No PowerShell 2.0 for Windows XP x64?! Not so fast…

So for everyone who’s gone out and grabbed the final bits for PowerShell 2.0, you may have found one still-supported Microsoft operating system conspicuously absent. That would be the x64 Edition of Windows XP. Yes, it was never a really well supported OS, since it had the awkward position of being half Server 2003, half Windows XP. But the good news is, because of these common roots with Windows Server 2003 x64 (for example, they share a service pack) there is a way to get PowerShell 2.0 on XP-64. Just download the Server 2003 x64 version and it installs just fine – I confirmed this on my home machine (which has been happily running XP64 for the last 2+ years).

Of course, with Windows 7 64-bit out now, the days are numbered for my home machine’s Windows install…

SRM4.0 not supported on Windows Server 2008 64-bit

So this has already bitten me in the ass and I just wanted to warn anyone else with test or lab environments who runs into trouble.

According to the SRM Compatibility Matrix, you cannot install SRM Server on 64-bit Windows Server 2008. Considering this is generally the recommended platform for vCenter installs, it means anyone trying to co-habitate the SRM server with vCenter is out of luck.

Why PCoIP rocks

Haven’t had a lot to say recently, but I definitely wanted to call this out:

There’s a great blog article by Scott Davis over at the View-Point blog talking about why PCoIP is so awesome compared to its competition. This is information that partners have had for a while and is what has had me so excited for PCoIP. It’s something that screenshots and benchmarks really don’t do justice to.

SRM Warning: FLARE 4.29 + MirrorView incompatible with current SRA

These last two weeks I’ve been at a customer site working on an SRM deployment. Customer updated to the latest FLARE code (version 4.29) and this broke the currently available Storage Replication Adapter for MirrorView (version 1.3.0.4). So for those CX4 customers using SRM, hold off on the FLARE update unless you talk to your EMC representative.

I wanted to especially thank Chad Sakac for his help diagnosing this problem. Chad, you rock!

VMworld session DV2363 – CVP Tech Deep Dive

This session was about VMware’s Client Hypervisor Platform, or CVP. CVP was announced a while back by VMware. Here are the highlights of the session.

CVP is a powerful client hypervisor solution, which is part of the greater VMware View offering. It is not going to be offered standalone, it is a View product only. It helps create what the presenters called a “thin” thick client.

There are two approaches to doing a client hypervisor: Direct Assignment or Advanced Device Emulation.

In Direct Assignment, technologies like Intel VT-D or other software techniques are used to pass through a physical device (such as a video card) directly into the VM. This has some advantages such as lower overhead, and if you’re running Windows in your VM then all you need is a set of Windows drivers, which are easy to find. Passthrough is also much easier to program…

It has several downsides, however. For example, it ties your VM to that particular hardware which reduces portability. It also becomes difficult to interpose on that device. For example, if the video card is owned by the VM, there’s no way for the hypervisor to access it. Same goes for the network card. The point being – if all you’re doing is passing through your physical devices, why do you need a Client Hypervisor? Just run native. You can’t add value when using passthrough on everything. For some device types (such as USB) where the O/S is expecting hardware to appear and disappear, passthrough is okay.

VMware’s strategy is around Advanced Device Emulation. Client only needs a driver for the emulated hardware device, because the hypervisor itself contains the driver for the underlying physical hardware. The advantages here are that it divorces the VM from the hardware, making portability easy, as well as simplifying hardware upgrade and recovery. Also, the Hypervisor can add functionality by managing the devices, such as enforcing network security policies and the like. This does mean that the hypervisor needs to have complete drivers for the underlying hardware.

VMware’s CVP has the following features:

• Improved guest 3d support using a new type of virtual SVGA card. Supports DirectX 9.0L for Aero Glass.
• Paravirtualized Wireless device. This is important because unlike a wired NIC, a wireless NIC only has one radio, so your hypervisor and VM can’t both be tuned to different networks. You need to give control of the radio to someone, so they allow the guest to control (using its native management capabilities built into the OS) that radio through a special VMware WiFi virtual device. This also means it works with guest-based “supplicants” like iPass.
• USB is fully supported and is Passthrough like Workstation.
• External Display and MultiMonitor capable. Allows extended desktop, mirroring, rotation either in built-in OS control (Windows 7) or through a special tab from VMware (WinXP, Vista, analogous to the ATI/nVidia control panel applets that do the same)
• External Storage support for eSATA (!!) and built-in laptop card readers.
• Power Management awareness – respond to guest power state (i.e. allow the VM to suspend or shutdown the physical hardware). Respect the guest power policy and connect special events to guest like the lid switch or the sleep/power buttons on the physical hardware.
• Encryption support: the VMX and VMDKs are all encrypted using the onboard Intel vPro TXT and TPM capabilities. Uses 256-Bit AES encryption. When asked if this would be optional or modifiable, that is still to be determined.
• CVP is based on linux and in the pre-beta version they showed, it actually had a shell we could break out into. In the final version we were assured this would not be available.

So what good is all this supposed to do? The idea is the user checks out a Virtual Machine (or one is pre-provisioned for them)  to their CVP device. That device is managed by View Manager, which accesses an embedded View Agent in the CVP. This is used for policy enforcement, heartbeats, configuration changes, endpoint statistic gathering, and managing transfers from the View Server. The VM can run offline and also is smart enough to adapt its virtual hardware (like number of CPUs, GB of RAM) to the underlying physical hardware. VMware is targetting only a 256MB overhead for CVP. Today the CVP can run one VM only, but could store more than one.

CVP is an embedded Linux Type 1 hypervisor with a minimal set of packages installed. It’s optimized for fast boot time, and will be fully qualified on individual hardware platforms (like ESX). It does not contain a general purpose OS, so no doing work in the CVP. VMware itself provides updates such as patches, bug fixes, and new hardware enablement. It will be updated monolithically like ESXi is (full firmware updates), and this is updated from the View Manager server. The codebase is really unrelated to ESX, it’s more based on Workstation for Linux.

CVP requires Intel’s vPro and integrates with it’s Active Management Technology (AMT) for a bunch of things like Inventory collection, remote power on/off, and configuration backup onto the AMT private storage. It will be compatible with all AMT-enabled management tools like Altiris, LANDesk, etc.

The CVP itself has no listening ports, so it should be impossible to break into via the network. The disks are encrypted, Intel TXT + Trusted Boot protects integrity of the hypervisor in hardware. After installation, laptop will only boot approved hypervisor (no booting to a rescue CD). Encryption keys are stored in the TPM module and are used to encrypt the drives.

I asked several questions at this session:

• The demo from last year involved booting from a USB Key. Will boot from flash be supported?
  • Initial release installs on hard disk and runs there.
• Will the CVP also work as a remote View client (with PCoverIP support)?
  • That is on the roadmap but will not be in version 1, only locally running VMs.
• At VMworld 2007, tech for streaming a virtual appliance and booting it while data was still in flight was demoed. Will this be in CVP?
  • They have the code, but user issues kept it out of first release. How does user know when it’s safe to go offline? When they resolve this issue they will bring that code in.

Overall I am pretty excited about CVP. I understand the HCL may be fairly limited at launch, but it really does have tremendous potential for View environments.

Swimming Upstream is hard, I guess

I’m a regular reader of Scott Lowe’s blog, and I hope you all get a chance to see his latest comment as he takes his Cisco UCS training.

The summary: a Cisco UCS system cannot connect upstream to a FCoE storage device – the UCS 6100 Fabric Interconnect doesn’t support upstream or “Northbound” FCoE connectivity.

Now this in itself I guess isn’t a deal-breaker, as one of the posters says, this is just because the FCoE and FIP standards weren’t ratified yet. And that’s fine.

But do you want to be running your business on a standard whose ink hasn’t dried yet?

I don’t want to turn this into a rant against Cisco – but I will say that I think the UCS is a lot more hype than substance today. Perhaps Scott’s followup articles will change my mind, however.

VMware Plea Part Deux: ESXi Boot from SAN

As some of you are aware, ESXi can officially boot from all the following sources:
USB Flash Device
SD Card
Local Hard Drive
PXE Boot (experimental)

There’s one big missing piece here: Boot from SAN. Why is this a big deal? It means customers who want to BFS (like HP VirtualConnect customers, or in the future Cisco UCS customers) in order to get the most out of their dynamic datacenter cannot use the next generation hypervisor architecture; they must stick to ESX “Classic.” We have been going back and forth with VMware support on this, but still even in ESXi 4.0 Boot from SAN is not officially supported.

This is despite the fact that on the ESXi Features Page, one of the features listed is Boot from SAN! Instead, you need to dig into the Install and Setup guide to find this gem:

You use the ESXi 4.0 CD to install the ESXi 4.0 software onto a SAS, SATA, or SCSI hard drive.
Installing on a Fibre Channel SAN is supported experimentally. Do not attempt to install ESXi with a SAN attached, unless you want to try this experimental feature.

That said, it works fine. I haven’t had any problems. But we can’t deploy it for customers that way if it’s not supported.

VMWare: Why is your next-generation hypervisor crippled in this way?

VMware View 3.1.1 Released

Just a quick bug-fix release, View 3.1.1 fixes the following issues. From the Release Notes:

View Administrator

• When using View Web Portal to launch a virtual desktop with a user, the User field in the View Administrator Console does not display the name of the desktop user although the desktop is assigned to the user persistently.
  This issue is resolved in this release.
• The list of desktop pools in the left-hand pane of the Web Administrator window’s Inventory tab is sometimes not populated. This issue prevents the administrators from managing the desktops.
  This issue is resolved in this release.

View Client

View Clients might unexpectedly disconnect from the desktops when tunneled (KB 1012388)

Miscellaneous

When you perform some functions on a virtual desktop that is running View agent and certain third-party GINAs that do not completely support WLX version 1.4, the guest operating system fails and displays a blue screen. This issue is resolved in this release.

You can download it here. Note that there is no new View Composer version.

Why you may want to leave FT alone for now…

Today, FT has a LOT of caveats. Aside from the obvious one everyone’s talking about (the limitation to 1 CPU VMs), there’s some other ones that I think are much worse (especially if you have newer CPUs) because they don’t just affect one VM, but the whole host. Here’s a few examples:

• Power Management must be turned off in the BIOS on the ESX Host. This is a big bummer, considering ESX4 just started supporting low-power state CPU features like SpeedStep.
• Hyper-Threading must be turned off on the host. If you’ve got a new Xeon 5500 processor, this is a bummer as well.
• Turning on FT disabled EPT/RVI for the ENTIRE host. This means one of the biggest performance enhancements (vMMU support) is gone for your whole host when you turn on FT for a single VM! UPDATE: This only disables FT for the single VM, not all VMs.

And as for VM-specific limitations (meaning these at least only affect the FT VM):

• No Virtual SMP
• No Snapshots (meaning no Storage VMotion, no VCB)
• No Hot-Add hardware
• No NPIV
• No DRS
• No Thin Provisioning

I think FT is a really cool piece of engineering, but today it’s pretty obvious that’s a version 1.0 (or worse, version 0.9) product. It works, but there are more gotchas than in any other VMware feature I’ve ever seen.

Lies, damn lies, and ROI models

Anyone who is looking at comparing different Hypervisor platforms is certainly trying to figure out which one will give the better Return On Investment. The challenge is, everybody’s ROI model is different, and will generally favor their own product. But when a company starts using their ROI model to compare their product vs. someone else’s, it’s not hard to guess whose product will win. But in some cases, it can be a truly egregious effort. Example: Microsoft’s latest ROI calculator for Hyper-V vs. VMware. I suggest everyone check out Steve Kaplan’s excellent analysis in his latest blog post.

Really, MS? $4100 per ESX host for “Backup Software” vs. $0 for Hyper-V? What, is Hyper-V so reliable that you don’t need backups or something? You know what’s a cool backup software? VMware Data Recovery, which I’m sure you know is included in ESX Advanced, Enterprise, and Enterprise Plus. And why does ESX server require CALs, but Hyper-V doesn’t?

Remmeber: there are lies, damn lies, and ROI models.