VMworld 2010 review

The start of VMWorld2010's 1st keynote session
The start of VMWorld2010's 1st keynote session

Got back from VMworld last week and had a great time. Met a number of new and old friends and talked a lot about the new VMware technology coming online. Some highlights from the keynote sessions I attended,

vCloud Director

Previously known as Redwood, VMware is rolling out their support for cloud services and tieing it into their data center services. vCloud Director supports the definition of Virtual Data Centers with varying SLA characteristics. It is expected that virtual data centers would each support different service levels, something like “Gold”, “Silver” and “Bronze”. Virtual data centers now represent a class of VM service and aggregates all VMware data center resources together into massive resource pools which can now better managed and allocated to VMs that need them.

For example, by using vCLoud Director, one only needs to select which Virtual Data Center to specify the SLAs for a VM. New VMs will be allocated to the virtual data center that provides the requested service. This takes DRS, HA and FT to a whole new level.

Even more, it now allows vCloud Data Center Service partners to enter into the picture and provide a virtual data center class of service to the customer. In this way, a customer’s onsite data center could supply Gold and Silver virtual data center services while Bronze services could be provided at a service partner.

vShield

With all the advent of VM cloud capabilites coming online the need for VM security is becoming much more pressing. To address these concerns, VMware rolled out their vShield services which come in two levels today vShield Endpoint and vShield Edge.

  • Endpoint – offloads anti-virus scans from running in the VM and interfaces with standard anti-virus vendors to run the scan at the higher (ESX) levels.
  • Edge – provides for VPN and firewalls surrounding the virtual data center and interfaces with Cisco, Intel-McAffee, Symantec, and RSA to insure tight integration with these data center security providers.

The combination of vShield and vCloud Director allows approved vCloud Data Center Service providers to supply end-to-end data center security surrounding VMs and virtual data centers. Their are currently 5 approved vShield/vCloud Data Center Services partners today and they are Terramark, Verizon, Singtel, Colt, and Bluelock with more coming online shortly. Using vShield services, VMs could have secured access to onsite data center services even though they were executing offsite in the cloud.

VMware View

A new version of VMware’s VDI interface was released which now includes offline mode for those users that occasionally reside outside normal network access and need to use a standalone desktop environment. With the latest VMware View offline mode, one would checkout (download) a desktop virtual machine to your laptop and then be able to run all your desktop applications without network access.

 

vStorage API for Array Integration (VAAI)

VAAI supports advanced storage capabilities such as cloning, snapshot and thin provisioning and improves the efficiency of VM I/O. These changes should make thin provisioning much more efficient to use and should enable VMware to take advantage of storage hardware services such as snapshots and clones to offload VMware software services.

vSphere Essentials

Essentials is an SMB targeted VMware solution license-able for ~$18 per VM in an 8-core server, lowering the entry costs for VMware to very reasonable levels. The SMB data center’s number one problem is the lack of resources and this should enable more SMB shops to adopt VMware services at an entry level and grow up with VMware solutions in their environment.

VMforce

VMforce allows applications developed under Springsource, the enterprise java application development framework of the future, to run on the cloud via Salesforce.com cloud infrastructire. VMware is also working with Google and other cloud computing providers to provide similar services on their cloud infrastructure.

Other News

In addition to these feature/functionality announcements, VMware discussed their two most recent acquisitions of Integrien and TriCipher.

  • Integrien – is a both a visualization and resource analytics application. This will let administrators see at a glance how their VMware environment is operating with a dashboard and then allows one to drill down to see what is wrong with any items indicated by red or yellow lights. Integrien integrates with vCenter and other services to provide the analytics needed to determine resource status and details needed to understand how to resolve any flagged situation.
  • TriCipher – is a security service that will ultimately provide a single sign-on/login for all VMware services. As discussed above security is becoming ever more important in VMware environments and separate sign-ons to all VMware services would be cumbersome at best. However, with TriCipher, one only need sign-on once and then have access to any and all VMware services in a securely authenticated fashion.

VMWorld Lowlights

Most of these are nits and not worth dwelling on but the exhibitors and other non-high level sponsors/exhibitors all seemed to complain about the lack of conference rooms and were not allowed in the press&analyst rooms. Finding seating to talk to these vendors was difficult at best around the conference sessions, on the exhibit floor, or in the restuarants/cafe’s surrounding Moscone Conference Center. Although once you got offsite facilities were much more accommodating.

I would have to say another lowlight were all the late night parties that occurred – not that I didn’t partake in my fair share of partying. There were rumors of one incident where a conference goer was running around a hotel hall with only undergarments on blowing kisses to any female within sight. Some people shouldn’t be allowed to leave home.

The only other real negative in a pretty flawless show was the lines of people waiting to get into the technical sessions. They were pretty orderly but I have not seen anything like this amount of interest before in technical presentations. Perhaps, I have just been going to the wrong conferences. In any event, I suspect VMworld will need to change venues soon as their technical sessions seem to be outgrowing their session rooms although the exhibit floor could have used a few more exhibitors. Too bad, I loved San Francisco and Moscone Center was so easy to get to…

—-

But all in all a great conference, learned lot’s of new stuff, talked with many old friends, and met many new ones. I look forward to next year.

Anything I missed?

PC-as-a-Service (PCaaS) using VDI

IBM PC Computer by Mess of Pottage (cc) (from Flickr)
IBM PC Computer by Mess of Pottage (cc) (from Flickr)

Last year at VMworld, VMware was saying that 2010 was year for VDI (virtual desktop infrastructure), last week NetApp said that most large NY banks they talked with were looking at implementing VDI and prior to that, HP StorageWorks announced a new VDI reference platform that could support ~1600 VDI images.  It seems that VDI is gaining some serious interest.

While VDI works well for large organizations, there doesn’t seem to be any similar solution for consumers. The typical consumer today usually runs downlevel OS’s, anti-virus, office applications, etc.  and have no time, nor inclination to update such software.  These consumers would be considerably better served with something like PCaaS, if such a thing existed.

PCaaS

Essentially PCaaS would be a VDI-like service offering, using standard VDI tools or something similar with a lightweight kernel, use of local attached resources (printers, usb sticks, scanners, etc.) but running applications that were hosted elsewhere.  PCaaS could provide all the latest O/S and applications and provide enterprise class reliability, support and backup/restore services.

Broadband

One potential problem with PCaaS is the need for reliable broadband to the home. Just like other cloud services, without broadband, none of this will work.

Possibly this could be circumvented if a PCaaS viewer browser application were available (like VMware’s Viewer). With this in place, PCaaS could be supplied over any internet enabled location supporting browser access.   Such a browser based service may not support the same rich menu of local resources as a normal PCaaS client, but it would probably suffice when needed. The other nice thing about a viewer is that smart phones, iPads and other always-on web-enabled devices supporting standard browsers could provide PCaaS services from anywhere mobile data or WI-FI were available.

PCaaS business model

As for a businesses that could bring PC-as-a-Service to life, I see many potential providers:

  • Any current PC hardware vendor/supplier may want to supply PCaaS as it may defer/reduce hardware purchases or rather move such activity from the consumer to companies.
  • Many SMB hosting providers could easily offer such a service.
  • Many local IT support services could deliver better and potentially less expensive services to their customers by offering PCaaS.
  • Any web hosting company would have the networking, server infrastructure and technical know-how to easily provide PCaaS.

This list ignores any new entrants that would see this as a significant opportunity.

Google, Microsoft and others seem to be taking small steps to do this in a piecemeal fashion, with cloud enabled office/email applications. However, in my view what the consumer really wants is a complete PC, not just some select group of office applications.

As described above, PCaaS would bring enterprise level IT desktop services to the consumer marketplace. Any substantive business in PCaaS would free up untold numbers of technically astute individuals providing un-paid, on-call support to millions, perhaps billions of technically challenged consumers.

Now if someone would just come out with Mac-as-a-Service, I could retire from supporting my family’s Apple desktops & laptops…

IO Virtualization comes out

Snakes in a plane by richardmasoner [from flickr (cc)]
Snakes in a plane by richardmasoner (from flickr (cc))
Prior to last week’s VMworld, I had never heard of IO virtualization products before – storage virtualization yes but never IO virtualization. Then at last week’s VMworld I met with two vendors of IO virtualization products Aprius and Virtensys.

IO virtualization shares the HBAs/CNAs/NICs that a server tower would normally have plugged into each server and creates a top-of-rack box that shares these IO cards. The top-of-rack IO is connected to each of the tower servers by extending each server’s PCI-express bus.

Each individual server believes it has a local HBA/CNA/NIC card and acts accordingly. The top-of-rack box handles the mapping of each server to a portion of the HBA/CNA/NIC cards being shared. This all seems to remind me of server virtualization, using software to share the server processor, memory and IO resources across multiple applications. But with one significant difference.

How IO virtualization works

Aprius depends on the new SRIOV (Single Root I/O virtualization [requires login]) standards. I am no PCI-express expert but what this seems to do is allow a HBA/CNA/NIC PCI-express card to be a shared resource among a number of virtual servers executing within a physical server. What Aprius has done is sort of a “P2V in reverse” and allows a number of physical servers to share the same PCI-express HBA/CNA/NIC card in the top-of-rack solution.

Virtensys says it’s solution does not depend on SRIOV standards to provide IO virtualization. As such, it’s not clear what’s different but the top-of-box solution could conceivably share the hardware via software magic.

From a FC and HBA perspective there seems to be a number of questions as to how all this works.

  • Does the top-of-box solution need to be powered and booted up first?
  • How is FC zoning and LUN masking supported in a shared environment?

Similar networking questions should arise especially when one considers iSCSI boot capabilities.

Economics of IO virtualization

But the real question is one of economics. My lab owner friends tell me that a CNA costs about $800/port these days. Now when you consider that one could have 4-8 servers sharing each of these ports with IO virtualization the economics become clearer. With a typical configuration of 6 servers

  • For a non-IO virtualized solution, each server would have 2 CNA ports at a minimum so this would cost you $1600/server or $9600.
  • For an IO virtualized solution, each server requires PCI-extenders, costing about $50/server or $300, at least one CNA (for the top-of-rack) costing $1600 and the cost of their top-of-rack box.

If the IO virtualization box cost less than $7.7K it would be economical. But, IO virtualization providers also claim another savings, i.e, less switch ports need to be purchased because there are less physical network links. Unclear to me what a 10Gbe port with FCOE support costs these days but my guess may be 2X what a CNA port costs or another $1600/port or for the 6 server dual ported configuration ~$19.2K. Thus, the top-of-rack solution could cost almost $27K and still be more economical. When using IO virtualization to reduce HBAs and NICs then the top-of-rack solution could be even more economical.

Although the economics may be in favor of IO virtualization – at the moment – time is running out. CNA, HBA and NIC ports are coming down in price as vendors ramp up production. These same factors will reduce switch port cost as well. Thus, the savings gained from sharing CNAs, HBAs and NICs across multiple servers will diminish over time. Also the move to FCOE will eliminate HBAs and NICs and replace them with just CNAs so there are even less ports to amortize.

Moreover, PCI-express extender cards will probably never achieve volumes similar to HBAs, NICs, or CNAs so extender card pricing should remain flat. In contrast, any top-of-rack solution will share in overall technology trends reducing server pricing so relative advantages of IO virtualization over top-of-rack switches should be a wash.

The critical question for the IO virtualization vendors is can they support a high enough fan-in (physical server to top-of-rack) to justify the additional costs in both capital and operational expense for their solution. And will they be able to keep ahead of the pricing trends of their competition (top-of-rack switch ports and server CNA ports).

On one side as CNAs, HBAs, and NICs become faster and more powerful, no single application can consume all the throughput being made available. But on the other hand, server virtualization are now running more applications on each physical server and as such, amortizing port hardware over more and more applications.

Does IO virtualization make sense today at HBAs@8GFC, NICs and CNAs@10Gbe, would it make sense in the future with converged networks? It all depends on port costs. As port costs go down eventually these products will be squeezed.

The significant difference between server and IO virtualization is the fact that IO virtualization doesn’t reduce hardware footprint – one top-of-box IO virtualization appliance replaces a top-of-box switch and server PCI-express slots used by CNAs/HBAs/NICs are now used by PCI-extender cards. In contrast, server virtualization reduced hardware footprint and costs from the start. The fact that IO virtualization doesn’t reduce hardware footprint may doom this product.

VMworld and long distance Vmotion

Moving a VM from one data center to another

In all the blog posts/tweets about VMworld this week I didn’t see much about long distance Vmotion. At Cisco’s booth there was a presentation on how they partnered with VMware and to perform Vmotion over 200 (simulated) miles away.

I can’t recall when I first heard about this capability but for many of us this we heard about this before. However, what was new was that Cisco wasn’t the only one talking about it. I met with a company called NetEx whose product HyperIP was being used to performe long distance Vmotion at over 2000 miles apart . And had at least three sites actually running their systems doing this. Now I am sure you won’t find NetEx on VMware’s long HCL list but what they have managed to do is impressive.

As I understand it, they have an optimized appliance (also available as a virtual [VM] appliance) that terminates the TCP session (used by Vmotion) at the primary site and then transfers the data payload using their own UDP protocol over to the target appliance which re-constitutes (?) the TCP session and sends it back up the stack as if everything is local. According to the NetEx CEO Craig Gust, their product typically offers a data payload of around ~90% compared to standard TCP/IP of around 30%, which automatically gives them a 3X advantage (although he claimed a 6X speed or distance advantage, I can’t seem to follow the logic).

How all this works with vCenter, DRS and HA I can only fathom but my guess is that everything this long distance Vmotion is actually does appears to VMware as a local Vmotion. This way DRS and/or HA can control it all. How the networking is set up to support this is beyond me.

Nevertheless, all of this proves that it’s not just one highend networking company coming away with a proof of concept anymore, at least two companies exist, one of which have customers doing it today.

The Storage problem

In any event, accessing the storage at the remote site is another problem. It’s one thing to transfer server memory and state information over 10-1000 miles, it’s quite another to transfer TBs of data storage over the same distance. The Cisco team suggested some alternatives to handle the storage side of long distance Vmotion:

  • Let the storage stay in the original location. This would be supported by having the VM in the remote site access the storage across a network
  • Move the storage via long distance Storage Vmotion. The problem with this is that transferring TB of data takes (even at 90% data payload for 800 Mb/s) would take hours. And 800Mb/s networking isn’t cheap.
  • Replicate the storage via active-passive replication. Here the storage subsystem(s) concurrently replicate the data from the primary site to the secondary site
  • Replicate the storage via active-active replication where both the primary and secondary site replicate data to one another and any write to either location is replicated to the other

Now I have to admit the active-active replication where the same LUN or file system can be be being replicated in both directions and updated at both locations simultaneously seems to me unobtainium, I can be convinced otherwise. Nevertheless, the other approaches exist today and effectively deal with the issue, albeit with commensurate increases in expense.

The Networking problem

So now that we have the storage problem solved, what about the networking problem. When a VM is Vmotioned to another ESX server it retains its IP addressing so as to retain all it’s current network connections. Cisco has some techniques here where they can seem to extend the VLAN (or subnet) from the primary site to the secondary site and leave the VM with the same network IP address as at the primary site. Cisco has a couple of different ways to extend the VLAN optimized for HA, load ballancing, scaleability or protocol isolation and broadcast avoidance. (all of which is described further in their white paper on the subject). Cisco did mention that their Extending VLAN technology currently would not support distances greater than 500 miles apart.

Presumably NetEx’s product solves all this by leaving the IP addresses/TCP port at the primary site and just transferring the data to the secondary site. In any event multiple solutions to the networking problem exist as well.

Now, that long distance Vmotion can be accomplished is it a DR tool, a mobility tool, a load ballancing tool, or all of the above. That will need to wait for another post.