Yellow Bricks

by Duncan Epping

VMware / ecosystem / industry news flash… part 4

· ·

VMware / ecosystem / industry news flash time again. Took me a while to get a bunch of them, so some of the news is a bit older then normal.

  • Dell and SuperMicro to offer an EVO:RAIL bundle with Nexenta for file services on top of VSAN!
    Smart move by Nexenta, first 3rd party vendor to add value to the EVO:RAIL package and straight away they partner with both Dell and SuperMicro. I expect we will start seeing more of these types of partnerships. There are various other vendors who have shown interest in layering services on top of EVO:RAIL so it is going to be interesting to see what is next!
  • Tintri just announced a new storage system called the T800. This device can hold up to 3500 VMs in just 4U and provides 100TB of effective capacity. With up to 140K IOPS this device also delivers good performance at a starting price of 74K USD. But more then the hardware, I love the simplicity that Tintri brings. Probably one of the most user/admin friendly systems I have seen so far, and coincidentally they also announced Tintri OS 3.1 this week which brings:
    • Long awaited integration with Site Recovery Manager. Great to see that they pulled this one off, it something which I know people have been waiting for.
    • Encryption for the T800 series
    • Tintri Automation Toolkit which allows for end-to-end automation from the VM directly to storage through both PowerShell and REST APIs!
  • Dell releases the PowerEdge FX. I was briefed a long time ago on these systems and I liked it a lot as it provides a great modular mini datacenter solution. I can see people using these for Virtual SAN deployments as it allows for a lot of flexibility and capacity in just 2U. What I love about these systems is that they have networking included, that sounds like true hyper-converged to me! A great review here by StorageReview.com which I recommend reading. Definitely something I’ll be looking in to for my lab, how nice would it be: 4 x FC430 for compute + 2 x FD332 for storage capacity!

That it is for now…

Non-Uniform configurations for VSAN clusters

· ·

I have been receiving various questions around support for non-uniform configurations in VSAN environments (sometimes also referred to as “unbalanced” configurations) . I was a bit surprised by it to be honest as personally I am not a big fan of non-uniform configurations to begin with. First, with “non-uniform” I am referring to different hardware configurations. In other words you have four hosts with 400GB Intel s3700 flash and one host with 200GB Intel s3500 flash. The question was if this is an acceptable configuration if the overall flash capacity still meets the recommended practice of 10% of used capacity.

Although technically speaking this configuration will work and is supported, from an operational and user experience perspective you need to ask yourself if this is a desired scenario. I have seen people doing these type of constructions out in the field as well with “flash caching” solutions and believe me when I say that the result were very mixed. The problem is that when you have a non-uniform configuration your predictability of performance will be impacted. As you can imagine cutting your flash capacity in half on a host could impact the cache hit ratio for that particular host. Also using a different type of flash will change your results / experience more then likely. On top of that, imagine you need to do maintenance on your hosts, it could be that the “non-uniform” host will have different procedures for whatever maintenance you are doing… it just complicates things unnecessarily.

So again, although this is supported and will work from a technical perspective it is not something I would recommend from an operational and user experience point of view.

VMUGs I’ll be speaking at in November…

· ·

I had this question last week from 2 readers if I was planning on presenting at a particular VMUG. I have prepared a session for three VMUGs in November where I will be presenting on vSphere (and related tech) futures. If you want a hint at what is going to be discussed I recommend reading this blog post. I will present this session at the following VMUGs, make sure you register as soon as possible as these yearly events are definitely worth attending. I encourage EVERYONE who comes to my session to ask questions and to interact to avoid death by Powerpoint 🙂

For the folks near the belgian border (Holland / France / Germany), all presentations should be in English so it is worth attending if you live relatively close by!

Recommended Read: The Phoenix Project

· ·

Last week when traveling to China I finally had the time to read a book which I had on my “to read” list for a long time: The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win.

I just posted a review up on Amazon.com and figured I would share it with my readers as well as I felt this book is worth promoting, although many of my fellow bloggers/tweeps have done this already. Let me copy the review for your convenience:

Reading the book one thing stands out is that it is all very recognizable if you have ever worked for a company which is moving in to new spaces and has a business relying on IT. I have been there and many of the situations sounded / felt very familiar to me. I found it a very enjoyable read and educational at the same time to a certain degree. Now here is he caveat, although it is a book about IT and DevOps it is very much written as a novel. This is something you need to take in to consideration when you buy is and when you read it, and ultimately review it. I felt that when you read it as a novel it is an excellent light and easy read with the right amount of details needed to help you learn about what DevOps can bring to your business. After reading the book I am actually left wondering if DevOps is the right term, as it is more BizDevOps then anything else. All of IT enabling the development of business through operational efficiency / simplicity.

phoenix project The book was written by Gene Kim, Kevin Behr and George Spafford and the book revolves around an IT Manager (Bill) who is struggling to align IT agility / flexibility with business needs for the Phoenix Project. As I mentioned in the review many of the situations actually sounded very familiar to what I have experienced in previous roles before joining VMware, so I could relate to a lot of the challenges described in the book, and I think that is why is was also very entertaining. At the same time, it is humorous but also fairly light reading so before you know it you are a couple of chapters in.

In my Amazon review I mentioned that after reading the book I was left wondering whether “DevOps” was the right term as to many sys admins the connotation of DevOps seems to be a negative one. When reading the book, and looking back at my own experience the goal is allowing the development of business for your company and whether that is new business, increase of volume, or a full transformation is besides the point even. Key is that you will only get there when all of IT is aligned and working towards that common goal.

I don’t read too many IT books as typically they are dry and I struggle to get through them. Phoenix Project was the opposite, if you are like me then definitely give this a try. Although it is not a deep technical book, as I stated it is more a novel, I am sure everyone gets something out of it. I read the Kindle version, it was definitely worth the 9.99, but if you prefer a paper copy then you can find it on Amazon for less then 16 dollars which is still a great buy! Recommended read for sure!

(Inter-VM) TPS Disabled by default, what should you do?

· ·

We’ve all probably seen the announcement around inter-VM(!!) TPS (transparent page sharing) being disabled by default in future releases of vSphere, and the recommendation to disable it in current versions. The reason for this is the fact there was a research paper published which demonstrates how it is possible to get access to data under certain highly controlled conditions. As the KB article describes:

Published academic papers have demonstrated that by forcing a flush and reload of cache memory, it is possible to measure memory timings to determine an AES encryption key in use on another virtual machine running on the same physical processor of the host server if Transparent Page Sharing is enabled. This technique works only in a highly controlled environment using a non-standard configuration.

There were many people who blogged about what the potential impact is on your environment or designs. Typically in the past people would take a 20 to 30% memory sharing in to account when sizing their environment. With inter-VM TPS disabled of course this goes out of the window. Frank described this nicely in this post. However, as Frank also described and I mentioned in previous articles when large pages are being used (usually the case) then TPS is not used by default and only under pressure…

The under pressure part is important if you ask me as TPS is the first memory reclaiming technique used when a host is under pressure. If TPS cannot sufficiently reduce the memory pressure then ballooning is leveraged, followed by compression and swapping ultimately. Personally I would like to avoid swapping at all costs and preferably compression as well. Ballooning typically doesn’t result in a huge performance degradation so it could be acceptable, but TPS is something I prefer as it just breaks up large pages in to small pages and collapses those when possible. Performance loss is hardly measurable in that case. Of course TPS would be way more effective when pages between VMs can be shared rather then just within the VM.

Anyway, the question remains should you have (inter-VM) TPS disabled or not? When you assess the risk you need to ask yourself first who has access to your virtual machines as the technique requires you to login to a virtual machine. Before we look at the scenarios, not that I mentioned “inter-VM” a couple of times now, TPS is not completely disabled in future versions. It will be disabled for inter-VM sharing by default, but can be enabled. More to be found on that in this article on the vSphere blog.

Lets explore 3 scenarios:

  1. Server virtualisation (private)
  2. Public cloud
  3. Virtual Desktops

In the case of “Server virtualisation”, in most scenarios I would expect that only the system administrators and/or application owners have access to the virtual machines. The question then is, why would they go to this level when they have access to the virtual machines anyway? So in the scenario where Server Virtualization is your use case, and access to your virtual machines is restricted to a limited number of people, I would definitely reconsider enabling inter-VM TPS.

In a public cloud environment this however is different of course. You can imagine that a hacker could buy a virtual machine and try to retrieve the AES encryption key. What he (the hacker) does with it next of course is even then still the question. Hopefully the cloud provider ensures that that the tenants are isolated from each other from a security/networking point of view. If that is the case there shouldn’t be much they could do with it. Then again, it could be just one of the many steps they have to take to break in to a system so I would probably not want to take the risk, although the risk is low. This is one of the scenarios where I would leave inter-VM TPS disabled.

Third and last scenario is Virtual Desktops. In the case of a virtual desktop many different users have access to virtual machines… The question though is if you are running any applications or accessing applications which are leveraging AES encryption or not. I cannot answer that for you, so I will leave that up in the air… you will need to assess that risk.

I guess the answer to whether you should or should not disable (inter-VM) TPS is as always: it depends. I understand why inter-VM TPS was disabled, but if the risk is low I would definitely consider enabling it.