Business Critical Applications

Oracle DBAs considering to virtualize Oracle 11gr2 RAC should check out VMware vSphere 5 platform - VMware® vSphere® is the industry-leading virtualization platform for building cloud infrastructures. It enables users to run business-critical applications like Oracle with confidence and respond to business needs faster by taking advantage on the application and Infrastructure services that vSphere 5 provides.

As you all know, Oracle now provides support (Oracle MySupport ID: 249212.1 – RAC support added as of Nov 8, 2010) for Oracle 11gr2 RAC on VMware. VMware vSphere® 5.0 can handle the intensive workloads of business-critical applications - Let us discuss on a workload characterization study that was conducted on a four node Oracle 11g R2 RAC using VMware vSphere 5 with Cisco UCS servers and EMC VNX5500 Unified storage. See below the architecture that describes and demonstrates how the Oracle RAC deployment can sustain a heavy OLTP load without any degradation to transaction performance.

Below table describes the various components involved in this workload study.

Let us see below the few test result highlights described in this workload characterization study:

• 24 hour workload Test: The following table summarizes results for 24 hour workload test. The above architecture was tested by subjecting it to a sustained heavy OLTP workload over a 24-hour period and results showed substantial transaction throughput without any degradation in performance.

  

• Oracle RAC Node VM vMotion Test: The following SwingBench load generator screenshot shows the results during first and second vMotion. This also shows there is a minimal TPM impact during vMotion and ramps back to where it was before the vMotion, each vMotion took approx 64 seconds.

For more detailed read, check out the Oracle Databases on VMware vSphere® 5 - RAC Workload Characterization Study click on the image below

This blog is part of a series on Virtualizing Your Business Critical Applications with VMware.  To learn more, including how VMware customers have successfully virtualized SAP, Oracle, Exchange, SQL and more, visit www.vmware.com/go/virtualizeyourapps

Whether you’re a large enterprise or small to midsized business, VMware solutions enable you to reduce costs and simplify your plans for business continuity and disaster recovery (BC/DR). 

For customer sites with up to 75 virtual machines: Save 40 percent off a 75-VM pack of VMware Site Recovery Manager™ Standard and vCenter Operations™ Enterprise.

For customer sites with more than 75 virtual machines: Introducing the Business Production Bundle, a 75-VM pack of Site Recovery Manager Enterprise, vCenter Operations Enterprise, and VMware vShield App. Purchase it now and receive 75 free Training Credits (value $7,500 USD). Training can be instructor-led or webbased and expires after one year.

For more information regarding this promotion, visit: http://www.vmware.com/go/bcdr-promo

The VMware Business Continuity/Disaster Recovery promotion is effective from February 1, 2012 to June 15, 2012.

This blog is part of a series on Virtualizing Your Business Critical Applications with VMware. To learn more, including how VMware customers have successfully virtualized SAP, Oracle, Exchange, SQL and more, visit vmware.com/go/virtualizeyourapps

by Neal Mueller

Many Oracle products, including the database, are licensed by physical processor. This licensing model works well in a physical world, in which customers typically run one application per host and physical processors are easy to track. But this model is not well-adapted to a virtual world. VMware vSphere® enables you to consolidate multiple workloads in the form of virtual machines on a single host. Additionally, VMware enables you to move these virtual machines across hosts with VMware vMotion®, VMware Distributed Resource Scheduler (DRS) and High Availability (HA). When running products that are licensed by physical processor on vSphere, customers should ensure the following:

• Virtual machines are running on hosts fully licensed for Oracle.
• Virtual machine movement within a cluster is restricted to hosts that are fully licensed for Oracle.
• Virtual machine movements are tracked so that customers are able to demonstrate compliance with Oracle licensing policies.

Many Oracle products are licensed by physical core or socket, and for these products Oracle does not have a virtual CPU-based licensing mechanism. In a vSphere environment, the consequence of Oracle’s licensing policy is that customers must license all physical cores or sockets in the vSphere host (fully licensed host). However, once the host is fully licensed, customers are allowed to run an unlimited number of virtual machines and application instances on that host without additional licenses.

As shown in the below graphic, customers can take advantage of VMware software’s many advanced features, such as Dynamic Resource Scheduler and vSphere HA, to get the highest possible infrastructure utilization and further reduce licensing costs. This this graphic we show consolidation of 16 processors into 4 processors and the resultant licensing savings of 16 licenses to 4 licenses. 

Read our technical white paper on Understanding Oracle Certification, Support and Licensing for VMware Environments to learn more.

by Neal Mueller

Not every Oracle support agent got the “memo” that Oracle supports their database and applications being virtualized on VMware vSphere.

Fact is, Oracle has an official support policy for virtualization on VMware vSphere, articulated in MyOracleSupport Document ID #249212.1. The Oracle support policy states that “Oracle will only provide support for issues that either are known to occur on the native OS, or can be demonstrated not to be as a result of running on VMware.” A copy of the Oracle document appears in Figure 1 below.

Figure 1: Oracle Support Policy on VMware

In November 2010, Oracle expanded the above support policy to include Oracle Real Application Clusters (RAC) on vSphere.

For our part, VMware has its own policy to support customers running Oracle applications on VMware. If required, VMware will take ownership of the support request and pursue rapid resolution, in collaboration with the Oracle support organization through TSANet as needed. Because VMware customers virtualize all types of Tier 1 applications, we have significant expertise in making this a seamless support experience.

Read our technical white paper on Understanding Oracle Certification, Support and Licensing for VMware Environments to learn more.

This blog is part of a series on Virtualizing Your Business Critical Applications with VMware. To learn more, including how VMware customers have successfully virtualized SAP, Oracle, Exchange SQL and more, visit vmware.com/go/virtualizeyourapps

Hello Oracle Guru's,

VMware is excited to invite Oracle ACEs and Oracle Certified Masters to register as an official "Oracle Guru" and receive our bundle of Enterprise software.  With VMware having over 80% of the virtualization market, the virtualization of Oracle on VMware is one of the fastest growing areas in IT.  Contact us today at GuruLicensing@vmware.com  to learn about this exciting program.

Kannan

Example Firewall Configuration of an SAP vApp with vShield App

In the previous article, Part 1, we described the use cases for vShield App in a virtual  SAP environment. Here we demonstrate a simple vShield App  firewall configuration that quickly isolates a virtualized SAP landscape defined as a vApp in vCenter. It assumes the vShield Manager and App Appliances and vShield plug-in have been installed. The vShield App plug-in for vCenter allows you to create firewall rules via the vSphere client .

The following diagram shows the SAP vApp (called “SAP_MSSQL”) which consists of the following two virtual machines: SQL Server database and SAP Central Instance; application server instance. The only access into the SAP landscape will be via the SAP presentation client (SAP GUI) which in this example will use port 3200 (for background on SAP TCP/IP ports go to http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/4e515a43-0e01-0010-2da1-9bcc452c280b) . In this simple scenario we are not isolating the application from the database server.

This vApp is configured in the vCenter client and appears as follows in the vCenter “Hosts and Clusters”  inventory view .

The next three diagrams show vCenter screen captures that describe the three firewall configuration steps for this example:

1) Block all access into the landscape or vApp

2) Define the port for SAP GUI access

3) Allow SAP GUI access

The following whitepaper is available for further reading, “VMware vShield™ App: Protecting Virtual SAP Deployments” at http://www.vmware.com/files/pdf/techpaper/VMware-vShield-App-Protecting-Virtual-SAP-Deployments.pdf .

In today’s blog we would like to announce the that a new book, Enterprise Java Applications Architecture on VMware, has been released and is available from https://www.createspace.com/3632131.

Book Abstract

This book is the culmination of seven years of experience in running Java on VMware vSphere, both at VMware and at many VMware customer sites. In fact, many VMware customers run business critical enterprise Java applications on VMware vSphere and have achieved better TCO and SLAs. This book covers high level architecture and implementation details such as design and sizing, high-availability designs, automation of deployments, best practices, tuning, and troubleshooting techniques for enterprise Java applications on VMware.

Table of Contents

Chapter 1: Introduction
Chapter 2: Why Virtualize Enterprise Java Applications?
Chapter 3: Enterprise Java Applications on VMware
Chapter 4: Design and Sizing of Enterprise Java on VMware
Chapter 5: High-availability Designs of Enterprise Java
Chapter 6: Enterprise Java on VMware Best Practices
Chapter 7: UNIX-to-Linux Migration Considerations
Chapter 8: Run Effectively in Production
Chapter 9: Performance Study
Chapter 10: Application Modernization and vFabric
Chapter 11: Troubleshooting Primer
Chapter 12: FAQ – Enterprise Java Applications on vSphere

Target Audience

This book is targeted at IT professionals who are in search of implementation guidelines for running enterprise Java applications on VMware vSphere in production and QA/Test environments. The first three chapters provide CIOs, VPs, directors, and enterprise architects with key high-level business propositions for virtualizing enterprise Java applications. The remaining chapters are for developers and administrators who are interested in implementation details.

About the Author

Emad Benjamin has worked in the IT industry for the past twenty years. He graduated with a Bachelor of Electrical Engineering from the University of Wollongong. Earlier in his career, he was a C++ software engineer, then in 1997, he switched to programming with Java and has been focusing on Java ever since. He has extensive software development experience with companies such as, Cisco, Oracle, Citadel, BHP Steel, and others. For the past seven years, his main focus has been Java on VMware vSphere. Emad is currently at VMware focusing on all aspects of Java virtualization. He has shared his experience and Java virtualization best practices at many conferences and workshops around the world. You can connect with Emad on LinkedIn.

Looking at a Sizing Example

Figure 4, shows the most commonly encountered JVM and virtual machine size. This may be a fairly busy JVM with 100 to 250 concurrent threads (actual thread count varies as it depends on the nature of the workload), 4GB of heap, approximately 4.5GB for the JVM process, and 0.5GB for the guest OS. This results in a total recommended memory reservation for the virtual machine of 5GB with 2 vCPU and 1 JVM process.

Figure 4. Most Commonly Encountered Configuration

Figure 5 takes a closer look at the sizing example within the Java process, the memory layout, and for various sizes..

Figure 5. 5GB RAM Virtual Machine with One JVM Process and Two CPUs

The general sizing equation can be summarized as follows:

Let’s assume that, through load testing, a JVM max heap (-Xmx) of 4096m has been determined as necessary. Proceed to size as follows:

• Set -Xmx4096m and set –Xms4096m.
• Set –XX:MaxPermSize=256m. This value is a common number and depends on the memory footprint of the class-level information within your Java application code base..
• The other segment of NumberOfConcurrentThreads*(-Xss) depends mostly on the NumberOfConcurrentThreads the JVM will process, and the –Xss value you have chosen. A common range of –Xss is 128k-192k. If, for example, NumberOfConcurrentThreads is 100, then 100*192k => 19200k (assuming you set –Xss to 192k).

Note: The stack -Xss is application dependent, i.e. if the stack is not sized correctly you will get a StackOverflow. The default value is sometimes quite large, but you can size it down to help save on memory consumption.

• Assume the OS has a requirement of about 500m to run as per the OS spec.
• Total JVM memory (java process memory) = 4096m (-Xmx) + 256m (–XX:MaxPermSize) + 100*192k (NumberOfConcurrentThreads*-Xss) + “other mem”.
• Therefore, JVM memory is approximately 4096m+256m+19.2m + “other mem” = 4371m + “other mem”.
• Typically “other mem” is not significant. However, it can be quite large if the application uses lots of NIO buffers and socket buffers. Otherwise, assuming about 5 percent of the total JVM process memory (i.e., 4 to 5 percent of 4371=> assume 217m), should be enough, although proper load testing should be used to verify.
• This implies that JVM process memory is 4371m+217m=4588m
• To determine the virtual machine memory, assume you are using Linux with only this single Java process and no other significant process running. The total configured memory for the virtual machine translates to: VM memory = 4588m + 500m = 5088m.
• Finally, you should set the virtual machine memory as the memory reservation. You can choose to set the memory reservation as 5088m. However, over time you should monitor the active memory used by the virtual machine that houses this JVM process and adjust the memory reservation to that active memory value, which could be less than 5088m.

Stay tuned. In Part 3 we will conclude with an overview of the recently released book, Enterprise Java Applications Architecture on VMware.

VMware vShield App is a hypervisor-level firewall that can be used in virtual SAP deployments to provide network isolation and facilitate quick firewall testing of SAP landscapes. SAP landscape consists of multiple SAP products (ERP, CRM, portal etc) with separate production and non-production environments.  The non-production systems can be further broken into categories such as development, sandbox, user acceptance testing, training, etc. Each landscape can consist of multiple virtual machines running different SAP databases and multiple application servers.  vShield allows these landscapes to be segregated into separate trust zones based on customer requirements.  The following diagram depicts what the security zone architecture could look like in a non production landscape example.

You can define security rules based on containers that are VMware vSphere® objects.  One such object is a vApp.  A vApp is a resource container for multiple virtual machines that work together as part of a multitier application. In the figure above, each zone can be configured as a vApp comprising all the associated virtual machines for a particular SAP landscape.  For example, a rule that denies any traffic from inside a vApp to a specific destination outside that vApp applies to all the virtual machines in that vApp.  Isolating landscapes addresses use cases like: end users with access to training systems can be protected from accessing the development and QA systems; new developers and project consultants who are coming up to speed in sandbox systems can be isolated from core development environments.

SAP administrators can benefit from vShield App in the following ways:

• Organizing SAP landscapes into vApps and setting policies against these vApps allows administrators to focus on the landscape architecture and remove themselves from details such as IP addresses.

• For SAP, an IP address change does not typically involve any change to the application configuration files—the same can be said of the firewall rules. Once firewall policies have been set against the vApp, creation of a new database and/or application server virtual machine inside of the vApp requires no extra firewall configuration. This is useful as SAP environments can be very dynamic, for example, creation of sandbox and training systems for new project personnel and end users.

•  Administrators can easily test the impact of firewall settings to the TCP/IP ports used by SAP. The SAP application uses many TCP/IP ports for communication between end-users and application servers and between application and database servers (these ports are documented at http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/4e515a43-0e01-0010-2da1-9bcc452c280b).

• Database server virtual machines can be isolated from application server virtual machines. While SAP developers mostly work within the SAP development environment, they may need access to the guest OS of the application server to work with interface files (to manage data that is transferred between separate SAP systems or between SAP and non-SAP apps). So developers may be granted access to the application server guest OS but firewall rules can block access to the guest OS of database server virtual machines which is typically restricted to the database and SAP Basis administrator.

• vShield firewall policies apply to all ESXi hosts in the cluster so they are still enforced when a virtual machine is live migrated between hosts or a to a new host in the cluster (assuming that all hosts are protected by running the vShield App appliance).

In the second part of this blog series  we will demonstrate how a vApp consisting of a 3-tier SAP landscape can be protected using vShield App.

This week we will publish three blogs on the topic of sizing virtual machines for Java workloads. In the bogs we will discuss various sizing considerations, best practices, sizing limits, and the most common configuration used by our customers.

A sizing exercise in a virtualized environment for Java workloads is similar to that in physical environment. The only difference is that virtualized environment provides more flexibility, such as the ability to easily change the compute resource configuration. For more detailed information, we encourage you to review the Enterprise Java Applications on VMware – Best Practices Guide  (http://www.vmware.com/resources/techresources/1087)

Sizing Virtual Machines for JVM workloads – Part 1

Before delving into various sizing considerations we’ll provide some background information about the practical sizing limits of JVMs.

Background: JVM Practical Sizing Limits

Figure 1 illustrates the theoretical and practical sizing limits of Java workloads. These are critical limits that you need to be aware of when sizing JVM workloads.

Figure 1. Theoretical and Practical Sizing Limits of JVMs

The JVM theoretical limit is 16 exabytes, but there is no practical system that can provide this amount of memory, so we present this as the first theoretical limit.

• The second limit is the amount of memory a guest OS can support. In most practical cases, this is several terabytes and depends on the operating system used.
• The third limit is the ESXi 5 1TB RAM per virtual machine limit, which is ample for any workload that we have encountered.
• The fourth limit (really, the first practical limit) is the amount of RAM that is cost-effective on typical ESXi hosts.
• The fifth limit is the total amount of RAM across the server, and how this is divided into the number of NUMA nodes, where each processer socket will have one NUMA node worth of NUMA-local memory. The NUMA-local memory can be calculated as the total amount of RAM within the server divided by the number of processor sockets. We know that for optimal performance you should always size a virtual machine within the NUMA node memory boundaries. ESXi has many NUMA optimizations that come into play, but even so, it is best to stay NUMA local.

For example, if the ESX host has 256GB of RAM across two processor sockets, it has 2 NUMA nodes with 128GB (256GB/2) of RAM across each NUMA node. This implies that when you are sizing a virtual machine, it should not exceed the 128GB limit in order for it to be NUMA local.

The limits outlined above can help drive your design and sizing decision as to how practical and feasible it is to size large JVMs. However, there are other considerations that come with sizing very large JVMs such as GC tuning complexity and the knowledge needed to maintain large JVMs. In fact, most commonly sized JVMs within the VMware customer base are around 4GB of RAM for a typical enterprise Web application. On the other hand, larger JVMs exist, and we have customers that run large scale monitoring systems and large distributed data platforms on JVMs ranging from 4GB to 128GB.

With large JVMs comes the need to better understand GC tuning. VMware has helped many customers with their GC tuning activities, even though GC tuning on physical is no different than on virtual. The reason is that VMware has uniquely integrated vFabric Java and vSphere expertise into one spectrum, which has helped our customers optimally run many Java workloads on vSphere. When faced with the question of whether to vertically scale the size of the JVM and virtual machine, first consider a horizontal scale out approach. VMware has consistently found that our customers get better scalability with the horizontal scale out approach.

Furthermore, when sizing, it is helpful to categorize the size of the JVMs and virtual machines based on the Java workload types, as shown in Figure 2. 

Figure 2. Common JVM Sizes and Workload Categories

We usually find that the reason customers vertically scale a JVM is due to perceived simplicity of deployment and leaving existing JVM processes intact. Be aware of workload-related choices.

• For example, a customer initially deploys one JVM process and as demand increases for more applications to be deployed, instead of horizontally scaling out by creating a second JVM and virtual machine, a vertical scale up approach is taken. As a consequence, the existing JVM is forced to vertically scale and carry many different types of workloads with varied requirements.
• Keep in mind that some workloads, such as, a job scheduler, have a need for high throughput, while a public facing Web application demands fast response time. Stacking these types of applications on top of each other within one JVM complicates the GC cycle tuning opportunity. When tuning GC for higher throughput it is usually at the cost of decreased response time, and vice-versa.
• You can achieve both higher throughput and better response time with GC tuning, but it unnecessarily extends the GC tuning activity. When faced with this deployment choice it is always best to split out different types of Java workloads into their own JVMs. One approach is to run the job scheduler type of workload in its own JVM and virtual machine, and the Web-based Java application on its own JVM and virtual machine.

In Figure 3, JVM-1 is deployed on a virtual machine that has mixed application workload types, which complicates GC tuning and scalability when attempting to scale up this application mix in JVM-2. A better approach is to split the Web application into JVM-3 and the job scheduler application into JVM-4 (that is, scaled out horizontally with the flexibility to vertically scale if needed). If you compare the vertical scalability of JVM-3 and JVM-4 versus vertical scalability of JVM-2 you will find JVM-3 and JVM-4 always scale better and are easier to tune. 

Figure 3. Splitting Workload Types to Improve Scalability

In Part 2 we will look at an actual sizing example with some practical numbers that you can directly apply.