Thursday, October 20, 2011
#VMware #vSA appliance, the stupidest pricing decision I've seen in a long time...
Many installations of virtualisation have a bunch of servers, but no separately installed network storage on which the VM's can be stored. This means that VM's are tied to the host on which they are running. Amongst other disadvantages, it means that if the host fails, the VM's go. It's a bit like the old physical days, lose the server, lose the service.
In a decently configured SAN setup, HA will cause any guest servers to be restarted on other hosts, subject to certain conditions - but in principal provided you have both a) the capacity and b) configured it correctly; then your network servers will be back quite quickly.
If you factor in Fault Tolerance (or guest server level resilience like Exchange DAG's) then users might not even notice an outage. Perfect.
The vSA gives the owner of servers without a SAN the benefits. Internal storage on the host servers is consolidated into a single space available to all hosts. In the event of a host failure, the other hosts still have copies of the VM guests and can bring them back quickly.
But the conditions/requirements attached to this are somewhat, ahem, interesting,
1. You must have RAID10 configuration for the internal storage.
2. Each server must have 4 GB Ethernet ports to provide triangulated connections to the other 2 servers (the vSA is aligned with the SMB editions and only runs on 3 servers).
3. Best practice is that the vCentre should not run on the vSA. VMware staff at VMworld suggested it run on a separate box outside the cluster - how 2008!!
The consequences of this:
1. To provide (say) 3TB of usable storage the installation will need 12TB of raw disk space.
2. You need to re-use an old box (hardware support contract anyone? RAID support anyone? Driver support anyone?) to run the vCentre server. And don't forget, this "old" box has to be 64bit!!
3. You need to invest in 6 dual port NIC's (you could get quads, but better to spread the physical risk across 2 cards per server).
4. You should have a separate GB switch to link up the vSA so that there is no LAN traffic impacting performance, and your SAN traffic is secure.
You then get an under the covers SAN running across all the hosts and provisioning storage for your VM guests.
Lets's say £100 for each dual NIC card, and £200 for each of 12 1TB drives. That's £3,000 in total.
The alternative of say, a NetGear ReadyNAS 3200 (other SAN's are available!) with 6TB raw disk space providing about 3.5TB available in a RAID6 style configuration. This can be got for around £3,000. I'd put a second dual NIC card in the SAN to give resilience for the SAN connections, and another 2 resilient ports for a network management interface; say £175 (it's special, it's for a SAN). You'd need the switch still, and I'd certainly consider two NIC cards in the server for physical resilience. So let's say will still get the 6 dual NIC cards for £600 total again. You might also want a pair of disks in each server to provide a RAID1 mirrored boot drive, but as you can boot ESXi from USB I'm going to say no (we are in an economy drive after all)
This means the SAN is going to set you back about £775 more than the vSA cost (or about 25%).
Oh, but wait, i forgot something. The vSA licence costs money. A shade under $8,000, or say (and I'm being generous) about £5,000. But hold on, if you're a new customer and buying VMware for the project, they'll give you a whacking 40% discount. So let's call it £3,000.
Your 25% saving by not buying the SAN has just turned into a 125% premium cost.
What the %^]{ were they smoking when they came up with that idea???
Not only are you paying more but:
1. Your ESX servers are spending valuable computing resources managing a virtual SAN across themselves.
2. Your ES servers are also spending valuable computing resources handling data from the virtual SAN.
3. The setup is so intertwined (vSA is managed by vCentre, as are the ESX hosts themselves) that VMware recommend you host it off the cluster - so the vCentre server is more exposed to risk, and an additional cost and burden (which I've not coated)
4. By recommending a physical vCentre server VMware are exposing you to all the problems of a physical server - which they would normally rubbish.
5. If you hosted the vCentre on the VMware cluster then if everything was shutdown, you might not be able to start your servers up again. No risk there then :-)
I am appalled.
If the licence was a factor of 10 cheaper then it might be worth considering. But for any business looking at new kit for a virtualisation project, steer well clear.
If (as VMware said in targeting the product) you are worried about managing another box then a) you have to in this model - the vCentre and b) get some training or good support for the SAN. If you truly think managing the SAN is going to be a problem, then managing the ESX farm as well will be. So get someone in to do it for you.
VMware - I expressed concerns directly to you this week about your perception and targeting of SMB's. This proves it to me.
Peter
PS all numbers in the article are top of the head recollections not Internet searched latest figures. But they serve to prove the point.
Wednesday, October 19, 2011
#VMworld party, they're still channelling #TechEd...
I've already tweeted that VMware seem to be channelling the fun, focus, excitement and energy of those events. So blow me, if they didn't get an indoor funfair at the Carlsberg centre in Copehagen too!
Fifteen years ago, and it feels just the same. Except I'm
• greyer (and there's less of it)
• wiser
• grumpier
hey ho!
P
PS. I might remember more of this one too. I recall some very cheap vino... The only time I did so at a conference party.
PPS just realised, and this is really weird - I think I'm wearing the same shirt - my (still very proud to have and wear) Windows 95 official technical beta testers golf shirt.
#Success Yesterday I got angry with #VMware, at #VMworld but #congratulations are now deserved
Later that day, VMware proved they can be nimble and take out of scope decisions quickly, i have tired over recent years of large corporates telling me I have a good idea, but their policy/budget/manger/exec does not allow and that they are sorry that they cannot execute the good idea, so...
After the potential PR disaster of mistakenly telling a few hundred people at VMworld Europe they had won an iPod, VMware's initial response was simply sorry. Later that was upgraded to a free marketing t-shirt. Ho hum. I was not impressed.
So I wrote to them suggesting that for a few hundred quid (probably not even detectable in the budget for the conference!) they could have one extra iPod and hold a random draw for all those who thought they had already won one. It would not fix things, but it would at least give everyone a chance, and demonstrate that VMware understood the impact they'd had.
It's NOT about "compensating", it's about recognising the excitement and then disappointment that people will have experienced.
To my amazement, VMware not only agreed, but said they'd give me an iPod to say thanks for the idea. I don't often get the chance to praise big companies, but I am happy to do so here.
But, I stress, even if they'd not got a second for me, I'd still have written this post
Begin forwarded message:
Subject: RE: Suggestion, was: Re: Congratulations, You are a VMworld Survey Prize Winner
Peter
Thank you for the suggestion.
Since you came up with this suggestion, we will provide you with one.
Please come by meeting room xx in the Bella Center to receive your iPod.
Thanks
Name removed
Subject: Suggestion, was: Re: Congratulations, You are a VMworld Survey Prize Winner
How about you put an iPod Touch into a draw for all the people who got the email?
Cost you a few hundred quid/dollars/euros and everyone who thought they had one, would at least have had a bite at one.
Not trying to be troublesome, just making a suggestion to overcome the loss of goodwill and the major disappointment felt all round. It wasn't *inconvenient* it was exciting, and then massively disappointing.
Tuesday, October 18, 2011
#Fail #VMware "Congratulations, You are a #VMworld Survey Prize Winner"
Begin forwarded message:
From: The VMworld Team <vmworldteam@vmware.com>
Subject: Congratulations, You are a VMworld Survey Prize Winner
Thank you for completing a VMworld session survey. You have been randomly chosen to win an iPod Touch for your participation.
Please stop by the Registration Queries desk during the following hours to claim your prize.
07.30 - 20.00 Tuesday
07.30 - 18.30 Wednesday
07.30 - 16.30 Thursday
Regards,
The VMworld Team
© 2011 The Active Network, Inc.
In case you missed my tweets yesterday from the #VMware Licencing session...
Message from #VMware ref licencing 5. It's so complex, we've written an plugin for it!
Message from #VMware ref licencing 4. We've introduced a paradigm shift where software can alert you to the need to send us lots of money...
Message from #VMware ref licencing 3. We really thought hard about making it easy, but thought you should have to think hard too.
Message from #VMware ref licencing 2. You really need to reduce the RAM assigned to your VM's until the pips in the guest squeak.
Message from #VMware ref licencing 1. We really want you to pay for your test labs/spare VM's that you spin up. Best minimise your VM farm.
Thursday, September 29, 2011
#LFMF VMware datastores are case sensitive!
So, today when working on some PowerShell scripts to copy datastore folders around for backup purposes I was a bit stumped by a copy failing as no object was found. The essential components of the script are:
Add-PSSnapin VMware.VimAutomation.Core
Connect-VIServer -Server FQDN of server or vCentre -Protocol https
$datastore = Get-Datastore Test
New-PSDrive -Location $datastore -Name TT -PSProvider VimDatastore -Root '\'
Copy-DatastoreItem 'TT:\sage\*' 'J:\esx\test\sage'
start-vm -vm 'Sage'
The Add-PSSnapin puts the VMware supplied PowerCLI snapins in place to manage ESX/vCentre architecture
Connect-VIServer does what it says on the tin
New-PSDrive creates a PowerShell drive mapping to the datastore in question so that it can be maipulated., and the Copy-DatastoreItem with those parameters copies the entire folder over (you can recurse through folders and so on if you wish, this is a simple copy)
Can you see the mistake, no I couldn't either!
The script would fail on the copy-datastoreitem command and jump onto the start-vm. Now I know there should be error handling and all that stuff, but this was a quick 1-off to sort something out.
So I browsed teh data store through the vCentre interface, all was there, the target folders were there...
In the end the Unix issue of capitalisation rang a distant echo. The Sage folder on the datastore was precisely that "Sage" not "sage".
Quick edit, and all is running.
Phew!
'scuse the inappropriate word wraps in the code.
Friday, September 02, 2011
#LFMF #PowerCLI Get-Folder contents #PowerShell
Because a “copy folder from the Datastore browser” backup of VM files is so inefficient, I’m writing a PowerShell process to improve my backups of the virtualised world. Because I can move VM’s around onto different storage locations a hard coded “goto this datastore, download these VM’s” is going to need rewriting every time I do this.*
So I resolved to use as a starting point the Get-Folder command (and spawn a generic process for each Folder) that I have.
So I started to look at a folder (from the VMs and Templates view, not Hosts and Clusters) to do some testing on. As the only, completely non active folder is Templates, I thought I’d start with that.
So the line of code I was looking at was something like:
Get-VM -Location (Get-Folder Templates) | Sort Name)
However I was getting nothing back, the code would run (there’s a lot more, but I won’t bore you with it until it’s all working), and there was a null result. I didn’t quite spend days and days looking at it (see King Crimson - Indiscipline, Lyrics here), but I did spend quite a while thinking I’d got something wrong.
Then I had a thought – isn’t there a Get-Template command too?
Coded like this:
Get-Template -Location (Get-Folder Templates) | Sort Name)
I get some results. Stupid of me to test a folder with wholly atypical contents
More later!
*I know some will wonder why I take flat file backups of VM’s. It’s because I’m paranoid OK? I copy them to external USB/FireWire drives for complete recoverability. It’s not like I do it every day or anything
Monday, May 02, 2011
ESXi 4.1 Update 1 travail - lessons learned.
- Syslinux 4.0.4 (the latest) does not work (or at least did not for me) – stick to 4.0.3!!
- When modifying the contents of the stick remember to do everything!
- Whilst the storage in my instance is software iSCSI IT IS IMMENSELY PRUDENT TO DISCONNECT STORAGE. As this install process initialises some storage, you do not want to accidentally wipe a LUN. My recommendation is always to build ESX(i) hosts disconnected from storage. It prevents an easily avoidable mistake. Likewise I avoid “Boot from SAN” setup.
- Make sure you follow all the steps. I managed to miss 1 or 2 a few times before I got it right.
- Don’t forget that the KS.CFG is YOUR INSTALL SCRIPT. It’s easy to forget this and take the content and run with it. If you do, you’ll get an ESX box with 192.168.1.10 as its IP, VMware01 as the root password, and ESXi-01.beerens.local as its full name connected to a domain “beerens.local”. I could be wrong, but I think this is unlikely to work in your world J
- Check for any Anti-Affinity rules in DRS, this will make sure your VM’s can have maximum mobility around the farm during the change. You may want to weaken them
- Move any non-running servers off local storage (if there is any) to SAN or other shared storage – cut and paste or storage migrate. If you storage migrate you can change the host as well to unregister them from the server.
- Storage migrate all running VM’s on local storage off the server to shared storage (no downtime here).
- Put the ESX host in maintenance mode (and take the option to migrate all paused and stopped machines off the host). All running guests will migrate off
- Document the server setup – including network settings, iSCSI paths, vSwitch names and configs. In fact everything you can!!! If you are licenced for it, then consider Host Profiles as a means to the end.
- Disconnect all external storage connections, and verify this by checking via vCentre.
- vCentre
- vCentre upgrade ISO
- vCentre Upgrade action
- vCentre Client upgrade
- DNS and AD failure
- vCentre client now installed properly and I can connect to vCentre Server again.
- iSCSI connections
- Finally all was well
- So I just need that good ISO for the Update Manager installation so that I can now manage updates across the VM’s (VM Version and VMTools for now).
- Well you can see from the above that Douglas Adams was right when he wrote “Don’t Panic” – I could have given up with the backups, snapshots and original ESX4.1 that I had and gone back to square one.
- Document your setup, NOW. You never know when it might come in useful
- In ESXi the Service Console no longer exists – look for the Management Network in your ESXi networking setup
- IQN’s can change
- Check your VM version – some of your older VM’s may be 4 instead of 7. In my experience, a VM version 4 had some issues starting and seeing network hardware on a new host.
- Anti-affinity – keep an eye on it, and restore it when done
- If you use ESXTOP on ESX, don’t forget – without the service console, you won’t get this on the host
- ILO – if you have it, make sure you know the password – it saves a lot of hassle connecting to the host
- Lastly NEVER FORGET you can use the VI Client directly to the host to work things. If the VC goes down, it means you can still start stop guests, enter/exit maintenance mode, reboot and shutdown an ESX box. This can be your friend. A lot.
Hurrah - a hibernating Hyper-V laptop!
Well, almost J
I got a new laptop last year and having bumped up the RAM and disk, I wanted to use for a virtualised lab on board whilst travelling or at clients. Having experimented and asked around on Twitter there was no way (my preferred method) of having Windows 7 with ESXi running under VMware Workstation and then have 64bit guests in vCentre – the VT is not exposed to the ESX guests. This would have given me the best of ESXi (and a VMware lab), and the VM’s I wanted for carrying a lab in the bag. VMware workstation was not much use to me as without any memory management I would run out of headroom (although the tree cloned drives would be nice).
A non-trivial additional factor was that I insist on encrypted disks in my laptops.
I then experimented with getting a dual boot world going. BitLocker and Boot from VHD work well, but not together. I got a Bitlockered guest machine under Hyper-V as a VHD to boot, but the content was a bit flaky – device drivers). I then tried getting a dual boot to work with the second boot from a VHD but BitLocker got in the way. See: Am I really asking too much of Hyper-V I learned a bit about BDCEDIT along the way.
Eventually after a couple of gotchas/glitches I gave up on the BitLocker VHD or alternate boot option as it was taking too much time (and I had read in a few places I was asking the impossible). And besides: Word from the wise on BitLocker
Becoming impatient, I then restarted my thinking. I continued with the Windows 2008 R2 build (Bitlockered drive), with the intent of then building the VM’s that I wanted.
The first bit was to get Windows Server 2008 R2 look more like Windows 7 so it could be my standard desktop-like working world along with some other bits and pieces – I added the following to the machine (some are dependencies):
- Web Server (IIS)
- .NET Framework 3.5.1 Features
- BITS
- Desktop Experience
- Ink and Handwriting Services (it’s a tablet)
- Remote Server Administration Tools
- Telnet Client (I never usually remember this is off by default!)
- PowerShell ISE
- Windows Server Backup Features
- Wireless LAN Service (it’s a laptop!)
- BitLocker Drive Encryption
- Group Policy Management
- Windows Server Migration Tools (just in case)
However, Hyper-V cannot use a Wi-Fi network for external access. My Lab network is behind a Threat Management Gateway 2010 Server, so only this needs true connectivity. So a quick bit of research, and I came across the idea of a bridge between the Hyper-V network and the Wi-Fi here: Connecting Hyper-V over WiFi and it works a treat.
So the laptop was where I wanted it to be, the VM’s were being created. BUT…. You cannot hibernate a Hyper-V machine. This is clearly a sensible idea, but for the road warrior, it’s more than a nice to have. To wait for a machine to fully shutdown can be embarrassingly long.
So over to the internet.
And then I found this:
- Set Hyper-V to start on demand “SC CONFIG HVBOOT START= DEMAND” (note the space after the = sign); then reboot the machine
- Enable Hibernation “POWERCFG -HIBERNATE ON”
- Then when you want to run VM’s – “NET START HVBOOT”
Lo and behold. I have a single boot machine. Until I start HVBOOT then the machine will hibernate. Once you have started HVBOOT, then you have to shut down the machine instead, but this is good enough for now. I’m not certain what impact not running Hyper-V will have on the performance of the machine, but not much I guess.
What next?
Saturday, June 12, 2010
#VMware #vCentre Server booting too fast with co-located SQL Server
- If your vCentre Server is on Windows 2008, the Delayed Automatic Startup may be good for you (although I think I’d still put the dependencies in, as if the boot of the services is slow…
- A separate SQL server will help (although if the 2 servers are virtualised then you will need to manage their startup relationship)
- You’d think VMware would have realised this and put it in the product…
- Oh, and don’t expect to find any meaningful error messages in the event logs either when solving this one.
Friday, September 25, 2009
Not so sorted...
I was putting together some notes and lessons (as it were), and will do so soon, but the sleep deprivation has been a tad severe recently, and I cannot face it right now!!
Monday, September 14, 2009
more vSphere pain... (and education!)
Update 1 - up until 2am this morning trying to get vCentre4 to work properly. it's a "fill your boots" install with Guided Consolidation, Update Manager, Convertor; and all on a local SQL Express (or MSDE as I still incorrectly think of it :-)). Anyway, last week the upgrade to VI4 went well, and over the weekend I upgraded the ESX hosts to 4 and patched them.
Then I rebooted the entire infrastructure - a kind of defence mechanism for me after changes of this nature to make sure it all works. And it didn't. ESX4 hosts were fine, but I could no longer access the vCentre4 box.
Thursday, September 10, 2009
A good day
2. Much better though, Alan Turing's (at the time quite acceptable) rotten treatment by society and government agencies is seen as something to apologise for. How on earth did GCHQ types think it good to chuck out the best mathematical and computing brain of the century - surely. Despite all the 'risks' he represented, they could have found a compromise...
I am proud to have signed the petition.
Monday, September 07, 2009
vSphere4 Update
So, on a hunch, I removed the spaces from the password (actually it's more a passphrase), and increased it beyond 32 characters (just for the hell of it).
It worked. I truly cannot believe this.
So if you want these enterprise tools on your network - create a domain account with a simple ASCII name, and a password that is as long as you like, but only contains digits, upper case letters and lower case letters. Just that - no special characters and definitely no spaces.
Humbug.
Yup, vSphere4 has the VI3 bug (well it's probably categorised as a known issue)
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003096 refers here, but only references VI3.4 and below - even thought the KB was last updated only a few weeks ago.
Actually judging by the article, both credentials (local machine use, and domain use) have to be simple. However I reckon... ...that just the domain "access user machines" account is all that's needed here, so trying that right now. Left the local machine upgrade to be a properly secure passworded account. Nope got that wrong, the local machine extension process needs a simple password too.
This does really stink though. Essentially what VMware want you to do is create domain credentials that will enable the service to connect to machines on your network with Domain Admin rights (or more properly speaking - local admin rights on the network computers being consolidated). And it's got a simple (well, not properly complex) password.
Will this stop me recommending VMware - of course not.
Does it annoy me? Yup.
Does it lower my respect for VMware's regard for security, yes - quite a bit. If it was an known issue in VI3, then it really should have been fixed in 4, or a clear reason not posted on the KB article.
Peter
PS if you experience this issue and then rollback the install as Guided Consolidator insists - it does NOT rollback the vCentre Collector Service install. When you come to install again, the ports 8081 (VMware vCentre Collector Service Port) and 8082 (VMware vCentre Collector Provider Service Port) are already registered, so it requests you to select 2 new ports. Recommendation - uninstall the Collector service and then all shall be well.
vSphere 4 upgrade/fresh install
Back on VI3, if you added some infrastructure components the authentication credentials you gave the installer had to have a simple (no special characters) password. Naturally for any half decent data centres this is rubbish, and caused all sorts of administration problems as you set up a special account that circumvents password policy just to get the software installed.
Well, I'm in the midst of vSphere upgrades and it seems like this is still the case. Guided Consolidator and Convertor have not yet installed with good, secure passwords on the credentials. Experimenting with fixes (Google's not yet found an exact match to the errors).
I'll report back later, but if this is the case, then shame on you VMware.
Tuesday, August 25, 2009
vSphere 4
This afternoon was not helped by the failed install of VMware tools in a guest OS that caused cloning to intermittently fail. Still - good diagnostics testing.
Book 1 is finished, and a couple more 10 1/2 hour days to go, and I'll be done. Thank goodness it's bank holiday this weekend!!



