Posts Tagged ‘VMware’

HA Slot Size Calculations in the Absence of Resource Reservations

December 3, 2008

Ahhh, the ol’ HA slot size calculations. Many a post has been written, many a document published that tried to explain just how HA slot sizes are calculated. But the one thing missing from most of these, certainly from the VMware documentation, is what behaviour can be expected when there are no resource reservations on an individual VM. For example in many large scale VDI deployments that I know of, share based resource pools are used to assert VM priority rather than resource reservations being set per-VM.

So here’s the rub.

In the absence of any VM resource reservations, HA calculates the slot size based on a _minimum_ of 256MHz CPU and 256MB RAM. The RAM amount varies however, not by something intelligent like average guest memory allocation or average guest memory usage, but by the table on page 136 / 137 of the resource management guide, which is the memory overhead associated with guests depending on how much allocated memory the guest has, how many vCPU’s the guest has, and what the vCPU architecture is. So lets be straight on this. If 256MB > ‘VM memory overhead’, then 256MB is what HA uses for the slot size calculation. If ‘VM memory overhead’ > 256MB, then ‘VM memory overhead’ is what is used for the slot size calculation.

So for example, a cluster full of single vCPU 32bit Windows XP VM’s will have the default HA slot size of 256MHz / 256MB RAM in the absence of any VM resource reservations. Net result? A cluster of 8 identical hosts, each with 21GHz CPU and 32GB RAM, and HA configured for 1 host failure, will result in HA thinking it can safely run something like 7 x (21GHz / 256MHz) guests in the cluster!!!

Which led to a situation I came across recently whereby HA thought it still had 4 hosts worth of failover capacity in an 8 host cluster with over 300 VM’s running on it, even though the average cluster memory utilisation was close to 90%. Clearly, a single host failure would impact this cluster, let alone 4 host failures. 80-90% resource utilisation in the cluster is a pretty sweet spot imho, the question is simply do you want that kind of utilisation under normal operating conditions, or under failure conditions. As an architect, I should not be making that call – the business owners of the platform should be making that call. In these dark financial times, I’m sure you can guess what they’ll opt for. But the bottom line is the business signs off on the risk acceptance – not me, and certainly not the support organisation. But I digress…

I hope HA can become more intelligent in how it calculates slot sizes in the future. Giving us the das.vmMemoryMinMB and das.vmCpuMinMHz advanced HA settings in vCenter 2.5 was a start, something more fluid would be most welcome.

PS. I’d like to thank a certain VMware TAM who is assigned to the account of a certain tier 1 global investment bank that employs a certain blogger, for helping to shed light on this information. You know who you are 😉


Symantec reverts to normal, well done. And well done community!

November 20, 2008

Unfortunately I couldn’t break the news when I heard it as I was at work (no way I’m blogging from there, my boss reads this – hi Mark :D), but Symantec has updated the original KB article to something much, much more reasonable (although it seems to be offline at the minute).

No company is immune from the odd premature / alarmist KB article, and however this happened doesn’t matter as much as the outcome. I’m sure a lot was going on behind the scenes before I broke the news, but still I’d like to think we all played some part in getting it cleared up so quickly. Power to the people 🙂

Symantec Does _NOT_ Support Vmotion… WTF!?!?!

November 18, 2008

Make sure you’re sitting down before reading this Symantec KB article which is only 1 month old and clearly states they do _not_ support any current version of their product on ESX if Vmotion is enabled. No, it’s not a joke.

It’s a _fucking_ joke. Symantec have essentially pulled together a list of random issues that are almost certainly intermittent in nature and could have a near infinite number of causes, and somehow slapped the blame on Vmotion without as much as a single word of how they arrived at this conclusion. When Microsoft shut the AV vendors out of the Vista kernel, I actually felt a little sympathy for them (the AV vendors). But after reading this, I can’t imagine the bullshit Microsoft must have had to put up with over the years. It’s no wonder Microsoft tried to do their own thing with AV.

I urge every enterprise on the planet who are customers of both VMware and Symantec to rain fire and brimstone upon Symantec (I’ve already started), because your entire server and VDI infrastructure is at this time officially unsupported. The VMware vendor relationship team have already kicked into gear, we need to raise some serious hell as customers to drive this point home, and hard.

This is absolutely disgraceful and must not stand.

UPDATE The original KB article as been updated, support has been restored to normal!

ESX 3.5 Update 3 Release Imminent!

October 30, 2008

It seems the ESX 3.5 Update 3 release is imminent, as per some recent updates to the VMware website (screeny below)

Wonder if we’ll get any timebomb action this time 😀

VirtualCenter 2.5 Update 3 Upgrade Process – here we go again!

October 23, 2008

It seems the VirtualCenter upgrade process is not getting any better. I can’t for the life of me understand how bugs like this got through with the Update 2 release, but they did and are one of the primary drivers for my company to roll out Update 3 asap (that and the security fixes). But lo, there are new upgrade problems afoot, notably this one which I have encountered 3 times now. Duncan called it out a few weeks back.

Now what really grinds my gears is that the most important fixes (for me anyway) are security related and of course the fix for the guest customisation bug. That is, binary patches – nothing at all to do with the database. In fact I can’t find anything obviously database related in the release notes, and this is somewhat validated by the fact to get around this we need to append a “MINORDBUPGRADE=1” argument to VCDatabaseUpgrade.exe (the DSN, UID and PWD arguments don’t appear to be necessary). So for anyone at VMware reading this, STOP TOUCHING THE VC DATABASE WHEN YOU DON’T HAVE TO. Minor DB upgrade? WTF? You’re risking the VC database and ruining another persons saturday (now we need a Unix admin, a Windows admin _and_ a DBA to upgrade VC) for a MINOR UPGRADE?

Additionally, the jre binaries are not upgraded correctly as we found out when the Sun Ray environment in our lab broke after applying U3 (Sun have a KB article about this that I can’t find at the moment). A clean install had no such problems however.

If VMware are going to continue with these monolithic style updates so frequently (Update 1 in April, Update 2 in July, and now Update 3 in October), they need to get their chi together. Tomcat and JRE security related bugs come out all the time, and if you work in a regulated environment then you have no choice but to patch ASAP. But having to touch the database in order to do so is the opposite of cool. Be cool VMware, be cool!

UPDATE: Here’s that Sun KB article I was referring to… it actually mentions Update 2 but the same applies for Update 3

HP "Virtualization Blade" – Marketing Bullshit 1 / Virtualisation Architects 0

October 14, 2008

I’ll start (as I often do with negatively titled posts) by saying that I love HP kit. No I’m not being sarcastic, back when I was a support guy I actually resigned from a place because they were going to switch their server vendor of choice away from HP. But for fucks sake, this BL495c “virtualization blade” business is _really_ getting on my nerves. Rather than explain, help me out by doing the following:

1. Google “HP Virtualization Blade”
2. Ignore Mike’s #1 rank in the results (nice job Mike, how the fuck did you take top spot from HP themselves in under 1 day :D).
3. 4 or 5 results down you should see “HP ProLiant BL495c G5 Server Blade – product overview”. Hit that link.
4. On the resulting page, ignore all the marketing bullshit and cast your eyes over the “Support” section of links to the right of the blade image.
5. Open the “OS support” link in a new tab. Change to that tab, and hit the “Vmware” link.
6. Go back to the main product overview page, and open the “Software & Drivers” link in another new tab.

Or if you’re too lazy, have a look here and here.

Now am i going blind, or is there a complete lack of VMware support for this “virtualization blade”? Thanks for that HP. Now guys like me have to fend off a barrage of enquiries from support and management asking “why aren’t you looking at the HP virtualization blade?”. Ironically, Citrix XenServer 5.0 is listed as supporting the BL495c… is anyone even using that? Even if there was VMware support, good luck with using that 10GbE outside of the chassis – there isn’t a 10GbE switch available for the C-class yet. And let’s not ignore the other touted feature, SSD. As Mike points out in his post, disks in blades are next to useless anyway (although in my mind the future is PXE rather than embedded).

No doubt the VMware support and 10GbE switches will come in time, but until then HP should withdraw the marketing BS. It doesn’t do them any favours, and no doubt posts like this will just serve as ammo for their competitors. I look forward to the day when I won’t have to write such posts in the first place!

Future ESXi Version Call to Arms!

October 5, 2008

While there wasn’t a lot of concrete details that came out of VMworld, one thing is for certain – VMware are working on a _lot_ of new functionality for their next major release. Of particular relevance to us at vinternals is the host profiles feature, as it provides the same functionality as Statelesx, but is done in a much more user friendly way. Which is fine – it’s not like we threw in out jobs and tried to position statelesx as a commercial product, and in some ways it’s a validation that our idea was a good one.

But VMware need to ensure they implement the other half of the solution, ala the client initiator. Without this, there is still an unnecessary manual task of joining a host to a cluster in the first place. You may think this isn’t such a big deal, but if your hosts are PXE booted then a client initiator is an absolute requirement.

Fortunately for us, there is at least one senior guy at VMware who gets all this – Lance Berc (I get a laugh eveytime I see his ‘novice’ status in the VMware forums – for fucks sake, this is the guy who wrote the original esxtop). So far most attention has been on his post-build configuration scripts, but Lance put his C skills to work and released the crucial client initiator piece as well as a ‘midwife‘ which essentially performs the same duties as statelesx. Put all this together and you have a truly automated, scalable, liquid environment – the likes of which is usually only seen in compute clusters. Except this time it’s a _virtual_ environment.

VMware seem to be taking notice of the need for cluster wide configuration automation with host profiles and the distributed virtual switch, we as customers need to make sure they understand the need for the client initiator functionality as well. The ‘midwife’ functionality would also be nice if it was wrapped into VirtualCenter, but if it isn’t then maybe Statelesx will have some longevity after all, even if it is somewhat more limited to automating the application of a host-profile that is defined elsewhere.

So here’s the call to arms. We as customers have the strongest sway with regards to product features. And with a new version of the platform in development, now is the time to start hitting our account managers inboxes with requests for this functionality. Hell, just send ’em a link to this post if it makes it easier – the important thing is to push this through the account channels, not Lance (you’d just be preaching to the converted), and the time to act is now!

VM Reconfiguration via the VI Toolkit for Windows

September 24, 2008

Reconfiguring VM’s via the API is something I’ve had to dabble in lately, due to some…. err.. “interesting” behaviour with deploying VM’s from templates. Such as the inability to deploy a VM from a template that has a SCSI controller but no disk – useful if using LUN based snapshots, where the .vmdk already exists and you want to move said vmdk into the same directory as the VM after it’s been created (and thus can’t use the -Diskpath option of New-VM as the path doesn’t exist yet). Or if you want to create VM’s for use with Citrix Provisioning server, which don’t require a local disk but do require a SCSI controller.

While this operation is uglier than I’d like it (most things that involve Get-View and specifications are uglier than I’d like them :-), I found this very good paper which explains the VI object model as applied to VM hardware reconfiguration _much_ better than the SDK documentation does.

Sure the examples are in Perl, but the theory is the same. Combine the document with a listing of all posts by Carter, LucD and halr9000 in the VI Toolkit for Windows community and there’s nothing you can’t do!

ESXi Free by End of July!

July 22, 2008

Yes I’ve been quiet of late, but for a very good reason… which I’ll divulge maybe on the weekend 😉

But todays news (Alessandro – you are a machine aren’t you? When do you sleep!) was just too big to let go by – ESXi is finally free. Well… finally officially free – technically it’s been free for ages, all you had to was download a patch for it, as ESXi patches are essentially entire new images (although of course it would’ve run in eval mode for 60 days… by which time another patch would have come out 😉

This is a great way for VMware to hit back after the raft of troubles lately. All the arguments from Microsoft, Xen, etc have always been about price, and they no longer have a leg to stand on.

This actually makes Hyper-V more expensive than ESXi, as you still have to pay for the Windows OS in the parent partition. And pay for no less than Enterprise Edition if you want to cluster Hyper-V. Lets not forget the storage add-ons if you want a clustered file system.

This puts the ball squarely back in the competition’s court, and might as well be the final nail in the coffin for Citrix XenServer as it is now the only major commercial hypervisor on the market you have to pay for.

How a stateless ESXi infrastructure might work

May 18, 2008

Yep, it’s Sunday afternoon, and thus time for another installment of Sunday Afternoon Architecture and Philosophy! Advance Warning: Get your reading specs, this post is a big ‘un.

I’ve mused several times on the whole stateless thing, especially with regards to ESXi, today I’m going to take it a bit further in the hope that someone out there from VMware may actually be reading (besides JT from Communities :-).

Previously I’ve showed how you can PXE boot ESXi. While completely unsupported, it at least lends itself to some interesting possibilities, as with ESXi, VMware are uniquely positioned to offer such a capability. The Xen hypervisor may be 50,000 lines of code but it’s useless without that bloated Dom0 sitting on top of it. Check out the video (if you can be bothered to register, are they so desparate for sales leads that you need to register to watch a video???) of the XenServer “embedded” product – it still requires going though what is essentially a full Linux install, except instead of reading from a CD and installing to a hard drive it’s all on a flash device attached the mainboard. But i digress…

So lets start at the top, and take a stroll through how you might string this ESXi stateless infrastructure together in your everyday enterprise. And I’ll say upfront, I’m a Microsoft guy so a lot of the options in here are Microsoft centric. In my defense however, every enterprise runs Active Directory and it’s easy to leverage some peripheral Windows technologies for what we want to achieve.

First up, the TFTP server. RIS (or WDS) is not entirely necessary for what we want to do – a simple ol TFTP server will do, even the one you can freely install from a Windows CD. In this example we’ll use good ol’ pxelinux, so our bootfilename will be ‘pxelinux.0’ and that file will be in the root of the TFTP server. The directory structure TFTP root could be something as follows:

In the TFTP root pictured above I have 3 directories named after the ESXi build. The ‘default’ file in the pxelinx.cfg directory presents a menu so I can select which kernel to boot. I could also have a file in the pxelinux.cfg directory named after the GUID of the client, which would allow me to specify which kernel to boot for a particular client.

If you already have RIS / WDS in your environment, things are a little less clunky… can simply create a machine account in AD, enter the GUID of the box when prompted and then set the ‘netbootMachineFilePath’ attribute on computer object to the file on the RIS box that you want to boot.

Onto DHCP. Options 66 (TFTP server hostname) and 67 (bootfile name) need to be configured for the relevant scope. DHCP reservations for the ESXi boxen could also be considered a pre-requisite. The ESXi startup scripts do a nice job of picking that up and handling it accordingly.

So all this stuff is possible today (albeit unsupported). If ESXi doesn’t have a filesystem for scratch space, it simply uses an additional 512MB of RAM for it’s scratch – hardly a big overhead in comparison to the flexibility PXE gives you. Booting of an embedded USB device is cool, but having a single centralised image is way cooler. As you can see, there’s nothing stopping you from keeping multiple build versions on the TFTP server, making rollbacks a snap. With this in place, you are halfway to a stateless infrastructure. New ESXi boxes can be provisioned almost as fast as they can be booted.

After booting, they need to be configured though… and that’s where we move onto theory…

The biggest roadblock by far in making this truly stateless, is the lack of state management. There’s no reason why VirtualCenter couldn’t perform this function. But there’s other stuff that would need to change too in order to support it. For example, something like the following might enable a fully functioning stateless infrastructure:

1) Move the VirtualCenter configuration store to Lightweight Directory Services (what used to be called ADAM), allowing VirtualCenter to become a federated, mutli-master application like Active Directory. The VMware Desktop Manager team are already aware that lightweght directory services make a _much_ better configuration store than SQL Server does. SQL Server would still be needed for performance data, but the recommendation for enterprises these days is to have SQL Server on a separate host anyway.

2) Enhance VirtualCenter so that you can define configurations on a cluster-wide basis. VirtualCenter would then just have to track which hosts belonged to what cluster. XenServer kind of works this way currently – as soon as you join a XenServer host to a cluster, the configurations from the other hosts are replicated to it so you don’t have to do anything further on the host in order to start moving workloads onto it. This is probably the only thing XenServer does _way_ better than VI3 currently. Let’s be honest – in the enterprise, the atomic unit of computing resource is the cluster these days, not the individual host. Additionally, configuration information could be further defined at a resource pool or vmfolder level.

3) Use SRV records to allow clients to locate VirtualCenter hosts (ie the Virtual Infrastructure Management service). Modify the startup process of ESXi so that it sends out a query for this SRV record everytime it boots.

4) Regardless of which VirtualCenter the ESXi box hit, since it would be federated it can tell the ESXi box which VirtualCenter host is closest to it. The ESXi box would then connect to this closest VC, and ask for configuration information.

By now all the Windows people reading this are thinking “Hmmm, something about that sounds all too familiar”. And they’d be right – Windows domains work almost exactly in this way.

SRV records are used to allow clients to locate kerberos and LDAP services, ie Domain Controllers. The closest Domain Controller to the client is identified during the logon process (or from cache), and the client authenticates to this Domain Controller and pulls down configuration information (ie user profile and homedrive paths, group membership information for the user and machine accounts, Group Policy, logon scripts etc). This information is then applied during the logon process, resulting in the user receiving a fully configured environment by the time they logon.

I haven’t had enough of a chance to run SCVMM 2008 and Hyper-V through their paces to see if they operate in this manner. If they don’t, VMware can consider themselves lucky and would do well to get this functionality into the managment layer ASAP (even if it means releasing yet another product with “Manager” in the title :-).

If Microsoft have implmented this kind of functionality however, VMware needs to take notice and respond quickly. Given that the management layer will become more and more important as virtualisation moves into hardware, VMware can’t afford to slip on this front.

Congratulations if you made it this far. Hopefully you’ve enjoyed reading and as always for this kind of post, comments are open!