Archive for 2008

I’ve been trying to get the VMware Infrastructure Client to run on my Ubuntu laptop via Wine.  I’ve been making progress and getting closer, but it’s still not working.  After playing around with native vs. builtin DLL’s and a couple of other configuration items, I can successfully install and launch the VIC.  I have no issue getting the familiar VIC login prompt. But after entering the IP address of my Virtual Center server, user name and password, I get the error “The client could not validate the server’s SSL certificate,” as you can see here:

I can get farther by putting an http:// in front of the IP address, forcing the VIC to bypass SSL, and it appears the client is attempting to connect to my Virtual Center server.  However, ultimately the application crashes with the following trail of console messages.

fixme:shell:URL_ParseUrl failed to parse L”"
fixme:shell:URL_ParseUrl failed to parse L”VirtualInfrastructure.25u2″
fixme:shell:URL_ParseUrl failed to parse L”System.Windows.Forms”
fixme:shell:URL_ParseUrl failed to parse L”System”
fixme:shell:URL_ParseUrl failed to parse L”VpxClientCommon.25u2″
fixme:shell:URL_ParseUrl failed to parse L”VMware.CustomControls.25u2″
fixme:shell:URL_ParseUrl failed to parse L”System.Drawing”
fixme:shell:URL_ParseUrl failed to parse L”VimSoapService.25u2″
fixme:exec:SHELL_execute flags ignored: 0×00000500
fixme:ole:Context_QueryInterface interface not implemented {000001da-0000-0000-c000-000000000046}
fixme:advapi:RegisterEventSourceW ((null),L”.NET Runtime”): stub
fixme:advapi:ReportEventW (0xcafe4242,0×0001,0×0000,0x000003ff,(nil),0×0001,0×00000000,0x7d94d124,(nil)): stub
err:eventlog:ReportEventW L”.NET Runtime version 2.0.50727.42 – Fatal Execution Engine Error (7A05E2B3) (80131506)”
fixme:advapi:DeregisterEventSource (0xcafe4242) stub
fixme:advapi:CheckTokenMembership (0x27c 0x1cef20 0x7d94c778) stub!
fixme:shell:URL_ParseUrl failed to parse L”System.Web.Services”
fixme:shell:URL_ParseUrl failed to parse L”TransportInterfaces.25u2″
fixme:shell:URL_ParseUrl failed to parse L”System.Xml”
fixme:imm:ImmDisableIME (-1): stub
fixme:thread:NtQueryInformationThread Cannot get kerneltime or usertime of other threads
fixme:thread:NtQueryInformationThread info class 9 not supported yet
(repeated 10 times)
fixme:advapi:RegisterEventSourceW ((null),L”.NET Runtime 2.0 Error Reporting”): stub
fixme:advapi:ReportEventW (0xcafe4242,0×0001,0×0000,0x000003e8,(nil),0×0008,0x000000f6,0x3009a1b4,0x7e1b55e0): stub
err:eventlog:ReportEventW L”vpxclient.exe”err:eventlog:ReportEventW L”2.5.0.64227″
err:eventlog:ReportEventW L”48db0525″
err:eventlog:ReportEventW L”mscorwks.dll”
err:eventlog:ReportEventW L”2.0.50727.42″
err:eventlog:ReportEventW L”4333e7ec”
err:eventlog:ReportEventW L”0″
err:eventlog:ReportEventW L”000b333f”
fixme:advapi:DeregisterEventSource (0xcafe4242) stub
fixme:thread:NtQueryInformationThread info class 9 not supported yet
(repeated 10 times)

As you can see here:

I’ve also tried this with a ThinApp’d version of the VIC and basically get the same results.  I realize I’m probably beating my head against a wall, looking for a solution that probably just doesn’t exist.  But in the off chance someone has figured this out, I want to see if anyone has progressed farther than I.  Here’s my setup …

Version of  OS: Ubuntu 8.10 (kernel 2.6.27-9)
Version of Wine: wine-1.1.10

Anyone have any ideas?

The fresh flavor that lasts and lasts……that’s goal behind one of my customer’s latest desktop projects.  This customer has been working the View3 pre-release code for some time now.  Using View Composer, we now have the capability to very easily, and programmatically refresh a user’s desktop back to the original golden master image state.  View Composer supports three primary operations after initial linked clone creation:
1:  Refresh – A Refresh takes a desktop back to the original state of the master
2:  Recompose – A Recompose takes a linked clone and re-homes it if you will, to a new parent image (think instant OS updates or software rollouts)
3:  Rebalance – A rebalance takes all the linked clone VM’s in a pool and re-balances them across a set of LUN’s
For the sake of this conversation, we will focus on the Refresh operation.

Problem:
My customer’s goal is to maintain the integrity of their corporate desktop image deployed to users.  Over time, their user’s have a particular habit of destroying their desktops.  So much so, that they had to put in place a mandatory, ongoing re-imaging program so that all desktops never go more than six months without a re-image.  This policy has had some very positive results in terms of reduced help desk calls and time spent just sustaining a rotting OS.  That said, the effort required to sustain an perpetual, semi-manual re-imaging program is substantial.

Solution?:
Enter VMware View Refresh.  Right now, they have rolled out a program for a set of 50 users to see how well it would work to refresh a user’s desktop much more aggressively (every 5 days to start).  This means that after a linked clone is created and the user begins to use the VM, the VM will automatically refresh every 5 days back to it’s original state (configured in the desktop pool settings…screenshot to come).  The goal is to make this a highly seamless event for the users.  With View Composer’s User Identity Disk, C:\Documents and Settings\ is redirected to another, persistent (thin provisioned) .vmdk that is presented as the D: drive.  This is configured when you create the pool as shown below:

Based upon our initial tests, this is working really well.  We can refresh a user’s desktop without them ever knowing, as the next time they log on their profile is completely intact.  Currently we are testing all of their applications to ensure this will work across the board.  I am sure we will find some applications that do not, gasp!, save their preferences in the user’s profile (something TS/Citrix admins deal with constantly).  For those applications, our plan is to ThinApp the application and set the User Sandbox to live in the proper, user’s profile directory.  We have also found that we need to re-register each VM with the anti-virus console after a refresh operation which we are now achieving through a post-sync script.

I’ll be sure to keep everyone posted on our progress and experiences.  It’s certainly something to consider and explore.  Let me know what you think!  Until then, I wish you a very minty fresh desktop experience! 

Today is a very exciting day for those working in and around desktop computing. VMware has released a major new version of it’s end-to-end virtualized desktop solution, View3 (yes that’s a new name. VDI as a product name has fallen to the way-side). I have had the privilege of working with the product since it’s early beta days and with some customers who had early beta access. I’ve been impressed with the amount of customer feedback that was incorporated into the product between beta cycles. It’s a real testament to VMware’s desktop solutions group’s willingness to listen and to truly mold this into something that customers not only want to use, but are already deploying. SO, congratulations to all those who worked so hard to get this product out the door!

Rather than just reprint the marketing press releases, I thought I would highlight some of the key new features of View3, give a short explanation, and add some initial thoughts. As the (borrowed) graphic below shows, “View3” really is the umbrella name that covers all the components of the total solution. View Manager 3 is the desktop broker that sets up and manages connections between end users and back-end desktop virtual machines. Let’s dig into some of these features.

• Unified Access — View Manager now brokers connections to physical PCs, terminal servers, and blade PCs in addition to virtual desktops hosted on VI3. This allows you to make the View client or web portal a true, one-stop-shop for user computing. For example, I have a customer that is a hospital that has blade pc’s in use for a very specific radiology application. Since users connect to the blade PC’s over RDP, their connections can now be seamlessly be brokered through the same interface as their virtual desktops. There is also an interesting application here for MS Terminal Servers as View now can not only broker connections to Terminal Servers, but also easily add a load balancing mechanism.

Below: A screenshot of the various choices you have for types of desktop connection you can create for brokering:

• Virtual Printing — Provides end users the ability to print to any local or network printer. Virtual Printing includes a universal print driver, compression for print jobs, and auto detection of local printers from the View Client. Printing has always been a thorn in the desktop administrator’s side. The issue is magnified when we are talking about hundreds or thousands of virtual desktops. How do we ensure that the printer driver the user needs for their local printer will be available on the desktop that they land on. Either I have to do that work ahead of time and pin a user to a desktop (not very flexible and a bunch of work), or I have to install all the possible drivers across all the desktops in the pool (scary!). VMware did a great thing here, in my opinion, they partnered with ThinPrint to license the best of breed solution on the market (again my opinion J). The universal printer driver is installed with the View agent on the virtual desktop side and with the View client on the client side so there’s no extra work for the administrator. It’s just there and it works! Oh, and it works VERY well! The universal print driver is smart enough to pick up many of the unique features of the user’s printer, supporting all the bell’s and whistles your user’s require. The last key feature of Virtual Printing is the incredible print job compression it provides. The universal driver does adaptive compression of the print job on the VM side for a much lower impact on the network for print jobs. This is very important for those deploying virtual desktops to remote locations or even home users. That said, ThinPrint still provides some fantastic add-on’s to this technology. It’s worth checking out their website for a full comparison of what they can do, in addition to the technology VMware licensed from them! http://dotprint.thinprint.com/euen/Features/tabid/93/language/en-US/Default.aspx

• Enhanced User Experience — Extends MMR (multi-media redirection) to all Win XP and Win XPe based clients. Provides increased support for critical codecs- MPEG1, MPEG2, MPEG4 part2, WMV 7/8/9, WMA, AC3, MP3. Provides granular policies for USB redirection. What can I say about multimedia over RDP? Well it usually sucks. With MMR, the world becomes a much brighter place for the modern desktop user trying to work over RDP. MMR makes the playback of all the codecs above extremely usable over RDP. I’ve even tested this over a WAN connection with some fairly high latency numbers. The content just took a little bit longer to queue up but then the playback was seamless. A key change here is that MMR is now available to all WinXP and WinXPe fat and thin clients. Before, it was limited to only WinXP devices and Wyse XP/XPe thin clients. In regards to USB redirection, it works great! View3 adds the ability to enable/disable USB redirection at the pool or even desktop level.

• Offline Desktop (Experimental) — Provides the flexibility to intelligently and securely move virtual desktops between the datacenter and local resources. Users can check out their virtual desktops onto physical clients, use the virtual desktop locally, and then check it back in. Offline Desktop is one of those new, game changing type of features everyone has been asking about for years. There always will be a segment of your user population that will need to be able to work in a mobile, disconnected fashion. Offline Desktop solves some problems for this user segment. With View3, the administrator can configure a desktop for a user and then the user can “check-out” their desktop. The desktop is then block-level streamed down to the endpoint and then can be run the encapsulated desktop locally….without a network connection. Obviously only applications that reside within the VM and local data will be accessible. But still, a user could be very productive offline. The beauty is, that the next time the View client is signed into and can connect back to corporate, it will allow a block-level sync of all changes back to the corporate datacenter. And what happens if your user looses their laptop or it is stolen? Not to fear, strong encryption is always applied. The VM can “self-destruct/mothball” itself after x days of not checking into the View Manager (the administrator can configure this), or it can even be remotely disabled if it’s still accessible.

• Fully Internationalized product

• View Composer is a new product fully integrated with View Manager 3.  View Composer provides significant benefits to VDI solutions including:

· View Composer uses VMware Linked Clone technology to rapidly create desktop images that share virtual disks with a master image to conserve disk space and streamline management.

· User data and settings are separated from the desktop image, so they can be administered independently.

· All desktops that are linked to a master image can be patched or updated simply by updating the master image, without affecting users’ settings, data.

· This reduces storage needs and costs by up to 70% while simplifying desktop management.

View Composer is what I consider to be one of the most exciting new features of this release (even though it’s really a separate product). The storage cost associated with deploying virtual desktops has been up to now, one of the largest barriers of adoption. Many organizations I deal with loved VDI and what it represented in terms of data security and lowered management costs, but they just couldn’t get over putting all their desktop storage on expensive, SAN-based storage. That said, there have been a large number of customers who have moved forward with VDI because of all it’s great benefits. Many have leveraged features of their storage arrays to do things like thin provisioning, writable snap-shots, or even single instancing to significantly cut the storage costs. View Composer solves this problem for the rest of the world as it allows you to significantly reduce the amount of storage used by employing linked clones. Composer allows you to identify a “gold image” from which you desktop pool will be created. You then tell Composer what LUN’s to store the VM’s on and then the fun begins. Composer creates a replica on each of the LUN’s you provided and then there, the small linked clones are built. The provisioning is extremely fast and as you can imagine, highly space efficient. For a more detailed look at the guts, take a look at Rod Haywood’s excellent examination of the process: http://rodos.haywood.org/2008/12/storage-analysis-of-vmware-view.html

Composer isn’t just a storage savings tool. It’s also a game changer for desktop management. Now that you have all these linked clones for your desktop pool, you have the option to now manage the lifecycle of these desktops from the image. That’s in contrast to how thing normally work where once a desktop is created you have to continually patch it and upgrade it to maintain it (applications, windows updates, virus updates, and security updates). With the linked clones, we can now simply update the image at the top of the tree and re-home all the downstream desktops to the new version of the image. This is called a “Re-Compose” operation Think about the ramifications of that! You could roll out a new application to 1000’s of users with a few clicks, with a high degree of certainty by simply Re-Composing your users to a new version of the master image. Good stuff!! With the addition of the User Data Drive option which employs Windows Profile Folder Redirection technology, you can ensure that your user’s personal settings persist even after refreshing their desktop or even moving them to a completely new version of their desktop. Heck, you can even schedule a refresh of your user’s desktops every x days to ensure that your user’s never experience “Windows Rot” through the “Refresh” function. I could go on and on. I plan to do a follow-up post just on Composer but I hope this get’s your creative juices flowing in terms of the possibilities here!

There was a lot to cover here, but I think I covered most of the salient points. I hope you found it useful! I would encourage you to read more about it, play with it and try it out!

Here are some key links for the product:

Product Landing Page:   http://www.vmware.com/products/view/

Release Notes:              http://www.vmware.com/support/viewmanager/doc/releasenotes_viewmanager3.html

Documentation Page: http://www.vmware.com/support/pubs/view_pubs.html

Download Trial Link: https://www.vmware.com/tryvmware/?p=view&lp=1

Let me show you a slick application I stumbled across about 6 months ago.  My HP all-in-one USB printer is certainly a handy device, but being bound to the thing via a USB cable was driving me nuts.  I wanted to have full control (which meant a print server wasn’t going to cut it) and I wanted that control from anywhere in my house over my wireless network.  Now, there are a number of products on the market that can do this.  As an example, AnywhereUSB from Digi is one such product which seems to have a good reputation and from what I’ve seen, it works well.  But, I was in one of my moods and I was bound and determined to find a free solution.  In my searches I found a few software products and tried the 30 day demos.  They all worked well but they weren’t free and they were all products for Windows.  And since my WindowsXP desktop is actually a VMware Workstation virtual machine running on top of Ubuntu Linux, what I really needed was a solution for Linux.

I knew that if I could find something for Linux I would kill two birds with one stone.  Because not only would I be able to connect USB devices to my Linux OS, but as an added benefit, my WindowsXP virtual machine would see the connected device just as if it were actually connected … no additional software needed for Windows!  Eventually I stumbled across USB Server (+ USB Client) for Linux Beta which is offered as a freeware product from IncentivesPro (http://www.incentivespro.com).  After playing with the product a bit and creating a few custom scripts to further automate the connecting and disconnecting of USB devices, I found the solution I was looking for!  And I can tell you, I use the product on a daily basis.  Here’s a quick look at my setup.

1) I have an HP all-in-one USB printer connected to a Linux server running USB Server for Linux.

2) On my laptop, running Ubuntu 8.04 I have the USB Client for Linux installed.

3) To automate the process of connecting to the server and attaching the USB devices, I created a Bash script called connect_usb.  Simply running this script produces the following output …

asweemer@cowbuntu:~$ connect_usb
Restarting USB Server on sweemserv … Success!
Restarting local USB Server … Success!
Connecting to USB Server on sweemserv … Success!
Looking for USB Devices on sweemserv … Success!
Found the following USB Devices on sweemserv:

1: USB Server on sweemserv:32032 status: [connected]
‘–> 5: USB Device:   Officejet 5600 series  HP  – Composite USB Device
busid: 1-1       hwid: 03f0-4f11
speed: [full]    status: [device is connected]

Connecting to the USB Devices on sweemsrv … Success!
asweemer@cowbuntu:~$

After I see this, I have full control of the device just as if I had the USB cable plugged directly into my laptop.

4)  I already mentioned that I run my VMware corporate XP desktop as a Workstation 6.5 instance.  The USB Client presents the USB devices as local, so I connect to them in Workstation as if they were directly connected devices.  Check out the following screenshot …

See the last line “Hewlett-Packard Officejet 5600 series”?  That’s the printer.  And believe me, it’s not local like the other devices in the list, but VMware Workstation doesn’t know the difference.  And when I connect the device to the virtual machine, WindowsXP doesn’t know the difference either.

6) That’s it!  Works like a charm everytime

If you’d like a copy of the Bash script, let me know and I’ll update the post.  Also, I’d be interested in any other unique ways to handle USB Redirection, so please comment if you have a solution.

VMware recently updated its networking performance tests to see if the ESX hypervisor could efficiently leverage the ever-expanding bandwidth available at the Ethernet level. In short, it sure can! A single VM can effectively saturate a 10Gbps link when jumbo frames are enabled. But that’s not to say it can’t perform well with multiple virtual machines. Things scaled nicely and equitably for all VM’s. This type of scalable performance is reassuring as customers continue to raise consolidation ratios within their datacenters and virtualize the largest of workloads.

To save you some reading, here is the summary from the whitepaper, which can be found at: http://www.vmware.com/pdf/10GigE_performance.pdf

Conclusion:The results presented in the previous sections show that virtual machines running on ESX 3.5 Update 1 can efficiently share and saturate 10Gbps Ethernet links. A single uniprocessor virtual machine can push as much as 8Gbps of traffic with frames that use the standard MTU size and can saturate a 10Gbps link when using jumbo frames. Jumbo frames can also boost receive throughput by up to 40 percent, allowing a single virtual machine to receive traffic at rates up to 5.7Gbps.

Our detailed scaling tests show that ESX scales very well with increasing load on the system and fairly allocates bandwidth to all the booted virtual machines. Two virtual machines can easily saturate a 10Gbps link (the practical limit is 9.3Gbps for packets that use the standard MTU size because of protocol overheads), and the throughput remains constant as we add more virtual machines. Scaling on the receive path is similar, with throughput increasing linearly until we achieve line rate and then gracefully decreasing as system load and resource contention increase.

Thus, ESX 3.5 Update 1 supports the latest generation of 10Gbps NICs with minimal overheads and allows high virtual machine consolidation ratios while being fair to all virtual machines sharing the NICs and maintaining 10Gbps line rates.

Twice this week I have had customers contact me about how virtualization impacts their compliance with xyz (fill in your favorite regulation or bureaucratic oversight committee). In my effort to assist these customers, I was pleasantly surprised to find that VMware has launched it’s new Compliance Center portal on the VMware.com website. http://vmware.com/technology/security/compliance/

There is a massive amount of valuable whitepapers, webinars, and reference links on this site to assist with many different types of compliance questions. Initially there appears to be a focus on HIPPA (health-care), and PCI (credit cards) related info. This is fine by me as those two topics are probably the largest areas of concern that I have run into. I’ve been told there is much more coming, so stay tuned!

If for some reason, you still need more help, I would encourage you to contact your friendly local VMware partner or sales team. There are numerous additional resources they can bring to the table to help. Good luck and happy complying!

Hello all,

My name is Rick Westrate. Aaron Sweemer has been gracious enough to invite me to contribute some I (hopefully) insightful content to his snazzy new site. Now what in the world would qualify me to comment on the world of virtualization you ask? Let’s set the record straight. I certainly do not claim to be the authority on the subject. However, I do believe my 11 years of experience in the enterprise IT industry and my position with my employer, VMware, provides me with an occasional unique perspective on the virtualization industry. Before joining VMware, I worked as a consultant focused on a wide array of datacenter technologies ranging from VMware virtualization, large Citrix PS implementations, (woops, it’s called XenApp these days), and storage arrays implementations (primarily EMC). These days, I work as a Systems Engineer in West Michigan, focused on large Enterprise Accounts. I travel around spending time with customers, listening to their problems, concerns, and needs. I then work with them on walking through and understanding the many game-changing solutions VMware provides. It’s certainly an exciting time to be in the virtualization industry. The pace of innovation, and change is amazing. SO, hello to you all! Hang on tight and stay tuned. I will be publishing some additional content soon. I look forward to interacting with everyone and hearing what you have to say!

I’ve been using Perl for close to 10 years now, so my natural tendency has been to use Perl when creating automation scripts for virtual infrastructure.  Now for some reason, there has been a significant increase in the amount of questions I get about scripting repetitive virtual infrastructure tasks.  In fact, just yesterday a customer asked me “is there an easy way to rescan the HBA’s in all off my (many) hosts?”  With the GUI, this could translate into 100s of clicks and a very boring hour or more of work.  Of course, a properly written script could easily handle this, requiring a mere 30 seconds of his time.  And again, a few months ago I would have answered the question by pointing him towards Perl.

But recently there has been a lot of buzz around Powershell and the VI Toolkit for Windows.  So I started checking it out a few months ago and thus far, I’m very impressed.  Check this out, a script that would solve the HBA rescan problem I just described could be as simple as this …

Connect-VIServer –Server  ip_of_vc -User “username” -Password “password”
Get-VMHost | Get-VMHostStorage –RescanAllHBA

Or, if you’d like the script to prompt you for the VirtualCenter IP, username and password, it would look like this …

$vc = Read-Host “Enter the IP address of your VirtualCenter server”
$un = Read-Host “Enter your username”
$pw = Read-Host “Enter your password”
Connect-VIServer –Server  $vc -User $un -Password $pw
Get-VMHost | Get-VMHostStorage –RescanAllHBA

Pretty easy, huh?  Here is a quick little script I wrote for a customer that’s standing up a large number of ESX servers and they didn’t want to manually add all of them to VirtualCenter.  The DNS names of their ESX servers were computernamexxx.domain.com.

## Gather info and connect to VC
$vc = Read-Host “Enter the IP address of your VirtualCenter server”
$un = Read-Host “Enter your username”
$pw = Read-Host “Enter your password”
Connect-VIServer -Server $vc -User $u -Password $p
Write-Host “Connected to VirtualCenter ($vc)”

## List available datacenters and select which one to add the ESX servers
$adc = Get-Datacenter
Write-Host $adc
$dc = Read-Host “Which Datacenter?”

## Gather the number of ESX hosts, the root password and the first ESX to be added
$nh = Read-Host “How many hosts are we connecting?”
$rp = Read-Host “What is the root password of the hosts?”
[int]$start = Read-Host “What is the number of the first host (computernamexxx.domain.com)?”
$stop = $start + $nh

## Add them to VC
while ($start -le $stop) {
$x = “{0:0##}” -f $start   ## <– leading zeros
$myhost = “computername” + “$x” + “domain.com”
Add-VMHost $myhost -Location (Get-Datacenter $dc) -User root -Password $rp
Write-Host “$myhost is now connected to VirtualCenter ($vc)”
$start++
}

Or, here’s a quick and dirty one liner I used to remove the VLAN ID’s on a port group.  If you want to add or change the VLAN ID, rather than remove it, simply change the 0 at the end of the line to the actual VLAN ID.

$hosts = Get-VMHost; foreach ($x in $hosts) {get-virtualportgroup -host (get-vmhost $x)  -name “portgroup” | set-virtualportgroup -vlanid 0}

As you can probably tell, I’ve decided that I like Powershell and the VI Toolkit for Windows.  It’s VERY handy.  In fact, I’m thinking of collecting my favority scripts, tools and links and compiling a separte page.  So look for that coming soon.  For now, here are some essentials:

• The official VMware VI Powershell blog
  http://blogs.vmware.com/vipowershell/
• Managing VMware with Powershell FAQ
  http://communities.vmware.com/docs/DOC-4210
• A very good GUI and script editor for Windows PowerShell (and what I personally use)
  http://powergui.org/
• An awesome example by Mike DiPetrillo
  http://mikedatl.typepad.com/mikedvirtualization/2008/10/quick-migration.html

Happy scripting!

With virtualization finding its way into every nook and cranny of the data center, it would seem that tier 1 applications are the only safe harbor for the few remaining “Server Huggers” out there.  Their mantra usually sounds something like this …

“My application is too I/O intensive for virtualization,” or “MY xyz application vendor doesn’t support VMware” or possibly “My application is too important to be virtualized” (this is one of my favorites).  Believe it or not, I even heard one guy say “you can virtualize my server when you pry it from my cold dead hands” … um, wow.  He has issues.  Last I heard, he was de-virtualizing a server farm at the NRA.  Hehehe.

Anyway, for the rest of us with our heads NOT buried in the sand, I’m here to tell you that tier 1 applications can and should be virtualized.  I’ll go so far to say that if you’re not virtualizing tier 1 applications, you are doing your company a major disservice.

Below is a brief overview of a presentation I gave in Cincinnati a few weeks ago to a group of about 75 professionals.  The topic was “Virtualizing Microsoft Exchange.” And while the content that follows is geared towards the Microsoft Exchange application, it can really apply to any tier 1 application.

Performance

I’ll start with performance because this is typically the first objection to virtualizing a Tier 1 app.  The perception is that virtualization creates too much overhead and therefore applications in a VM will certainly underperform applications running on a physical server.  This current perception was born out of a previous reality.  In the early days, virtualization really did introduce enough overhead to warrant physical servers for applications with high I/O. But a perfect storm is a-brewin’ and I summarize it with the following equation:

hypervisor improvements + server hardware improvements + application improvements =
better than native performance

That’s right.  Mileage will vary, but given a properly architected solution, virtual can actually outperform physical. And even in scenarios where physical outperforms virtual, the delta is probably measurable, but not observable.  So let’s take a closer look at the three areas I mentioned in the equation above.

Hypervisor Improvements

The hypervisor (AKA, the virtualization layer, AKA the Server Hugger’s worst nightmare) has come a long way in the past few years.  And in VMware’s ESX product, the latest version has the following performance improvements over previous versions:

• Increased guest OS memory to 64GB
• Increased physical RAM on ESX to 256GB
• TCP segment offload to further lower CPU utilization
• NUMA optimizations improve multiple VM performance
• Support for 64-bit clustering with boot from SAN

These improvements alone can capture almost all tier 1 applications, but combined with the next two, almost no tier 1 app can hide from becoming a candidate for virtualization.

Server Hardware Improvements

We’re now seeing server hardware with 256GB+ of physical RAM. Multi-core CPU’s with 2 and 4 cores are running in production today and 6/8/12 cores are coming soon. And best of all, hardware-assisted virtualization technologies are emerging, pushing the virtualization overhead down to the hardware, getting the hypervisor ever closer to near native performance.

And because the vast majority applications simply can’t fully utilize hardware with this much horsepower, ironically, virtualization is the only way to truly capture the full ROI of these physical investments.

Application Improvements

As applications continue to evolve, bugs are fixed and bad code is optimized, performance improvements within the application are being realized, further reducing the need for a physical server. Speaking specifically about Microsoft Exchange, the following performance improvements exist in 2007 over 2003:

Exchange 2003	Exchange 2007
32-bit Windows	64-bit Windows
900MB database cache	Multi-GB database cache
4Kb block size	8Kb block size
High read/write ratio	1:1 read/write ratio
Requires high-end storage	Affordable storage (iSCSI)
Storage is common pain point	Eliminates storage pain point
	50% reduction in disk I/O

Of course the improvements for this piece of the equation will vary from one app to the next.

Bottom Line: Performance should not be a barrier to virtualizing an application.

A Virtual Server is Better than a Physical Server

Tier 1 applications are the most critical, important applications in your organization and therefore they need to run on the best infrastructure possible.  So almost by definition, tier 1 applications need run in a VM.  Here are a few of my favorite reasons why a VM is better than a physical server.  Keep in mind, these aren’t the only reasons, just my favorites.

Reason #1: Better up time

The “eggs in one basket” argument no longer applies.  And for those of you who don’t know what I’m talking about, the objection usually sounds something like this … “If I put 30 VMs on a single physical server, and that physical server crashes, then I’ve just lost 30 applications instead of one!”  This was a very legitmate concern five years ago.  But today you can get better uptime in a VM than you can with a physical machine.  In the worst case scenario, if a physical server dies, those VMs are automatically powered up on a different physical server.  In my experience, the VMs are usually back up and taking requests in under two minutes (and yes, I’ve timed it with a stop watch).  And this is worst case scenario for a VM today!  What’s best case scenario for restoring a physical server after a hardware crash?  Weeks?  Days?  Hours (if you’re lucky and really prepared)?

So with today’s technology (and it’s only going to get better with what’s coming soon), worst case scenario for a VM is better than best case scenario for a physical server.  And you might ask, what’s best case scenario?  Even with hardware maintence, you can achieve 100% uptime with VMs.  How?  Check out a few of VMware’s features like VMotion, DRS and Update Manager.

Reason #2: Better hardware utilization

The average server utilization across the globe is less than 10% and in my experience, it’s often less than 5%.  Why?  A single application can rarely harness the power of the hardware it’s running on.  And for a ton of different reasons (which I won’t go in to here), critical applications typically require a dedicated server.  That is like buying a Ferrari and never driving it more than 5 mph … what an awful waste!  Get the most for your money by putting each app in a VM, running multiple VMs per physical server.  Open that baby up and let it do what it was built to do!  I think the following two screen shots do a great job of showing you what I’m talking about.

CPU Utilization Before VMware

CPU Utilization After VMware

Reason #4: Avoid over provisioning

Why waste time and energy planning for future capacity (which is really nothing more than an educated guess based upon a ton of assumptions)?  The tendency has been to over provision hardware to account for future growth, but this often leads to under utilized hardware.  With Virtual Machines, additional CPU and RAM can be added at anytime with a few clicks of a mouse.  And moving to more powerful systems in the future can be done in real time with VMotion and/or Storage VMotion.  With virutalization, it only makes sense to simply build your application for the capacity you need and then throttle as necessary.

Reason #5:  Better Security

Typically, protection engines come in two forms, host based and network based.  The problem with network based security software is that it has no (or very limited) visibility in to the host.  And the problem with host based security software is that it’s running in the same context as the malware that it’s trying to protect against.  And the creators of malware are not stupid! They continually find new ways to hide their malware and/or attack the protection engine, creating a never ending viscious circle of cat-and-mouse.

But we now have new, trusted layer with the much smaller codebase of the hypervisor where we can provide protection from outside of the operating system.  A protection engine from this layer provides a much stronger defense because it’s “underneath” the VM, completely isolated from the malware.  And this is a great place for a protection engine to live because it can see all I/O of the VM and inspect each of the virtual components (CPU, Memory, Network and Storage).  Better yet, we now have the ability to do things like:

• Intercept, view, modify and replicate I/O traffic from one, many or all VMs
• Provide inline protection or passive monitoring
• Mount and read virtual disks

Reason #6: DR made easy

In the physical world, DR is a pain in the butt and super expensive.  The reason is DR solutions for physical servers often require similar hardware at the DR site to avoid issues with driver, hardware, and software compatibility.  These dependencies are eliminated in a virtual world, which means any VM can run on any physical server with an ESX hypervisor.  And because a VM is completely encapsulated, the entire VM exists in a small set of files.  This simplifies replication and therefore simplifies the process of keeping your production and your DR environment in  sync.  And finally, servers at the DR site can be used for other purposes, like test and development, until they are required for DR purposes.  Which means an investment in a DR infrastructure will not site idle.

Support

I love it when I hear someone say “my application vendor says they won’t support VMware.” Hmmmmm.  Here’s a crazy question for ya, isn’t it VMware’s job to support VMware?  Now, I’m sure what they really mean is that the vendor won’t support their application in a virtualized environment.  But just to make things clear, if you have a problem with VMware … call VMware.

And support for applications in a virtualized environment is rapidly changing.  Examples are numerous, but two big ones that come to mind are SAP and Microsoft.  In the earlier part of the year, SAP announced full support for their software on VMware.  And just recently, Microsoft announced the Server Virtualization Validation Program (SVVP) where they will support their OS’s and a good list of their applications in a virtualized environment. And VMware’s ESX is the industry’s first hypervisor to be validated by Microsoft.

What about those vendors who still don’t support their applications in a virtualized environment?  Most of my customers do two things.  First, they put pressure on the vendor to start providing support.  For large companies, this can be very effective since the software providers want to keep their big customers happy.  Second, many of them have a “swing server.”  So when a vendor’s support team requires them to reproduce the problem on physical hardware, they simply V2P the VM on the swing server and continue on their merry way.  (Yes, I know, this isn’t always as easy as I make it sound.  Though it often can be just that easy)

Still not convinced?

The table above is the results of a survey of 500 VMware customers taken over a year ago, and the numbers are growing rapidly.   Simply put, customers are virtualizing tier 1 applications today.

Powered by ScribeFire.

In my first post in this series I stated that you need to know about and care about virtualization in your company. And I sincerely mean this regardless of your role or position. I don’t care if you are in sales or marketing or finance or development. I don’t care if you are the CEO of a billion dollar company or if you are a software developer trying to debug some code or if you are a marketing manager relying on business systems (such as email) to do your job. Simply put, a properly virtual platform will have profound and compelling benefits that will affect your ability to do your job and grow your company.

But how?

I’m glad you asked. Quite frankly, the benefits are so numerous I find it hard to know where to begin. But at the end of the day, the bottom line is what counts here in corporate America, so let’s start there.

Virtual servers are not bound by the same physical limitations that constrict traditionally built servers. And what this means is that we can now safely put many virtual servers onto a single physical server. Consolidation ratios of 30:1 are typical and upwards of 75:1 are certainly not uncommon.

And let’s think about this for a second. Assuming a 50:1 ratio, if my company is spending millions of dollars a year on a data center that has 5000 physical servers, for example, how much money would my company save by creating 5000 identical virtual servers and running them on a solid virtual platform running on only 100 physical servers? That’s right, 5000 physical servers can be reduced to 100 or less. Think about what that means in terms of hardware, power and colling, provisioning and administration, etc. The dollar savings are absolutely profound. I’m not kidding. In a later post I’ll show you some real world TCO and ROI calculations and the numbers are seriously unbelievable. Even the most stern and stodgy of CFO’s will be as giddy as school girl. Very exciting.

And let’s think about this a little more. If a virtual platform can save your company millions of dollars, what could that money be used for? Could it be used to hire top notch talent to grow your business? Or could it be used to purchase more advertising, marketing, or sales talent? It’s a rhetorical question, you don’t have to answer.

The next benefit is undoubtedly the most powerful and exciting, but it’s one that most individuals don’t understand right away. Everyone gets the dollar cost savings instantly. It’s easy to see and understand. But really the most powerful benefit of virtualization is mobility.

Revisiting our VPN example from the last post, what does a VPN allow you to do? It allows you to be mobile and access the corporate office from anywhere. You are now free from the home office and you can quickly pick up and go get business done. Similarly, a virtual data center allows your infrastructure to quickly move, change and adapt to meet your business requirements. Once my servers and applications are virtual, they become highly mobile, and they can easily move from one physical server or infrastructure to another with very little effort.

This mobility has a tremendous impact on all sorts of things that you care about. All of the applications you use every day (email, web, file sharing, etc.) can now move around with zero downtime and in a manner that is absolutely transparent to you. This allows for things like zero downtime maintenance and significant performance improvements for your applications.

Since this post is getting a little long, I’ll continue to address the remaining benefits of creating a virtual infrastructure in part three of this series.  Sorry for the delay between posts, it has been a very busy month.  Part three should come along much quicker (I hope).

With this first post (well, technically, it’s the second post) I suppose the proper place to start is at the most logical place, the beginning. And I believe the beginning is to answer the simple question, “What is virtualization and why the heck should I care about it?” I get asked this question quite a bit and, not surprisingly, it’s often by people who are not in the IT department.

I have the fortuitous opportunity to work with some of the largest companies in the world and, believe me, the guys I work with on a daily basis are well aware of the benefits of virtualization.  Trust me, these guys have drank Kool-Aid and they are shoving virtualization down the throats of anyone within earshot, and certainly anyone they have authority over.  Of course, there are exceptions to this rule and every so often I run into someone who simply doesn’t get it.  Actually, in my humble opinion, it’s not even that that don’t get it, I believe they’re afraid of it.  And because they’re afraid of it, they bury their head in the sand and don’t make any effort to understand it. But, I digress.

Having said this, I have a sneaky suspicion that there area ton of people out there who have heard about virtualization, aren’t necessarily afraid of it, but don’t fully understand what it is or, more importantly, how deep and wide the benefits of virtualization extend.  So, before I start to address the benefits of virtualization, let me clearly answer the second part of my original question, which is, “why should you care?”

No matter who you are or what your role is, virtualization has the power to absolutely and, quite dramatically, affect your productivity, your career and your company.

Now, even when I read that statement, I almost don’t believe it.  If I had heard it for the first time, I would have laughed and written it off as ramblings from someone who obviously needed psychiatric attention. After all, technology has quite often been more of a pain in the a$$ than anything else, right? I certainly know that I get all kinds of pissed off when the email server goes down or when the information I need is unavailable due to a server crash.

But before you completely disregard my statement, remember that your perception is based upon an assumption that the “problematic” technology was built upon a proper foundation.  Er, uh, before I bring anyone’s job into question, let me say that it’s not that that the foundation was incorrectly built at the time. Rather, virtualization is relatively new and it’s breaking all the rules, creating a completely new kind of foundation.

You see, it’s not that your email server is fundamentally flawed (though, it could be), but a weak foundation will crumble the strongest fortress. Conversely (and here’s an added bonus of virtualization), a solid foundation will support the weakest outhouse (figuratively speaking of course, I’m not *really* calling your email server a piece of crap).

Ok, ok, ok, ok, I’m rambling. You get my point and I assume you’re itchin’ for me to move along. But I still haven’t explained what virtualization is, which is something I should probably do before going into the specific benefits that will improve your life.  So here is my own personal definition … wait for it … wait for it … ready?  “As if.”

Huh? Yep, “as if.”  Virtualization allows people and things to operate / function / interact “as if” they were real.  Let me give you an example.  A VPN (a virtual private network) is something you’re probably very familiar with.  And what does a VPN do?  It allows you to communicate with the home office as if you were really there.  Another example?  Okay, how about virtual reality?  It allows you to interact with a game or a movie as if it were real (actually, I think this is a bad example because I haven’t found a single virtual reality game that comes even close to feeling real … but you get the point).  So how does this translate to information technology?  Well, virtualization creates a foundation that allows servers, applications, storage and networks to function as if they were real or physical.

A key point to make here is that virtualization is, as it should be, completely transparent.  To the user (or to the OS, application, etc.) there is no difference between a virtual server and a physical server. There’s no need to completely retrain your users on how to use a virtual server and you’re not going to get 1000 support calls after converting a physical server to a virtual server.  A properly built virtual infrastructure will have no adverse effects and will only serve to position your infrastructure for a slew of upside benefits.

And I want to stress the word “properly.”  Because an improperly built virtual infrastructure could have exponentially more problems than a physical infrastructure, forcing you to pray to the virtual gods for a quick and painless death.  And if for some reason you decide to ignore this warning and go convert all your servers to virtual machines without any further guidance or preparation, don’t say I didn’t warn you.

I hope I’ve piqued your interest enough to come back for part two, where I’ll go into all the benefits you’ll receive by creating a solid virtual platform.  And believe me, there are a ton of ‘em.  So I hope to see you back here soon.  Until then, check out some of the links to other virutalization blogs I have listed on the right hand side of this page.  I think you’ll find them valuable.

Well here we go. I’ve completely changed the direction and focus of this blog. This used to be a place where I would post little bits of information and humor about my family and my life. But I’ve decided that, at least for now, I want to focus on a blog about my professional life. And if you can’t tell by the title of the blog, I’ll be talking about virtualization and other next generation technologies. I’m not sure how long this journey will last or where it will take me. But I know that it’s a journey that I want to take. So, here we go, let the journey begin …