virtualization. The author of the blog post does a good job of pointing out some of the reasons why one would want to use FlexClones vs. deduplication in various scenarios, but doesn’t go far enough (in my opinion) in helping readers understand that using FlexClones isn’t exactly the “walk in the park” that NetApp makes them out to be. I’ve discussed the use of FlexClones extensively here; just take a look at how to provision VMs using FlexClones, part 1 and part 2 of advantages/disadvantages of FlexClones with VMware, and LUN clones vs. FlexClones. FlexClones can be useful, but deduplication is far more useful, in my opinion, simply because it doesn’t require any configuration at the virtualization layer.
• Paul Shannon at VM-Aware has a PDF on how to hot extend virtual disks with Update 2. I personally had a problem reading the PDF; the pictures were there but there was no text. Even so, the pictures were helpful in understanding the process. As expected, this functionality does not address Windows-specific issues, like extending partitions on the newly expanded virtual disk.
• It looks like VirtualCenter 2.5 Update 2 introduces a case-sensitivity bug. Duncan and Rick pick up on this problem; Duncan’s post is here and Rick’s post is here. The key, apparently, is to make sure your hostnames are lowercase everywhere. That’s kind of a habit I developed years ago, so I think I’m covered, but it’s useful to know nevertheless.
• Is VMotion a bad idea? That’s the question posed here by Kevin Fogarty. I can see the crux of the argument against it; why expose yourself to “unknown risks”? The real question here, though, is this: what is the risk of performing a VMotion? The author of the article seems to imply that an application might crash as a result of a live migration. Personally, I have never had an application crash as the result of a VMotion operation. I’ve done VMotion operations with file servers, streaming media servers, web servers, terminal servers, X11 sessions, Telnet and SSH sessions, and just about anything else I can think of. I have yet to even drop a session, much less have an application crash. Is the possibility there? Sure, I suppose. But as IT professionals we have to plan and design according to our experience, and in my experience VMotion is not an “unknown risk.” Of course, there are many environments in which I’ve not tested VMotion, so I’ll toss this back to the readers: have you ever seen an application crash as a result of VMotion? Would you consider VMotion an “unknown risk”?
• Duncan, sharp-eyed individual that he is, caught that as of Update 2 the default isolation response is now set to “Leave powered on”. In addition, Update 2 introduces “Shutdown VM,” which initiates an orderly shutdown of the guest in reaction to host isolation. Good catch, Duncan!
• It’s been a couple of weeks, but Christofer Hoff weighed in on some criticisms of the CIS benchmark for VMware ESX. While Edward’s comments are valid, so are Hoff’s; benchmarks have to be taken for what they are—they are guidelines, nothing more, and can only be so useful as such. Were this an application that purported to make your servers secure, then the criticisms would be much more valid. Security is more like a trip rather than a destination, and these guidelines are just another landmark along the way. (Hey, that was pretty good.)
• Duncan’s been on a bit of a roll, with this post on using the VMware Converter plugin to schedule P2V conversions as a means of backup and this one pointing out a PDF on how to install ESXi 3.5 Update 2 on a USB key.

I guess that’s about it for this week. Thanks for reading!

The best (in my humble opinion) option for virtualization on Mac OS X, VMware Fusion, now has Beta 2 of Fusion 2.0 available for download. You can read VMware’s announcement of the new beta as well as read about new features online from VMware’s web site.

Because this is a beta, I’m not really permitted to provide a review per se of the product, but I can tell you that I am impressed with Fusion’s development and I’m particularly glad to see the Fusion team adding more “power user” features, like a command-line interface, and multiple snapshots. Also impressive is the continued host-guest integration such as improvements to Unity, improved 3D and HD video support, and QuickLook integration. Again, this is just further proof of the coming age of application agnosticism.

I ran across this handy white paper about OpenSSH on Linux using Kerberos authentication with Windows and Active Directory. There’s not a whole lot in there that isn’t also covered in my Active Directory integration notes, but it is useful information nevertheless.

VMware has released Update 2 for VMware Infrastructure 3 version 3.5, which includes updates to VMware ESX, VMware ESXi, VirtualCenter, and VMware Consolidated Backup (VCB). Check the Release Notes for the full details; I won’t reproduce them here, but instead I’ll just point out the particularly interesting details.

Also reporting this information (at the time of this writing) are David from VMblog.com, Rich from VM /ETC, and Duncan at Yellow Bricks. Rich’s post also highlights in red the features that he finds most significant.

Some of the features and/or functionality added in Update 2 that I find most notable include:

• The biggest, in my mind, is VSS quiescing support. This allows VMware snapshots to leverage VSS for more consistent snapshots. Microsoft had been using the lack of VSS support as a key argument against VMware; this tackles that issue head-on. Also surf over to Duncan’s site and see his post about enabling VSS snapshot support in VMware Tools.
• Users can now hot extend a virtual disk (extend a virtual disk while the VM is running).
• Users can clone a virtual machine while it is up and running (live cloning). There is now no need to shut down a VM in order to clone it. I suspect this functionality will have some very interesting repercussions from an operational perspective, and may serve as the basis for future functionality as well.
• VMware now officially introduces Enhanced VMotion Compatibility (EVC), which leverages Intel FlexMigration and AMD-V Extended Migration support. This functionality automatically configures CPUs within a cluster to be VMotion-compatible and won’t allow you to add hosts to a cluster that can’t be configured via EVC to be compatible.

This doesn’t even touch on any of the other numerous features that are supported. Again, go check the Release Notes or one of the linked blogs above for complete details.

The introduction of new features that reduce service interruption—namely, hot extending virtual disks and live VM cloning—is exactly the move that VMware needs to take to further differentiate their virtualization solution from competitors’ solutions. I’ve stated time and time again that innovation in the virtualization space will continue to set VMware apart from the competition.

There’s been a lot of coverage about VMware’s announcement that VMware ESXi would be free starting Monday, July 28, 2008. More than a couple of people asked me why I haven’t said anything about it yet, and to be honest it was because I was waiting until I could offer something more than just “Hey, ESXi will be free!”

I’m still not so sure that I have anything valuable to add beyond what has already been discussed extensively elsewhere on the Internet, but I thought I would at least weigh in on the subject.

First, I’m not surprised. Informal discussions I’d had with various VMware resources had hinted that this was on the way; besides, it’s the natural response to a major competitor who is, for all intents and purposes, releasing their product for free. So this move isn’t surprising in the least.

Second, I would be surprised if this was only Maritz’ doing. I suspect that Diane Greene had this plan in the works for months before her sudden departure. Seems like I saw mention somewhere of a confirmation of this, but I can’t find it now. If anyone knows of such a confirmation, I’d appreciate a link in the comments.

Third, you have to remember that VMware is only releasing ESXi for free. They’re not releasing VirtualCenter for free. You’ll still need VirtualCenter and VI3 Enterprise licenses in order to do stuff like VMotion, Storage VMotion, VMware DRS, VMware HA, VMware DPM, etc. Just like Microsoft, whose System Center Virtual Machine Manager and the rest of the System Center suite will be “paid-for” products, VMware will continue to charge for VirtualCenter. However, keep in mind that the APIs that VirtualCenter uses are widely available, so there’s nothing stopping anyone from writing their own free (perhaps open source?) replacement for VirtualCenter. Somehow, I can’t see that happening with SCVMM or any of the other members of the System Center suite.

This move makes ESXi the “gateway drug” (pardon the comparison) to full-blown VMware Infrastructure. Get the light stuff for free and get you hooked, then charge you for the heavy stuff. It’s a tried-and-true practice that almost every software vendor out there uses. In my opinion, the arrival of this model to the virtualization market is merely another indicator of the market’s maturity. This move will begin to shake out the virtualization wannabes who don’t have the strength or stamina to duke it out with the bigger players.

Welcome to another installation of Virtualization Short Takes!

• For you Quicksilver lovers out there that also run VMware Fusion, here’s a handy trick to allow you to launch Windows apps to run under Fusion via Quicksilver.
• Duncan of Yellow Bricks points out this VMware Communities Forums thread discussing how to determine which host has a lock on a LUN. This thread also makes brief mention of the new VMFS version, version 3.31, that was released with ESX 3.5, which does a better job of handling SCSI reservations than previous versions. Good find, Duncan!
• Speaking of the new VMFS version, a summary of the information shared in the VMware Communities Forums threads can be found here.
• While we are on a bit of a storage kick, VMware has launched a new VMware Storage blog, and one of the early posts deals with VMFS. The post primarily attacks the notion of VMFS as a “proprietary” file system (which it is) by describing the advantages that VMFS provides. I’m hoping that the new storage blog will get more technical than marketing in the future, but the information is useful nevertheless.
• This link falls more into the “ironic” category than anything else. Do you suppose he got into trouble with Citrix for blogging about how to use a competitor’s product to test ICA performance?
• John Howard gives us an in-depth look at Hyper-V’s handling of virtual NICs in this article. This is particularly important for users who are interested in cloning VMs hosted on Hyper-V; I would assume that SCVMM 2008 will handle this correctly.
• This news emerged several weeks ago via VMblog.com. It’s good to see Leostream getting some recognition; their broker is actually quite good in many respects.
• Sven over at Virtualfuture.info recently blogged about XenServer’s HA functionality and how Marathon’s EverRun products play into that functionality. I actually had a conference call with the folks from Marathon several months ago about EverRun, but never got around to blogging about it. I do like the fact that you can control HA functionality on a per-VM basis, whereas VMware HA is applied to all VMs. (Well, I suppose you could disable HA for the VMs that you don’t want restarted, but it’s not quite the same.) I do agree with both Sven and PeterB’s comments regarding “Continuous Availability”; the sooner that VMware gets this functionality out the door, the more of a leg up they’ll have on the competition.
• As has been reported elsewhere as well, Reflex Security has released the Reflex Virtual Security Center (VSC). The full press release is here. Based on what I’ve read thus far, it appears that the idea behind the VSC is to combine the information from multiple instances of their Virtual Security Appliance (VSA) so that users get the “full view” of what’s occurring across the virtual infrastructure. In this regard, it is remarkably similar to Altor Networks’ Virtual Network Security Analyzer (VNSA), which is also designed to provide visibility across the entire virtual infrastructure.

As always, feel free to share other interesting links and news in the comments below. Thank you!

A colleague at work just turned me on to the news that Brocade will be buying Foundry for $3 billion. This sets the stage for Brocade to compete even more directly with Cisco, not only in storage networking but now also in Ethernet networking.

Thanks for the heads-up, Greg!

Here’s the latest installation of Virtualization Short Takes, my occasionally-weekly view on various virtualization news, reviews, and other happenings. Hopefully I can share something interesting with you!

• Via VMblog.com, I saw that Transitive Corporation is supporting the use of QuickTransit within Hyper-V virtual machines. This is interesting because it extends the ability of Hyper-V to help customers consolidate applications. QuickTransit, in case you aren’t aware, allows applications written for Solaris/SPARC environments to run in Linux/x86 environments. It was also the technology behind Apple’s Rosetta, which allowed Mac users to run PowerPC apps on Intel Macs. Does anyone know if QuickTransit is supported within VMware VMs, or is this specific to Hyper-V?
• This one was quite interesting to me. Question #2 is particularly applicable: why is a reboot required, anyway? (Yes, yes, I know—there is a workaround that does not require a reboot. It’s the principle of the matter.)
• Via various sources on the Internet, I learned about the release of ESX Manager. This looks like quite an interesting tool, although I have not yet had the opportunity to install or try it yet. Anyone out there tried this and have some feedback for us?
• Every now and then, something comes up about Citrix XenServer and Xen and it makes me wonder about the relationship between Citrix and the open source Xen community. The latest thing is what appears to be an offhand comment by Simon Crosby of Citrix where he says, “Because we own the hypervisor, we can do much more integration and development around it” (read it in context here). What does that mean? What does “ownership” of the Xen hypervisor mean? And if the Xen hypervisor is licensed under an open source license (GNU GPL v2, according to this page), how can Citrix make proprietary extensions to the hypervisor without being forced to release those extensions back to the community? I guess I just don’t understand the relationship there and how it works. This is where the murky waters of a commercial entity “owning” an open source project come into play, in my mind.
• I ran across this very useful tip for creating a vSwitch with a specific number of ports. It looks like Dwight Hubbard, the maintainer of the site, also has some other interesting posts. Might be worth adding his feed to your RSS reader.
• Nick Triantos discusses NetApp’s Site Recovery Adapter (SRA) and its role with VMware Site Recovery Manager (SRM). Anyone have any links to similar discussions of the SRAs for other storage vendors?
• John Howard provides a great breakdown of how Hyper-V generates dynamic MAC addresses and how Hyper-V attempts to protect against MAC collisions in some circumstances.
• The VI3 Security Hardening Guide has been updated, which is good because some people felt it just didn’t go far enough.
• VMware re-iterated their stance on being storage protocol agnostic, and in the article included a very useful table that summarizes the various products and technologies and which are supported with which storage protocols. While the rest of the post is helpful, that summary of supported features is probably the most helpful.
• Interesting in trying out Hyper-V, but don’t have shared storage? Take a look at this blog post. I think you’ll find it helpful.

I’m always on the lookout for other interesting or useful virtualization news, tips, and tricks, so feel free to share with me and other readers in the comments.

I stumbled across this post by Duncan over at Yellow Bricks about his inclusion in a recent Top 10 list by Eric Siebert over at VMware-land. The new Top 10 list is “Top 10 blogs that VMware administrators must read.” This list is a regular “Who’s Who” list of well-known bloggers like Mike Laverick, Eric Sloof, Christofer Hoff, and others. Lo and behold, I find out that I’m on the list as well! And at #2, no less!

Thanks to all my readers and to everyone who has helped me along the way. It’s been a tremendous pleasure writing this blog and I’m looking forward to many more posts in the future!