vSphere

You are currently browsing articles tagged vSphere.

Technology Short Take #33

Tuesday, June 4, 2013 in Networking, Security, Storage, Virtualization by slowe | 1 comment

Welcome to Technology Short Take #33, the latest in my irregularly-published series of articles discussing various data center technology-related links, articles, rants, thoughts, and questions. I hope that you find something useful here. Enjoy!

Networking

Tom Nolle asks the question, “Is virtualization reality even more elusive than virtual reality?” It’s a good read; the key thing that I took away from it was that SDN, NFV, and related efforts are great, but what we really need is something that can pull all these together in a way that customers (and providers) reap the benefits.
What happens when multiple VXLAN logical networks are mapped to the same multicast group? Venky explains it in this post. Venky also has a great write-up on how the VTEP (VXLAN Tunnel End Point) learns and creates the forwarding table.
This post by Ranga Maddipudi shows you how to use App Firewall in conjunction with VXLAN logical networks.
Jason Edelman is on a roll with a couple of great blog posts. First up, Jason goes off on a rant about network virtualization, briefly hitting topics like the relationship between overlays and hardware, the role of hardware in network virtualization, the changing roles of data center professionals, and whether overlays are the next logical step in the evolution of the network. I particularly enjoyed the snippet from the post by Bill Koss. Next, Jason dives a bit deeper on the relationship between network overlays and hardware, and shares his thoughts on where it does—and doesn’t—make sense to have hardware terminating overlay tunnels.
Another post by Tom Nolle explores the relationship—complicated at times—between SDN, NFV, and the cloud. Given that we define the cloud (sorry to steal your phrase, Joe) as elastic, pooled resources with self-service functionality and ubiquitous access, I can see where Tom states that to discuss SDN or NFV without discussing cloud is silly. On the flip side, though, I have to believe that it’s possible for organizations to make a gradual shift in their computing architectures and processes, so one almost has to discuss these various components individually, because to tie them all together makes it almost impossible. Thoughts?
If you haven’t already introduced yourself to VXLAN (one of several draft protocols used as an overlay protocol), Cisco Inferno has a reasonable write-up.
I know Steve Jin, and he’s a really smart guy. I must disagree with some of his statements regarding what software-defined networking is and is not and where it fits, written back in April. I talked before about the difference between network virtualization and SDN, so no need to mention that again. Also, the two key flaws that Steve identifies—single point of failure and scalability—aren’t flaws with SDN/network virtualization, but rather flaws in an implementation of said technologies, IMHO.

Servers/Hardware

Correction from the last Technology Short Take—I incorrectly stated that the HP Moonshot offerings were ARM-based, and therefore wouldn’t support vSphere. I was wrong. The servers (right now, at least) are running Intel Atom S1260 CPUs, which are x86-based and do offer features like Intel VT-x. Thanks to all who pointed this out, and my apologies for the error!
I missed this on the #vBrownBag series: designing HP Virtual Connect for vSphere 5.x.

Security

Via Forbes Guthrie on Twitter, I saw this post on how to setup a CA on Linux and use it in a Windows environment.
Ranga also has a nice write-up (via Trevor Gerdes) on using the SSL VPN functionality in vCNS Edge.
“Best practices” for vCNS 5.1 App Firewall? For shame…didn’t anyone tell them the correct term is recommended practices? (I’m kidding, of course—the content is well worth reading.)

Cloud Computing/Cloud Management

Hyper-V as hypervisor with OpenStack Compute? Sure, see here.
Cody Bunch, who has been focusing quite a bit on OpenStack recently, has a nice write-up on using Razor and Chef to automate an OpenStack build. Part 1 is here; part 2 is here. Good stuff—keep it up, Cody!
I’ve mentioned in some of my OpenStack presentations (see SpeakerDeck or Slideshare) that a great place to start if you’re just getting started is DevStack. Here, Brent Salisbury has a nice write-up on using DevStack to install OpenStack Grizzly.

Operating Systems/Applications

Boxen, a tool created by GitHub to manage their OS X Mountain Lion laptops for developers, looks interesting. Might be a useful tool for other environments, too.
If you use TextMate2 (I switched to BBEdit a little while ago after being a long-time TextMate user), you might enjoy this quick post by Colin McNamara on Puppet syntax highlighting using TextMate2.

Storage

Anyone have more information on Jeda Networks? They’ve been mentioned a couple of times on GigaOm (here and here), but I haven’t seen anything concrete yet. Hey, Stephen Foskett, if you’re reading: get Jeda Networks to the next Tech Field Day.
Tim Patterson shares some code from Luc Dekens that helps check VMFS version and block sizes using PowerCLI. This could come in quite handy in making sure you know how your datastores are configured, especially if you are in the midst of a migration or have inherited an environment from someone else.

Virtualization

Interested in using SAML and Horizon Workspace with vCloud Director? Tom Fojta shows you how.
If you aren’t using vSphere Host Profiles, this write-up on the VMware SMB blog might convince you why you should and show you how to get started.
Michael Webster tackles the question: is now the best time to upgrade to vSphere 5.1? Read the full post to see what Michael has to say about it.
Duncan points out an easy error to make when working with vSphere HA heartbeat datastores in this post. Key takeaway: sometimes the fix is a lot simpler than we might think at first. (I know I’m guilty of making things more complicated than they need to be at times. Aren’t we all?)
Jon Benedict (aka “Captain KVM”) shares a script he wrote to help provide high availability for RHEV-M.
Chris Wahl has a nice write-up on using log shipping to protect your vCenter database. It’s a bit over a year old (surprised I missed it until now), and—as Chris points out—log shipping doesn’t protect the database (primary and secondary copies) against corruption. However, it’s better than nothing (which I suspect it what far too many people are using).

Other

If you aspire to be a writer—whether that be a blogger, author, journalist, or other—you might find this article on using the DASH method for writing to be helpful. The six tips at the end of the article are especially helpful, I think.

Time to wrap this up for now; the rest will have to wait until the next Technology Short Take. Until then, feel free to share your thoughts, questions, or rants in the comments below. Courteous comments are always welcome!

Tags: Automation, Hardware, HP, HyperV, Linux, Macintosh, Networking, OpenStack, Puppet, SDN, vCloud, Virtualization, vSphere, VXLAN, Writing

Technology Short Take #32

Friday, May 3, 2013 in Networking, Security, Storage, Virtualization by slowe | 6 comments

Welcome to Technology Short Take #32, the latest installment in my irregularly-published series of link collections, thoughts, rants, raves, and miscellaneous information. I try to keep the information linked to data center technologies like networking, storage, virtualization, and the like, but occasionally other items slip through. I hope you find something useful.

Networking

Ranga Maddipudi (@vCloudNetSec on Twitter) has put together two blog posts on vCloud Networking and Security’s App Firewall (part 1 and part 2). These two posts are detailed, hands-on, step-by-step guides to using the vCNS App firewall—good stuff if you aren’t familiar with the product or haven’t had the opportunity to really use it.
The sentiment behind this post isn’t unique to networking (or networking engineers), but that was the original audience so I’m including it in this section. Nick Buraglio climbs on his SDN soapbox to tell networking professionals that changes in the technology field are part of life—but then provides some specific examples of how this has happened in the past. I particularly appreciated the latter part, as it helps people relate to the fact that they have undergone notable technology transitions in the past but probably just don’t realize it. As I said, this doesn’t just apply to networking folks, but to everyone in IT. Good post, Nick.
Some good advice here on scaling/sizing VXLAN in VMware deployments (as well as some useful background information to help explain the advice).
Jason Edelman goes on a thought journey connecting some dots around network APIs, abstractions, and consumption models. I’ll let you read his post for all the details, but I do agree that it is important for the networking industry to converge on a consistent set of abstractions. Jason and I disagree that OpenStack Networking (formerly Quantum) should be the basis here; he says it shouldn’t be (not well-known in the enterprise), I say it should be (already represents work created collaboratively by multiple vendors and allows for different back-end implementations).
Need a reasonable introduction to OpenFlow? This post gives a good introduction to OpenFlow, and the author takes care to define OpenFlow as accurately and precisely as possible.
SDN, NFV—what’s the difference? This post does a reasonable job of explaining the differences (and the relationship) between SDN and NFV.

Servers/Hardware

Chris Wahl provides a quick overview of the HP Moonshot servers, HP’s new ARM-based offerings. I think that Chris may have accidentally overlooked the fact that these servers are not x86-based; therefore, a hypervisor such as vSphere is not supported. Linux distributions that offer ARM support, though—like Ubuntu, RHEL, and SuSE—are supported, however. The target market for this is massively parallel workloads that will benefit from having many different cores available. It will be interesting to see how the support of a “Tier 1″ hardware vendor like HP affects the adoption of ARM in the enterprise.

Security

Ivan Pepelnjak talks about a demonstration of an attack based on VM BPDU spoofing. In vSphere 5.1, VMware addressed this potential issue with a feature called BPDU Filter. Check out how to configure BPDU Filter here.

Cloud Computing/Cloud Management

Check out this post for some vCloud Director and RHEL 6.x interoperability issues.
Nick Hardiman has a good write-up on the anatomy of an AWS CloudFormation template.
If you missed the OpenStack Summit in Portland, Cody Bunch has a reasonable collection of Summit summary posts here (as well as materials for his hands-on workshops here). I was also there, and I have some session live blogs available for your pleasure.
We’ve probably all heard the “pets vs. cattle” argument applied to virtual machines in a cloud computing environment, but Josh McKenty of Piston Cloud Computing asks whether it is now time to apply that thinking to the physical hosts as well. Considering that the IT industry still seems to be struggling with applying this line of thinking to virtual systems, I suspect it might be a while before it applies to physical servers. However, Josh’s arguments are valid, and definitely worth considering.
I have to give Rob Hirschfeld some credit for—as a member of the OpenStack Board—acknowledging that, in his words, “we’ve created such a love fest for OpenStack that I fear we are drinking our own kool aide.” Open, honest, transparent dealings and self-assessments are critically important for a project like OpenStack to succeed, so kudos to Rob for posting a list of some of the challenges facing the project as adoption, visibility, and development accelerate.

Operating Systems/Applications

Nothing this time around, but I’ll stay alert for items to add next time.

Storage

Nigel Poulton tackles the question of whether ASIC (application-specific integrated circuit) use in storage arrays elongates the engineering cycles needed to add new features. This “double edged sword” argument is present in networking as well, but this is the first time I can recall seeing the question asked about modern storage arrays. While Nigel’s article specifically refers to the 3PAR ASIC and its relationship to “flash as cache” functionality, the broader question still stands: at what point do the drawbacks of ASICs begin to outweight the benefits?
Quite some time ago I pointed readers to a post about Target Driven Zoning from Erik Smith at EMC. Erik recently announced that TDZ works after a successful test run in a lab. Awesome—here’s hoping the vendors involved will push this into the market.
Using iSER (iSCSI Extensions for RDMA) to accelerate iSCSI traffic seems to offer some pretty promising storage improvements (see this article), but I can’t help but feel like this is a really complex solution that may not offer a great deal of value moving forward. Is it just me?

Virtualization

Kevin Barrass has a blog post on the VMware Community site that shows you how to create VXLAN segments and then use Wireshark to decode and view the VXLAN traffic, all using VMware Workstation.
Andre Leibovici explains how Horizon View Multi-VLAN works and how to configure it.
Looking for a good list of virtualization and cloud podcasts? Look no further.
Need Visio stencils for VMware? Look no further.
It doesn’t look like it has changed much from previous versions, but nevertheless some people might find it useful: a “how to” on virtualization with KVM on CentOS 6.4.
Captain KVM (cute name, a take-off of Captain Caveman for those who didn’t catch it) has a couple of posts on maximizing 10Gb Ethernet on KVM and RHEV (the KVM post is here, the RHEV post is here). I’m not sure that I agree with his description of LACP bonds (“2 10GbE links become a single 20GbE link”), since any given flow in a LACP configuration can still only use 1 link out of the bond. It’s more accurate to say that aggregate bandwidth increases, but that’s a relatively minor nit overall.
Ben Armstrong has a write-up on how to install Hyper-V’s integration components when the VM is offline.
What are the differences between QuickPrep and Sysprep? Jason Boche’s got you covered.

I suppose that’s enough information for now. As always, courteous comments are welcome, so feel free to add your thoughts in the comments below. Thanks for reading!

Tags: Hardware, iSCSI, KVM, Networking, OpenFlow, OpenStack, RedHat, SDN, Storage, Virtualization, VMware, vSphere, VXLAN

vSphere Design Guide Giveaway

Monday, April 1, 2013 in General, Virtualization by slowe | 122 comments

You might have seen that the second edition of VMware vSphere Design was recently released. How would you like to win a free copy?

Starting today (no, this isn’t an April Fool’s joke) and running through April 15, you can enter to win a signed print copy of VMware vSphere Design, 2nd Edition! I’m giving away a free, signed copy of the book to five lucky individuals who enter and win in this book giveaway contest.

Here’s how to enter to win one of the 5 free, signed copies of the book: simply post a comment on this site telling me why you would find this book useful. Yes, that’s it!

There are a few contest rules you’ll want to note:

You’ll need to use a valid e-mail address when you post your comment, because if you’re a winner I’ll be contacting you via e-mail to get your shipping information.
If I notify you via e-mail that you’ve been selected to win a copy but you fail to respond within 48 hours with your shipping address, I’ll select a new winner in your place.
Because I’m paying for the shipping out of my own pocket, I’ll have to limit this contest to continental US residents only. (Sorry folks—my personal budget can’t sustain sending print books worldwide.)

Aside from the limitation to continental US residents only, this contest is open to anyone, so don’t hesitate—enter today!

Tags: VMware, vSphere, Writing

Announcing VMware vSphere Design, 2nd Edition

Tuesday, March 19, 2013 in Virtualization by slowe | 17 comments

I’ve been phenomenally lucky to be involved in a number of book projects around VMware vSphere. I think that most people probably know me for the wildly popular Mastering VMware vSphere 4 and Mastering VMware vSphere 5 books (released at VMworld 2009 and VMworld EMEA 2011, respectively), but in late 2010/early 2011 I also had the opportunity to collaborate with Forbes Guthrie and Maish Saidel-Keesing on VMware vSphere Design. Even though that book hasn’t sold as many units as the Mastering books, it’s a work of which I’m equally proud. The topic of designing vSphere environments can be difficult to address, but I think we did a pretty good job.

Today I’m excited to announce that Forbes Guthrie and I–along with some support from Kendrick Coleman–have undertaken a revision of that book, to be released as VMware vSphere Design, 2nd Edition.

VMware vSphere Design, 2nd Edition

In addition to a new cover design (nice, huh?), this new version of the book has a new interior as well! The book has been thoroughly updated to include design topics and considerations for vSphere 4, vSphere 5, and vSphere 5.1. In addition to discussing design topics like management, storage, networking, and security, Kendrick contributed content around design considerations for vCloud Director. The updated and expanded content makes this a great resource for anyone who will be designing VMware vSphere environments.

For more information about the book, or to see a list of resellers for the book, visit the publisher’s page.

Thanks, and I think I speak for Forbes and Kendrick when I say that we hope this resource is useful to you!

Tags: Virtualization, VMware, vSphere, Writing

Technology Short Take #30

Tuesday, March 5, 2013 in General by slowe | 4 comments

Welcome to Technology Short Take #30. This Technology Short Take is a bit heavy on the networking side, but I suppose that’s understandable given my recent job change. Enjoy!

Networking

Ben Cherian, Chief Strategy Officer for Midokura, helps make a case for network virtualization. (Note: Midokura makes a network virtualization solution.) If you’re wondering about network virtualization and why there is a focus on it, this post might help shed some light. Given that it was written by a network virtualization vendor, it might seem a bit rah-rah, so keep that in mind.
Brent Salisbury has a fantastic series on OpenFlow. It’s so good I wish I’d written it. He starts out by discussing proactive vs. reactive flows, in which Brent explains that OpenFlow performance is less about OpenFlow and more about how flows are inserted into the hardware. Next, he tackles the concerns over the scale of flow-based forwarding in his post on coarse vs. fine flows. I love this quote from that article: “The second misnomer is, flow based forwarding does not scale. Bad designs are what do not scale.” Great statement! The third post in the series tackles what Brent calls hybrid SDN deployment strategies, and Brent provides some great design considerations for organizations looking to deploy an SDN solution. I’m looking forward to the fourth and final article in the series!
Also, if you’re looking for some additional context to the TCAM considerations that Brent discusses in his OpenFlow series, check out this Packet Pushers blog post on OpenFlow switching performance.
Another one from Brent, this time on Provider Bridging and Provider Backbone Bridging. Good explanation—it certainly helped me.
This article by Avi Chesla points out a potential security weakness in SDN, in the form of a DoS (Denial of Service) attack where many switching nodes request many flows from the central controller. It appears to me that this would only be an issue for networks using fine-grained, reactive flows. Am I wrong?
Scott Hogg has a nice list of 9 common Spanning Tree mistakes you shouldn’t make.
Schuberg Philis has a nice write-up of their CloudStack+NVP deployment here.

Servers/Hardware

Alex Galbraith recently posted a two-part series on what he calls the “NanoLab,” a home lab built on the Intel NUC (“Next Unit of Computing”). It’s a good read for those of you looking for some very quiet and very small home lab equipment, and Alex does a good job of providing all the details. Check out part 1 here and part 2 here.
At first, I thought this article was written from a sarcastic point of view, but it turns out that Kevin Houston’s post on 5 reasons why you may not want blade servers is the real deal. It’s nice to see someone who focuses on blade servers opening up about why they aren’t necessarily the best fit for all situations.

Security

Nick Buraglio has a good post on the potential impact of Arista’s new DANZ functionality on tap aggregation solutions in the security market. It will be interesting to see how this shapes up. BTW, Nick’s writing some pretty good content, so if you’re not subscribed to his blog I’d reconsider.

Cloud Computing/Cloud Management

Although this post is a bit older (it’s from September of last year), it’s still an interesting comparison of both OpenStack and CloudStack. Note that the author apparently works for Mirantis, which is a company that provides OpenStack consulting services. In spite of that fact, he manages to provide a reasonably balanced approach to comparing the two cloud management platforms. Both of them (I believe) have had releases since this time, so some of the points may not be valid any longer.
Are you a CloudStack fan? If so, you should probably check out this collection of links from Aaron Delp. Aaron’s focused a lot more on CloudStack now that he’s at Citrix, so he might be a good resource if that is your cloud management platform of choice.

Operating Systems/Applications

If you’re just now getting into the whole configuration management scene where tools like Puppet, Chef, and others play, you might find this article helpful. It walks through the difference between configuring a system imperatively and configuring a system declaratively (hint: Puppet, Chef, and others are declarative). It does presume a small bit of programming knowledge in the examples, but even as a non-programmer I found it useful.
Here’s a three-part series on beginning Puppet that you might find helpful as well (Part 1, Part 2, and Part 3).
If you’re a developer-type person, I would first ask why you’re reading my site, then I’d point you to this post on the AMQP, MQTT, and STOMP messaging protocols.

Storage

There’s a good post here by Manish Patel on verifying VMFS heartbeat region corruption.
Jason Boche has a great, great post on VAAI and the “unlimited VMs per datastore” urban myth. Jason clearly and logically lays out the benefits of VAAI (specifically, he focuses most on hardware-assisted locking) and how those benefits don’t address other design considerations. Overall, an excellent article, and one I highly recommend.

Virtualization

Although these posts are storage-related, the real focus is on how the storage stack is implemented in a virtualization solution, which is why I’m putting them in this section. Cormac Hogan has a series going titled “Pluggable Storage Architecture (PSA) Deep Dive” (part 1 here, part 2 here, part 3 here). If you want more PSA information, you’d be hard-pressed to find a better source. Well worth reading for VMware admins and architects.
Chris Colotti shares information on a little-known vSwitch advanced setting that helps resolve an issue with multicast traffic and NICs in promiscuous mode in this post.
Frank Denneman reminds everyone in this post that the concurrent vMotion limit only goes to 8 concurrent vMotions when vSphere detects the NIC speed at 10Gbps. Anything less causes the concurrent limit to remain at 4. For those of you using solutions like HP VirtualConnect or similar that allow you to slice and dice a 10Gb link into smaller links, this is a design consideration you’ll want to be sure to incorporate. Good post Frank!
Interested in some OpenStack inception? See here. How about some oVirt inception? See here. What’s that? Not familiar with oVirt? No problem—see here.
Windows Backup has native Hyper-V support in Windows Server 2012. That’s cool, but are you surprised? I’m not.
Red Hat and IBM put out a press release today on improved I/O performance with RHEL 6.4 and KVM. The press release claims that a single KVM guest on RHEL 6.4 can support up to 1.5 million IOPS. (Cue timer until next virtualization vendor ups the ante…)

I guess I should wrap things up now, even though I still have more articles that I’d love to share with readers. Perhaps a “mini-TST”…

In any event, courteous comments are always welcome, so feel free to speak up below. Thanks for reading and I hope you’ve found something useful!

Tags: KVM, Linux, Networking, OpenFlow, OpenStack, Puppet, RedHat, SDN, Security, Storage, Virtualization, VMware, vSphere

Technology Short Take #28

Thursday, January 10, 2013 in Macintosh, Microsoft, Networking, Security, Storage, Virtualization by slowe | 3 comments

Welcome to Technology Short Take #28, the first Technology Short Take for 2013. As always, I hope that you find something useful or informative here. Enjoy!

Networking

Ivan Pepelnjak recently wrote a piece titled “Edge and Core OpenFlow (and why MPLS is not NAT)”. It’s an informative piece—Ivan’s stuff is always informative—but what really drew my attention was his mention of a paper by Martin Casado, Teemu Koponen, and others that calls for a combination of MPLS and OpenFlow (and an evolution of OpenFlow into “edge” and “core” versions) to build next-generation networks. I’ve downloaded the paper and intend to review it in more detail. I’d love to hear from any networking experts who’ve read the paper—what are your thoughts?
Speaking of Ivan…it also appears that he’s quite pleased with Microsoft’s implementation of NVGRE in Hyper-V. Sounds like some of the other vendors need to get on the ball.
Here’s a nice explanation of CloudStack’s physical networking architecture.
The first fruits of Brad Hedlund’s decision to join VMware/Nicira have shown up in this joint article by Brad, Bruce Davie, and Martin Casado describing the role of network virutalization in the software-defined data center. (It doesn’t matter how many times I say or write “software-defined data center,” it still feels like a marketing term.) This post is fairly high-level and abstract; I’m looking forward to seeing more detailed and in-depth posts in the future.
Art Fewell speculates that the networking industry has “lost our way” and become a “big bag of protocols” in this article. I do agree with one of the final conclusions that Fewell makes in his article: that SDN (a poorly-defined and often over-used term) is the methodology of cloud computing applied to networking. Therefore, SDN is cloud networking. That, in my humble opinion, is a more holistic and useful way of looking at SDN.
It appears that the vCloud Connector posts (here and here) that (apparently) incorrectly identify VXLAN as a component/prerequisite of vCloud Connector have yet to be corrected. (Hat tip to Kenneth Hui at VCE.)

Servers/Hardware

Nothing this time around, but I’ll watch for content to include in future posts.

Security

Here’s a link to a brief (too brief, in my opinion, but perhaps I’m just being overly critical) post on KVM virtualization security, authored by Dell TechCenter. It provides some good information on securing the libvirt communication channel.

Cloud Computing/Cloud Management

Long-time VMware users probably remember Mike DiPetrillo, whose website has now, unfortunately, gone offline. I mention this because I’ve had this article on RabbitMQ AMQP with vCloud Director sitting in my list of “articles to write about” for a while, but some of the images were missing and I couldn’t find a link for the article. I finally found a link to a reprinted version of the article on DZone Enterprise Integration. Perhaps the article will be of some use to someone.
Sam Johnston talks about reliability in the cloud with a discussion on the merits of “reliable software” (software designed for failure) vs. “unreliable software” (more traditional software not designed for failure). It’s a good article, but I found the discussion between Sam and Massimo (of VMware) as equally useful.

Operating Systems/Applications

I found this article on the use of Chef and Soloist to automate the setup of OS X 10.8 to be quite interesting. I hadn’t heard of Soloist before reading this article.
Perhaps it shows my lack of Unix/Linux experience, but I’m not familiar with RCS, so reading this post about using RCS to “version control everything” was interesting to me. I’m going to have to give RCS a spin and see how I like it. I suppose the real question is whether it is worth trying to use RCS (or its equivalent) to version control everything, or just put everything into a configuration management system like Puppet or Chef.
I think I mentioned this on Twitter, but this PDF-to-Keynote conversion tool looks like it might be useful from time to time.

Storage

Want some good details on the space-efficient sparse disk format in vSphere 5.1? Andre Leibovici has you covered right here.
Read this article for good information from Andre on a potential timeout issue with recomposing desktops and using the View Storage Accelerator (aka context-based read cache, CRBC).
Apparently Cormac Hogan, aka @VMwareStorage on Twitter, hasn’t gotten the memo that “best practices” is now outlawed. He should have named this series on NFS with vSphere “NFS Recommended Practices”, but even misnamed as they are, the posts still have useful information. Check out part 1, part 2, and part 3.
If you’d like to get a feel for how VMware sees the future of flash storage in vSphere environments, read this.

Virtualization

This is a slightly older post, but informative and useful nevertheless. Cormac posted an article on VAAI offloads and KAVG latency when observed in esxtop. The summary of the article is that the commands esxtop is tracking are internal to the ESXi kernel only; therefore, abnormal KAVG values do not represent any sort of problem. (Note there’s also an associated VMware KB article.)
More good information from Cormac here on the use of the SunRPC.MaxConnPerIP advanced setting and its impact on NFS mounts and NFS connections.
Another slightly older article (from September 2012) is this one from Frank Denneman on how vSphere 5.1 handles parallel Storage vMotion operations.
A fellow IT pro contacted me on Twitter to see if I had any idea why some shares on his Windows Server VM weren’t working. As it turns out, the problem is related to hotplug functionality; the OS sees the second drive as “removable” due to hotplug functionality, and therefore shares don’t work. The problem is outlined in a bit more detail here.
William Lam outlines how to use new tagging functionality in esxcli in vSphere 5.1 for more comprehensive scripted configurations. The new tagging functionality—if I’m reading William’s write-up correctly—means that you can configure VMkernel interfaces for any of the supported traffic types via esxcli. Neat.
Chris Wahl has a nice write-up on the behavior of Network I/O Control with multi-NIC vMotion traffic. It was pointed out in the comments that the behavior Chris describes is documented, but the write-up is still handy, and an important factor to keep in mind in your designs.

I suppose I should end it here, before this “short take” turns into a “long take”! In any case, courteous comments are always welcome, so if you have additional information, clarifications, or corrections to share regarding any of the articles or links in this post, feel free to speak up below.

Tags: Automation, HyperV, KVM, Macintosh, Microsoft, Networking, NFS, Security, Storage, Virtualization, VMotion, VMware, vSphere, VXLAN

Link Aggregation and VLAN Trunking with Brocade FastIron Switches

Friday, October 26, 2012 in Interoperability, Networking, Virtualization by slowe | 4 comments

In this post, I’ll be sharing with you information on how to do link aggregation (with LACP) and VLAN trunking on a Brocade FastIron switch with both VMware vSphere as well as Open vSwitch (OVS).

Throughout the majority of my career, my networking experience has been centered around Cisco’s products. You can easily tell that from looking at the articles I’ve published here. However, I’ve recently had the opportunity to spend some time working with a Brocade FastIron switch (a 48-port FastIron Edge X, specifically, running software version 7.2), and I wanted to write-up what I’ve learned about how to do link aggregation and VLAN trunking in conjunction with both VMware vSphere as well as OVS.

Configuring Link Aggregation with LACP

When researching how to do link aggregation on a Brocade FastIron, I came across a number of different articles suggesting two different ways to configure link aggregation (ultimately I followed the information provided in this article and this article). I think that the difference in the configuration comes down to whether or not you want to use LACP, but I’m not completely sure. (If you’re a Brocade/Foundry expert, feel free to weigh in.)

To configure a link aggregate using LACP, use these commands:

You’ll use the link-aggregate configure key <unique key> command to identify which interfaces may participate in a given link aggregate. The key must range from 10000 to 65535, and has to be unique for each group of interfaces in a link aggregate bundle. The switch uses the key to identify which ports may be a part of a link aggregate.
You’ll use the link-aggregate active command to indicate the use of LACP for link aggregation configuration and negotiation.

For example, if you wanted to configure port 10 on a switch for link aggregation, the commands would look something like this:

switch(config)# interface ethernet 10
switch(config-if-e1000-10)# link-aggregate configure key 10000
switch(config-if-e1000-10)# link-aggregate active

For each additional port that should also belong in this same link aggregate bundle, you would repeat these commands and use the same key value. As I mentioned earlier, the identical key value is what tells the switch which interfaces belong in the same bundle.

Configuring the virtualization host is pretty straightforward from here:

If you are using vSphere, note that you’ll need to use vSphere 5.1 and a vSphere Distributed Switch (VDS) in order to use LACP. In order to use LACP, you’ll need to set your teaming policy to “Route based on IP hash,” and then you must enable LACP in the settings for the uplink group. Chris Wahl has a nice write-up here, including a list of the caveats of using LACP with vSphere. VMware also has a VMware KB article on the topic.
If you are using OVS, you can follow the instructions I provided in this post on link aggregation and LACP with Open vSwitch.

Configuring VLANs

Although VLANs are (generally) interoperable between different switch vendors due to the broad adoption of the 802.1Q standard, the details of each vendor’s implementation of VLANs is just different enough to make life difficult. In this particular case, since I learned Cisco’s VLAN implementation first, Brocade’s VLAN implementation on the FastIron Edge X series switches seemed rather odd. I’m sure that had I learned Brocade’s implementation first, then Cisco’s version would seem odd.

In any case, the commands you use for VLANs are as follows:

To create a VLAN, use the vlan <VLAN identifier> command.
To add a port to that VLAN, so that traffic across that port is tagged for the specified VLAN, use the tagged ethernet <interface> command.
To add a range of ports to a VLAN, use the tagged ethernet <start interface> to <end interface> command.
To allow a port to carry both untagged (native, or default VLAN) and tagged traffic, you must use the dual-mode command. Otherwise, a port carries only untagged or tagged traffic. (This was a key difference in Brocade’s VLAN implementation that threw me off at first.)

So, if you wanted to create VLAN 30, add Ethernet interface 24 to that VLAN, and configure the interface to carry both tagged and untagged traffic, the commands would look something like this:

switch(config)# vlan 30 name server-subnet
switch(config-vlan-30)# tagged ethernet 24
switch(config-vlan-30)# interface ethernet 24
switch(config-if-e1000-24)# dual-mode

Once the VLANs are created and the interfaces are added to the VLANs, configuring the virtualization hosts is—once again—pretty straightforward:

On vSphere, you must create a port group (or distributed port group) for each VLAN, and specify the VLAN ID in the port group configuration. Any port group without a VLAN ID specified will receive untagged traffic. I wrote an article in 2007 (it’s a bit dated, but still applicable) about VMware port groups and the native VLAN. (The native VLAN is Cisco terminology for the untagged VLAN.)
On OVS, you must either create OVS fake bridges for each VLAN or (when it’s working) use libvirt integration with OVS. You can wrap libvirt networks around OVS fake bridges as well.

I hope this information is useful to someone. If anyone has any corrections or clarifications, I encourage you to add your information to the comments on this post.

Tags: Interoperability, Networking, OVS, Virtualization, VLAN, VMware, vSphere

Technology Short Take #24

Monday, July 30, 2012 in Networking, Security, Storage, Virtualization by slowe | 1 comment

Welcome to Technology Short Take #24, another instance of my irregularly-published collection of links, thoughts, and rants on various data center technologies like networking, operating systems, security, hardware, virtualization, and cloud computing. This is a slightly shorter version of my Technology Short Takes; I’m trying to pare down since some readers have indicated the previous Short Takes weren’t short enough. Anyway, I hope you find something useful.

Networking

This page is a decent reference to the open source software-defined networking (SDN) projects that are out there. While I’m sure it’s not comprehensive—open source projects can be difficult to track sometimes—it’s at least a good starting point.
Here’s an older article by Brad Hedlund on building a leaf-spine design with either 40G or 10G. Which is better? As usual, the IT answer is, “It depends.” It’s a good article overall, although it reminds me that I still have so much to learn in networking. It’s a good thing there are smart folks like Brad who are willing to share their knowledge.

Security

Bromium finally “opened the kimono” to talk about what they’re doing. I had the chance to chat with Simon Crosby, and I must say that it’s pretty cool stuff. If you haven’t yet read it, check out Simon’s post at BrianMadden.com.
While I was in Indianapolis last week for the Indianapolis VMUG, I sat in on a session by Lancope on the use of Netflow to secure your network. The presenter showed a list of open source Netflow tools. I haven’t gotten the specific list that the presenter used, but I did find this list—perhaps it will be useful.

Storage

In 2009 I wrote a piece explaining NPIV and NPV. In May Tony Bourke posted a write-up of NPIV and NPV as well, and did a good job of drawing some analogies about these technologies. There’s a great discussion going on in the comments as well, so I recommend reading the comments too.
This article is titled “Understanding IO,” but it really seems like more of a write-up on various IO analysis tools. Still quite useful, even though it seems to be a bit focused on Solaris.
I finally got around to reading Stephen Foskett’s I/O Blender series (part 1, part 2, and part 3), in which he describes the current state of storage and virtualization as a introduction to some of the ideas that VMware described in their “next-generation” storage presented last year at VMworld 2011; in particular, the demultiplexer.

Virtualization

Maish Saidel-Keesing has a three-part write-up on installing and configuring OpenIndiana in a VM (part 1, part 2, and part 3). This is not something I’ve had the opportunity to work with, although I have worked some with Solaris in the past. (In fact, this weekend I tried to find a Solaris 10 x86 ISO I used to have somewhere because I was going to build a Solaris 10 VM for some Puppet testing and couldn’t find it. Bummer.)
Via Vladan Seget, I saw that VMware vSphere 5.0 has achieved Common Criteria EAL4+ certification.
This VMware KB article has a great PDF attached that covers vSphere’s various memory management techniques.
Working your way toward taking the VCAP-DCD exam? This site, while a bit dated, has some good resources for VDCD410 (the vSphere 4 version of the exam). Of course, there’s also this little video training course that was recently released…
Here’s a Citrix Knowledge Center article that provides more information on SR-IOV (Single Root I/O Virtualization) support within XenServer (and, by extension, Xen Cloud Platform/XCP).
There’s an interesting note here about interactions between SIOC and SRM 5.

That’s it for this time around; feel free to add your own thoughts in the comments below. Courteous comments are always welcome!

Tags: Networking, Security, Storage, Virtualization, VMware, vSphere, Xen

Designing VMware Infrastructure Video Training Available

Monday, July 30, 2012 in Collaboration, Virtualization by slowe | 8 comments

In case you hadn’t already heard, this past Tuesday, July 24, Train Signal officially released my Designing VMware Infrastructure video training course!

Designing VMware Infrastructure from Train Signal

If you’re interested, you can view a sample video from the course on YouTube.

This is my first video training course, and I’m really excited to see it officially released. I hope that the video training course is as helpful to users as my books (like Mastering VMware vSphere 5 or VMware vSphere Design, written with Forbes Guthrie and Maish Saidel-Keesing) have been. Having now done both books and video training, it’s interesting to me how very different the two media are, and how very different the content creation process is. It was a learning experience for me, and I’m looking forward to more video training courses in the future. If you have any specific things for which you’d like to see video training courses produced, let me know by speaking up in the comments below. Also, if you have the Designing VMware Infrastructure course, I’d love to hear your feedback and suggestions for improvement!

Tags: Virtualization, VMware, vSphere

vSphere on NFS Design Considerations Presentation

Tuesday, July 3, 2012 in Storage, Virtualization by slowe | 10 comments

This presentation is one that I gave at the New Mexico, New York City, and Seattle VMUG conferences (this specific deck came from the Seattle conference, as you can tell by the Twitter handle on the first slide). The topic is design considerations for running vSphere on NFS. This isn’t an attempt to bash NFS, but rather to educate users on the things to avoid if you’re going to build a rock-solid NFS infrastructure for your VMware vSphere environment. I hope that someone finds it useful.

My standard closing statements goes here–your questions, thoughts, corrections, or clarification (always courteous, please!) are welcome in the comments below.

Tags: NAS, NFS, Storage, Virtualization, VMware, vSphere

« Older entries