VMTN Blog

VMworld Europe 2008 session materials are now up at VMworld.com. Some are offered as a streaming recording; other sessions have only the presentation materials at this time. More recordings will be published over time.

You must use the same login you used for the conference registration and session builder. More information on access. Some sessions are available to non-attendees, and we will continue to release access to more sessions over time.

At VMworld, together with IBM we announced a new capacity record for the number of Microsoft Exchange mailboxes on a single physical server. Microsoft Exchange Server doesn't like a huge number of mailboxes on any one instance, so administrators "scale out" by racking up stacks of servers in a clustered configuration. (For the purposes of today's discussion, we'll ignore server roles.) Instead, our team set up 8 virtual machines, each managing 2,000 users and taking up 2 cores and 14GB of memory -- all running on ESX Server 3i on a single IBM physical server.

Check out the details from Kaushik Banerjee on our VROOM! performance blog: Link: 16,000 Exchange Mailboxes, 1 Server - VMware VROOM!.

We recently finished a large Exchange 2007 capacity test on VMware ESX Server 3.5. How large? Well, larger than anything ever done before on a single server. And we did it from start to finish in about two weeks.

We did this test because we have felt for a while that advances in processor and server technology were about to leave another widely-used and important application unable to fully utilize the hardware that vendors were offering. Microsoft has guidelines on what environment works well with Exchange, and a system with more than eight CPUs and/or 32GB of RAM is beyond the recommended maximums.

Gabrie van Zanten was at the VMworld session where we talked about this and fleshes out a little of the narrative. Link: VMworld Europe 2008 – AP03 – Virtualization of Microsoft Exchange Server ( the 16.000 mailboxes story).

Normally when scaling an Exchange Server, the MS recommendation is to not go beyond 8 cores and 32GB of RAM per server. When using these figures, a physical Exchange 2007 server can only go to a max of 8000 mailboxes. Although there are very few stories about physical machines running this number of mailboxes, there is some reference about 6000 mailboxes per host. David and Scott decided to take it even further. Using the VM building block they created, the managed to put 4 VMs on this physical server without problems, latency times (key measurement factor for the Exchange admin) remained very low. When adding VM number 6, latency went up a little but was still well below the limits. VM number 7 showed there was trouble on the road ahead, latency doubled to 400ms and VM number 8 turned out to be the limit with 16.000 mailboxes !!!! and 900 ms latency. Even a 900 ms latency is below the MS limits of what is acceptable, but it was obvious that adding a ninth VM would go over this limit of 1000ms. All VMs together were now using 140Gb RAM, made possible by VMware transparent page sharing.

As Rich Brambley notes, tests like this, besides being pretty cool, also give great insight into how to virtualize smaller Exchange installations. Link: VM /ETC » How to run 16,000 Exchange mailboxes on ESX.

16,000 Exchange Mailboxes, 1 Server not only offers insights on how to configure Exchange 2007 VMs to support large numbers of mailboxes, but it shows that ESX 3.5 and ESX 3i allow applications to utilize hardware resources that exceed the vendor’s recommended maximums in a physical deployment. Although this test was able to squeeze the Exchange 2007 implementation on a single ESX host without degrading the user experience, the technical details of how it was done provides administrators a blueprint to spread the Exchange VMs across multiple ESX hosts and fully leverage ESX Enterprise features. ...

Many companies currently run large Exchange mailbox servers in a multi-node clustered configuration, and they are reluctant to migrate to VI. This test from VMware helps illustrate that breaking the clusters and migrating back to multiple Exchange Server VMs has performance and capacity advantages. Leveraging DRS and VMotion, Exchange VMs maintain the ability to provide business continuity and high availability when in a virtual environment with many ESX hosts in a VMware cluster.

Scott Wilson over at CIO Weblog has some choice words for the state of application deployment today, including ones like 'travesty' and 'shame,' but I'll just include these. Link: The CIO Weblog: Another VMware win.

While this may not seem like a terribly big deal (other than, of course, demonstrating their product's ability to utilize hardware more efficiently), to me it speaks to the inherent limitations of Microsoft's server system and the inefficiencies of Windows in general.

Here are a few other resources on virtualization Microsoft Exchange to get you started:

• Virtualization Solutions for Exchange Server 2007. This is VMware's portal on virtualizing your Exchange Server. New resources will be added here -- worth a bookmark.
• Exchange and VMware at the Dell Enterprise Technology Center wiki
• Virtualizing Exchange Server 2007 on ESX 3 - Whitepaper
• VMotion and HA with Exchange 2007 on ESX 3 - Whitepaper
• Virtualizing Exchange 2007: The Final Frontier - Presentation
• Exchange Server 2003 Performance on ESX 3 - Whitepaper
• A new whitepaper with Dell and EMC that's not quite on our website yet: Virtual Solution for Microsoft® Exchange Server 2007 Using VMware Infrastructure 3 Software, Dell PowerEdge Servers and EMC CLARiiON CX3-20 iSCSI Storage. See Chuck's Blog for some other interesting new tech papers that got released at VMworld, including one on SQLserver.
• A quick session note from Gabrie on virtualizing Exchange 2007 vs Exchange 2003:

  First they made it clear that virtualizing Exchange 2007 is much easier then virtualizing Exchange 2003. Exchange 2003 is a heavy hitter in the storage area because of 4k disk block size, where Exchange 2007 uses 8k blocks and write coalescing. With Exchange 2007 previous I/O challenges have been addressed.

Finally, you may be asking yourself, "OK, John, fine, but what about support from Microsoft?" We'll save that for another day, but for now let me reassure that Exchange gets virtualized in production every day. Link: Microsoft Exchange Virtualized by VMware Virtualization @ VIRTUALIZATION JOURNAL.

For example, Adrian Jane, Infrastructure & Operations Manager at The University of Plymouth, who is responsible for running approximately 50,000 Microsoft Exchange mailboxes across four virtual machines running VMware Infrastructure 3, said, “Our entire Microsoft Exchange deployment is virtualized on VMware Infrastructure 3, and we are extremely pleased with the performance we’ve seen. Furthermore, VMware also provides us with a high availability solution that has advantages over traditional clustering options. When it comes to managing production applications, VMware is a strategy, not just a product.”

Photo: Viktor van den Berg

There's still a bit more to say about VMworld Europe 2008. How was the conference for you?

Remember that recordings of the VMworld Europe keynotes are still available, and check out VMworld.com where you'll find the session presentation material soon.

Gabrie van Zanten thought it was better than our San Francisco conference. Link: Gabes Virtual World - VMworld 2008 – The day after.

Looking back at three days VMworld I must say, this was better then ever. I’ve been to Paris in 2006, Nice and San Francisco in 2007, but Cannes has topped them all. Great job VMware and Richard Garsthagen!!! It was very well organized: coming from the airport we were directed to the buses by nice ladies with big Vmworld signs. In Cannes itself registration went very fast and without any problems. During the remainder of the event you would almost trip over all the helpful personnel waiting to help you. Getting lost was alsmost impossible. 

Not only the entourage was good, the sessions were great to. The technical level was much better then previous events. I spoke to Richard Garsthagen about this and he told me that he instructed the speakers to use a max of 2 slides for global introduction and dive into deep technical details as soon as possible. Well, most of them managed to do so. My compliments, this is were I came for and I’ve been hearing the same comments from other VMworld visitors.

He also posted his session notes to his blog (see also other session notes).

• DV07 – Optimizing storage for virtual desktops
• DV02 – Implementing VDI using VDM2, tips and tricks
• LAB02: Site Recovery Manager (SRM)
• AP09 – Fast and easy disk workload characterization on ESX

Two more podcasts from Virtual Strategy Magazine and David Marshall of VMblog and InfoWorld recap the conference (see also Day 1):

• VMworld Europe Report - Day 2 (Virtual Strategy Magazine)
• VMworld Europe 2008 keynote recap (InfoWorld Virtualization Report)

And if you have time check out the view on the virtualization industry from these four experts in this two-part video from virtualization.com. The panel includes Tarry Singh, moderator; Mike Laverick of RTFM Education, David Marshall of VMblog, and Alex Pelster of AtosOrigin. Link: A Discussion With Four Virtualization Analysts (Video Interview).

Part 1 highlights:
10:00 discussion of Lab Manager, Lifecycle Manager, and Stage Manager positioning.
20:40 how C-level execs are approaching virtualization

Part 2 highlights:
1:45 “Virtualization is the most political product I’ve been involved with”
4:20 AtosOrigin’s Executive Briefing Center
6:20 An executive sees a blade center as too technical, but he understands that if he pushes a button, the power goes off … and nothing happens to his application.
6:50 Application owners still want a physical box they can touch…
8:00 …but the real question should be: Is your application running well? Are you users able to get in?
10:30- a look at the competitive landscape
13:00 “The hypervisor war is over. ESX has won, and other people are playing catch-up.”

[Although the discussion in this section is about the commodification of the hypervisor, I think this statement refutes that claim — the hypervisor is not a commodity in 2008, if for no other reason than this. -jmt]

Virtualization is mind-blowing stuff, but I have never seen the metaphors get so intricate or the prose get so purple as the blog posts on VMsafe over the past week. Either VMsafe (see our previous post) has touched a nerve, or rhetoric in the security industry  is even more heated than the virtualization industry. I suspect both.

Link: Chris Wolf: VMsafe is cool because … — Server Virtualization Blog.

“VMsafe is a very important technology in my opinion, as it changes how virtual environments are secured. Today, security appliance virtual machines (VMs) typically monitor other VMs by connecting to them over a virtual switch. The result is virtual network monitoring that resembles physical network monitoring,” Wolf said. “The current model is fine until VMs begin to dynamically move across a virtual infrastructure.  ...

Wolf continued, “VMsafe also provides the framework for offloading many security activities to special-purpose security VMs, including roles such as antivirus monitoring. As we move to an automated or dynamic data center, having special-purpose security appliances that are capable of enforcing security policies at the hypervisor level can ease security management in an environment that will be constantly changing.

Link to another coffee spit-take rant at: Rational Survivability: VMWare's VMSafe: Security Industry Defibrilator....Making Dying Muscle Twitch Again.

As I mentioned in a prior posting, VMware's VMsafe has the potential to inject life back into the atrophied and withering heart muslce of the security industry and raise the prognosis from DOA to the potential for a vital economic revenue stream once more. ... For the purpose of this post, I'm going to focus on the security implications of virtualization and simply summarize by suggesting that virtualization up until now has quietly marked a tipping point where we see the disruption stretch security architectures and technologies to their breaking point and in many cases make much of our invested security portfolio redundant and irrelevant. ...

So, we've got this fantastic technological, economic, and cultural transformation occurring over the last FIVE YEARS (at least,) and the best we've seen as a response from most traditional security vendors is that they have simply marketed their solutions slimly as "virtualization ready" or "virtualization aware" when in fact, these are simply hollow words for how to make their existing "square" products fit into the "round" holes of a problem space that virtualization exposes and creates. ...

VMSafe represents a huge opportunity for these vendors to claw their way back to life, making their solutions relevant once more, and perhaps even more so.

And then in the comments to Hoff's post, Greg Ness (VP Marketing for Blue Lane) says about the VMsafe introduction that "It felt like the IT industry's equivalent of the Beatles first performance on Ed Sullivan." and then posts at his own blog. Link: Dispelling Virtsec Myths « ARCHIMEDIUS.

The hardware infrastructure that emerged with the rise of desktop computing and the internet is about to collapse back into the server. That model is infinitely more scalable, more dynamic and more flexible than the world of pipes, racks and screwdrivers. That is why virtualization will win out over daisy chains of specialized hardware. ...

Some deep security experts suggest that there are new hypervisor-specific attacks that pose real, catastrophic threats. As I commented while on an InformationWeek panel last month, the hypervisor is modern code with a very lean attack surface. Compare that lean hypervisor code to the layers of code and sizable population of known vulnerabilities in any leading operating system or application/database. Then look at the rate of change now possible in a virtual infrastructure. ...

Let’s use the hypervisor layer to deliver improved security. After all, it is a standardized inflection point that can scale with the servers and the traffic ...

James Governor posts on the plane home from VMworld Europe over on his Greenmonk site. As 'open-source' and 'bottom-up' analysts, the RedMonk folks are very clued in and have their ears close to the ground.  Green IT translates directly into dollars even if you don't care about that 'good for the planet' stuff.

Link: How Virtualisation Improves the Environment: VMing the World.

Running VMware on production servers for Windows-based applications can drive utilisation up from only 15% into the 90%+ mark. Not only can virtualisation help an organisation to make its existing servers run more efficiently, it can also reduce total numbers of servers by adding more flexibility into the mix. What is the difference between a QA server, a development machine, or a production box? Not much. By making it easier to provision, re-provision, and decommission servers virtualisation can reduce the need for every silo to have its own boxes. Centralising a server sprawl can help an organisation get a handle on its total energy consumption, and potentially lower cooling and energy costs through economies of scale. ...

If the only reason an organisation chooses to go down the virtualisation route is to lower costs that is fantastic. Doing so doesn’t make the efficiency gains less significant. Cutting costs and going green go hand in  hand. ...

I heard a few nice examples at VMworld. Thus Aspen, the reinsurance company, is currently rolling out thin clients, more like old school mainframe terminals but with rich media capabilities, to its end-users. Aspen calculates, in conjunction with their consulting partner BSG, that the average Windows PC consumes about 150 Watts of power. The new thin clients- nearer 8. Watts not to like? Aspen is even considering rolling out these thin clients to its users at home. ...

Efficiency is green- we should praise efficiency, not bury it. The reasons don’t matter- but the results do. I spoke to someone this morning who said customers don’t really care about green, but just wanted to know how many dollars they would save in deploying virtualisation technology, and therefore tech companies shouldn’t talk about eco issues. I think this misunderestimates some important dynamics. Few customers are going to choose a technology just because its labelled green, its true, but some might well be put off by a supplier arguing that green issues don’t matter.

If green IT is a fad I am going to celebrate it while it lasts. VMware has already done a lot for the environment, just by helping us make Windows servers more efficient, whether or not it markets the fact. Thanks Diane and Mendel!

More reactions about the VMsafe program introduced at Wednesday's VMworld Europe keynote. The reactions are good, especially considering most people haven't seen the actual technology yet. I think everyone is very conscious that opening up access to the hypervisor layer must be done very, very carefully -- but at the same time everyone seems to be hoping that this opens the door to innovative new functionality only possible through virtualization. Who will deliver the "VMotion" of virtual security?

Alessandro Perilli gives a good introduction. Link: virtualization.info: VMware announces VMsafe APIs.

While security products like antivirus will still have to install inside a dedicated VM, they will be able to monitor what's happening inside other virtual machines from a completely new perspective: the hypervisor level.

This will allow checking which traffic is entering or leaving a VM, or even which data is being executed inside it (looking at CPU states, memory pages and OS processes list). All done in a transparent way.

The revolutionary approach has two remarkable benefits: first of all it saves precious physical resources and management efforts without duplicating the same security agent inside each guest OS, secondarily it prevents the security agents from being directly attacked and possibly disabled.

Christofer Hoff likes what he sees so far.  Link: Rational Survivability: VMware's VMsafe: The Good, the Bad, the Bubbly....

...it's a little early to opine on the extensibility of VMsafe, but I am encouraged by the fact that we will have some more tools in the arsenal, even if they are, in essence, re-branded versions of many that we already have.

However, engineering better isolation combined with brokered visibility and specific authorized/controlled access to the VMM is both a worthy endeavor that yields all sorts of opportunities, but given my original ramblings, makes me a bit nervous. ...

I am sure we will see more claims surface soon suggesting with technology such as this will produce virtualized environments that are "more secure" than their non-virtualized counterparts.  The proof is in the pudding, as they say.  At this point, what we have is a very tantalizing recipe.

John Peterson has seen the APIs, and he does like what he's seen. Link: Security In The Virtual World: VMSafe = A Safer More Secure VMWare Environment.

My educated guess though, is that most security vendors will just be offering their existing security products that are in many cases physical firewalls, anti-virus, UTM, etc. The real value will be from solutions that bring unique value to the virtual environment vs. network designs that dictate routing traffic out of the Virtual Environment to a physical security appliance and back in.  The other question is ; will the software vendors just be installing their software on the operating systems of Virtual Machines vs. Physical Machines? ...

I've had the privileged of reading the API documents as the CTO of Montego Networks which is also part of the VMSafe program that was just announced and am very excited about the future possibilities of the program.

Pete Lindstrom compares VMsafe to the history of kernel access in Windows. Link: Spire Security Viewpoint: VMware vs. Vista - Hooking the Kernel.

This is a timely announcement that should serve its purpose of allowing some "authorized" access to kernel operations of the hypervisor.

I say "authorized" because this approach stands in stark contrast to the challenges Microsoft had when it implemented Kernel Patch Protection, which had an API to allow security products access to kernel operations, also in an "authorized" manner. (I would enjoy hearing about specific functional differences between Vista's KPP API and VMsafe).

Of course, the big difference is that it was essentially a time-honored custom to hook Microsoft's kernel in all sorts of unauthorized ways ...

So VMware is doing what is widely seen as "the right thing" out of the gate.

And let's give Alessandro the last word:

With VMsafe VMware has the unique chance to improve the efficiency and effectiveness of security products like never before. If the company will release the interface soon enough and its partners will execute properly, VMsafe alone will be a reason valid enough to adopt VMware Infrastructure.

VMworld Europe party photo: mikkahoo

Two bloggers just posted their detailed session notes from VMworld Europe 2008.

Mike Laverick @ RTFM Education:

• VMworld Europe 2008: Day Three: Breakout Session: VDI and “High” Performance Printing
• VMworld Europe 2008: Day Three:  Breakout Session: Software Licensing Exposed
• VMworld Europe 2008: Day Three:  Breakout Session (SP23) Virtualizing SQL
• VMworld Europe 2008: Day Two: Breakout Session: ThinInstall
• VMworld 2008 Europe: Day Two: Key Note
• VMworld 2008 Europe:  Day One: In the Solutions Exchange
• VMworld 2008 Europe:  Day One: Breakout Session:  Site Recovery Manager
• VMworld Europe 2008: Day One: Breakout Session: Introduction to Stage Manager
• VMworld Europe 2008: Day One: Breakout Session: Lifecycle Manage Technical Deep Dive
• VMworld Europe 2008: Day One: Key Note

Manlio Frizzi @ Virtual Aleph:

• Running SAP ERP on Vmware – a customer example
• VI3 networking – Advanced Configuration and troubleshooting
• Optimizing Storage for VDI
• Technical Track - What's new in VI 3.5
• Technical Track - Honeypotting with VmWare (Basics)
• Technical Track - VI3 Networking Best Practice
• Technical Track - Vmware Stage Manager
• Technical Track - Vmware Lifecycle Manager
• Technical Track - Vmware Site Recovery Manager

Tarry Singh (normally blogging at Virtualization for Everyone), here representing the newly-refurbished virtualization.com, continues his series of video interviews from VMworld Europe 2008.

Be sure and check out Bogomil at about 9:00 minutes in where he answers the burning question: is the hypervisor becoming commodified? (I'll give you a hint: he says no.  Bogomil spends a lot of time talking with customers, so he has some very interesting observations on what people find important in their virtual infrastructure and a reliable, proven platform is not something you can just pick up at the corner store.)

From the description: Virtualization.com bloggers Tarry Singh and Nicolas 'Charbax' Charbonnier sit down with Bogomil Balansky, VMware's Senior Director of Product Marketing at the VMWorld Europe 2008 Summit in Cannes. An open discussion about VMware's product line, a review of the role of a hypervisor and commoditization and the competition VMware faces from Microsoft and Citrix.

Many many many more video interviews from Tarry, Nicolas, and Robin at virtualization.com's video blog.

VMware VP Steve Herrod on why our announcements about OEM shipments of ESX Server 3i are important.  Link: VMware Everywhere from Virtually There: Steve Herrod's Blog.

A hardware-centric philosophy

VMware has always believed that virtualization should be integrated into hardware, always there to enable the computing resources’ full power and capabilities. This hardware-centric philosophy differs from other virtualization vendors that think of it as just another feature in a traditional (and large) operating system. For this critical layer of your datacenter, you should absolutely expect and receive the rock-solid reliability, security, and performance that you are used to from hardware. Expectations of modern operating systems are, shall we say, lower.

Size matters

Key to this vision is the new architecture that ESX Server 3i introduces. This architecture provides all the performance and reliability features of ESX Server in a small, 32MB footprint. This is 1/50^th the size of a typical Windows or Linux OS deployment! ESX Server 3i is the only hypervisor that does not depend on a large, general purpose operating system to function. This small footprint reduces the amount of code that can have bugs in it, streamlines performance, and minimizes the interfaces and code “surface area” that are the target of security attacks. It is this new architecture that makes us confident that ESX Server 3i will be the most reliable, highest performance, and most secure virtualization platform around.

I had a hard time excerpting, because it's all good. Read the whole thing.

Jae Ellers is excited, especially for the ease of deployment to remote sites and branch offices. Link: Mister VM: ESX 3i Embedded Availability Imminent.

VMware ESX 3i Embedded will be available from at least 4 major vendors "real soon now". At least that's the word on the street. I've definitely heard similar things from my vendor contacts.

I'm very excited about this since it will be great to use in some of our regional sites. It's tough to get disparate hardware in and have to juggle configs around to get on that new hardware remotely. This should really smooth things out.

Updated:

• Mauricio Freitas thinks we're on a roll.
• More context and some quotes from Bridget Botelho at SearchServerVirtualization: Link: VMware ESX 3i server shipments imminent, HP, Dell say. Bridget quotes Andrew Kutz as not seeing the technical advantage of flash vs disk, but I think that's a red herring. Two of the real differentiators are 32MB vs a full OS attached to the hypervisor and the ease of deployment because it's all preconfigured and part of the hardware you just bought.

The VMworld.com crew's take on Day 2, with a trip through the VMworld labs and ending with a peaceful shot of the beach. If you can't be in Cannes, stay tuned for more news, reactions, and more.