VMware

Storage IO Control Best Practices

Duncan Epping · Oct 19, 2010 ·

After attending Irfan Ahmad’s session on Storage IO Control at VMworld I had the pleasure to sit down with Irfan and discuss SIOC. Irfan was so kind to review my SIOC articles(1, 2) and we discussed a couple of other things as well. The discussion and the Storage IO Control session contained some real gems and before my brain resets itself I wanted to have these documented.

Storage IO Control Best Practices:

Enable Storage IO Control on all datastores
Avoid external access for SIOC enabled datastores
- To avoid any interference SIOC will stop throttling, more info here.
When multiple datastores share the same set of spindles ensure all have SIOC enabled with comparable settings and all have sioc enabled.
Change latency threshold based on used storage media type:
- For FC storage the recommended latency threshold is 20 – 30 MS
- For SAS storage the recommended latency threshold is 20 – 30 MS
- For SATA storage the recommended latency threshold is 30 – 50 MS
- For SSD storage the recommended latency threshold is 15 – 20 MS
Define a limit per VM for IOPS to avoid a single VM flooding the array
- For instance limit the amount of IOPS per VM to a 1000

Final lab results VMworld Europe 2010

Duncan Epping · Oct 14, 2010 ·

I just received the final numbers on the VMworld Europe Labs. I am really excited that the vCloud Director Lab came in as first as I was one of the Captains for that Lab. Great improvement compared to the US where we came in as 4th. Other Labs that went up a couple of places are VMware vShield and of course PowerCLI!

We managed to hit both of our targets and I must say that the Labs were well organized and I was extremely impressed by the fact that all of it was hosted in the Cloud! Don’t let me keep you waiting much longer, here are the numbers:

Total Labs completed: 5,948
Total VMs deployed: 56,435

The Top 10 labs were:

VMware vCloud Director Install & Config (646)
VMware View 4.5 Install and Config (623)
VMware vSphere Perf & Tuning (491)
VMware vShield (364)
VMware View 4.5 Advanced (341)
VMware ESX 4.1 new features (326)
VMware vSphere PowerCLI (290)
VMware vSphere Troubleshooting (286)
VMware ESXi Remote Management Utilities (275)
VMware ThinApp 4.6 (242)

Thanks everyone for attending VMworld and making it a success and hope to see you next year!

VMware High Availability – Futures (part of BC7803)

Duncan Epping · Oct 14, 2010 ·

First of all need me start by thanking everyone who attended our session at VMworld Copenhagen. First session filled up quick and 5 minutes before we were supposed to start they had to close the doors as the place was packed. I can tell you that is the best compliment you can get! I know a bunch of people took pictures of the session, if you did we would appreciate it if you could sent me a copy! (Eric Sloof shot a video, thank Eric!)

There is something that was discussed during the presentation and actually mentioned on the very last slide which I wanted to share with all of you and that is around some of the HA futures. Now I am not going to fully elaborate on these as I don’t want to get into any NDA related issues, but I will try to add a bit more detail as soon as I have the whole video of the session. (I need to know the boundaries.)

All New Architecture, a single lightweight HA agent process
Eliminate concept of “Primaries”
Storage heartbeating as backup communication channel
Automatic resolution of network partitions
VMs still protected during partitions, no “fighting” for VM control
Greater scalability, extensible
Ability to deal with any number of simultaneous host failures
New lightweight communication model
All state required to recover from any failure is persisted
Improved isolation actions (VMs left running and restarted as needed via storage subsystem monitoring)
No dependencies on DNS

All the people rounding up after the session with questions (Thanks Jannie Hanekom!) …

And of course a big thanks to Eric Sloof for this picture:

VMworld Labs Europe – Open on Monday!!

Duncan Epping · Oct 10, 2010 ·

Yes, we will be open on Monday from 13:00 till 18:00! Not only that, but the for the remaining days the labs will open up at 08:00. Some might wonder why the schedule changed, the reason for it is simple the amount of VMworld registrations was so overwhelming VMware wanted to offer everyone the opportunity to get the most out of VMworld. So if you are coming down to the Bella Center on Monday to register stick around and do some labs! There are enough topics to spent your whole Monday afternoon in the Bella Center. My personal favorites definitely are:

VMware View 4.5 Install and Configure
VMware vShield
VMware vCloud Director Install and Configure
VMware vCloud Director Networking
VMware vSphere Performance & Tuning

But besides these 5 there are about 25 other labs, so enough to get your hands dirty.

vCD – Networking part 3 – Use case 2

Duncan Epping · Oct 6, 2010 ·

Part 1 explained the basic concepts of networking within vCD(VMware vCloud Director), Part 2 focussed on Network Pools and Part 3 focussed on a use case which was a vApp directly connected to an External routed Org Network. It took me a while to develop part 3 and I wasn’t sure if I could find the time to do another use case or not. I received a dozen requests for another use case so I decided to free up some time to help you guys out. Please read the other parts of this series before you start reading this part. Okay, let’s dive into those trenches.

vApp fenced to an Internal Org Network

Use case:

Environments where vApps are copied and redeployed for test and development purposes. There is no connection back to the customers datacenter to avoid any interference that could be cause by these test environments.

We will start with the basics. The flow of the network in this case will be:

Although only two different type of networks are used, this could of course result in multiple layers if and when for instance multiple vApp Networks are created. For the purpose of this exercise we will create a vApp with 3 VMs including two different networks. You could say you classical three-tier application.

WEB = Web Frontend
APP =Application Server
DB = Databaser Server

As you can imagine we don’t need users accessing the Application or Database Server so these two will be on a separate network segment. The Web Frontend will need to be accessible though and it will need to be able to access both the Application and the Database Server. Logically speaking that will look as follows:

Please note that the Org Network doesn’t connect back to anything! This means that in order for you to connect to your WEB vm you will need to go through the vCD Portal! Of course you could still test if your web services are working by simply deploying a desktop VM with windows XP in the same Org. Now I can hear some of you think why not just a NAT-Routed Org Network, well that is something that would work as well, but than it would be really similar to what use case 1 provided and this is purely for educational purposes.

Creating the Networks

The first step of course is to ensure you have a Network Pool. If you haven’t already created, you can use Part 2 of this series as a reference. I am assuming here you already have a network pool and will go straight to the Org Network, which is option 7 on the home screen.

Now you will need to select the Org that this Network will belong to and then you can decide what type of network you will create. You can do this in either “Typical” or “Advanced” mode. Both will give you the same options but it is named slightly different and Advanced will only allow you to create 1 network at a time where with Typical you can create multiple. As we have used Typical in the previous use case we will use Advanced this time. We are going to create a fully isolated Org Network so we will select “Internal Organization Network”.

Next up we will need to select a network pool. Now you might ask yourself why we will need one when the Org Network is completely isolated? Well we will need cross-host communication when vApp/VMs need to communicate with each other and don’t reside on the same host. Although it sounds very logical, it is often overseen that this is what a network pool does. It enables cross-host communication. In this case we will select the vCloud Network Isolation Network Pool.

Now we will need to specify the IP details for this Org Network. These IP addresses will be consumed by the VMs that are configured to use the “static pool”, in our case that will be the vShield Edge device that is deployed as part of this Isolated Network (deployed for DHCP services etc) and the WEB virtual machine.

Of course we will need to give it a name. I tend to use the name of the Org and the type of Org Network I created.

Now we will need to build a vApp. As stated this vApp will contain multiple VMs.

We will give it a name.

And we will start adding multiple VMs to it. The WEB virtual machine will have 2 NICs as it will need to connect to a device outside of vApp and to two VMs inside of the vApp.

The following two VMs “APP” and “DB” will be configured with a single NIC as they will only need to connect to each other, all contained within the vApp.

Now this is the part where we will assign specific network segments to the NICs. For WEB we will connect “NIC 0” to the Internal Org Network and NIC 1 will need to be connected to a vApp Network.

This vApp Network however will need to be created first. Please note that this is a vApp network, so only available to those VMs which are part of this vApp! Again we will need to specify IP details for the VMs to consume.

When we have done this and have given the vApp network a name we can connect the remaining VMs to the same network.

Now in order to have multiple copies of the same vApp running within the Org we will select “Fenced” mode for the vApp which basically will deploy a vShield Edge device.

I guess this diagram that vCD creates makes it a bit more clear what your vApp connectivity will look like:

And if that isn’t enough you can also check the Maps functionality that vCenter offers. This will give you a great view of how this vApp is connected within vSphere.

So what about that desktop? And what about if we have two copies of that vApp running? Well this is what the map would look like if when we have created these. On the middle left you will see the desktop that is used for testing the WEB VMs. Both WEB virtual machines can be accessed through the VSE device, which of course means that you will need to setup NAT, but we will leave an in-depth explanation around that for the next article.

Summary

vCloud Director Network is really powerful, but as shown by this use case it can get very complex rather fast especially when you are using multiple layers. In this example we kept it simple by using an isolated network, an External NAT/Routed Org Network would have added another layer. Features like vCenter Maps will however make it easier to understand what has been created on the vSphere layer to enable these layers of networking, make sure you take advantage of functionality like this when exploring vCD!