VM Junkie

September 15, 2009

SRM Warning: FLARE 4.29 + MirrorView incompatible with current SRA

Filed under: Uncategorized — ermac318 @ 9:12 pm

These last two weeks I’ve been at a customer site working on an SRM deployment. Customer updated to the latest FLARE code (version 4.29) and this broke the currently available Storage Replication Adapter for MirrorView (version 1.3.0.4). So for those CX4 customers using SRM, hold off on the FLARE update unless you talk to your EMC representative.

I wanted to especially thank Chad Sakac for his help diagnosing this problem. Chad, you rock!

SRM + VMware View scripts

Filed under: srm, view, vmware — ermac318 @ 12:44 pm

Recently some very clever people at VMware and EMC showed off some scripts at VMworld that allows you to combine SRM and VMware View. I went to the session at VMworld and it was impressive but light on details. The good news is, the scripts are now posted, and you can grab them from my Sky Drive.

Some shortcomings of the script, however, as I see it, is that it’s really impossible to do a VMware View “test” using these. Because View has to talk to VirtualCenter, AD, DNS, and between connection brokers, doing a “test”  is always missing some components. In the VMworld presentation, they used some EMC plugins to do easy failback after their “test”, but the test itself is very disruptive to anything in production.

Big thanks to Tommy Walker for providing these scripts, as well as to the very clever authors (whose names are in the script source).

September 14, 2009

New HP t5545 Addon for View 3.1

Filed under: hp, thinclients, view — ermac318 @ 12:52 pm

On Friday HP just posted a new version of the View Client for the t5545 Thin Client. You can download it and view installation instructions here. I’m out of the office at a customer site this week so I haven’t been able to play with it, but the release notes are pretty boring (basically just adding official View 3.1 support).

When I get a chance to play with it, I will post more, but feel free to check it out and post your results!

September 11, 2009

PowerShell 2.0 RC out for WinXP/2003

Filed under: microsoft, powershell — ermac318 @ 9:11 am

The release candidate for PowerShell version 2.0 is now out for 5.x Kernel Windows versions (Windows XP and Server 2003). Download is available here. So far, looks like it works fine with PowerCLI to me.

Quick note: On the XP side, you must be running XP Service Pack 3.

September 2, 2009

VMworld session DV3260 – Protocol Benchmarking and Comparisons

Filed under: citrix, vdi, view, vmware, vmworld — ermac318 @ 11:06 pm

I arrived to this session a bit late as well (noticing a theme here?) but a lot of the basics of this session were very similar to one last year on remote user experience in virtual desktops.

The gist of it is VMware has done some internal benchmarking using the PCoIP beta code (not final!) on vSphere and compared it to PortICA 2.1 – not the newest with HDX stuff, this was asked in a question pretty early and they were (deservedly) given some guff for that – and RDP (to an XP VM so only RDP 5.1).

They talked forever about their testing methodology. Essentially they tested three things:

  • A synthetic benchmark they created in-house called RPerf (which I saw last year in the similar session) that basically exercises a display protocol in as low-impact a way as possible to the underlying host (so you can measure how much CPU/memory the protocol takes and not how much CPU/RAM running the benchmark takes)
  • A 320×240, 25fps video with mixtures of different types of video that range from fairly static, pans, zooms, areas of motion on still backgrounds, and random static.
  • An AutoIT-based workload that tests actual VM performance in addition to the connection protocol.

The results were pretty favorable to PCoIP. In many cases it wasn’t the fastest, but it was never the worst. Sometimes it would barely lose to RDP in the LAN case, and barely lose to PortICA on the WAN case. It was never far behind the in any of the tests they showed results for, and in many cases was the fastest. The other big benefit was PCoIP had lower overhead in CPU and RAM than either PortICA or RDP. Tests were run entirely with the software PCoIP implementation – no hardware.

VMworld session DV2801 – Integrating View into your Environment

Filed under: powershell, view, vmware, vmworld — ermac318 @ 10:58 pm

I arrived late to this session, but it looks like the beginning was about how to plug into today’s View product and make automated changes or fire off scripts based on events and such. The basics of it was the integration points you have today are very very limited – you have the two CLI tools (SVIConfig and VDMAdmin), log file monitoring, and editing the ADAM LDAP directly.

In View 4 new features will include an event reporting central warehouse – a database with a rollup of events from all clients, agents, and servers. It will include an event database with information on what events mean what along with resolutions, and will allow for querying using VDMAdmin or SQL tools such as Crystal Reports.

The best news though is PowerShell automation support! That makes View the 3rd product (after vCenter and Update Manager) to get PowerShell support. Using PowerShell should obviate the need to ever directly edit the LDAP, which is good because PowerShell can validate your input and will be far less dangerous. You can use PowerShell to stand up an environment from scratch, everything from global config, pairing it with a vCenter server, and making pools and VMs. You can also query the event warehouse for reporting purposes, and perform actions on sessions and VMs managed by View. Some examples:

#Set View License Key
Set-license -key AA113-XXXXX...
#Set the Pre-Login Message
Update-GlobalConfig -PreloginMessage "message"

#Update the power policy of a pool so you can preboot VMs at 5AM to avoid boot storm
Update-AutomaticDesktop -id DesktopJoe -PowerPolicy AlwaysOn
#Create a new Individual Desktop by using PowerCLI to get VM Object and pipe it to View CLI
Add-IndividualDesktop -id DesktopJoe -DisplayName "Desktop" -vm (Get-VM -name JoeVM)
#Entitle a user to a desktop
Get-User ADUserName | Add-DesktopEntitlement -desktop_id DesktopJoe
#Disconnect an active session
Get-ActiveSession -User "Joe" | Send-SessionDisconnect

This was the best news I’d heard all day. Finally, I can do all the neato stuff I can do in standard vCenter in View!

They then went into a bunch of Microsoft SCOM integration stuff which seemed pretty useless to me, and I was so buzzed from the PowerShell stuff I barely paid attention.

VMworld session DV2363 – CVP Tech Deep Dive

Filed under: Uncategorized, vmworld — ermac318 @ 10:26 pm

This session was about VMware’s Client Hypervisor Platform, or CVP. CVP was announced a while back by VMware. Here are the highlights of the session.

CVP is a powerful client hypervisor solution, which is part of the greater VMware View offering. It is not going to be offered standalone, it is a View product only. It helps create what the presenters called a “thin” thick client.

There are two approaches to doing a client hypervisor: Direct Assignment or Advanced Device Emulation.

In Direct Assignment, technologies like Intel VT-D or other software techniques are used to pass through a physical device (such as a video card) directly into the VM. This has some advantages such as lower overhead, and if you’re running Windows in your VM then all you need is a set of Windows drivers, which are easy to find. Passthrough is also much easier to program…

It has several downsides, however. For example, it ties your VM to that particular hardware which reduces portability. It also becomes difficult to interpose on that device. For example, if the video card is owned by the VM, there’s no way for the hypervisor to access it. Same goes for the network card. The point being – if all you’re doing is passing through your physical devices, why do you need a Client Hypervisor? Just run native. You can’t add value when using passthrough on everything. For some device types (such as USB) where the O/S is expecting hardware to appear and disappear, passthrough is okay.

VMware’s strategy is around Advanced Device Emulation. Client only needs a driver for the emulated hardware device, because the hypervisor itself contains the driver for the underlying physical hardware. The advantages here are that it divorces the VM from the hardware, making portability easy, as well as simplifying hardware upgrade and recovery. Also, the Hypervisor can add functionality by managing the devices, such as enforcing network security policies and the like. This does mean that the hypervisor needs to have complete drivers for the underlying hardware.

VMware’s CVP has the following features:

  • Improved guest 3d support using a new type of virtual SVGA card. Supports DirectX 9.0L for Aero Glass.
  • Paravirtualized Wireless device. This is important because unlike a wired NIC, a wireless NIC only has one radio, so your hypervisor and VM can’t both be tuned to different networks. You need to give control of the radio to someone, so they allow the guest to control (using its native management capabilities built into the OS) that radio through a special VMware WiFi virtual device. This also means it works with guest-based “supplicants” like iPass.
  • USB is fully supported and is Passthrough like Workstation.
  • External Display and MultiMonitor capable. Allows extended desktop, mirroring, rotation either in built-in OS control (Windows 7) or through a special tab from VMware (WinXP, Vista, analogous to the ATI/nVidia control panel applets that do the same)
  • External Storage support for eSATA (!!) and built-in laptop card readers.
  • Power Management awareness – respond to guest power state (i.e. allow the VM to suspend or shutdown the physical hardware). Respect the guest power policy and connect special events to guest like the lid switch or the sleep/power buttons on the physical hardware.
  • Encryption support: the VMX and VMDKs are all encrypted using the onboard Intel vPro TXT and TPM capabilities. Uses 256-Bit AES encryption. When asked if this would be optional or modifiable, that is still to be determined.
  • CVP is based on linux and in the pre-beta version they showed, it actually had a shell we could break out into. In the final version we were assured this would not be available.

So what good is all this supposed to do? The idea is the user checks out a Virtual Machine (or one is pre-provisioned for them)  to their CVP device. That device is managed by View Manager, which accesses an embedded View Agent in the CVP. This is used for policy enforcement, heartbeats, configuration changes, endpoint statistic gathering, and managing transfers from the View Server. The VM can run offline and also is smart enough to adapt its virtual hardware (like number of CPUs, GB of RAM) to the underlying physical hardware. VMware is targetting only a 256MB overhead for CVP. Today the CVP can run one VM only, but could store more than one.

CVP is an embedded Linux Type 1 hypervisor with a minimal set of packages installed. It’s optimized for fast boot time, and will be fully qualified on individual hardware platforms (like ESX). It does not contain a general purpose OS, so no doing work in the CVP. VMware itself provides updates such as patches, bug fixes, and new hardware enablement. It will be updated monolithically like ESXi is (full firmware updates), and this is updated from the View Manager server. The codebase is really unrelated to ESX, it’s more based on Workstation for Linux.

CVP requires Intel’s vPro and integrates with it’s Active Management Technology (AMT) for a bunch of things like Inventory collection, remote power on/off, and configuration backup onto the AMT private storage. It will be compatible with all AMT-enabled management tools like Altiris, LANDesk, etc.

The CVP itself has no listening ports, so it should be impossible to break into via the network. The disks are encrypted, Intel TXT + Trusted Boot protects integrity of the hypervisor in hardware. After installation, laptop will only boot approved hypervisor (no booting to a rescue CD). Encryption keys are stored in the TPM module and are used to encrypt the drives.

I asked several questions at this session:

  • The demo from last year involved booting from a USB Key. Will boot from flash be supported?
    • Initial release installs on hard disk and runs there.
  • Will the CVP also work as a remote View client (with PCoverIP support)?
    • That is on the roadmap but will not be in version 1, only locally running VMs.
  • At VMworld 2007, tech for streaming a virtual appliance and booting it while data was still in flight was demoed. Will this be in CVP?
    • They have the code, but user issues kept it out of first release. How does user know when it’s safe to go offline? When they resolve this issue they will bring that code in.

Overall I am pretty excited about CVP. I understand the HCL may be fairly limited at launch, but it really does have tremendous potential for View environments.

VMworld session TA3438 – Top 10 Performance improvements in vSphere 4

Filed under: vmware, vmworld, vSphere — ermac318 @ 10:00 pm

This was a really interesting session that really broke down a lot of the stuff that was improved in vSphere. VMware likes to talk about how vSphere has however many hundred new features, here’s an interesting list of the highlights:

  • IO overhead has been cut in half. Also, IO for a VM can execute on a different core than the VM Monitor is running on. This means a single CPU VM can actually use two CPUs.
  • The CPU scheduler is much better at scheduling SMP workloads. 4-way SMP VMs perform 20% petter, and 8-way is about 2x the performance of a 4-way with an Oracle OLTP workload, so performance scales well.
  • EPT improves performance a LOT. Turning it on also enables Large Pages by default (which can negatively affect TPS). Applications need to have Large Pages turned on, like SQL (which gains 7% performance)
  • Hardware iSCSI is 30% less overhead across the board, Software iSCSI is 30% better on reads, 60% better on writes!
  • Storage VMotion is significantly faster, because of block change tracking and no need to do a self-VMotion (Which also means it doesn’t need 2x RAM)
  • In vSphere performance between RDM and VMFS is less than 5%, and while this is the same as ESX3.5, performance of a VM on a VMFS volume where another operation (like a VM getting cloned) has improved.
  • Big improvement in VDI workloads – a boot storm of 512 VMs is five times faster in vSphere. 20 minutes reduced to 4.
  • PVSCSI does some very clever things like sharing the I/O queue depth with the underlying hypervisor, so you have one less queue.
  • vSphere TCP stack is improved (I know from other sessions they’re using the new tcpip2 stack end-to-end.
  • VMXNET3 gives big network I/O improvements, especially in Windows SMP VMs.
  • Network throughput scales much better, 80% performance improvement with 16 VMs running full blast.
  • VMotion 5x faster on active workloads, 2x faster at idle.
  • 350K IOPS per ESX Host, 120K IOPS per VM.

All reasons to be running vSphere on your infrastructure today.

September 1, 2009

VMworld session DV2181 – SRM+View

Filed under: srm, vmworld — ermac318 @ 11:27 pm

This session was a really interesting one being presented by a combination of VMware and EMC guys on how they managed to get SRM working to protect a View environment complete with Linked Clones. It involves a LOT of scripting, and doesn’t appear to work in a test, only a full failover, which makes it slightly less useful in my opinion. The real problem is you have to correct a LOT of things.

The first issue is View Composer installs on the vCenter machine, which isn’t replicated as part of SRM. So you have to copy the whole composer database over, then correct all the entries in it to match the replicated VMs. Then you need to correct the ADAM in View Manager because it will have associated the VMs with the wrong vCenter. So there’s a lot of database fixing going on here…

They demonstrated it on video and said it will be posted to the View blog later this week. I’ll take a look at the scripting, but after watching their presentation I hope for a more robust, proper solution will be available with View 4 + the next SRM version (whether they’re calling it 1.5 or 4.0 or what).

Also, I attended the DV2484 session, but it was mostly a waste of time. You can see Scott Lowe’s thoughts (and mine in the comments) at his blog.

VMworld Session VM2241 – PowerCLI (4.0 Update 1 and Onyx)

Filed under: powershell, vmware, vmworld, vSphere — ermac318 @ 1:54 pm

One of the sessions I was most looking forward to today was the PowerCLI session from Carter and Friends. After teasing Project Onyx at their blog a few days back the anticipation was at a fever pitch.

Some great info in the session for PowerCLI newbies, but the good stuff was info on PowerCLI 4.0 Update 1 which is scheduled to be out “before Christmas” according to Carter (to which someone in the audience quipped, “what year?”)

  • PowerCLI 4u1 has 229 cmdlets in the current internal beta build
  • New cmdlets for vApps (get, new, start, stop, import, export)
  • Better Storage Management:
    • iSCSI improvements, get/set-vmhosthba.
    • You can now turn on the SW iSCSI initiator and add a Send Targets IP, rescan, and format LUNs all from PowerCLI.
  • Huge improvements to Guest operations.
    • Set-VMGuestNetwork (name approximate) allows you to set the networking information of Virtual Machines (Windows OR Linux with same syntax). Will be great for post-SRM failver scripting!
    • Copy files in and out of guests (Win or Linux)
    • Invoke-VMScript can run arbitrary commands and batch files (no longer requires PS in VM, can run BASH scripts in Linux VMs, too). Still require Host and Guest credentials.
  • NIC Teaming and Load Balancing policies
    • Set standby NICs, unused NICs, changed load balancing policy to IPHash, etc.
    • Forgot to ask if you can remove a VMNIC from a vSwitch yet…
  • vCenter Permissions and Role cmdlets.

Stuff I wish I had seen:

  • License management cmdlets (adding licenses to vCenter’s license database, assigning licenses to servers)
  • DPM Cluster- and Host-based cmdlets

Carter also said that performance in large vCenter servers will improve a lot – getting a single VM won’t take as long as getting them all.

The last thing was a demonstration of Project Onyx. Onyx is a proxy that sits in between your vSphere client and your vCenter server. It functions a lot like a sysinternals tool – you turn on “capture” and whenever you issue a command in the client it spits out PowerShell code that breaks out to the vSphere API to do what you just did. You then can save this to a PS1 file, edit out the stuff you don’t want to put in a script, generalize it (so it runs on a variable) and wrap it in a function.

The example they used was turning on DPM for a cluster. We ran Onyx and made the change to one cluster manually. Onyx spits out a giant chunk of code that creates a VMware.vim.ClusterConfigSpecEx object. We checked the API documentation to confirm that all the stuff related to HA and DRS (which we don’t want to modify) is optional, then remove all that junk from the code. We then wrap it in a function and call it using foreach object after grabbing all the clusters using get-cluster.

It’s a pretty slick process. I dropped off my business card to hopefully get into the Beta. Carter, hook a brotha up!

Lastly Scott Herold from Quest/Vizioncore showed off the Virtualization EcoShell, which I guess I’m way late to the party on but I’m totally switching to that from PowerGUI that I use now.

Overall GREAT session.

Older Posts »

Blog at WordPress.com.