Tuesday, August 31, 2010

VMworld 2010 Reporting: SRM Futures: Host Based Replication

Note: In the next major release fail back will be supported. During fail back only the vms that were failed over initially will be failed back.

Site Recovery Manager of Today

- Simplified and automated testing and failover.

Site Recovery Manager of the future

Host Based Replication (HBR)
HBR provides replication between different storage vendors and local storage. Replication is managed as a property of the virtual machine or a large group. Replication is being managed at the ESX layer. You can opt to replicate all disks or a subset of disks for a vm. HBR Allows you to sneaker net in order to jumpstart replication. You set the RPO (Recovery Point Objective) on a per vm basis down to 15 minutes. HBR is based on replication of delta disks between sites.

ESX watches the lower level SCSI traffic and sends the changes. A FT enabled vm will not be supported when the product ships. The product is expected to ship next year.

There is no log management of applications inside the VMs.

The framework for HBR involves an HBR agent installed on the ESX host on the primary site. A group snapshot of all disks associated with a VM is done to ensure crash consistency across the entire vm. The second component is an HBR server (HBR Management Server) which is a Linux based vm deployed at the replica site. The vm is controlled through the SRM tab, no need to go to the interface of the HMS. Multiple HBR servers can be deployed for scale but one will be typical for most customers. One HMS per vCenter. The HMS has a database (internal or external TBD) to keep track of the linkages. Many to one site replication scenarios are supported. The first release supports powered on vms; replication stops on powered off vms. Physical RDMs are not supported for HBR because it ESX needs to see the SCSI transactions.

- Posted using BlogPress from my iPad

VMworld 2010 Reporting: Keynote

The cloud is a collective of computing resources.

Rick Jackson; Chief Marketing Officer

17021 attendees at VMworld

This years event is being serviced by a hybrid cloud, generating 4000 vms per hour. By the end of the week this number will be in 100000. In addition Rick announced the VMUG program has been formalized and now has a board of directors. Attendees were encouraged to join a local chapter.

The tag line for this years event is virtual roads, real clouds. As customers adopt virtualization there are 3 distinct phases. IT production, cost savings. Business production, unprecedented reliability. Phase 3 is SaaS or IT as a service. VMware is the ideal solutions for SaaS because they provide an open framework by supporting industry standards i.e. OVF and vAPI.

IT as a Service = optimizing IT production for business consumption. Customers must move from phase 1&2 to phase 3.

Paul Maritz, CEO

Paul Reviewed the phases; IDC reported the turning point, VMs out shipping physical servers. This year 10 million vms will be deployed. Paul thanks the audience for this collective achievement. Paul segways to theory. More traditional operating systems are being deployed without visibility to the actual hardware. The innovation of the future will be done at the virtualization stack. The requirements are automation to decrease OpEx and integrated security. These are themes for the innovation that will occur.

Another factor is how the virtualization stack will be paid for. On whose books will this expenditure sit? Movement between private and service provider clouds requires work and adherence to a common set of standards. It must allow movement to and from a public or private cloud.

But are old apps on new infrastructure enough? Customers cannot be stuck with a monolithic application that cannot be upgraded or developed properly. The industry has responded by delivering new open framework and tools (Springsource, HTML5) for application frameworks.

This will change the traditional operating system as a general purpose operating system has to much overhead for what it is required to do. It is now just a piece of a larger system.

The other change is the integration of SaaS apps into the business infrastructure. They are coming in "uninvited" and IT will need to figure it out. Also there is a proliferation of new OSes and hardware profiles and once again IT will need to make sense of it all. This introduces a new requirement for innovation in the end user environment. The reality is IT cannot keep pace with these changes.

This new area of innovation will lead to a new stack in the end user environment. This is a change that will impact all of us and is inevitable with or without VMware according to Paul.

This introduces Stephen Herrod's product announcements. He starts with a review of virtual infrastructure. Stephen refers to VI as the virtual giant. The virtual Giant has properties

- Open
- Automation
- Elastic resources
- Efficient pooling of resources

vSphere provides incredible scale. There was a strong focus on vMotion in the 4.1 release allowing more to move with less resources. The issue this technology addresses is scale. The other features of 4.1 is storage and network I/O controls. Think shares based on network and storage properties. (I will cover this in-depth on a different post). The vStorage API offloads some capabilities back to the storage hardware.

Stephen then starts a review of vCenter; capacity, configuration, disaster recovery and compliance features. VMware has acquired Integrien; management through proactive analytics. Predicting what is going to happen based on metrics.

Stephen uses his IT use at home which allows quick consumption of new apps to contrast the pace of IT at work. IT must now consider how business consumes services. VMware presents their App Store vision. The infrastructure is made up with a virtual datacenter (VDC). A VDC allows the business to move a service center to a 3rd party hosting center. New product announcement based on project Redwood "vCloud Director".

There is also an element to of security which leeds to new product announcements

VMware vShield EndPoint
VMware vShield Edge
VMware vShield App

To assure compliance from a security perspective VMware also introduced a new certification program "vCloud Datacenter service".

Demo focused on a portal to present a personal service catalog for a user. Now the management interface is introduced. You can manage multiple vCenters that represent provider vDCs. Now you connect public and private clouds through vShield. The user is unaware of where these resources are running.

Next point is how applications will be written in the near future. VMware introduces vFabric. vmForce was highlighted as a co-development between Salesforce and VMware. Hyperic was mentioned as the management system between the application stack and the virtualization stack.

End User computing and View 4.5 was discussed. Offline and new reference material for how VDI reduces acquisition costs was referred to. Project Horizon was introduced. Single sign on was demo'd and an acquisition was announced to bring this capability to VMware's portfolio.

VMware View Client for the iPad was demo'd. It showed both VDI and applications integrated into the device with a very Apple look and feel.

- Posted using BlogPress from my iPad

VMworld 2010 Reporting: Security and the Cloud

Session introduced the Tenant-in-control concept. How can the cloud provider assure customers their assets are safe?

Issues for IaaS (infrastructure as a service)

Hyperjacking - installing a rogue hypervisor to take complete control. Examples are Blue Pill/SubVirt experiments.

White paper on cloud attacks; http://cseweb.used.edu/~havoc/dist/cloud sec.pdf

Regulatory requirements on cloud and virtualization are being actively developed NIST's.

Rick Brunner was talking about booting from a secure chain of trust, rooted to hardware. The concept is to establish and validate hardware and software. New generation of CPU's (Intel Westmere) with Trusted Execution Technology (TXT). TXT provides secure measures of all software which are stored in the Trusted Platform Module making the system tamper proof to prevent attacks. The TPM provides secure storage on the physical server.

vSphere ESXi supports TXT (not supported in classic) vSphere sends the TPM measurements to vCenter. vCenter allows applications to take advantage of this through an API. vCenter is the control point; can I move vms to this hardware, is it trusted?

All this is good but it is not sufficient means of ensuring security and compliance. Customers should follow vSphere hardening guidelines in addition to considering TXT.

This leads into presentation from RSA, the security devision of EMC.

In the 'demo', RSA enVision is used to query vCenter to ensure compliance. EnVision sends the information through the Advanced Data Management Layer to the RSA Archer eGRC platform.

The use case for this technology is more complex than just firewalling vms. The use case presented is "ensuring VISMA vms are executing with US-tagged resources". TXT is enabled in the bios of the hardware and a geotag is written to the TPM on the host. You enable tboot under the advanced properties of the vSphere host to ensure a trusted boot is performed.

A policy is applied at the cluster level and inherited by the virtual machine. The demo showed the customized version of RSA Archer. You can look at your FISMA compliance chart to determine the level of compliance across your Virtual Infrastructure. You can also look at compliance over a period of time.

As a cloud provider you can tier based on security offerings. For example a Gold standard complies with FISMA.

This is a solution that integrates VMware, Intel and RSA to solve security problems with utilizing cloud resources.

- Posted using BlogPress from my iPad

Monday, August 30, 2010

VMworld 2010 Reporting: The Future Direction of Networking Virtualization

Howie Xu, R & D Director, Virtualization and Cloud Platform

This presentation is visionary in nature with no commitment to product delivery. Howie noted a trend in more and more networking professionals attending vmworld. Additional trends also impacting networking;

- Virtualization and mobility
- Convergence in platforms between servers, storage and networking
- Cloud economics
VMware sees the cloud as a way of doing business not a destination.
Cloud involves increased efficiency and flexibility

In VMwares own platform they have progressed from a managed virtual switch to a distributed switch, with a distributed "virtual network" envisioned for the future. The properties of a virtual network are access to anything, anywhere and at any scale. Cloud should also not be a second class citizen with respect to networking, it must offer an equivalent quality of service. Antime is about closing the time between deploying a virtual sever and the time robust networking services are applied to the virtual machine. Any scale is about scaling up, down, horizontally and virtically economically.

You need therefore to decouple the workload from a static networking configuration. Today network managers struggle to adapt to a much more dynamic environment. It is unlikely that IT groups can build technical teams in the current market to deal with this additional level of complexity. So how? The only solution is to liberate IT resources from the drudgery of networking support to enable them to become more strategic.

Coordination of L2-L7 services is currently human resource intensive. The network is also not very transparent. This problem has existed for a while but the demand for cloud economics is making it a bottleneck to flexibility.

VMwares customers want the network to become transparent. This leads into the concept of the virtual chassis or vChassis. Think of a typical balde enclosure that includes modules and plugging for storage and L2-7 networking services.


VMware provides a platform and allows their 3rd party partners to pluggin to it. Similar in concept to the integration of 3rd party network switches into blade enclosure. 3 planes, data management and control plane.

In order to provide this, networking must extend it's capabilities to enable instantaneous service provisioning, visibility and policy enforcement, elasticity and scalability, multi-tenancy.

Think about plugging in a distributed traffic shaper though a control plane that extends across the entire virtual infrastructure to provide custom data plans on a per vm basis. Over riding this solution would be a policy based management solution.

vChassis can do 10 GB line rate to a VM using a small part of the CPU but it needs to be added to a control point to manage this capability.

Networking technology was designed for a static environment. L2 has to be scalable, flexible, and include multi-tenancy.

VMware is working closely with their partners but it is not easy as things like backwards comparability have to be considered.

The value os this development is to allow 3rd parties to develop on, certify against and sell to VMware customers. VMware takes advantage of this themselves through vShield. This will enable a new generation of cloud enabled services.

The foundation of this currently is the distributed network switch and vNetwork API. Futures is the vChassis and virtual network.

VMworld 2010 Reporting: Future of End User Computing

Mobile devices are pulling apart the traditional desktop; example many apps are already running from the public cloud (think salesforce.com). The key to enabling users is to deliver a better, always on, customizable type user experience. How then can today's IT deliver consumer level simplicity with enterprise level compliance and security? So what to do? Doing nothing will cost you on many fronts; so we have no choice but to deliver. You need to embrace cloud computing and address these end user requirements according to VMware. VMware sees this as a 3 stage journey, modernizing windows, unifying application management (cloud and local apps) and then collaboration in the cloud.

ThinApp is key to this modernization because it is an app virtualization and migration tool not just an app virtualization tool (applicable in Windows 7 migrations).

PCoIP is also key; a real strength PCoIP is that it is UDP based. Fundamentally PCoIP does not impose overhead through packet retransmits like TCP.

VDI is more complex as the OS is constantly changing depending on what the user is doing. In addition local mode in View 4.5 was highlighted with the type two solution (windows on windows and mac on mac soon) as a Bring Your Own Computer (BYOC) solutions. It Does not require the reload that the client side hypervisor requires. View 4.5 supports tiered storage APIs. New product announcement "vShield edge server for offloading anti-virus for VDI".

- Future trends, diversity (hardware platforms, OSes and Apps)
- HTML5 cache, zero touch clients, native video and GPS capabilities
- Application Frameworks, apps are being constructed though web frameworks (i.e. Google Earth, SaaS).
- Corporate IT is 50%/50% (sales force.com)
- Connectivity is ubiquitous

It's about the applications which leads the presenter into talking about Zimbra. People see it as email but it is SaaS framework.

New product announcement; ThinApp factory a potential Dazzle competitor. Codename Project Horizon based on ThinApp and policy based delivery of applications to users.

Native PCoIP client from the iPad was discussed but not demo'd. It will be during one of the keynotes.

What is collaboration in the cloud, blending hosted and non hosted apps into a single end point. Auto-managed and delivered to the users.

VMware's valued add is they are not building a SaaS which assumes the backend is a proprietary datacenter (I.e. Google). There technology allows the integration of several data centers behind a common framework.