Yellow Bricks

What have you’ve been up to?

Duncan Epping · Feb 15, 2011 ·

I got a couple of questions around what I have been up to lately as some noticed there was a slight decrease in volume from a blogging perspective on yellow-bricks. (from 4 articles per week to 2-3 article per week) Well I have been reading up on my new role but on top of that also started blogging for the ESXi Chronicles blog (add it to your RSS reader) and created a VMware Storage centric twitter account. (Follow me if you want to keep up to date on VMware storage initiatives!) The things that I’ve worked on the last couple of weeks:

VMware ESXi: Planning, implementation and security
The week before VMware Partner Exchange I decided that it was time to start brushing up my ESXi knowledge. I usually dig up all the manuals and presentations I can find and start from there. This time I took a different approach however, I bought a book. The book is titled “VMware ESXi: Planning, Implementation, and Security” and is authored by a true VMTN Community hero, Dave Mishchenko.
Scripted install with ESXi
Now you can kick off the automated install of your ESXi server. But wait, you probably want to see what script I used? That is what I figured, here is the script I wrote to automatically install and configure the ESXi host, it is just a simple script that I used and tested in my lab with the main purpose of showing what is possible with ESXi today. The configuration of the server will run after the first boot. I have added several “comment lines” to explain what I am doing and why.
Adopting ESXi, now is the time!
Within the virtualization community we have been seeing more and more people adopting ESXi. Not only adopting it but also actively evangelizing the use of ESXi over ESX classic. The main argument being of course the reduction in operational effort involved with maintaining the platform. Last week two excellent articles were published. The first article was by Bob Plankers of LoneSysAdmin.net fame. Bob wrote an excellent article countering all often heard complaints about ESXi.

I also wrote my first KB article which discusses the impact of CPU/Memory limits with help from someone from the the GSS team. You would expect that a KB article describing the impact already existed but surprisingly enough it did not. Hence the reason I felt an official statement could prevent some of the issues we see in the field on a daily basis.

Impact of virtual machine memory and CPU resource limits

Of course that’s not it, I am working on multiple other projects which I cannot discuss yet unfortunately and participated in the VCDX Defenses at PEX. One of the things I can reveal though is that Frank and I are make plans for a volume 2 of the HA/DRS Tech Deepdive and that the sales is still going strong, thanks everyone for your help/support! (No, there will not be an e-book unfortunately, the amount of time/reformatting required did not fit our current schedule.) Keep those reviews and pictures coming though.

Management Cluster / vShield Resiliency?

Duncan Epping · Feb 14, 2011 ·

I was reading Scott’s article about using dedicate clusters for management applications. Which was quickly followed by a bunch of quotes turned into an article by Beth P. from Techtarget. Scott mentions that he had posed the original question on twitter if people were doing dedicated management clusters and if so why.

As he mentioned only a few responded and the reason for that is simple, hardly anyone is doing dedicated management clusters these days. The few environments that I have seen doing it were large enterprise environments or service providers where this was part of an internal policy. Basically in those cases a policy would state that “management applications cannot be hosted on the platform it is managing”, and some even went a step further where these management applications were not even allowed to be hosted in the same physical datacenter. Scott’s article was quickly turned in to a “availability concerns” article by Techtarget to which I want to respond. I am by no means a vShield expert, but I do know a thing or two about the product and the platform it is hosted on.

I’ll use vShield Edge and vShield Manager as an example as in Scott’s article vCloud Director is mentioned which leverages vShield Edge. This means that vShield Manager needs to be deployed in order to manage the edge devices. I was part of the team who was responsible for the vCloud Reference Architecture but also part of the team who designed and deployed the first vCloud environment in EMEA. Our customer had their worries as well about resiliency of vShield Manager and vShield Edge, but as they are virtual they can easily be “protected” by leveraging vSphere features. One thing I want to point out though, if vShield Manager is down vShield Edge will continue to function so no need to worry there. I created the following table to display how vShield Manager and vShield Edge can be “protected”.

Product	vShield Manager	VMware HA	VM Monitoring	VMware FT
vShield Manager	Yes (*)	Yes	Yes	Yes
vShield Edge	Yes (*)	Yes	Yes	Yes

Not only would you be able to leverage these standard vSphere technologies there is more that can be leveraged:

Please don’t get me wrong here, there are always methods to get locked out but as Edward Haletky stated “In fact, the way vShield Manager locks down the infrastructure upon failure is in keeping with longstanding security best practices”. (Quote from Beth P’s article) I also would not want my door to be opened up automatically when there is something wrong with my lock. The trick though is to prevent a “broken lock” situation from occurring and to utilize vSphere capabilities in such a way that the last known state can be safely recovered if it would.

As always an architect/consultant will need to work with all the requirements and constraints and based on the capabilities of a product come up with a solution that offers maximum resiliency and with the mentioned options above you can’t tell me that VMware doesn’t provide these

Want a free HA/DRS Technical Deepdive Book?

Duncan Epping · Feb 10, 2011 ·

Want a free HA/DRS Technical Deepdive Book? Watch vChat 15!

In Episode 15 of our vChat series, we have a couple of special guests with us whom I’m sure you would have heard of or if not met before, Frank Denneman and Duncan Epping. These guys embody almost all things deep-dive when it comes to vSphere and with the recent release of their new book VMware HA/DRS Deepdive and we take the opportunity to ask about the background behind the book, whether an electronic version is in the pipeline along with their plans for any future publications. We discuss VMware Partner Exchange (PEX) 2011. Other topics, as you’d imagine, cover the VMware iPad app (and the potential security issues) and their home vSphere labs.

Watch it here!

Storage Performance

Duncan Epping · Feb 3, 2011 ·

This is just a post to make it easier finding these excellent articles/threads on VMTN about measuring storage performance:

Scott Drummonds – Storage System Performance Analysis with Iometer
VMTN Unofficial Storage Perf Thread I – http://communities.vmware.com/thread/73745
VMTN Unofficial Storage Perf Thread II – http://communities.vmware.com/thread/19784

All these have one “requirement” and that is that Iometer is used.

Another one that I wanted to point out are these excellent scripts that Clinton Kitson created which collects and processes vscsistats data. That by itself is cool, but what is planned for the next update is even cooler. Live plotted 3d graphs. Can’t wait for that one to be released!

Using the vSphere Plan & Design Kit

Duncan Epping · Feb 2, 2011 ·

As part of my role I very often review design documents that other consultants/architect have written, and not only those of VMware employees but also from external people. On top of that of course I also see a lot of VCDX application packages pass by. Something struck me the other day when I was doing the 3rd review in just a couple of hours and I started thinking about the designs I had reviewed so far and noticed there was a common theme.

Before I get started I want to make sure everyone understands that I believe there’s a very strong value to using standardized templates / frameworks. So don’t misinterpreted this article.

I know that many of you are consultants/architects and leverage the Plan & Design kit that VMware PSO created or have an internally developed template that might or might not be based on this P&D Kit. (If your a VMware Partners and wonder what this kit is, log in to the partner portal and look around!) The Plan & Design kit is basically a template, although the hot word these days is framework, that lays out the foundation for a vSphere 4.x design. I guess “framework” or “template” already reveals how it should be used but lately I have been noticing, and yes even VCDX submissions, that people are trying to cut corners and skip sections or use the defaults. I guess by now most of you are thinking “well that doesn’t apply to me”, but lets be honest here when you use the same template for years you start to get lazy. I know I do.

While there is absolutely nothing wrong with using the template and adopting the best practices mentioned in this template, this only goes when they are used in the right context. The framework that VMware for instance provides contains many examples of how you could implement something, and the ones provided are usually the best practice. That doesn’t necessarily mean though that this best practice meets your customer’s requirement or can be used based on the constraints this environment/customer has. Just to give an example of something that I see in 90% of the designs I review:

Max amount of VMs per datastore 15
Datastore size 500GB
Justification: To reduce SCSI reservations

This used to be a best practice and probably a very valid design decision in most cases. However over the last 3 version the locking mechanism has been severely improved. On top of that even more recently VAAI was introduced and the risks were reduced because of that. Along the way the number 15 got bumped up to 20-25, depending on the workload and the RTO. Based on those technology changes your best practice and template should have been updated, or at a minimum explain what the “new” reason is for sticking with these values.

Every single time you write that new design challenge your decisions, go over these best practices and make sure they still apply. Every time a new version of the product is released validate the best practices and standardized design decisions and change them accordingly to benefit from these features.