You are here: Home / Archives for Hyper-V

Cisco Distributed Nexus 1000v closer to reality in Hyper-V

April 9, 2013 By Leave a Comment

Cisco Distributed Nexus 1000v closer to reality in Hyper-V

 

One of the major differences between vSphere and KVM, Hyper-V and XenServer has been the ability to integrate 3rd party distributed switches.  VMware vSphere has had the ability to support Nexus 1000v for a few years now while it has been “coming” to Hyper-V for awhile now.  Well I missed the announcement of the public beta for Nexus 1000v on Hyper-V.  The below Cisco blog gives some detail of the state of their distributed switch in Windows Server 2012. 

Vive la Nexus 1000V on Microsoft Hyper-V!.

Filed Under: Network, Virtualization Tagged With: , ,

VirtualizedGeek Tech Talks Episode 3

March 5, 2013 By 1 Comment

In episode 3, I talk about the Ars Technica article on VMware vs. AWS and if VMware needs to worry about Amazon’s price cuts.

Yet another large company has rolled back their tele-work program.  Bestbuy announced the end of R.O.W.E.

Last and most fun, we talk about my virtual vs. physical blog post.

 

Filed Under: Cloud Computing, TechTalks, Virtualization Tagged With: , , , ,

Physical vs. Virtual virtualization lab

March 1, 2013 By 3 Comments

So, you want to improve your knowledge of virtualization.  Doesn’t matter if it’s Hyper-V, VMware, Xen or KVM the major decision of Physical vs. Virtual lab is the same.  If you are new to virtualization your first thought may be to go out and purchase some dedicated hardware to run your lab sessions.  There’s a lot you can do with a couple of PC’s or entry level servers, network storage and a switch.  You could practice live migration labs, various clustering configurations, virtual switch configuration and various Virtual Desktop Infrastructure (VDI) configurations.  However, this approach has some of the same draw backs as enterprises that have physical first approaches vs. virtual first approaches.

This is a great time to practice not just the technical part of a virtualization strategy but also the same financial and operational aspects of a virtualization strategy.  Just like in the enterprise you should examine the requirements of your lab.  What solutions and features are you looking to implement in your environment?  Does any of the scenarios you are looking to implement actually require physical resources.

Let’s take a look at some of the scenarios and see if a physical lab is required.

Running the Hypervisor

This is the first major requirement of any virtualization lab.  You need to be able to run a minimum of two hypervisors in most scenarios.  The big question is can you virtualize the hypervisor?  This is the first question you ask when looking at a workload in the enterprise.  Looking at say a Oracle instance you need to answer the basic question if the instance itself can be virtualized from a technical perspective.  This is an area that has advanced as both virtualization software and hardware based virtualization features have improved.  My most popular post not only talks about running an hypervisor inside another hypervisor but also running what’s called a nested VM.

Running a Virtual Machine

The second requirement of any virtualization lab may sound pretty simple as well,  the ability to run a VM.  This is where we can get a little complicated.  In a physical lab it’s very straight forward.  You install your hypervisor of choice and then you use the management tools of that platform to deploy your VM.  This requirement doesn’t change when looking at it from a virtualized lab perspective.  You still need to be able to run a VM inside of your virtualized hypervisor.  This is more of a technical issue on each platform.  I’ve found the most consistent method is to use either VMware ESXi (Free) or VMware Workstation to allow this capability.  This is called a nested VM.  However, once you nest a VM this brings in questions around networking.  How does networking work for a nested VM.

Nested_VM

Networking

Again this is why I like using VMware Workstation and ESXi for the base hypervisor.  The best way to talk through networking in a virtualized lab is to reference my video on the topic.

The most difficult requirement to meet would be for distributed switches across multiple hosts.  In a physical lab you have a physical switch to use as a cross connect between hypervisors and thus distributed switches.  This is primarily an issue with vSphere inside of VMware Workstation as VMware is the furthest along with production class distributed switches.  VMware workstation doesn’t use a virtual switch but something much closer to separate configuration that can be better described as hubs.  A work around to this issue would be to use a full vSphere which has a proper virtual switch.

vcenter_network_vmware8

Live Migration 

One of the major features of virtualization is the ability to migrate a running virtual machine (VM) from one physical host to another without any downtime.  The common requirements for live migration is like computing hardware, shared storage and networking.  Most vendors are claiming that a SAN is no longer required for live migration but from a performance and scale perspective you want to be most familiar with using shared storage in your lab.  The big question is what do you do for shared storage.  This is actually the easiest of topics that we’ve addressed.  You can solve this challenge by just running a NFS or iSCSI appliance as a VM within your base hypervisor.  Another advantage is that you can “thin provision” more storage to the SAN appliance than physically available.

Laptop vs. Workstation

So, what type of hardware do you need to run a decent lab on a single piece of hardware.  Do you need a rig like I use here?  Or can you get by with just a beefy laptop?  The bottom line is that you can do a great deal of a system with an i5/i7 and 8GB of RAM.  But there are very few labs you can’t do with a system with 16GB of RAM which is becoming a common option for laptops.  Outside of RAM the other big consideration is storage I/O.  Virtualization is both storage and memory intensive.  I would say that an SSD is almost a must.  Especially if you plan on running multiple nested machines like in a VDI configuration.  You can take a look at my laptop configuration here.

Conclusion

Generally speaking you can do everything in a virtual lab that you can in a physical lab.  Some practical issues are scale and experience on specific vendor solutions.  If you want to know how a Dell, HP or Cisco switch will be configured in your virtual network this can’t be done in a pure virtual lab.  This is the same case with other external dependencies such as SAN storage.  You want to know what challenges exist in configuring the previous mentioned network devices with Jumbo frames and the challenges related to SAN performance then virtual labs can’t get you that experience.  In my role I don’t need that level of interaction but you may find your requirements are different from mine.

You can see how I’ve used VMware Workstation as a base for my lab here

Filed Under: Virtualization Tagged With: , , ,

Does VMware know Cloud is all about the Developers?

February 18, 2013 By 3 Comments

If I were a certain CEO of a certain software company, I would be standing on a stage with a blade server jumping up and down yelling “Developers, Developers, Developers.”  I’m a huge fan of VMware products.  VMware has long been the thought leader in x86 virtualization products both on the desktop and in the data center.  The free version of ESXi is a power product alone.  Add to it the DevelopersvSphere suite and it’s pretty difficult to find a better virtualization solution.  Their software defined data center approach is coming together to be a great solution for those of us in the infrastructure arena.  There may be some engineers that have singular focus on either storage or networking that’s not very excited about software defined data centers but I believe data center managers in general like the idea.  But no matter how much I and my peer like the solution, VMware impresses the wrong crowd and may be headed down the path of other great infrastructure technologies like Novell Netware.

The first rule in IT is that technology is here to support business.  Technology organizations accomplish this goal by providing applications that give organizations an edge over their competitors.  Applications need to run on platforms.  This is where I believe VMware is having difficulty in their vision.  A great example of a solution focused on applications is Amazon Web Services (AWS).  When it came out I didn’t get it.  I was already a fan of virtualization and understood the virtualization parts of AWS but I didn’t get the need for an API.  I wanted a console to assign resources to application developers so that application developers could create their applications and I could control the underlying resources the same way I do in the enterprise data center.  You know what I do today with vSphere.

I was completely wrong.  I forgot the first rule of IT, which is that it’s there to support the business.  And that means applications and data always needs to be the focus.  AWS approached the developers and understood what made since to build Cloud applications.  Startups like Zynga (I’m not a big fan) and Netflix built extremely scalable business by looking at the infrastructure in a completely different way than us infrastructure guys have looked at infrastructures.  Amazon allows the developer to control the infrastructure.  From a traditional perspective this sounds ridiculous.  Developers don’t’ know the first thing about capacity planning, storage performance, network management or CPU optimization.  And the ideal point of AWS is that developers don’t need to know a lot about infrastructure to build scalable cloud apps.  AWS abstracted the infrastructure for developers similar to what operating systems do for computer hardware.

I want this type of flexibility within my data center.  When looking at the previous VMware strategy, this is where it seemed to be going with their purchase of various development platforms and the creation of Cloud Foundry.  However, VMware had decided to refocus on its core competency which is virtualization and infrastructure management.  They want to give us infrastructure guys the best tools to manage the infrastructure.  I just don’t know if I’m the right audience or target for the Cloud based data center.

cloudfoundryDoes vFabric give my developers the same flexibility as other solutions?  I’m starting to realize that I will need to look to solutions such as Euclyptus, CloudStack and OpenStack for the AWS like experience within the data center.  Or does Microsoft have something with a convergence of the Hyper-V and Azure API’s.  As these solutions mature they will give me the control that AWS doesn’t while giving my developers the capability to build scalable Cloud applications that enable business.

Driving Cloud & virtualization is all about developers.

 

Filed Under: Cloud Computing, Virtualization Tagged With: , , ,

Windows Server 2012 Ain’t no Cloud OS either

January 10, 2013 By 2 Comments

Windows-Server-2012

I took a little stab at OpenStack’s claim of being a Cloud OS.  Any solution that bills itself as an OS should have the features of an OS.  My dig on OpenStack was that it was taking liberty with the term OS as it doesn’t have the ability to cluster across cloud providers without a third party solution (RackSpace did reach out to me and promised to show me how they do it).

Microsoft actually calls Windows Server 2012 a Cloud OS.  While OpenStack is taking liberty with the term “OS”, Microsoft is taking liberty with the term “Cloud”.  It has always been a pet peeve of mine that vendors label virtualization as Cloud.  If you read any of Microsoft’s Server 2012 “Cloud” features they are all just advanced virtualization features.  They are great virtualization features that light a fire under VMware but they are just virtualization features and don’t make WS2012 a Cloud solution.  Don’t get me wrong.  I’m impressed with what MS has done with virtualization in 2012.  I just don’t like the redefinition of the term.  I did write a piece awhile back on the deference between Cloud and Virtualization.

Filed Under: Cloud Computing, Virtualization Tagged With: , ,

Is VMware headed the slow painful death of Novell

December 4, 2012 By 2 Comments

Image

If you’ve spent any time reading my blog you know I’m a big fan of VMware’s virtualization platform and the entire management suite vSphere/vCloud and vETC.  I believe it is by far the best technical solution for x86 virtualization. Dynamic Resource Scheduling (DRS) is a compelling feature and a huge value on its own.  The ability for vCenter to automatically adjust workloads across server clusters is unparalleled.  But, I’m wondering if being the best is good enough for VMware moving forward.  Is 2013 the year of the commodity hypervisor?  The tech industry is scattered with the remains of many once upon a time market leaders that were by far the technical leaders in their individual areas.  Few companies such as Cisco remain at the top of their respective markets for an extended period of time even fewer software companies are able to achieve that longevity.

The big question is how much longer can VMware continue to sell vSphere at a premium over both Hyper-V and XenServer?   For shops that are just starting to embrace virtualization (if there’s such a market) how does VMware go in and sell them on the virtues of vSphere over Hyper-V and System Management 2012?  Has Microsoft matured Hyper-V to the point where it is good enough for most environments and those who chose to adopt it never really know what they are missing feature wise with VMware.  When you look at a feature matrix comparing Hyper-V to ESXi for example, it’s hard to differentiate the two offerings without a deeper understanding of virtualization technologies.  For example Hyper-V now supports Cisco’s Nexus 1000 virtual switch.  But what exactly does that mean to the mass market other than a check box?  Is there additional integration allowing vendors to build additional solutions that plug into the virtualized network stack similar to vShield?

We’ve seen this movie from Microsoft in the enterprise and it normally doesn’t end well for the competition.  I’m an old school Netware guy and no one did directory services, File and Print better than Novell.  But that wasn’t enough for Novell to keep its substantial lead in the enterprise as the market expanded.  Microsoft with Active Directory achieved a leading position prior to even achieving feature parity with Netware and NDS.  I’ve seen a repeat of history as I mentor younger engineers.  I often find myself defending the premium associated with VMware to engineers running Hyper-V because it was free with Windows.

Once a competing free solution is deployed in the enterprise it’s difficult to get organizations to change. I had to practically pull teeth to get a previous customer that wanted to further embrace virtualization to move away from Hyper-V when their management structure and technical requirement obviously called for something more robust than what Hyper-V 2.0 could provide at a younger point in its development.  Try having a discussion with the finance guys on how DRS allows for an overall lower total cost of ownership.  I can hear the eyes rolling in the finance geeks heads now. I believe this exemplifies the challenge faced by VMware.  Thankfully, I’m not a product guy and have to figure this marketing strategy out.  I leave that stuff up to the experts but when I read stories like the ones over at GigaOm how EMC is having VMware double down on its core virtualization business it makes me wonder about the long term future of the company.

What are your thoughts?  Do you think VMware is headed down the slow path that saw Novell sold to NetIQ or I’m I just miss reading the tea leafs?

Filed Under: Virtualization Tagged With: ,

SANs free live migration – VMware vs. Hyper-V

October 23, 2012 By 2 Comments

With the introduction of Hyper-V 3.0 and vSphere 5.1 both major virtualization vendors have introduced SAN free live migration solutions.  To give a quick recap live migration is the ability to migrate a virtual machine from one physical host to another physical host without interruption of service for the target virtual machine.  In the past, the one consistent requirement in both Hyper-V and vSphere has been that you had to have a SAN in common between the two hosts. The primary challenge for the SAN requirement was the cost and complexity associated with operating a SAN.  This put one of the most beneficial features of hypervisors out of the reach for small organizations.  Another challenge is the inability to migrate virtual machines between hosts homed to different SANs.  It’s been a common challenge to perform maintenance on a SAN or change the class of storage associated with a VM but not have anywhere to move it without downtime.

Microsoft and VMware approach SAN free migration in two different ways.  Microsoft leverages the improvements in their SMB protocol in Windows Server 2012.  SMB has had a reputation for being an inefficient protocol for years.  NFS and iSCSI have been the default method for providing storage over a TCP/IP network.  Microsoft now claims that SMB is efficient enough to compete with NFS and iSCSI in offering the backend storage needed to host VM’s.  It’s this new performance boost that Microsoft leverages as the foundation of SANs free live migration.  Instead of storing the VM on a traditional NFS volume or iSCSI LUN, Hyper-V can now store VHD files on a standard Windows Files Share.  The file server doesn’t have to run Hyper-V itself.  It just needs to be a Windows Server 2012 OS and could be virtual itself.  In essence you still have the shared storage requirement but get a new shared storage option.  You still however get many of the performance advantages during live migration as you do in NFS, iSCSI and Fibre Channel based solutions.

VMware takes a different approach by combining standard vMotion with Storage vMotion.  Instead of migrating just the VM’s memory and CPU state from one host to another, the storage is migrated as well.  So, you can have two hosts with local storage perform migrations between the two hosts.  This offers a greater level of flexibility over the Hyper-V approach.  The obvious disadvantage would be performance as large VM’s would take a long time to replicate even over a fast network.  There also could be performance related issues for both Storage and Network I/O.  However, this is a great new feature for allowing the migration of VM’s from one SAN to another SAN.  It doesn’t offer much in the form of protection as shared storage is still the way to go if you are looking to protect workloads.

Both solutions are great new features of the platforms.  Microsoft uses a little marketing magic to technically achieve “SANs” free live migration but it is still a very useful feature while VMware makes a natural evolution to live storage migration between two hosts with no shared storage.   Do you see a use case for SANs free migration in your environment?

Filed Under: Virtualization Tagged With: , ,

Hyper-V 3 vs. vSphere 5 Debate on ZDNet

March 7, 2012 By Leave a Comment

Zdnet has an interesting debate about Hyper-V 3 on Windows Server 8 vs. vSphere 5.0.  Hyper-V to this point has been a great value play for organizations that didn’t have huge management requirements for their virtualized environment.  It’s support for Linux has actually improved a lot as well.

But I think it’s unreasonable to think the Windows 8 will have an sizable impact on VMware’s market share in the short term (next 1 or so).  I don’t see the argument for a OS that’s not scheduled to be released this year.  Microsoft has a poor track record of delivering all the features shipped in beta as part of the production release.  I just can’t see myself making a decision based on the promises of a not yet shipped product.

With that said, I look forward to the release of Windows 8 (client and server) and the push it will give VMware on both innovation and price.  It’s time someone shook up the market and brought real competition to this space.

Filed Under: Virtualization Tagged With: , ,

Virtual Host Security

May 13, 2010 By Leave a Comment

Security is a never ending battle for us folks in the business of IT Infrastructure.  There are always new threats that we need to consider from every layer of the network.  Now that virtualization is becoming a huge part of the infrastructure, it’s a good idea to extend our security policy to include virtualization challenges.

I wanted to take a look at some of the common challenges to consider within VMware.  Specifically the VI3 platform as I’m running into this platform %90 of the places I go versus vSphere which has a completely new model and API available for securing your virtual environment.  I will take a separate look at Hyper-V, XenServer and vSphere at a later date.  Since VI3 is so prevalent it’s the audience that I believe I could touch the most.  It’s important to note that these principles could apply to the other platforms as well.

So, what are the security challenges with hypervisors?  Out of the box the kernel and consol are pretty secure.  There aren’t a lot of services that could be exploited running by default.  There’s a firewall enabled by default.  And communication is over SSH and SSL.  These are all things we should expect but here are three areas of concern.

Guest OS

One of the first area’s to look at would be the guest OS and services.  The vulnerabilities of the guest OS could easily become the not so obvious vulnerabilities of the hypervisor.  I’m not going to pick on any one operating system as things issues are common amongst all OS’s that provide services.  One thing to really consider is DoS attacks against the VMware host through a subject able guest OS or service.

An attacker could direct a DoS at a service running on one guest OS which could affect the performance of the physical hardware.  This in turn could affect other guest operating systems.  This is why it’s important to have system monitoring in place for your hardware and applications.   This is where tools like vMotion could really pay for themselves as you can isolate servers that are experiencing high utilization or suspicious activity.

Network Isolation

It’s extremely important to fully plan out your virtual network and physical network layout and the access lists governing control between the two.  It’s been my experience that the team that manages the virtual switches and the team that manages the physical network are two separate teams.  I personally think that this is a mistake.

I have experience as both a Network Engineer and a Server Administrator and have a strong understanding of routing, switching and access control.  This is a critical skill when dealing with an extremely large virtual environment.  I find that when I wear both hats I have conflicting agendas.  The network engineer in me wants to think security first but the server administrator wants the course of least resistance.

This leads to shortcuts and poking holes in VLAN configurations by using static routes between Virtual Machines on different network segments.  These shortcuts are normally undocumented and come to bite us in the rear sometime in the future when we least expect it.  Worst case hopefully its internal audit doing a review of controls and not some bad guy taking advantage of our laziness.

Virtual Center Clients

This is an area that we may not give much thought to because the list of people allowed to access the console is limited.  But it’s this area that we need to pay a great deal of attention.  I’m very reluctant to give access to the Virtual Center Console to Jr. Level Administrators.  Even when configured correctly by restricting rights to virtual machines through Directory Services it’s important to realize how big of a security risk it is giving access to someone who doesn’t have the appropriate training in Virtualization or even security.

This is an area that can lead to a great deal of damage if an administrator is lacks about securing their desktop.  This is why it’s also importing to have the appropriate level of logging configured to re-enforce the security policy with accountability.

There are plenty of other area’s to look at like iSCSI security, Storage Network and device level challenges.  I’ve provided a few links at the end where you can get much more detail on securing you virtual environment.

Useful Links

I found these useful links that give more detail in securing your virtual environment.

VMware Harding VI3

http://www.vmware.com/files/pdf/vi35_security_hardening_wp.pdf

VMware vSphere Hardening Guide

http://communities.vmware.com/docs/DOC-12306

Keith Townsend

Filed Under: Network, Security Tagged With: , ,
Follow

Get every new post delivered to your Inbox.

Join 283 other followers

%d bloggers like this: