In keeping with the theme of moving the Software-Defined Data Center from concept to reality, I discussed in my previous blogs why VMware vSphere is the perfect platform to deploy cutting edged technologies like SAP HANA. This is because vSphere enables our customers to agilely react to rapidly changing hardware/software requirements by recasting memory, CPU, IO, or network resources where needed in your landscape through software in a centrally managed manner. I also discussed how VMware Virtual Volumes can be leverage to simplify SAP’s multi-temperature data management strategy; where data is classified by the frequency of access as either hot, warm, or cold depending on data usage. This is an example of the essence of Software-Defined Storage.
Mission Critical Architectures: Completing The Picture with VMware NSX
In this blog I want to discuss how VMware NSX can be leveraged in your SAP HANA Landscapes. Figure 1. is an excerpt from the SAP HANA Network Requirements Guide, which kind of goes to the heart of why networks should be virtualized. Now the components of an SAP HANA system communicate via different network channels. Rightfully so, SAP recommended to have a well-defined network topology to control and limit access into only the required access channels in order to apply the appropriate security measures as necessary.
Figure 1. SAP HANA Network Zones
In the Client Zone access is granted to different clients, such as the SQL clients on SAP application servers. In addition there are also browser applications using HTTP/S to access the SAP HANA server, as well as other data sources (such as BI) which need a network communication channel to the SAP HANA database
Why has the SSLv3 protocol been disabled by default in vSphere 5.5 Update 3b?
Across the industry, enterprise software products and solutions are dropping use of and support for the SSLv3 protocol. The Internet Engineering Task Force (IETF) officially deprecated the SSLv3 protocol in RFC 7568 due to its obsolescence and inherent unfixability. Instead, IETF recommends the latest version of TLS.
VMware is therefore dropping support for SSLv3 on both the server side and the client side in vSphere. The release of vSphere 5.5 Update 3b from VMware disables SSLv3 by default to meet current standards and compliance.
This article takes eight common misperceptions about virtualizing Hadoop and explains why they are errors in people’s understanding. The short explanations given should serve to clear up the understanding about these important topics.
Myth #1: Virtualization may add significant performance overhead to a Hadoop cluster.
This is a common question from users who are in the early stages of considering virtualizing their Hadoop clusters. Engineers at VMware (and some of its customers) have done several iterations over multiple years of performance testing of Hadoop on vSphere with various hardware configurations. These tests have consistently shown that virtualized Hadoop performance is comparable to, and in some cases better than that of a native equivalent.
I know, it’s been a while since I blogged. It’s been an insanely busy time here at VMware, especially for vSphere security. VMworld US and Europe vSphere security sessions were very popular! And since then, I’ve been traveling a whole bunch, meeting customers and talking about security operations. A recurring ask has been “How can I learn to run my vSphere and NSX environments more securely?”
Well, that is about to be answered! With input from myself and Chris McCain and the tireless work of the VMware Education team putting the content together I’m proud to say there is now a course for SDD Security Operations!
Entitled “Security Operations for the Software Defined Data Center”, the course is for vSphere admins who are getting pressured to run their infrastructure in a more secure fashion. And based on the crowds in my VMworld sessions, this should be SUPER popular!!!
Here’s a quick overview of the course and it’s objectives:
In the VMware Security Operations for the Software-Defined Data course, we teach you how to use the VMware Software-Defined Data Center (SDDC) product portfolio and tools to better manage administrator access, harden your VMware vSphere® environment, and secure data at rest and in motion. We also cover compliance and automation to help you ensure your deployments align with your security policies.
Describe the concepts involved in securing a software-defined data center and protecting the data in the data center
Manage vSphere administrator access to hosts and the VMware vCenter Server™ system based on identified job roles and requirements
Implement best-practice security of vSphere components based on organizational security policies
Configure data protection for data at rest and data in motion
Manage protection for virtual machines, endpoints, and networks
Use micro-segmentation to protect and manage multitier applications and network data
Perform activity monitoring and logging, and explore relevant logs to meet compliance requirements
Use VMware NSX™ security groups, policies, and tags to automate deployment and security processes
Use automation to respond to security-related events
So, where can you learn more? VMware Education! Here’s the link
If you take the course, please send me some feedback. A lot of hard work went into it, especially by the VMware Education folks. We’re already talking about an update late next year to incorporate “future” stuff.
Throughout this blog post I’ll highlight some of the enhancements that have been brought to the vSphere Web Client in 5.5 Update 3. This is especially important as we see customers continue to leverage the legacy vSphere Client (also referred to as the legacy C# client). Our goal is to make the Web Client everyone’s primary management tool for vCenter Server & vSphere and continuing to improve performance has been an essential requirement in doing that.
In the first part of this series we provided a high level view of the benefits of using Virtual Volumes enabled storage for database operations. In the second part of this series we examined in more detail how Virtual Volumes can improve the backup and recovery capabilities for business critical databases, specifically Oracle.
The backups for Oracle can be Database consistent or Crash consistent. In this part we will look at Crash consistent backup and recovery and also how database cloning is simplified by the use of VVol. Continue reading →
The Hadoop-based system running on vSphere that is described here was architected by Rajit Saha, (who provided the material for this blog) and a team from VMware’s IT department.
This article describes the technical infrastructure for a VMware internal IT project that was built and deployed in 2015 for analyzing VMware’s own business data.. Details of the business applications used in the system are not within the scope of this article. The virtualized Hadoop environment and modern analytics project was implemented entirely on the vSphere 6 platform.
The key lesson that we learned from this implementation is that you can start at a small scale with virtualizing big data/Hadoop and then scale the system up over time. You don’t need to wait for a large amount of hardware to become available to get started.
One question I’m commonly asked (aka weekly if not daily) is what are the perfect pCPU to vCPU ratios that I should plan for, and operate to, for maximum performance. I wanted to document my perspective for easy future reference.
There is no common ratio and in fact, this line of thinking will cause you operational pain. Let me tell you why.
VMware released NSX-v (NSX for vSphere) 6.2 back on August 20, 2015. With its release the NSX team introduced support to use NSX-v as a load balancer for the vSphere Platform Services Controller (PSC) for highly available deployments (Release Notes). This is a key new feature that enables customers to further leverage existing NSX-v deployments to simplify their vSphere infrastructure while providing additional HA capabilities for the PSC. This can be a fairly straightforward undertaking when there is an existing vCenter being used for management (e.g. a management cluster).
There is a second scenario, however, that requires some consideration. What if you’re deploying a new vSphere and NSX-v environment where a management vCenter does not already exist? Romain Decker, a Solution Architect in VMware’s Software-Defined Datacenter (SDDC) Professional Services Engineering team has put together a great blog post on the VMware Consulting Blog that walks through that exact scenario and provides a step-by-step instruction on how to work around this chicken and egg scenario using the ability to easily repoint a vCenter Server to an alternate PSC in vSphere 6.0 Update 1.
To learn more about configuring NSX-v as a load balancer for the vSphere Platform Services Controller, read Romain’s full blog post at: