VM Junkie

August 31, 2010

VMworld session TA7805 – Tech Preview: Storage DRS

Filed under: vmworld — Justin Emerson @ 4:52 pm

Irfan Ahmad presenting, he presented last year on what became Storage I/O Control.

  • Storage DRS is a “stealth” project at VMware
  • Big problem is a VM admin doesn’t necessarily know what class of disk or how many spindles are behind a particular datastore.
  • Create a new primitive called a “datastore group” which is a new domain like a DRS cluster. Note from me: This will of course dovetail nicely into vCD service levels!
  • Storage DRS would automatically load balance across multiple datastores in a datastore pool.
  • When you create a new VM, you place it on a datastore group and it does auto-placement. Takes both free space and I/O into consideration
  • ESX host will gather both free space and I/O stats to help balance for initial placement as well as Storage VMotions.
  • Cluster-datastore group relationship is many to many – a datastore group can span clusters and a cluster can have multiple datastore groups.
  • Recommend all datastore groups are visible from all hosts but not enforced, much like existing datastore presentation in clusters. Storage DRS will do best effort if you don’t follow this, though.
  • You can have Storage DRS affinity rules – keep these two VMs on different arrays or keep all disks from this VM on the same datastore.
  • Datastore Maintenance Mode! Say this datastore is going down and it’ll auto SVMotion all VMs off into other LUNs in the same pool.
  • You can of course add datastores to an existing group like adding a host to a cluster.
  • When you enable it you can do it on Capacity or Capacity and I/O (important for virtualized arrays like EVA where a group of LUNs shares same performance pool)
  • You can set an I/O latency metric so that if latency gets above 15ms it’ll move stuff to a datastore with lower latency. Really smart way to determine if I/O capacity is too high.
  • Balancing will only happen every few days, not every hour like a VMotion.
  • Initial placement will take into account both DRS and StorageDRS metrics, as well as how well connected the datastore is. For example, if datastore is hooked up to all hosts it will prefer that over a datastore only connected to 1 or 2.
  • You can balance capacity based on keeping them all withing a % of each other (in other words prefer balance) or just try to keep them below a certain % (just try to avoid making a datastore full)
  • It even takes into account growth rate of thinly provisioned disks when determining a good placement! Wow, that’s smart. Weights powered-off VMs less since their I/O is generally 0 when off.
  • Prefers moving VMs with low SvMotion overhead (like move smaller VMs before big ones, like DRS).
  • Does load balancing by knowing a more powerful datastore (one with more disks behind it) will have latency degrade slower than a less powerful datastore. This insight is used to model the performance to make smart migration choices.
  • Also model metrics of individual virtual disks and feeds that into the model.
  • They did a man vs. machine test. Made 13 VMs with standard workloads, gave all info to 2 storage admins at VMware vs. Storage DRS algorithm. While IOPS were about the same between experts and algorithm, algorithm beat them significantly on latency!

This was the best session I went to all day. This once again reminds me why VMware makes such cool products – they really understand problems and they have really smart people trying to solve them.


VMworld sesson DV7180 – ThinApp Futures

Filed under: thinapp, Uncategorized, vmware, vmworld — Justin Emerson @ 3:17 pm

Cool highlights from this session, I’m going to skip all the pre-ThinApp 4.6 stuff since it’s old news:

  • ThinApp (as of 4.6) now does transparent page sharing for applications (like in TS environments) just like ESX does for VMs. Pretty neat!
  • In ThinApp 4.6 you can “harvest” IE6 straight out of an XP system and run it on Win7. Only WinXP specific file that gets put in the package is Shell32.dll, otherwise icons and menus don’t work correctly. The resulting ThinApp performs like IE6 SP1.
  • ThinApp Converter which is included in ThinApp 4.6 allows you to automatically build a package from an automated installer. You can take existing install packages (like from Wise, Alritis, or LANDesk) and convert them to ThinApp packages easily with a simple command line and a blank VM.
  • The futures stuff was talking about a new features called “ThinApp Factory.” It’s a prototype which can download RSS feeds of applications and automatically download the app installer, silently install it and capture the package using ThinApp Converter, and then publish it to users or allow users to download it from an “App Store” kind of thing. This will probably feed into the Horizon stuff they showed this morning in the keynote.

VMworld session DV7907: View Reference Architecture

Filed under: Uncategorized, view, vmworld — Justin Emerson @ 12:34 pm

Session is around updating the reference architecture for View 4.0 to View 4.5.

  • Goal of View is to delivery Consumer Cloud experience for the Enterprise.
  • Goal of the 4.0 reference architecture was to simulate a realistic desktop workload, validate 2,048 users.
  • Session turning into a pitch for UCS very quickly…
  • Now they’re off to talk about RAWC, which is really old news. New version of RAWC supports simulating workloads on Win7. Still can only simulate a preselected set of apps, no custom app load testing. You can learn more about rock on its Youtube channel.
  • View 4 reference architecture was run on UCS, CX4, vSphere 4.0 and WinXP SP3.
  • Just released – Win7 optimization guide, includes a BAT file that optimizes the VM for you! Already found it here.
  • Going through all the stuff they had to do to the Storage to make it perform. Wouldn’t it have been nice if it was on virtualized storage and you didn’t have to worry about RAID groups and all that crap? 🙂
  • View 4.0 Reference architecture they got up to 16VMs/core. I think this is super aggressive and I don’t recommend customers size for this #.
  • Finally we get to View 4.5 stuff! Talking about the new Tiered storage capabilities of View 4.5
  • They’re putting SSDs in each physical server… again more Cisco specific stuff. I think sticking SSDs in every server drives up the cost too much. Plus wouldn’t it kill vMotion.
  • They did the View 4.5 test with a single non-persistent pool.
  • They see CPU being a bottleneck on optimized Win7 32b deployments… but they were only giving each Win7 VM 1GB of RAM.
  • During the Q&A, asked about HA/VMotion. This reference architecture doesn’t allow for VMotion or HA. And Non-Persistent pools require some sort of 3rd party profile management to make it work. If you want to take a system down you’ll have to do it after hours. Don’t like it! I’ll stick with SANs to give full functionality instead of neutering 1/2 the Enterprise functionality.

September 2, 2009

VMworld session DV3260 – Protocol Benchmarking and Comparisons

Filed under: citrix, vdi, view, vmware, vmworld — Justin Emerson @ 11:06 pm

I arrived to this session a bit late as well (noticing a theme here?) but a lot of the basics of this session were very similar to one last year on remote user experience in virtual desktops.

The gist of it is VMware has done some internal benchmarking using the PCoIP beta code (not final!) on vSphere and compared it to PortICA 2.1 – not the newest with HDX stuff, this was asked in a question pretty early and they were (deservedly) given some guff for that – and RDP (to an XP VM so only RDP 5.1).

They talked forever about their testing methodology. Essentially they tested three things:

  • A synthetic benchmark they created in-house called RPerf (which I saw last year in the similar session) that basically exercises a display protocol in as low-impact a way as possible to the underlying host (so you can measure how much CPU/memory the protocol takes and not how much CPU/RAM running the benchmark takes)
  • A 320×240, 25fps video with mixtures of different types of video that range from fairly static, pans, zooms, areas of motion on still backgrounds, and random static.
  • An AutoIT-based workload that tests actual VM performance in addition to the connection protocol.

The results were pretty favorable to PCoIP. In many cases it wasn’t the fastest, but it was never the worst. Sometimes it would barely lose to RDP in the LAN case, and barely lose to PortICA on the WAN case. It was never far behind the in any of the tests they showed results for, and in many cases was the fastest. The other big benefit was PCoIP had lower overhead in CPU and RAM than either PortICA or RDP. Tests were run entirely with the software PCoIP implementation – no hardware.

VMworld session DV2801 – Integrating View into your Environment

Filed under: powershell, view, vmware, vmworld — Justin Emerson @ 10:58 pm

I arrived late to this session, but it looks like the beginning was about how to plug into today’s View product and make automated changes or fire off scripts based on events and such. The basics of it was the integration points you have today are very very limited – you have the two CLI tools (SVIConfig and VDMAdmin), log file monitoring, and editing the ADAM LDAP directly.

In View 4 new features will include an event reporting central warehouse – a database with a rollup of events from all clients, agents, and servers. It will include an event database with information on what events mean what along with resolutions, and will allow for querying using VDMAdmin or SQL tools such as Crystal Reports.

The best news though is PowerShell automation support! That makes View the 3rd product (after vCenter and Update Manager) to get PowerShell support. Using PowerShell should obviate the need to ever directly edit the LDAP, which is good because PowerShell can validate your input and will be far less dangerous. You can use PowerShell to stand up an environment from scratch, everything from global config, pairing it with a vCenter server, and making pools and VMs. You can also query the event warehouse for reporting purposes, and perform actions on sessions and VMs managed by View. Some examples:

#Set View License Key
Set-license -key AA113-XXXXX...
#Set the Pre-Login Message
Update-GlobalConfig -PreloginMessage "message"

#Update the power policy of a pool so you can preboot VMs at 5AM to avoid boot storm
Update-AutomaticDesktop -id DesktopJoe -PowerPolicy AlwaysOn
#Create a new Individual Desktop by using PowerCLI to get VM Object and pipe it to View CLI
Add-IndividualDesktop -id DesktopJoe -DisplayName "Desktop" -vm (Get-VM -name JoeVM)
#Entitle a user to a desktop
Get-User ADUserName | Add-DesktopEntitlement -desktop_id DesktopJoe
#Disconnect an active session
Get-ActiveSession -User "Joe" | Send-SessionDisconnect

This was the best news I’d heard all day. Finally, I can do all the neato stuff I can do in standard vCenter in View!

They then went into a bunch of Microsoft SCOM integration stuff which seemed pretty useless to me, and I was so buzzed from the PowerShell stuff I barely paid attention.

VMworld session DV2363 – CVP Tech Deep Dive

Filed under: Uncategorized, vmworld — Justin Emerson @ 10:26 pm

This session was about VMware’s Client Hypervisor Platform, or CVP. CVP was announced a while back by VMware. Here are the highlights of the session.

CVP is a powerful client hypervisor solution, which is part of the greater VMware View offering. It is not going to be offered standalone, it is a View product only. It helps create what the presenters called a “thin” thick client.

There are two approaches to doing a client hypervisor: Direct Assignment or Advanced Device Emulation.

In Direct Assignment, technologies like Intel VT-D or other software techniques are used to pass through a physical device (such as a video card) directly into the VM. This has some advantages such as lower overhead, and if you’re running Windows in your VM then all you need is a set of Windows drivers, which are easy to find. Passthrough is also much easier to program…

It has several downsides, however. For example, it ties your VM to that particular hardware which reduces portability. It also becomes difficult to interpose on that device. For example, if the video card is owned by the VM, there’s no way for the hypervisor to access it. Same goes for the network card. The point being – if all you’re doing is passing through your physical devices, why do you need a Client Hypervisor? Just run native. You can’t add value when using passthrough on everything. For some device types (such as USB) where the O/S is expecting hardware to appear and disappear, passthrough is okay.

VMware’s strategy is around Advanced Device Emulation. Client only needs a driver for the emulated hardware device, because the hypervisor itself contains the driver for the underlying physical hardware. The advantages here are that it divorces the VM from the hardware, making portability easy, as well as simplifying hardware upgrade and recovery. Also, the Hypervisor can add functionality by managing the devices, such as enforcing network security policies and the like. This does mean that the hypervisor needs to have complete drivers for the underlying hardware.

VMware’s CVP has the following features:

  • Improved guest 3d support using a new type of virtual SVGA card. Supports DirectX 9.0L for Aero Glass.
  • Paravirtualized Wireless device. This is important because unlike a wired NIC, a wireless NIC only has one radio, so your hypervisor and VM can’t both be tuned to different networks. You need to give control of the radio to someone, so they allow the guest to control (using its native management capabilities built into the OS) that radio through a special VMware WiFi virtual device. This also means it works with guest-based “supplicants” like iPass.
  • USB is fully supported and is Passthrough like Workstation.
  • External Display and MultiMonitor capable. Allows extended desktop, mirroring, rotation either in built-in OS control (Windows 7) or through a special tab from VMware (WinXP, Vista, analogous to the ATI/nVidia control panel applets that do the same)
  • External Storage support for eSATA (!!) and built-in laptop card readers.
  • Power Management awareness – respond to guest power state (i.e. allow the VM to suspend or shutdown the physical hardware). Respect the guest power policy and connect special events to guest like the lid switch or the sleep/power buttons on the physical hardware.
  • Encryption support: the VMX and VMDKs are all encrypted using the onboard Intel vPro TXT and TPM capabilities. Uses 256-Bit AES encryption. When asked if this would be optional or modifiable, that is still to be determined.
  • CVP is based on linux and in the pre-beta version they showed, it actually had a shell we could break out into. In the final version we were assured this would not be available.

So what good is all this supposed to do? The idea is the user checks out a Virtual Machine (or one is pre-provisioned for them)  to their CVP device. That device is managed by View Manager, which accesses an embedded View Agent in the CVP. This is used for policy enforcement, heartbeats, configuration changes, endpoint statistic gathering, and managing transfers from the View Server. The VM can run offline and also is smart enough to adapt its virtual hardware (like number of CPUs, GB of RAM) to the underlying physical hardware. VMware is targetting only a 256MB overhead for CVP. Today the CVP can run one VM only, but could store more than one.

CVP is an embedded Linux Type 1 hypervisor with a minimal set of packages installed. It’s optimized for fast boot time, and will be fully qualified on individual hardware platforms (like ESX). It does not contain a general purpose OS, so no doing work in the CVP. VMware itself provides updates such as patches, bug fixes, and new hardware enablement. It will be updated monolithically like ESXi is (full firmware updates), and this is updated from the View Manager server. The codebase is really unrelated to ESX, it’s more based on Workstation for Linux.

CVP requires Intel’s vPro and integrates with it’s Active Management Technology (AMT) for a bunch of things like Inventory collection, remote power on/off, and configuration backup onto the AMT private storage. It will be compatible with all AMT-enabled management tools like Altiris, LANDesk, etc.

The CVP itself has no listening ports, so it should be impossible to break into via the network. The disks are encrypted, Intel TXT + Trusted Boot protects integrity of the hypervisor in hardware. After installation, laptop will only boot approved hypervisor (no booting to a rescue CD). Encryption keys are stored in the TPM module and are used to encrypt the drives.

I asked several questions at this session:

  • The demo from last year involved booting from a USB Key. Will boot from flash be supported?
    • Initial release installs on hard disk and runs there.
  • Will the CVP also work as a remote View client (with PCoverIP support)?
    • That is on the roadmap but will not be in version 1, only locally running VMs.
  • At VMworld 2007, tech for streaming a virtual appliance and booting it while data was still in flight was demoed. Will this be in CVP?
    • They have the code, but user issues kept it out of first release. How does user know when it’s safe to go offline? When they resolve this issue they will bring that code in.

Overall I am pretty excited about CVP. I understand the HCL may be fairly limited at launch, but it really does have tremendous potential for View environments.

VMworld session TA3438 – Top 10 Performance improvements in vSphere 4

Filed under: vmware, vmworld, vSphere — Justin Emerson @ 10:00 pm

This was a really interesting session that really broke down a lot of the stuff that was improved in vSphere. VMware likes to talk about how vSphere has however many hundred new features, here’s an interesting list of the highlights:

  • IO overhead has been cut in half. Also, IO for a VM can execute on a different core than the VM Monitor is running on. This means a single CPU VM can actually use two CPUs.
  • The CPU scheduler is much better at scheduling SMP workloads. 4-way SMP VMs perform 20% petter, and 8-way is about 2x the performance of a 4-way with an Oracle OLTP workload, so performance scales well.
  • EPT improves performance a LOT. Turning it on also enables Large Pages by default (which can negatively affect TPS). Applications need to have Large Pages turned on, like SQL (which gains 7% performance)
  • Hardware iSCSI is 30% less overhead across the board, Software iSCSI is 30% better on reads, 60% better on writes!
  • Storage VMotion is significantly faster, because of block change tracking and no need to do a self-VMotion (Which also means it doesn’t need 2x RAM)
  • In vSphere performance between RDM and VMFS is less than 5%, and while this is the same as ESX3.5, performance of a VM on a VMFS volume where another operation (like a VM getting cloned) has improved.
  • Big improvement in VDI workloads – a boot storm of 512 VMs is five times faster in vSphere. 20 minutes reduced to 4.
  • PVSCSI does some very clever things like sharing the I/O queue depth with the underlying hypervisor, so you have one less queue.
  • vSphere TCP stack is improved (I know from other sessions they’re using the new tcpip2 stack end-to-end.
  • VMXNET3 gives big network I/O improvements, especially in Windows SMP VMs.
  • Network throughput scales much better, 80% performance improvement with 16 VMs running full blast.
  • VMotion 5x faster on active workloads, 2x faster at idle.
  • 350K IOPS per ESX Host, 120K IOPS per VM.

All reasons to be running vSphere on your infrastructure today.

September 1, 2009

VMworld session DV2181 – SRM+View

Filed under: srm, vmworld — Justin Emerson @ 11:27 pm

This session was a really interesting one being presented by a combination of VMware and EMC guys on how they managed to get SRM working to protect a View environment complete with Linked Clones. It involves a LOT of scripting, and doesn’t appear to work in a test, only a full failover, which makes it slightly less useful in my opinion. The real problem is you have to correct a LOT of things.

The first issue is View Composer installs on the vCenter machine, which isn’t replicated as part of SRM. So you have to copy the whole composer database over, then correct all the entries in it to match the replicated VMs. Then you need to correct the ADAM in View Manager because it will have associated the VMs with the wrong vCenter. So there’s a lot of database fixing going on here…

They demonstrated it on video and said it will be posted to the View blog later this week. I’ll take a look at the scripting, but after watching their presentation I hope for a more robust, proper solution will be available with View 4 + the next SRM version (whether they’re calling it 1.5 or 4.0 or what).

Also, I attended the DV2484 session, but it was mostly a waste of time. You can see Scott Lowe’s thoughts (and mine in the comments) at his blog.

VMworld Session VM2241 – PowerCLI (4.0 Update 1 and Onyx)

Filed under: powershell, vmware, vmworld, vSphere — Justin Emerson @ 1:54 pm

One of the sessions I was most looking forward to today was the PowerCLI session from Carter and Friends. After teasing Project Onyx at their blog a few days back the anticipation was at a fever pitch.

Some great info in the session for PowerCLI newbies, but the good stuff was info on PowerCLI 4.0 Update 1 which is scheduled to be out “before Christmas” according to Carter (to which someone in the audience quipped, “what year?”)

  • PowerCLI 4u1 has 229 cmdlets in the current internal beta build
  • New cmdlets for vApps (get, new, start, stop, import, export)
  • Better Storage Management:
    • iSCSI improvements, get/set-vmhosthba.
    • You can now turn on the SW iSCSI initiator and add a Send Targets IP, rescan, and format LUNs all from PowerCLI.
  • Huge improvements to Guest operations.
    • Set-VMGuestNetwork (name approximate) allows you to set the networking information of Virtual Machines (Windows OR Linux with same syntax). Will be great for post-SRM failver scripting!
    • Copy files in and out of guests (Win or Linux)
    • Invoke-VMScript can run arbitrary commands and batch files (no longer requires PS in VM, can run BASH scripts in Linux VMs, too). Still require Host and Guest credentials.
  • NIC Teaming and Load Balancing policies
    • Set standby NICs, unused NICs, changed load balancing policy to IPHash, etc.
    • Forgot to ask if you can remove a VMNIC from a vSwitch yet…
  • vCenter Permissions and Role cmdlets.

Stuff I wish I had seen:

  • License management cmdlets (adding licenses to vCenter’s license database, assigning licenses to servers)
  • DPM Cluster- and Host-based cmdlets

Carter also said that performance in large vCenter servers will improve a lot – getting a single VM won’t take as long as getting them all.

The last thing was a demonstration of Project Onyx. Onyx is a proxy that sits in between your vSphere client and your vCenter server. It functions a lot like a sysinternals tool – you turn on “capture” and whenever you issue a command in the client it spits out PowerShell code that breaks out to the vSphere API to do what you just did. You then can save this to a PS1 file, edit out the stuff you don’t want to put in a script, generalize it (so it runs on a variable) and wrap it in a function.

The example they used was turning on DPM for a cluster. We ran Onyx and made the change to one cluster manually. Onyx spits out a giant chunk of code that creates a VMware.vim.ClusterConfigSpecEx object. We checked the API documentation to confirm that all the stuff related to HA and DRS (which we don’t want to modify) is optional, then remove all that junk from the code. We then wrap it in a function and call it using foreach object after grabbing all the clusters using get-cluster.

It’s a pretty slick process. I dropped off my business card to hopefully get into the Beta. Carter, hook a brotha up!

Lastly Scott Herold from Quest/Vizioncore showed off the Virtualization EcoShell, which I guess I’m way late to the party on but I’m totally switching to that from PowerGUI that I use now.

Overall GREAT session.

Blog at WordPress.com.