VMTN Blog

Two new videos from VMware Education walk you through creating a virtual appliance with VMware Studio. (via VMblog via RTFM) See also the VMware Studio Community. Join us on the VMware Communities Roundtable Podcast this Wednesday @ noon PST where we'll talk more about VMware Studio, OVF, and what's required to certify your virtual appliance with Jason Mills. You may remember Jason from his days a few years back on the VMware Communities team, VMTN Experts Panel, or various VMworld labs. So come by, say hi, and see what Jason's been up to.

Part 1:

Part 2:

The Open Virtual Machine Format (OVF) has some interesting movement around it and in the ecosystem. I'm probably not capturing the subtleties here, but you can think of OVF as a standard packaging format for virtual Machines.

A new draft of the OVF specification was published last week. Citrix and IBM seem to be using OVF as a way to paper over some Xen vs KVM differences:
Link: Citrix will offer OVF tools for free and open source | virtualization.info.
Link: IBM Announced open-OVF | Virtualization.com.
Link: Telematique, water and fire.: Kensho - Will OVF make it to the next rung?.

Dialing the wayback machine to June, Chris Wolf gives some contest around Steve Herrod's talk at the Burton Group Catalyst conference, and thinks that OVF could evolve into an appliance format into something much more like an vendor-neutral .vmx file. Link: Catalyst Day 2 Virtualization Highlights at ChrisWolf.com.

I think we do a disservice to the OVF standard and the people working on it if we just see OVF as a way for the chess players to move their pieces around the board. I see it as a way to get things done -- case in point: importing OVF-based appliances into ESXi via a menu item. 

Link: VMware Communities: Virtual Appliances: Deploying Virtual Appliances Just Got Even Easier - VAM Integration with VI Client and ESXi3.5/ESX3.5.

Virtual appliances represent a streamlined way to develop, deliver, manage and deploy enterprise software stacks and they have gained a great deal of traction in the market over the past couple of years. VMware's Virtual Appliance Marketplace has grown to 850+ virtual appliances and VMware's products are providing greater access to virtual appliance content with each release. To date, no integration is more substantial then what has been done in the pairing of VI Client with ESX/ESXi 3.5.

Today, any user with access to VMware's free ESXi and VI Client has the ability to directly import a number of OVF-based virtual appliances directly into their environment and power on an enterprise workload within minutes of first boot.

Lifehacker has a great article on creating smaller Windows installations for, among other reasons, more nimble VMs that are easy to move and maintain. Link: Trim Down Windows to the Bare Essentials.

There are a lot of reasons you might be interested in lightening up and streamlining a Windows installation. I happen to want a super-lightweight version of Windows to run on VMware Fusion on my Mac, so I can run my must-have Windows applications without allocating a lot of hard drive space or memory to the virtual machine. That means that the virtual machine will run more quickly and take up fewer resources on my Mac.

On the other hand, a lightweight Windows install is also perfect for older hardware that just can't keep up with XP. In fact, your hardware doesn't even have to be that bad to still enjoy benefits of this process. A slimmed down Windows install is also appealing for the performance gains it affords, because it allows your computer to allocate more memory and resources to individual programs rather than the operating system as a whole. ...

Freeware Windows application nLite goes directly into your Windows installation disc and helps you selectively rip out all the features and software you don't want. When you're done (and you can be pretty ruthless), you'll have a new Windows installation disc that you can use to install the lighter, gutted version of Windows.

They also talk about XPlite for your existing Windows install and GameXP, which runs some sort of performance voodoo.

Srinivas Krishnamurti gives us the Virtual Appliances – 2007 Year in Review. Here are his highlights, but click through and check out his perspective on the beginnings and the future challenges and directions in the virtual appliance space.

1. Virtual appliances outside the security space became a reality with many tier 1 ISVs building virtual appliances. BEA launched their LiquidVM initiative. Business Objects, IBM, McAfee and others have all joined in with virtual appliance editions of their software stacks.

2. Customers were starting to buy production-ready virtual appliances. I’ve met numerous customers who bought virtual appliances and swear by the simplicity and ease of management they offer. Our marketing team will be posting quite a few success stories shortly.

3. Several leading analysts initiated coverage on virtual appliances. Gartner, IDC, Forrester, Yankee Group and others are actively tracking virtual appliances.

4. JeOS (Just Enough OS, pronounced “juice”) started to get traction within the OS community. Ubuntu JeOS is already available – kudos to the Canonical team for being the first OS vendor to take on Virtual Appliances. RedHat announced their intention to offer their version. Even though Microsoft hasn’t really participated in the virtual appliance space, their latest OS offers users the ability as part of Server Cores to install only those components that are required for each server installation and if they can get their licensing and pricing right, they could be a huge player in this space as well. I’m sure Novell and other OS vendors will eventually get on the bandwagon as well.

5. Leading vendors including Dell, HP, IBM, Microsoft, VMware and XenSource collaborated on Open Virtual Machine Format (OVF), which was submitted to DMTF as a standard for packaging and distributing virtual appliances.

6. The ecosystem around virtual appliances started growing with many startups either getting in or getting traction. rPath, virtualappliances.net, JumpBox, cohesiveFT stick out in this category.

7. Several vendors mimicked VMware’s Virtual Appliance Marketplace with their own. Parallels introduced their VA Directory. RedHat rolled out RHX.

8. Microsoft joined the party with the VHD Test Drive program (launched in November 2006) to allow ISVs to redistribute Windows in a virtual machine for 30-day evaluations.

Srinivas conceptualized and evangelized this concept from the beginning, and shepherded the VAM through its wild growth. I helped build the original site and it's been fun watching both the traffic grow as well as the concept spread through the industry. Throughout last year and this, I've seen many blog posts where people are just getting the concept -- maybe obvious to some, but to others (like me) it was a full-fledged lightbulb going off over my head. And now when you do a search you see ISVs and open source projects touting their latest virtual appliance releases. All this from a small seed in 2005 -- pretty compelling!

Nice overview of the current situation from InformationWeek's Andrew Conry-Murray. Although it spends a while on the MSFT vs VMW angle, I thought this tidbit on BEA's new LiquidVM-based appliance was interesting -- 25-50% less memory and CPU -- and I assume that's compared to running the JVM on top of Linux.

Link: VMware: New King Of The Data Center? -- Server Virtualization -- InformationWeek.

Applications will always need an operating system to run, right? Not with BEA's WebLogic Server Virtual Edition, or WLS-VE. It replaces the conventional OS with LiquidVM, a microkernel-based Java virtual machine. In turn, the Java VM runs directly on a VMware hypervisor, without the need for Windows or Linux. "We realized the hypervisor had eaten into a lot of what an application needs from an OS," says Guy Churchward, VP and product manager of WebLogic products at BEA.

Java-based applications are ideal candidates for running without a general-purpose operating system, because they already run inside a Java virtual machine, which abstracts the OS functionality of Windows, Linux, and Unix variants. The Java VM provides some OS functions, including memory and CPU allocation, as well as networking (see chart, below). BEA added other capabilities, such as input/output management, that normally are handled by an operating system to the LiquidVM.

Meanwhile, the hypervisor is handling other functions, such as loading device drivers, which are also usually managed by the operating system. The result, says Churchward, is that the OS ended up completely replicating the functionality of the Java VM and the hypervisor.

By jettisoning the OS entirely, Churchward says, WLS-VE consumes 25% to 50% fewer resources, such as memory and CPU cycles, while boosting overall system performance. Other benefits include reduced management, because IT doesn't have to maintain a separate operating system.

Link: Tucker's Tech: Solaris 10 in a VM.

There are now four Solaris VMs available from Sun, including S10U3 and Solaris Express (aka Nevada) build 55.  VMware tools are pre-installed (at least in the two I downloaded), but the VMs are still using IDE disks so they won't work for ESX/VI users.

The four virtual machines are: Solaris 10 1/06, Solaris 10 6/06, Solaris 10 11/06, and Solaris Express Developer Edition 2/07.

The Virtual Appliance Marketplace is having a contest -- just check out the appliances, register, and you will be entered into a drawing for a free pass to VMworld 2007 in San Francisco on September 11. In related virtual appliance news, Srinivas Krishnamurti talks about the "Just Enough OS" concept, JeOS, in The Console.

By ripping out the operating system interfaces, functions, and libraries and automatically turning off the unnecessary services that your application does not require, and by tailoring it to the needs of the application, you are now down to a lithe, high performing, secure operating system - Just Enough of the Operating System, that is, or JeOS. 

Why should you get juiced?

An OS finely tuned to the application it supports is smaller, more secure, easier to manage, and higher performing than a general purpose OS.   A smaller footprint means IT organizations can run more instances per server.  Tailoring the OS specifically to the app enables the removal of vulnerable components such as the browser from Windows and therefore significantly reduces the number of vulnerabilities and patches required to address those vulnerabilities.

John Sequiera ponders the question: "Why on-demand appliances?" He gets virtualization, but the 'resource pool' approach of something like Amazon's EC2 does require a shift in thinking and comfort level with IT as a utility. I think John's a-ha here is more about the usefulness of virtual appliances, whether they're in the cloud or in your ESX Server at the data center. I personally see the most need for on-demand computing around capacity management (unexpected DOS attacks or planned seasonal surges) and capital management (why buy when you can lease?).

Link: John Sequeira's Weblog.

Why is this cool? Well, consider the difference between your typical startup and a mature web enterprise: to really run a web hosted application according to best practices, you should have

 

• staging setup
• production setup,
  
• hot standby, DR plan
  
• version control repository/bug tracker
  
• integrated authentication
  
• distributed file system
  
• load balancer
  
• firewall/intrusion detection
  
• etc.
  

And no one does initially because it takes a lot of time, money and expertise to put all these pieces in place. But what if you could have it all initially and it didn't cost an arm and a leg? The idea of a vendor (like, say Novell or RH) pre-provisioning all the machines required to pull the above off, and offering them via the Amazon EC2 Control Panel is quite compelling. Imagine the options:

 

• Statefull Firewall with mod_security? Check. 
• Dedicated Image Server pre-configured with optional Akamai CDN support?  Check. 
  
• Web analytics reporting server? Check
  
• Offline bi/olap database with real-time replication? You get the idea.
  

Each check on that control panel is the equivalent of days or weeks of work on your hand-rolled data center.

Here's a new thought on a known aspect of appliances. Appliances, being purpose-built for a single task, are usually simpler to configure and maintain than a generic compute server.  Virtual appliances (1) are easier to deploy but (2) in some cases may have a reduced performance profile because, well, they aren't on dedicated network hardware.* Making lemonade out of any performance hit may simplify and reduce interdependencies in your network. Instead of one complicated config file on your firewall with all application traffic flowing through it, just fire up one virtual firewall per app and configure your network accordingly. There are both commercial and open source firewalls in the Virtual Appliance Marketplace, most with a very small footprint.

Link: Replicate Technologies » Network appliances go virtual.

None of these will run as fast in a vm as they will in an engineered hardware appliance, where they could conceivably achieve wire speed of 100 mbps or even 1 gbps, instead of a vm’s more typical 25-50 mbps. But then again, it’s rare that most applications ever see that much demand for their services — under 20 mbps is more typical. In fact, there are cases where the traffic from many applications are forced through a single hardware appliance “because it’s there,” when a more logical network topology would separate the traffic and give each application its own appliance. For example, firewalls sometimes have extremely complex configurations because they manage security for many different applications in a single box, when they could be more easily managed with one firewall per application. Disaggregate the traffic and you may reduce complexity and configuration errors, while lowering the traffic rates to levels more suitable for a virtual appliance. As cores become more numerous in servers, it may become more appealing to use them for network functions, replacing hardware and cabling with software.

Red Hat's David Lutterkort is on the money in this posting. The concept of a virtual appliance is seductive, but when the rubber hits the road, somebody has to keep it updated. That's why we're seeing the production-ready virtual appliances come from established appliance vendors who have the business and technical processes in place to do this.

Package management has come a long way in the past 10 years, and I expect that we'll be seeing functionality to do unattended, automatic security updates built into our OSes and applications more and more over the next decade. This changes the role of the vendor or open source project into a service provider, but from my perspective, that's a good thing. I'm looking forward to seeing how folks like David and Red Hat move the ball forward.

watzmann.blog - What would you like your appliance to do ?

A decent system for handling appliances therefore needs to take the plight of the typical (which means grumpy) sysadmin into account, and needs to be geared towards almost arbitrary site-specific customizations, since sysadmins will still need to do a lot of the things they do to systems today to the appliances of tomorrow.

Instead of focusing on minimizing the footprint of general-purpose appliances, or marginally improving how the binaries making up the appliance are selected and built, we should be focused on delivering appliances that fit into a manageable ecosystem made up of virtual and nonvirtual systems. Which means that good appliance tools should be focused on producing appliances that can be managed well; at a minimum, let's make sure that users have a reasonable way to upgrade the appliance and preserve their customizations at the same time. In other words: appliances are a new way to deliver software, but to run that software maintainably, we need to get down and dirty with old management problems like package management, config management, monitoring etc.