Home > Blogs > VMware vSphere Blog > Monthly Archives: October 2010

Monthly Archives: October 2010

VMware vSphere Earns Common Criteria EAL4+ Certification

Are you a government customer considering or already running vSphere? Good news! vSphere has just received the highest-level security certification possible.

Read more about it here.

-Mike

Top Five New vCLI commands in vSphere 4.1

As those of you who’ve worked with ESXi know, the vCLI (vSphere Command Line Interface) plays an important role in managing your environment, since it is a close replica of the familiar command-line environment in the Service Console.  However, we didn’t just stop at duplicating COS commands in the vCLI – we’re continually driving towards making the vCLI even more powerful.   In particular, with vSphere 4.1, we’ve added a number of new interesting and useful capabilities to the vCLI.  So, without further ado, here are the Top Five New vCLI Commands in vSphere 4.1.

Continue reading

ApplicationHA – Bridging the Gap

 

Note: this is a blog coming from a co-worker of mine – Tom Stephens – who is our HA guy – just like I am the SRM guy.  He talks of an interesting product that works with HA to produce some very useful results.  I hope you enjoy it!

A significant amount of interest has developed around Symantec’s ApplicationHA product.  Of course, this interest has also generated a lot of questions.  To help address these, the following will provide you with a brief introduction of what is the ApplicationHA solution, who can benefit from it, and how it works.

As customers started to move towards virtualizing their tier 1 applications, they had to address requirements that were not as significant when virtualizing applications in lower tiers.  For these customers, ensuring availability of these tier 1 applications meant more than just ensuring the availability of the virtual machine.  Just because the virtual machine was running, it did not mean that the application had been started.  Likewise, just because an application's processes were present that did not mean the application was running properly.

Customers tried various solutions to solve this problem, with limited success.  One solution tried was to install a clustering solution within the guest OS.  This has several drawbacks, including:

  • An inability to use advanced virtualization features like DRS and vMotion, eliminating the ability to handle planned outages with zero downtime.
  • As these solutions do not have any insight into the virtualization infrastructure provided by VMware, they were unable to react to hardware or network issues properly.
  • The solutions were overly complex, requiring additional management of virtual machines to be used as fail over hosts.
  • The one-to-one relationship between an application and its virtual machine is broken. This means the virtual machine administrator needed to consult a separate console to determine where an application is running prior to taking maintenance actions on any given host.

Customized scripting solutions were also tried as a solution to this problem.  The issues with this approach were that maintaining and updating the scripts induced unwanted management overhead and the scripts tended to increase all root cause analysis (RCA) activities.

Failing to find an adequate solution, these customers came to VMware.  What these customers told VMware they needed was the ability to have a simple, easy to use solution that would provide them with visibility and management of their tier 1 applications while being able to enjoy all the features of virtualization, like VMware HA and DRS.

VMware took this feedback to heart and started looking for methods to solve this problem.  After analysis of the problem, VMware reached out to its partners for assistance.  Symantec was one of these partners, and ApplicationHA was born as a result.

VMware HA already provides a robust mechanism to detect failures of infrastructure components. This includes failures of the physical servers, the virtual machines, the state of the operating system, and so on.  VMware HA does not, however, monitor the health of an application running within a virtual machine.

Symantec, on the other hand, has been a market leader in application clustering on physical servers for over a decade with products such as Veritas Cluster Server (VCS).  They are experienced in monitoring an application’s state and reacting accordingly in the event of an application failure.  Like other clustering products designed to operate in a physical environment, their ability to react to failures of infrastructure resources within a virtualized environment is limited.

The marriage of the capabilities from VMware and Symantec bridges this gap, allowing for a single solution that can react to failures of the entire stack, from the infrastructure to the application.  At the same time, customers can continue to leverage all the benefits of virtualization, such as VMware HA and DRS.

From a high level view, the ApplicationHA product is comprised of two components.  These include:

ApplicationHA Guest Components

The ApplicationHA Guest Components are installed within each virtual machine containing an application to be managed.   In essence, this is simply a modified version of Symantec’s Veritas Cluster Server (VCS) product that runs as a single node cluster.  It provides the ability to start, stop, and monitor an application and components (such as storage mount points, IP addresses, and so on) from within the virtual machine.

 ApplicationHA Console

This provides an interface between the ApplicationHA Guest Components and vCenter Server though a vCenter plugin.  This provides the ability to manage the ApplicationHA solution from within the vCenter management environment.

Once installed and configured, the ApplicationHA vCenter plugin provides a management view that shows the state of an application and it’s associated resources.  From this view, administrators are able to perform a variety of actions, including starting and stopping the configured application and associated components.    It is important to note that when ApplicationHA starts or stops an application it does so in a manner that honors any resource requirements that the application may have.  For example, a Microsoft IIS server instance would require a storage location.  In bringing the Microsoft IIS instance online, the storage needs to be available beforehand.  ApplicationHA will ensure that each resource is brought online or offline in the correct order.

Test

During normal operations, the application and the resources which it depends upon (file systems, IP addresses, and the like) are monitored every 60 seconds.  A failure of the application or a resource it depends on is identified by the ApplicationHA Guest Components. 

Depending on the settings configured, ApplicationHA can then restart the application and its associated resources a configurable number of times.   If the a failure cannot be resolved by application restart,  ApplicationHA can trigger VMware HA to restart the virtual machine.

Configuring ApplicationHA increases reliability of application components, while allowing VMware features such as VMware HA, DRS, and DPM to continue to function as expected.  This provides efficient high availability services in the event of a failure of an infrastructure component.

The obvious benefits of this solution include:

  • The ability to react to infrastructure and application failures
  • No loss of other desirable functionality, such as DRS or DPM
  • A single pane of glass that can be utilized to visualize the health of the virtual environment and the applications residing within
  • Ability for administrators to simply manage a application, bringing it online and offline properly without assistance.

For more information, you can view the white paper Virtualizing Business-critical Applications with Confidence.  As well, if you would like to see a video about the install and configure of ApplicationHA to protect VC check out this link.

Do you use the Distributed Switch?

I am at VMworld 2010 Copenhagen this week and have noticed through informal customer surveys and conversations that the use of the Distributed Switch is low when compared to other vSphere features. This fact confirms what I discovered at the VMworld 2010 show in SF a few weeks back and in other more formal surveys I have seen of our customer base.

Why is this the case? One idea I have is that users don't really get the value proposition of the Distributed Switch. I discussed 2 of these areas (less setup, vMotion info capture from a network perspective) in a blog post last year. In addition to those benefits, I believe the need for just one port group brings up huge OpEx savings. Another element that is important to remember is that the loss of vCenter itself will not cripple the function of the switch. Some users believe this could cripple the environment but that is not the case. You can read more about that in an article I found on-line recently.

Distributed Switch also delivers traffic shaping and Private VLAN support. 

Finally, the use of the Distributed Switch with vSphere 4.1 opens up the possibility of using the new Network I/O Control feature. Network flow types (of which there are six) can now be given equal priority for network resource access and then be given more advanced priority to say which flow gets the network resource in a congested environment. The graphic below shows this type of setup and also refers to the new load-based NIC teaming that can be used with NIOC to balance load across 2 10 GE NICS. NIOC becomes especially important in this type of environment.

NIOC

My two questions to you are:

1. Do you use the Distributed Switch? If no, why not?

2. What do you think of the Distributed Switch in general?

-Mike

Got vSphere 4.1?

Breakout session today at VMworld 2010 Copenhagen. Session TA9420 at 10:30 am will give you all the details you need to evaluate the 4.1 release for the world's most robust and complete compute platform

IMG_0706

  IMG_0709rotateupsidedown

 

VMworld 2010 Opens Today in Copenhagen. Come see the vSphere breakout sessions!

In addition to discussing vSphere 4.1 in today's keynote, Tim Stephan and I will be conducting breakout sessions at the show. For those of you not familiar with virtualization, Tim will have a intro to virtualization talk at 11am in Auditorium 19. For those of you more familiar with the vSphere platform, I will be giving a vSphere 4.1 overview at 11am in Auditorium 15.

Don't forget to stop by the Solutions Exchange as well for demos on the all new Storage I/O Control, vStorage APIs for Array Integration, and Memory Compression features of the 4.1 platform release.

More to come this week!

-Mike

My VMworld Europe schedule

Hello all,

Just in case this is helpful for anyone interested in learning more about SRM, I will be doing sessions, group discussions, and Expert 1 on 1's.  The 1 on 1's are where you get 15 minutes to chat with me about BCDR or anything that you need answers on.  The group discussion is where a small group of us talk on a subject – in my case BCDR.  The sessions are your typical VMworld sessions, although I do hope I do a much better job at education and entertainment than most.  But in anycase, below is my schedule.

Tuesday (10/21/10) – 11:00 – 12:00 – BC6701 – VMware Data Recovery – All you need to know!

Tuesday (10/12/10) – 14:00 – 15:00 – Group Discussion

Tuesday (10/12/10) – 17:00 – 18:00 – SRM Futures: Host Based Replication

Wednesday (10/13/10) – 12:00 – 13:00 – BC6703 – How to be Successful with SRM Implementations

Wednesday (10/13/10) – 15:00 – 16:00 – 1-on-1

Thursday (10/14/10) – 10:30 – 11:30 – 1-on-1

Thursday (10/14/10) – 13:30 – 13:30 – BC6701 – VMware Data Recovery – All you need to know!

Thursday (10/14/10) – 15:00 – 16:00 – BC6703 – How to be Successful with SRM Implementations

Plus, we will have SRM 4.1 running in our VMware booth if you would like to see it or talk to one of our specialists, and I particularly want to point out Lee Dilworth as being one very smart and experienced guy and he will be maning the SRM part of the booth with me.

Please say hi if you have time, and I hope everyone learns some cool stuff at the show!

Michael