August 2008

You are currently browsing the monthly archive for August 2008.

Bluebear and Kodiak

Friday, August 29, 2008 in Virtualization by slowe | 5 comments

I guess I’m a little behind the times here, but a little company named Bluebear is in the process of developing a cutting-edge cross-hypervisor management tool named Kodiak.

Kodiak is in private beta right now, so we can’t test it ourselves to see what it looks like. Based on the screenshots available on the website, and through what I’ve seen in talking with one of the developers in the #vmware channel on IRC, it’s pretty awesome. And the best feature? It’s cross-platform! Written in Adobe AIR, it runs on Windows, Linux, and (my personal favorite) Mac OS X. In addition to being cross-platform, it’s also intended to be hypervisor-neutral, managing VMware, Xen, and Hyper-V. Only VMware support is present right now, but support for the others is coming.

If Kodiak ends up being as good as it looks like it will be, this will be awesome tool. As a VM admin, you’ll want to stay on top of the development of this tool.

Tags: , , , , ,

Virtualization Short Take #17

Thursday, August 28, 2008 in Virtualization by slowe | 5 comments

News, views, events, and commentary from around the virtualization world that struck my fancy over the past few weeks—that’s what you’ll find in Virtualization Short Take #17!

  • I stumbled across this series of podcasts on building a scalable virtual desktop deployment. It’s a four part series: Part 1, Part 2, Part 3, and Part 4. I’m still struggling with finding a way to incorporate podcasts into my day; I’m drinking from the firehose as it is. For those that do listen to podcasts, perhaps this series will prove helpful.
  • Apparently, the argument about VMware violating the GPL (I wrote about that here quite some time ago) has surfaced again. Gordon Haff promptly and rather cleanly squashes that concern. Well said, Gordon.
  • Tim Jacobs posts a great article on matching LUNs between ESX and the VCB proxy server. This is just one of several good posts by Tim; here’s another one on VSS snapshots with ESX 3.5 Update 2. This is a web site to watch.
  • Ben Armstrong reminds us that Hyper-V requires NTFS in order to work. Isn’t it time for FAT32 to go away?
  • Will VMware ESX/ESXi 3.5 Update 2 be the first hypervisor validated under the SVVP? Gabe posts some information on his site to that effect, indicating that VMware expects to announce validation before VMworld. That would be a strong competitive advantage, indeed.
  • VMware is also hitting hard with performance advantages and ties to hardware acceleration, as indicated by John Troyer’s post regarding VMDq, VMware Netqueue, and VMDirectPath (seen via VMblog.com). The coolest part about this stuff is that a lot of it is already available. We’re not waiting for a future version of VMware Infrastructure to take advantage of this stuff; instead, we’re waiting for the hardware. Now how’s that for a change!
  • Rich over at VM /ETC gives us a great breakdown on licensing Windows VMs for a non-Microsoft virtualization solution. He comes to the same conclusion some of my customers have already made: licensing Windows Server 2008 Datacenter Edition may make the most sense. Good job, Rich!
  • Duncan alerts us to a potential problem with HP Insight Manager agents on VMware ESX 3.5 Update 2. I share Duncan’s view; I try to avoid agents in the Service Console wherever possible. That’s why I was glad to see VMware add the Health Status functionality in Update 2, as this gives you some hardware monitoring functionality without any agents in the Service Console. I don’t know that I’ve quite arrived at the same place as Duncan; I like the Service Console. I guess that’s because I’m accustomed to it. In any case, if you’re running HP hardware with the IM agents, be on the lookout for this issue. Thanks for bringing this to everyone’s attention, Duncan!
  • Interested in keeping up with all the various goings-on at VMworld? David Davis turns us on to a few additional sources of information (as if we needed anything more!).

Also, I’m excited to announce that my blog has been selected for inclusion in a new blog aggregation site, VirtualizationFeed.com. Patrick over at Microsoft announced the new site yesterday via the Virtualization Team Blog with this post. I’m thrilled to be included and I hope to be able to continue to deliver quality information. Thanks for reading!

Tags: , , , , , , , , ,

First Look: Altor Networks VNSA

Tuesday, August 26, 2008 in Networking, Security, Virtualization by slowe | 6 comments

Altor Networks is one of several companies that has emerged from stealth mode over the last six months or so to pitch their products for virtualization security. Altor Networks’ product, the Virtual Network Security Analyzer, or VNSA, is their flagship product, but it’s important to understand what the VNSA is and what it attempts to do. This product isn’t intended to provide network security through enforcement or policy control, but instead is intended to enhance network security through visibility.

When organizations move large numbers of their servers into a virtualized environment, they often lose network visibility in that virtualized environment. This can, in theory, create a security problem because traffic between VMs can’t be monitored. One compromised VM could lead to another compromised VM, etc., because the traffic isn’t visible to existing security solutions.

<aside>Now, not being a security expert, I have to ask myself: is such a scenario really that likely? It seems to my uneducated mind far too likely that some sort of traffic would “leak” out onto the physical network and be detected there. Or am I just completely misinformed? Anyway, I digress…</aside>

The VNSA has a two-tier architecture:

  • Each ESX server hosting VMs whose traffic should be monitored must have an Altor Agent VM, a small virtual appliance that can monitor up to three separate vSwitches. (This limitation, by the way, is an ESX limitation; VMs are limited to four virtual NICs. Three NICs can be used for monitoring, and the fourth NIC is used for reporting and management.) The Altor Agent relies upon the use of a dedicated port group on each vSwitch that allows promiscuous mode and uses VLAN ID 4095. VLAN ID 4095 is the “special” number that tells ESX to pass traffic from all VLANs up to the guest VM.
  • The various Altor Agents report back to a central VM, known as the Altor Center. This is another virtual appliance that is designed to accept the information recorded and reported by the agents. Altor Center also integrates with VMware VirtualCenter to retrieve the list of virtual machines available on the various hosts.

Altor Center provides a web-based interface to view the information gathered and reported by the agents. There are a variety of different reports available, and Altor Center can show traffic patterns between groups of VMs. Users can drill down to see traffic patterns from a variety of perspectives.

While VNSA does a good job of providing network visibility, it does not provide network traffic enforcement functionality. You can’t knock the VNSA for failing to enforce security policies considering that it wasn’t intended to do so. Altor has publicly stated that future products will build upon the foundation established in the VNSA and those future products will provide security policy enforcement. This distinction is important because otherwise users may be inclined to compare virtual security solutions with different feature sets and different target purposes. Comparing the VNSA with a product that is essentially a firewall is not a valid comparison. As a user, if you are looking for a solution to provide visibility into the virtual network environment, VNSA is one solution. If you are seeking security policy enforcement, however, you will need to look elsewhere. VNSA was not intended to fill that need.

Tags: , , , , ,

New Blog to Add to Your Reader

Monday, August 25, 2008 in Storage, Virtualization by slowe | No comments

If you’re a fan of NetApp, this should be good news to you. Vaughn Stewart of NetApp has started his own blog, The Virtual Storage Guy. Vaughn’s a super-sharp guy who knows his stuff, and I’m hoping to see some really good material emerge on his site.

Tags: , , ,

More on my VMworld 2008 Schedule

Monday, August 25, 2008 in Virtualization by slowe | 3 comments

To make things a bit easier, I’ve created a Google Calendar for my VMworld 2008 schedule and activities. If you’re interested in meeting up with me at VMworld 2008, check this Google Calendar for available times and then contact me. I can’t hyperlink to the specific dates for the conference, so you’ll need to manually navigate to the week of September 15. I can’t promise that I’ll be able to meet with you, but I will certainly try.

Tags: , ,

vmSight in VDI Environments

Thursday, August 21, 2008 in Security, Virtualization by slowe | No comments

So I’ve been talking with some guys from vmSight recently in an effort to better understand their products and where their products fit into an overall solution. Just when I thought I had a handle on their feature set and how it can be used, yesterday they introduced User Activity Control for VDI.

User Activity Control for VDI changes the nature of vmSight’s solution. This shifts vmSight from a primarily passive solution, watching network traffic and using their Connector ID technology to intelligently calculate application response times and network latency, to a more active solution capable of blocking unauthorized network activity. In my mind, this now gives vmSight three key features that organizations with virtualized infrastructures may find useful:

  1. The ability to gather network traffic information and use that, along with the Connector ID technology, to calculate application response times and network latencies in order to establish or maintain service level agreements (SLAs)
  2. The ability, based on network activity, to identify VMs that are not actively being used so that those VMs can be reclaimed and resources used elsewhere, helping to reduce VM sprawl
  3. Active traffic blocking functionality to enforce security policies and prevent unauthorized traffic or access, new through User Activity Control for VDI

I haven’t yet had the chance to actually get my hands on the technology, but it looks pretty useful. It would be great to hear back from any actual vmSight users to get their feedback on the solution and how well it works for their organizations.

Tags: , , ,

OmniGraffle Just Keeps Getting Better

Thursday, August 21, 2008 in Macintosh by slowe | No comments

The Omni Group just announced that Beta 1 of OmniGraffle 5.1 is now available, and with it comes a huge feature for me: importing and displaying Enhanced Metafiles in Visio documents!

This is huge because the vast majority of Visio shapes are stored as Enhanced Metafile images, and before now those images would not convert correctly into an OmniGraffle document. That made transferring complex network diagrams—a big part of my day job—a real hassle. With this new support, things should be much smoother sailing now.

Great job, Omni Group! Keep up the good work.

Tags:

VMworld 2008 Spouse Activities Schedule

Wednesday, August 20, 2008 in Virtualization by slowe | 14 comments

For spouses traveling to Las Vegas with their VMworld-attending partners, my wife Crystal has volunteered to loosely organize some activities. After working on this for quite some time, here’s a rough schedule and some additional information.

Refer back to this earlier post about VMworld spouse activities for more information the Las Vegas PowerPass and the Las Vegas MealTicket. A number of people responded earlier that they were very interested in joining in group activities but needed to keep the costs down; we are in the same boat ourselves. The PowerPass and the MealTicket both look like good ways to help keep costs down but provide a wide range of activities. A fair amount of what has been planned revolves around purchasing a PowerPass, so keep that in mind.

For travel to these various activities, Crystal had planned on either walking or leveraging the monorail that runs along the Strip. A 3 day pass for the monorail is $40, and will provide transportation from Harrah’s (practically right next door to The Venetian) all the way to the MGM Grand. Be sure to wear comfortable clothes and walking shoes.

Please note that these times and activities are subject to change, so check back here often for updates.

Pre-VMworld Activities

There are no formal planned activities before the start of VMworld 2008. However, Crystal is available for informal gatherings on Sunday and Monday. I’ll be in the Partner Technical Advisory Board meeting on Sunday, and taking labs (and possibly attending Partner Day) on Monday. That leaves Crystal available for any informal gatherings, like shopping or sightseeing. If you’re interested in meeting up with Crystal prior to VMworld, speak up in the comments below.

Tuesday, September 16, 2008

Tuesday, the first day of VMworld 2008, marks the start of planned activities for spouses:

10:00 AM - Brunch and “Getting to Know You” meeting to be held at the San Gennaro Grill in The Venetian (on the casino level; buffet and coffee included in Las Vegas MealTicket)

Noon to 4:00 PM - Sightseeing at nearby hotels; to include the White Tiger exhibit at The Mirage (free), volcano eruption at The Mirage (free), and Siegfried and Roy’s Secret Garden at The Mirage ($15, or included in Las Vegas PowerPass); other points of interest may be included as well

4:00 PM - Popovich Comedy Pet Theater at Planet Hollywood Resort and Casino ($35 or included in Las Vegas PowerPass)

There’s currently some question as to whether Popovich’s actually has a show on Tuesday, so that activity may be replaced by some shopping at the Fashion Show Mall or other venue.

Wednesday, September 17, 2008

The only planned activity for Wednesday is a trip to the Hoover Dam and Grand Canyon West. Both of these activities are included in the Las Vegas PowerPass. If there is enough interest, everyone can chip in to rent a van. Otherwise, Crystal is leaving around 8:00 AM after eating breakfast at the San Gennaro Grill in The Venetian.

If you are interested in joining in on the Hoover Dam/Grand Canyon West trip, please let us know immediately, either by responding in the comments or by e-mailing Crystal.

There was some interest in a Cirque de Soleil show on Wednesday night, but the trip to Hoover/Grand Canyon may prevent that due to travel time and such. However, others are welcome to separately plan to attend on Wednesday night, since that’s when the VMworld party is being held. This is something that everyone can discuss at the initial breakfast gathering on Tuesday morning.

Thursday, September 18, 2008

On Thursday, the focus will be on sightseeing with some shopping thrown in. Here’s the rough breakdown of Thursday’s schedule:

10:00 AM - Breakfast at the San Gennaro Grill in the Venetian (buffet and coffee included in the Las Vegas MealTicket)

11:00 AM Until Whenever - Sightseeing at various hotels. Some activities are free, some are included in the Las Vegas PowerPass; suggested plan is to start near The Venetian and work down the Strip, stopping at Flamingo Las Vegas (wildlife exhibit), Paris Las Vegas (Eiffel Tower), New York New York (ride the roller coaster), and MGM Grand (lion habitat)

Of course, this schedule is mostly flexible, so everyone will be free to divert for shopping, pictures, etc., as the days progress.

Please express your interest or thoughts in the comments below. Some of you may already have Crystal’s e-mail address as you were included in e-mail discussions of some of the plans; feel free to e-mail her directly if you would like. All others are encouraged to add their information in the comments below, and check back here often for updates. Thanks!

Tags: , ,

Thinking on Microsoft’s Licensing Changes

Wednesday, August 20, 2008 in Microsoft, Virtualization by slowe | 2 comments

Much has transpired since yesterday, when I urged VMware to join the SVVP and get their software validated for full support by Microsoft. Since that time, it has come to light that VMware has joined the SVVP, although a formal announcement has not yet been made, and Microsoft has announced some significant licensing changes regarding virtualization. I’ve been reading the various announcements and analyses regarding this information and I thought it might be beneficial to try to pull all this together.

First, refer to Patrick O’Rourke’s blog entry, which does a great job of summarizing the need for application mobility licensing. Clearly, customers needed the ability to move applications freely between physical servers, and Microsoft themselves needed to allow customers to do this now that they have a more robust virtualization solution in place (Hyper-V and SCVMM 2008). While the licensing changes do benefit all virtualization vendors, it’s important to note that Microsoft needed these changes for themselves as well.

Patrick’s post also brings to light that while VMware has joined the SVVP, cooperative support is not yet in place. That won’t come until validation via SVVP is completed, which may take some time. The joining of SVVP was necessary, as it is merely one step toward a larger goal.

However, there’s more here than perhaps many people are realizing. Fortunately, there are a number of sites out there pointing out important caveats to the new licensing changes:

  • Rich at VM /ETC correctly points out that the new licensing does not apply to the Windows Server OS itself. So you are still going to have problems with VMware HA and VMware DRS automatically moving VMs from server to server unless you use Windows Server Datacenter Edition (see below).
  • Chris Wolf points out (both on his personal blog as well as the Data Center Strategies blog) that the lift on the 90-day license transfer does not apply to licenses purchased outside of a volume license agreement. Using OEM licenses? Then you’re out of luck; those licenses still fall under the old restrictions.
  • eWeek’s Joe Wilcox points out that because the Windows Server OS isn’t included in the 90-day license relief, some customers will simply license Windows Server Datacenter Edition for every CPU in their data center. Of course, the fact that you now get Hyper-V for free with Windows puts Microsoft…ahem, ahead of the game, shall we say? Read Joe’s full report here.

So, while Microsoft’s licensing changes are a good first step, there’s still more work to be done. Let’s applaud the changes, which were necessary, but let’s continue to press Microsoft to fix the issues that remain.

Tags: , , , , , , , ,

My VMworld 2008 Schedule

Tuesday, August 19, 2008 in Virtualization by slowe | 7 comments

For those that are interested, here’s my VMworld 2008 schedule as it currently stands:

Tuesday, September 16, 2008

9:30 AM to 10:30 AM - BC2621 - Fault Tolerant VMs in VMware Infrastructure: Operation and Best Practices
1:00 PM to 2:00 PM - TA2668 - VMware ESX Architectural Directions
2:30 PM to 3:30 PM - BC1693 - Architecting DR Solutions with VMware Site Recovery Manager
4:30 PM to 5:30 PM - PO1694 - Datacenter Migrations Using VMware Site Recovery Manager

Wednesday, September 17, 2008

11:00 AM to 12:00 PM - VD2422 - Offline VDI
1:30 PM to 2:30 PM - TA2659 - Managing ESX in a COS-less world
3:00 PM to 4:00 PM - TA2275 - Tech Preview: VMware Infrastructure Virtual Networking - Future Directions
4:00 PM to 5:00 PM - BC2215 - Top Tips for VMware Consolidated Backup

Thursday, September 18, 2008

11:00 AM to 12:00 PM - TA2441 - VMware Infrastructure 3.5 - Networking Concepts and Best Practices
1:00 PM to 2:00 PM - PO1644 - VMware Update Manager Performance, Best Practices
2:30 PM to 3:30 PM - PO2061 - VMware VirtualCenter 2.5 Database Best Practices
4:00 PM to 5:00 PM - BC2214 - Advanced HA Troubleshooting

As you can see, there are some gaps in the schedule. First, I’ve specifically blocked off time to go to the vendor pavilion and talk to some vendors about their products. This is something that I always say I’ll get around to doing, but never actually make it. This year I decided to fix that by scheduling time specifically for that. Second, I’m working with SearchVMware.com again this year on some stuff, so there’s time set aside for that. Finally, my boss has scheduled some meetings with various people while I’m there, so I had to set aside time for that as well.

If you’re interested in catching up with me this year, shoot me an e-mail and let me know. I’ll do my best to meet with you while I’m there. In addition, I’m getting in early before the conference and not leaving until the Friday afternoon, so I might be able to meet with someone outside the conference days themselves.

If you’re attending and have a session suggestion for me, feel free to shout out in the comments below. Thanks!

Tags: , ,

« Older entries