Opinion Piece on VMware Licensing

So over the past few months I’ve been seeing a lot of customers within the Public Sector and Education looking at transitioning off VMware vSphere and onto Microsoft Hyper-V! With tightening budgets or even budget cuts, IT admins in these industries are looking for quick wins in slashing their IT bills and many see dropping VMware for the ‘free’ Microsoft hypervisor as an obvious choice!

The problem is, you can argue about VM densities per host, resource scheduling, live migrations, DR, and other technical aspects of why vSphere trumps Hyper-V…. However, the reply is always the same…. “Well Hyper-V is Good Enough for our environment…. and it’s Free!!”

Yes, Hyper-V is good enough as a hypervisor… and yes it’s free…. but when you have a large estate, the density ratio impacts the amount of servers you need to buy and you still need to invest in System Center with Virtual Machine Manager (SCVMM) if you want to effectively manage a cluster of Hyper-V hosts.

Unfortunately, I’m now of the impression that VMware advocates can no longer keep using the same argument when doing comparisons between vSphere and other hypervisors…. IT admins just don’t care any more…. “if the hypervisor is free and can virtualise my servers, then that’s the one I’m going for!!”

Anyways, I ended up sitting down and writing an opinion piece for SearchVMware.com on this topic….. you can view it here:

http://searchvmware.techtarget.com/opinion/Could-market-saturation-push-VMware-to-make-vSphere-Standard-free

Advertisements

VMware NSX – IOChain and how packets are processed within the kernel

During a meeting with a client when I was going over how packets are processed within the IOChain between a VM and a vSwitch, I was asked a question that stumped me…. what happens at Slot 3?

It’s common knowledge that the first 4 and last 3 slots in the IOchain are reserved for VMware and slots 4-12 are reserved for 3rd parties where services are inserted (or traffic redirected).

During my discussions I’ve only ever spoken about Slots 0-2 and 4-12…..

After much digging around and questioning the NSBU SEs, I was told that there was no real answer apart from it’s probably a VMware reserved slot for future use. =)

It’s also worth noting that Slot 15 used to be classed as a “reserved slot for future use” but is now intended to be used for Distributed Network Encryption when it becomes available (makes sense that encryption is the last thing that happens on the IOChain for packets leaving a VM, and decryption being the first for packets entering the VM).

Anyways, decided it’s probably worth blogging about IOChain slots. =)

 

So when a VM connects to a Logical switch there are several security services that each packet transverses which are implemented as IOChains processed within the vSphere kernel.

Slot 0: DVFilter – the Distibuted Virtual Filter monitors ingress/egress traffic on the protected vNIC and performs stateless filtering and ACL.

Slot 1: vmware-swsec – the Switch Security module learns the VMs IP/MAC address and captures any DHCP Ack or ARP broadcasts from the VM, redirecting the request to the NSX Controller – this is the ARP suppression feature. This slot is also where NSX IP Spoofguard is implemented.

Slot 2: vmware-sfw – this is where the NSX Distributed Firewall resides and where DFW rules are stored and enforced (so firewall rule and connection tables).

Slot 3: reserved for future use by VMware

Slot 4-12: 3rd party services – this is where traffic is redirected to 3rd party service appliances

Slot 13-14: reserved for future use by VMware

Slot 15: Distributed Network Encryption (when it becomes available)

vSphere 6.5 Product Interoperability – brain fade moment!

So it’s probably worth reminding everyone that there are still VMware products that are not yet supported on vSphere 6.5!

I unfortunately found out the hard way when I broke my work’s demo environment (or at least half of it).

Now even though I’ve blogged about compatibility issues previously eating too many mince pies and drinking too much bucks fizz over the Christmas and New Year festivities has obviously taken its toll on my grey matter, and coming back to work in the new year I decided it would be a nice idea to upgrade a part of my works demo environment to vSphere 6.5 so that we can use it to demo to customers!

The problem was I upgraded the part of the lab running NSX and when I got to the point of trying to push the NSX VIBs onto the ESXi hosts (when preparing the hosts to join the NSX cluster), it was having none of it and failing! After several unsuccessful attempts, it slowly dawned on me that NSX was one of those ‘unsupported’ products that doesn’t work with vSphere 6.5…..

Damn…..

Fortunately I didn’t destroy my old vCenter Server 6.0u2 appliance so was able to roll back by re-installing the ESXi hosts with 6.0.

 

Anyways, the products still not supported are:

  • VMware NSX
  • VMware Integrated OpenStack
  • vCloud Director for Service Providers
  • vRealize Infrastructure Navigator
  • Horizon Air Hybrid-Mode
  • vCloud Networking and Security
  • vRealize Hyperic
  • vRealize Networking Insight

 

Definitely worth keeping an eye on this VMware KB: Important information before upgrading to vSphere 6.5 (2147548)

And if you do end up upgrading to vSphere 6.5, then make sure you follow the recommended upgrade sequence in this VMware KB: Update sequence for vSphere 6.5 and its compatible VMware products (2147289)

What’s new with VMware vSAN 6.5?

Given that I’m a VMware vExpert for vSAN, I guess I’m kind of obliged to write about what’s new with the latest iteration of vSAN – 6.5….. =)

vSAN 6.5 is the 5th version of vSAN to be released and it’s had quite a rapid adoption in the industry as end-users start looking at Hyper-Converged Solutions. There are over 5000+ customers now utilising vSAN – everything from Production workloads through to Test & Dev, including VDI workloads and DR solutions! This is quite surprising considering we’re looking at a product that’s just under 3 years old… it’s become a mature product in such a short period of time!

The first thing to note is the acronym change…. it’s now little ‘v’ for vSAN in order to fall in line with most of the other VMware products! =)

So what are the key new features?

1. vSAN iSCSI

This is probably the most useful feature in 6.5 as it gives you the ability to create iSCSI targets and LUNs within your vSAN cluster and present these outside of the vSAN Cluster – which means you can now connect other VMs or physical servers to your vSAN storage (this could be advantageous if you’re trying to run a MSCS workload). The iSCSI support is native from within the VMkernel and doesn’t use any sort of storage appliance to create and mount the LUNs. At present only 128 targets are supported with 1024 LUNs and a max. LUN size of 62TB.

vsan-iscsi

It seems quite simple to setup (famous last words – I’ve not deployed 6.5 with iSCSI targets yet). First thing is to enabled the vSAN iSCSI Target service on the vSAN cluster, after that you create an iSCSI target and assign a LUN to it… that’s pretty much it!

Great thing about this feature is because the LUNs are basically vSAN objects, you can assign a storage policy to it and use all the nice vSAN SPBM features (dedupe, compression, erasure-coding, etc).

2. 2-node direct connect for vSAN ROBO + vSAN Advanced ROBO

Customers find it quite difficult to try and justify purchasing a 10GbE network switch in order to connect together a few nodes at a ROBO site. VMware have taken customer feedback and added a new feature which allows you to direct connect the vSAN ROBO nodes together using a cross-over network cable.

In prior versions of vSAN both vSAN traffic and witness traffic used the same VMkernel port which prevented the ability to use a direct connection as there would be no way to communicate with the witness node (usually back in the primary DC where the vCenter resides). In vSAN 6.5 you now have the ability to separate out vSAN and witness traffic onto separate VMkernel ports which means you can direct connect your vSAN ports together. This is obviously great as you can then stick in a 10GbE NIC and get 10Gb performance for vSAN traffic (and vMotion) without the need of a switch!

vsan_2node_robo

The only minor issue is you need to use the CLI to run some commands to tag a VMkernel port as the designated witness interface. Also the recommended setup would be to use 2 VMkernel ports per traffic flow in order to give you an active/standby configuration.

vsan-2node2nic

It’s also worth noting that the new vSAN Advanced ROBO licenses now allow end-users to deploy all-flash configurations at their ROBO site with the added space efficiency features!

3. vSAN All-Flash now available on all license editions

Yup, the All-Flash Tax has gone! You can now deploy an All-Flash vSAN configuration without having to buy an advanced or enterprise license. However, if you want any of the space saving features such as dedupe, compression and erasure coding then you require at least the Advanced edition.

4. 512e drive support

With larger drives now coming onto the market, there has been a request from customers for 4k drive support. Unfortunately there is still no support for the 4k native devices, however there is now support for 512e devices (so physical sector is 4k, logical sector emulates 512bytes).

More information on 4Kn or 512e support can be found here: https://kb.vmware.com/kb/2091600

5. PowerCLI cmdlets for vSAN

New cmdlets are available for vSAN allowing you to script and automate various vSAN tasks (from enabling vSAN to the deployment and configuration of a vSAN stretched cluster). The most obvious use will be using cmdlets to automatically assign storage policies to multiple VMs.

More info on he cmdlet updates available here: http://blogs.vmware.com/PowerCLI/2016/11/new-release-powercli-6-5-r1.html

6. vSAN storage for Cloud Native Apps (CNA)

Integration with Photon means you can now use a vSAN cluster in a CNA enviroment managed by Photon Controller. In addition, now that vSphere Integrated Containers (VIC) is included with vSphere 6.5, you can now use vSAN as storage for the VIC engine. Finally Docker Volume Driver enables you to create and manage Docker container data volumes on vSAN.

For more information about vSAN 6.5, point your browsers to this great technical website: https://storagehub.vmware.com/#!/vmware-vsan/vmware-vsan-6-5-technical-overview

VMware makes welcome changes in vSphere 6.5

So the 2nd and 3rd part of my vSphere 6.5 articles have made it onto the SearchVMware.com website… you can read about it here:

http://searchvmware.techtarget.com/tip/VMware-vSphere-65-puts-emphasis-on-security-applications

http://searchvmware.techtarget.com/tip/VMware-makes-welcome-changes-in-vSphere-65

 

You can read part 1 here: http://searchvmware.techtarget.com/tip/VMware-focuses-on-simplicity-in-vSphere-version-65

Update sequence for vSphere 6.5 and its compatible VMware products

So VMware have now released a Knowledge Based Article that describes the upgrade path in which vSphere 6.5 and its compatible VMware products must be updated:

https://kb.vmware.com/kb/2147289

NOTE: At this time current versions of VMware NSX for vSphere, VMware Integrated OpenStack, vCloud Director for Service Providers, vRealize Automation and vRealize Infrastructure Navigator are not compatible with vSphere 6.5. Customers with these products are advised to upgrade to vSphere 6.5 when compatible versions become available.

vSphere/vCenter 6.5 released

So post VMworld, I wrote a long article about what’s new for vSphere 6.5 which I was hoping would be published on SearchVMware.com…. unfortunately I’m still waiting on it to be published, last I heard the article was too long and they were splitting it up into two articles! ¬_¬”

Anyways, whilst I wait for the article to be published, I’ll give a quick summary of things I’ve learnt about the new vSphere/vCenter 6.5 that was released 2 days ago.

  • New HTML5 vSphere Client
  • Fully Integrated vSphere Update Manager and AutoDeploy with vCenter Server Appliance
  • Native High Availability for the vCSA
  • Native backup/restore for vCSA
  • Built-in monitoring web interface for the vCSA
  • Over 2x increase in scale and 3x in performance
  • Easy to migrate from Windows vCenter to vCSA
  • Client Integration Plugin for the vSphere Web Client is no longer required
  • The vCSA deployment installer can be run on Windows, Mac and Linux
  • The installer now supports install, upgrade, migrate and restore
  • vSphere API Explorer
  • VM Encryption / Encrypted vMotion
  • Secure Boot (for ESXi host and VM)
  • VMware Tools 10.1 and 10.0.12 (for older guest OSes that are out of support)
  • Multi-factor authentication with Smartcard or SecurID
  • VMFS-6 (4k drive support in 512e mode – emulating 512 sectors)
  • Automatic Space Reclamation – VAAI UNMAP now automatic and integrated it UI
  • VVOLs 2.0 plus VASA 3.0
  • vSphere HA is now known as vSphere Availability, enhancements to Admission Control
  • HA Orchestrated Restarts (adding in dependencies when HA restarts a VM)
  • Proactive HA (when host components are failing they are put into a quarantine mode)
  • Enhancements to DRS (VM distribution, CPU Over-commit, Network aware)
  • Predictive-DRS if vRealize Operations 6.4 is deployed (forecasted trends will kick off DRS)
  • vSphere Replication enhancements (now 5min RPOs like vSAN)

 

To find out more information, head along to the following:

 

In addition to the GA of vSphere/vCenter 6.5 there were a load of other releases on the same day:

 

I’m still waiting on the launch of vRealize Automation 7.2 and NSX 6.3….. those should be imminent as well!

As always, all downloads are available via the My VMware Portal.

VMworld Europe 2016 – Looking back

So I’ve finally recovered from VMworld…. A week long of learning, networking and zero sleep! =P

Let’s recap what I learnt at VMworld, first the moans:

  1. Lunch sucked!
    I was pretty disappointed with the lack of lunch available to attendees – or at least to those attendees who were at VMworld to attend Breakout Sessions, 30mins to rush between sessions just isn’t enough time to try and find some food. No time to run to a different hall to queue for hot food, and by the time I get out of a session at 12:30pm all the sandwiches and cold food are gone! Surprisingly it wasn’t just me complaining about the lack of food!!
  2. Solution Exchange was in the wrong place, it should have been back in Hall 8.1 rather than over in Hall 7…. Too far away from the breakout sessions, which again meant those people who are at VMworld to learn can’t get over to the Solution Exchange as it’s across the other side of the conference centre! I have to wonder whether footfall was a lot less than previous years!
  3. VMworld Party was dry….. no entertainment within the Party, just food stands and bars….. what happened to all the arcades and scalextric sets from last year? So many people were just standing around eating and drinking, there wasn’t the mingling and networking like previous years! Pool tables, air hockey tables, arcades…. These are great devices to help people break the ice and network….! Suffice to say that the party started to empty out halfway through the night! Nothing beats lasts years band – Faithless were awesome!!
  4. Missed out on a ticket to watch Barcelona vs Man City! I did actually win a ticket from Cohesity, but was too slow to answer my phone. In the end it went to a fellow vExpert who was a Man City fan – tbh, I was planning on giving it away as I had to look after the customers who came to VMworld with MTI. Glad it went to someone who would appreciate the game (although he didn’t appreciate the score)!

Now onto the good stuff

  1. VMware launched vSphere/vCenter/VSAN 6.5 in Europe! YAY!
  2. VMware announced the tech preview of VMware Cloud in Amazon AWS.
  3. Tuesday’s General Session wasn’t just a repeat of the US opening General Session – we got some new content!! Which really isn’t a surprise given the announcement the week before VMworld about the new VMware and Amazon partnership!!
  4. Wednesday’s General Session was quite similar to the Day 2 General Session in the US, but at least it had a decent bit on vSphere 6.5 and VSAN 6.5.
  5. A lot of breakout sessions on the vCloud on AWS Tech Preview!
  6. More sessions on vCloud Foundation!!
  7. Nearly all the vSphere sessions were about 6.5 (which I guessed correctly and registered for).
  8. I got to meet a lot of the VMware NSBU Exec team, including having a pow-wow with Rajiv Ramaswami (SVP/GM NSBU) about my company’s engagement with VMware UK for NSX (MTI Technology are one of five NSX focus partners in the UK), as well as how VMware could help the channel drive the sale of NSX.
  9. My colleague – Andrew Tang – drew the short straw and was up on stage for a Q&A session at the Partner Exchange NSX Key note (Accelerate Network Virtualization [PAR3693]). After Rajiv and Dom Delfino (VP Worldwide Sales & Systems Engineering NSBU) did their bits, Louise Ostrom (VP Network and Security EMEA) interviewed Andy on stage…. Louise was supposed to ask some pre-arranged questions but decided it was more fun to do it ad-hoc! Well done Andy for surviving and also presenting MTI as a transformative VMware partner showing we’re a safe pair of hands in delivering NSX and complimentary security products to our customers! =P
  10. Customers – we took out more customers this year then last year, and this year I made sure I spent time talking to them rather than running around all the breakout sessions. In fact this is probably he first year that I’ve not featured on the Gamification Leaderboard! =P
    It was good to find out about what their future plans are and discuss how VMware can become an integral part of their plans!

It looks like VMworld 2017 US will again be held in Vegas…. I’ve been promised a free ticket next year as I couldn’t use it this year, so who knows, I may head out to Vegas for VMworld 2017!! =)

Interesting that VMworld 2017 Europe hasn’t announced a venue or date yet… I’m guessing it’s because they’ve finished their contract in Barcelona and they’re considering other venues. I quite like Barcelona, lovely city and I like the fact that I can walk around in the evenings with just a polo or t-shirt on! Hope it’s not back in Copenhagen… it’s too grey and cold during Autumn time. I’ve heard Berlin and even Lisbon mentioned during my discussions with fellow bloggers/vExperts…. Lisbon would be a nice venue!

Roites…. All I have left is to finish writing my blog entry on what’s new with vSphere 6.5 and VSAN 6.5….

vCenter Server Migration Tool: vSphere 6.0 Update 2m

Last year I blogged about the vCS to vCSA converter tool that VMware Labs released as a fling and how I had used it to pretty much convert all my lab vCenters (all bar one) to vCSAs….. since then I’ve been following the releases and a few months ago I noticed the Fling was deprecated (ie you can’t download it). I didn’t think much of it as VMworld 2016 was only round the corner, so thought it might be rolled into an impending vSphere/vCenter release….. unfortunately that never quite materialised in Las Vegas, and rumours are that vSphere 6.5 might be released in Barcelona.

So I was quietly surprised when I got an email notification from VMware Blogs to inform me that a new minor update of vSphere had been released specifically for migration puposes – vSphere 6.0 Update 2m (where the ‘m’ stands for migration).

vSphere 6.0 Update 2m is an automated end to end migration tool from a Windows vCenter Server 5.5 (any update) to a vCenter Server Appliance 6.0 Update 2 (so pretty much what the Fling used to achieve).

It’s common knowledge that trying to migrate from a Windows vCenter Server (with a SQL backend) to a vCenter Server Appliance was not an easy task – in fact in 90% of my customers I’ve just told them to start a fresh rather than go through the pain of scripting a migration. However, I’m so glad that VMware have rolled out the Converter fling into an actual production release – now we have an end-to-end migration tool which takes all the pain out of the equation!

Those of you who are interested in migrating from your Windows vCenter Server 5.5 (any update) to a vCenter Server Appliance 6.0 Update 2 should download and use this release. The vSphere 6.0 Update 2m download is an ISO consisting of the Migration Tool and vCenter Server Appliance 6.0 Update 2, roughly about 2.8GB in size.

Note: you cannot use this release to deploy a new installation of vCSA! To do that you just use the vCSA 6.0 Update 2 install.

What’s Supported:

  • Previous versions of Windows vCenter Server will need to upgraded to vCenter Server 5.5 prior to migration.
  • The best thing is that all database types currently supported with vCenter Server 5.5 will be migrated to the embedded vPostgres database in the vCSA!
  • It’s worth noting that if VMware Update Manager is installed on the same server as the Windows vCenter Server 5.5, it will need to be moved to an external server prior to starting the migration process.
  • VMware and 3rd party extension registrations are migrated, but may need to be re-registered.
  • vCenter Server 5.5 both Simple and Custom deployment types are supported.
  • Configuration, inventory, and alarm data will be migrated automatically, historical and performance data (stats, tasks, events) is optional.
  • If the source was a Simple vCenter Server 5.5 install (so SSO + vCS) then it will be migrated to a vCSA with embedded PSC.
  • If the source was a Custom vCenter Server 5.5 install (so separate SSO and vCS) then it will be migrated to a vCSA with external PSC.

Somethings that are worth mentioning prior to starting a migration are:

  • It preserves the personality of the Windows vCenter Server which includes but not limited to IP Address, FQDN, UUID, Certificates, MoRef IDs.
  • Changing of your deployment topology during the migration process is not allowed. For example, if your vSphere 5.5 Windows vCenter was deployed using the Simple deployment option, then your Windows vCenter Server 5.5 will become an embedded vCenter Server Appliance 6.0.
  • During the migration process the source Windows vCenter Server will be shutdown, plan accordingly for downtime.
  • The migration tool will also be performing an upgrade, standard compatibility and interoperability checks will still apply. Please use the interoperability matrix to make sure all VMware solutions are compatible with vSphere 6.0. Also talk to your 3rd solution vendors to make sure those solutions are also compatible with vSphere 6.0.

 

The only annoying thing is that because I’ve used the fling previously to convert all my Windows vCenter Servers, I now don’t have anything I can test this migration tool on!! >_<”

I’m currently in the process of digging out an old vCenter Server 5.5 ISO so that I can deploy it and upgrade it using the new release!

 

Anyways, those of you who haven’t yet upgraded to vCenter Server 6.0 and to an appliance, now there’s no reason why you can’t as you have a fully supported tool from VMware!

Best of all, they’re in the process of improving the migration tool so that it can be used to migrate from a Windows vCenter Server 6.0 install to a vCenter Server Appliance 6.0. One feature I hope they will also include is the ability to migrate from an existing vCSA to another vCSA.

vCenter Server 6.0 Update 2m links: