One of the more overlooked placement discussions that happen within the design or re-engineering phases of virtualization projects involves systems that are on an external network.

The placement of external systems can be addressed many different ways, including the use of virtual private network (VPN) authentication servers, web servers or remediation systems for network access control. Consider the following architecture diagram where larger virtualization hosts contain all types of systems within the virtualized environment:

While the networking of these virtual machines may be configured with the same protections as their physical counterparts, there are some concerns with this configuration. This can become even more of a concern in the event where the firewall is a virtual machine as well in the same environment. An architecture that can better protect the internal and external workloads would be to have a separate environment with connectivity and workloads only to the external interfaces. Consider the figure below for the same workload:

In this manner, more hosts may be needed for the same workload to account for maintenance mode and other factors when separated. These additional hosts may be configured with smaller hosts and smaller processor inventory to not incur any additional costs or licensing for anything that is licensed by processor.

If firewall or other core network appliances are virtualized, their placement requires a little more thought because they may have a footprint on both the internal and external networks. In the case of shared resources of internal and external workloads, an outbreak type event on an external system may have resources consumed at the expense of the internal workload. By having the internal and external workloads separated, the risk of attacks within the operating system or an attack that targets virtual machines would be initially contained by internal and external workloads.

This strategy can be applied to all virtualization products, and can also be applied more specifically to network and storage configurations to protect in the same fashion. 

Speculations are overflowing within the virtualization community following Diane Greene’s resignation from VMware. As a glass-half-full kind of guy, I’d like to offer my reasons why VMware may thrive in the next several years.

First and foremost, I feel that VMware’s technology has the potential to continue to be superior to the competition. While price is among the more important decision points, the superior product will hold its own in the marketplace despite the higher price. The standing example in this arena is enterprise databases. Oracle is a better database platform than Microsoft’s offerings, yet both hold good position in the market place. A certain amount of normalization of market share for VMware is to be expected as other hypervisors and management products enter the market, but more organizations have yet to enter the market as a customer.

Storage integration will continue to drive the richest virtualization platforms. The most underrated technology that VMware has ever produced is the virtual machine file system or VMFS. VMware’s implementation of this technology will improve over time, and the competition is not yet there in this space.

VMware will have a lower host hardware cost per VM for the same performance deliverables. While this is incredibly difficult to precisely quantify, my experience is that VMware can run more virtual machines than Hyper-V on the same hardware. Again, because price is among the most important decision points, this point may help VMware as hardware becomes more capable for virtualization technologies.

VMware can continue to innovate within the virtualization space. VMware has the virtualization expertise to provide new products into the market, and among the major players in the field they would be the most suited to innovate at this point.

It is a given that the other platforms will make gains in market share with the relative flood of products into the space. But considering VMware’s proven ability to innovate in this space, they have the chance to retain their lead and keep going in the correct direction. We will see!

Clabby Analytics analyst Joe Clabby is 100% convinced that Microsoft’s Hyper-V will take over VMware in market share over the next three to five years, and makes some strong points for this in his recent report, Six Reasons Why Microsoft’s Hyper-V will Overtake VMware to Become the Major Player in the x86 Server Virtualization Marketplace.

The report came out prior to the shake-up at VMware on July 8, when the company announced that its Board of Directors replaced VMware co-founder and CEO Diane Greene was being replaced, and then lowered its revenue forecast.

VMware had the vision to see the value of virtualization and took the technology to the top unchallenged due to strategy, innovation and sales execution, but that ride is about to come to an end, Clabby said.

“With the introduction of Hyper-V by Microsoft, VMware is about to experience some very serious competition from a vendor with deep pockets, with a massive worldwide marketing and sales organization, with major market penetration across Fortune 500 and small and medium business markets, and with extensive and complementary infrastructure and management product depth,” Clabby reported.

Among the reasons Clabby believes Microsoft will crush VMware are that Microsoft already has an expansive installed base, a mammoth network of direct sales and indirect business partners, and is offering lower prices alternatives to VMware’s hypervisor and related infrastructure/management software products.

Unfortunately, I have to agree. History tends to repeat itself, and this has been Microsoft’s strategy for a very long time: see a great technology, copy it, and outprice the rest of the market.

Vanity Fair’s July issue had a great article that illustrates this, called “How the Web was Won” that looks at the eveolution of the Internet over the past 50 years, including details of how Microsoft took over Netscape Navigator by developing Internet Explorer.

The computer programmer known for founding Netscape Communications, Lou Montulli, told Vanity Fair, “From a scientific point of view none of us really respected Microsoft. There was definitely a sense of: They’ve put out of business three or four major companies, and they did it simply by copying what they did and outpricing or outmaneuvering them in the market. This is a general feeling of computer scientists everywhere, that Microsoft doesn’t tend to innovate as much and really just enters the market late, takes it over, and then stays at the top.”

Pricing aside, Microsoft already has a massive installed base.

“It will leverage this installed base, and price its products to out-function/undercut VMware’s pricing,” Clabby wrote. “The computing industry saw this same situation arise when Citrix built a leadership base for its terminal server products — only to have Microsoft enter the market and claim significant marketshare after Citrix pioneered the terminal server marke umbrella. Almost the exact same situation is about to happen again — this time between VMware and Microsoft.”

Microsoft also has a packaging advantage with its Hyper-V hypervisor, as it can be delivered with every single version of 64-bit Windows Server 2008, and installing Hyper-V is a cake walk, according to Clabby.

“A box simply needs to be checked during installation and Hyper-V becomes active. By not requiring IT buyers to find/acquire/download additional virtualization software, the job of deploying and testing virtualization within a Windows Server 2008 is greatly simplified. VMware cannot counter this packaging advantage,” Clabby wrote.

The most damning problem for VMware, according to Clabby, is product depth.

Though VMware has the advantage of technologies like VMotion, to move live VMs, and all of the handy add-on management and infrastructure software integrated into VMware, Clabby said Microsoft’s management and infrastructure is far deeper.

Microsoft’s Systems Center product portfolio inlcludes systems management tools like Configuration Manager; Operations Manager; Data Protection Manager; Virtual Machine Manager; System Center Essentials; Capacity Planner, and the list goes on, ad nauseum.

Besides all of those points, Microsoft is a $51 billion dollar software company and VMware’s revenue is just over $1 billion.

In short, given its deep pockets, large installed base and virtualization strategy, it is safe to say Microsoft will, once again, be laughing all the way to the bank.

Given that virtual environments for x86 servers are relatively new, most lack direct experience in performing major in-place upgrades. While there are many ways to approach a key upgrade to a virtual environment, we’ll take a look at one example of a server virtualization upgrade: VMware ESX 3.5 and VirtualCenter 2.5 to the Update 1 release of both products. This release resolved some major issues, putting the spotlight back on the new features of ESX 3.5, namely Storage VMotion.

Maintaining version control on a virtualization platform is in the best interest of ongoing administration. With VMware environments, this situation is illustrated by the sequential upgrade tasks with older versions of ESX and VirtualCenter. The first step in making a successful upgrade is to go through the release notes and scour the Internet for existing resources that can make this task less daunting. One particularly helpful resource is the RTFM Education ESX and VirtualCenter upgrade guide by Mike Laverick which goes through many scenarios with specific, step-by-step guides on almost every topic of the upgrade.

Having all of the resources in the world may still not be enough to ensure a smooth upgrade of the virtual environment. This is where a test environment for the upgrades can prove critical to a successful project. Provisioning an accurate test environment can become increasingly expensive, but can provide a beneficial test ground to ensure there are no surprises during the upgrade. Consider the test environment shown in the figure below:

This test environment is a smaller, yet representative environment of the larger environment in that it may have the same storage system, base drivers on the host systems yet simply providing a smaller workload. This environment can be an adequate test environment for all of the basic functions involved with an upgrade. As for provisioning the environment, there are some tricks available such as using the systems in an unlicensed or evaluation mode, reducing processor inventories or taking resources from the live environment if the loss can be sustained.

Planning and testing are the best defenses against an upgrade failure. Furthermore, because the scope of a virtual environment is so broad, the investment in testing and planning should be a no-brainer.

Now that Microsoft has finally delivered Hyper-V, everyone is waiting to see how many VMware shops will make the switch. Are there any compelling reasons for a company that already has a large investment in VMware products to switch to another product? Here are some reasons why companies may or may not make the switch from VMware to Hyper-V:

Some reasons why companies may choose Microsoft Hyper-V:

• It’s Microsoft. Companies that mainly use Microsoft products could switch to get better support for running their products running on virtual hosts and to not have to rely on a separate vendor for virtualization.

• Cost. It’s definitely cheaper then ESX, but I’m a firm believer that you get what you pay for. Yes, Hyper-V is a lot cheaper then ESX but it lacks the maturity and high-end features that ESX has. It’s probably just a matter of time though before VMware lowers its cost for large enterprises as they have already done with the SMB market with its bundled foundation acceleration kits.

• Versatility. Hyper-V will pretty much run on any hardware that Windows will run on. ESX only supports a very specific set of hardware. VMware has recently expanded their hardware support and will continue to do so.

Some reasons why companies stick with VMware ESX:

• Cost (again). Companies with a lot of in-house VMware experience will have to re-train staff to learn Hyper-V and basically start from scratch. There is a large pool of skilled and experienced VMware architects and administrators available today as well as many VMware consulting firms and business partners.
• Less features. ESX and VirtualCenter have a very rich tool set including vMotion, DRS and HA. Hyper-V lacks the ability to team NICs on vSwitches and their Quick Migration feature requires downtime.
• Less third-party products. A large number of 3^rd party products and add-on’s are available for ESX to enhance it. It will take time for vendors to release products for Hyper-V.
• It’s VMware. ESX is a mature, stable product that has been around for many years, Hyper-V is a 1.0 product that will take to develop and get all the bugs out of it.

Will I make the switch? Probably not anytime soon. I’ll definitely be looking at Hyper-V and will make my own comparisons, but the lack of certain features is a show stopper for me right now. I’ll keep an eye on Hyper-V to see how it develops, re-evaluating it later as new versions are released.

The competition is going to be great in the virtualization market, as it helps to drive down costs and force vendors to innovate. The race is on between VMware and Microsoft with VMware already miles ahead. Nevertheless, Microsoft has a lot of money and the determination to be on top (take Lotus Domino, Novell Netware and Netscape as examples). Expect Microsoft to slowly whittle away at VMware’s dominance as their product matures and to see VMware to do whatever they can to maintain superiority in the virtualization market.

Attention, college students: your tuition may soon decrease!

Well, maybe not. However, VMware Inc. reported today that 900 universities including top tier schools such as Harvard and Yale are saving big bucks using VMware Inc. virtualization.

Many renowned universities that have deployed VMware to reduce capital and operating costs, increase application and system uptime, decrease power consumption and improve disaster preparedness include Cambridge, Princeton, Stanford, Purdue, the University of Maryland, the University of Auckland, and the University of California campuses at Berkeley, Los Angeles and San Diego.

These schools and hundreds more around the world are running their mission-critical enterprise applications, database systems, and education-specific applications such as CollegeNET and the Blackboard Academic Suite in VMware virtualized environments, the company reported.

Others are using VMware for disaster recovery (DR).

Bowdoin College in Maine partnered with Los Angeles-based Loyola Marymount University to build a co-located datacenter for cross-country DR. By partnering and using VMware to create back-up systems, the schools have achieved higher availability and better load balancing, with more than 70% of their environment virtualized and more than 100 virtual machines (VM). They are saving $15,000 in annual server maintenance and have avoided $500,000 in hardware costs, according to VMware.

Ohio State University has been a VMware virtualizatiton customer since 2003 when the College of Humanities needed to upgrade its IT infrastructure and found there was not enough room to expand. After deploying VMware virtualization, the College was able to meet its upgrade needs with 54 VMs running on three physical host servers. The college avoided $160,000 in hardware costs and cut server provisioning time down from three weeks to five minutes, and the IT staff can now manage all of its VMware VMs from a single console.

Clearly, the education sector is a strong market for VMware, as there are now 900 universities and colleges using the virtualization platform. Because of this, VMware created a free online tool called VMware Academic Program staffed with IT professionals from higher education facilities to answer questions about overall IT best practices. In addition to these experts, the site also includes case studies to help understand how others have implemented VMware.

In last week’s blog, I wrote about my first experiences with Sun’s xVM VirtualBox 1.6.2. I  like the interface and the features available to this free desktop virtualization product. Among these great options is one that lets users configure the VirtualBox server to view virtual machines remotely with VRDP, or VirtualBox Remote Desktop Protocol.

VRDP is a compatible implementation of Microsoft’s Remote Desktop Protocol (RDP) that is configured for easy console access to the guest platform from remote systems. This is different from a web-based interface that the competition has in that it is configurable per virtual machine. Let’s take a look at how to configure VRDP for a virtual machine in these steps below.

The first step is to enable VRDP, or remote console as it is called within the interface. By default, VRDP is disabled for all virtual machines and is enabled with a specified security method. The security methods are referred to as null, guest and external. The null method is a no-security model in that any VRDP connection will be accepted, and this configuration is documented by Sun as being designed for a testing and private network only configuration. To enable VRDP on a virtual machine, click on the settings tab while the virtual machine is powered off and configure the remote display option:

Once VRDP is configured, the virtual machine will accept connections the next time it starts. The tricky part is the port and IP address configuration. On default configurations, 3389 would be used for the VRDP session on the host. If your host is a Windows system and is running Remote Desktop, another port should be specified. VRDP can also remotely start the virtual machine with VboxHeadless headless command. Once the virtual machine is running, a connection is made to the host system running VirtualBox and the specified port if not 3389. This connection will provide the redirected console within a standard rdesktop or mstsc session, and will be at all states and regardless if the guest is using a network interface. In this configuration, an operating system could be installed and the virtual BIOS can be accessed as well as other tasks below the operating system.

More information on the VRDP implementation can be found in the VirtualBox online user manual from the VirtualBox community website in section 7.4.

Should you assign a virtual machine (VM) more than one virtual processor or not? It’s common for admins to configure virtual symmetric multiprocessing, or VMs with multiple CPUs, whether it is needed or not.The decision to use more then one virtual processor in a VM should be based on an actual requirement by the applications installed on the VM and not simply because two processors are better then one. Many physical servers commonly have multiple CPUs regardless if the applications running require them. While being wasteful of server resources, this does not negatively impact a physical server but most VMs will usually run better with one virtual processor and can actually run slower when more than one is assigned to it.

The reason for this is the hypervisor’s CPU scheduler must find simultaneous cores available equal to the number assigned to the VM. So a four VCPU VM will need to have four free cores available on the host for every CPU request that is made by the VM. If there are not four cores available because other VMs are using them then the VM must wait until the cores become available. Single VCPU VMs have a much easier time because they only need there to be a single core available for the scheduler to process CPU requests for it.

Here are some tips on assigning VCPUs to VMs:

• Limit the number of VSMP VMs on your hosts. The less you have, the better your VMs will perform.
• Assign a VM multiple VCPUs only if you are running an application that requires it and will make use of them.
• Don’t assign a VM the same amount of VCPUs as your host system has total cores available.
• If you are going to use VSMP have at least twice (preferably three or four times) the number of cores available on your host system then that of your VM with the most VCPUs. So if you have a four VCPU VM, have at least eight cores available on your host server and preferably 16.
• If you are converting a multi-CPU physical Windows server to a single VCPU VM, make sure you change the HAL from multiprocessor to uniprocessor.
• Don’t use CPU affinity as it restricts the scheduler and makes it harder to process CPU requests. The scheduler is very good at what it does, so let it do its job.

Almost every virtualization admin that I interact with has materially changed their strategy at some point with their first generation of server virtualization before the entire project is complete. Among the strategy changes are those related to network zoning, which will become a more important consideration as organizations approach higher levels of virtualization.

Specifically, the placement of external facing systems on the same virtual host as systems which house internal systems can put both sides of the network at risk if a compromise is made to the hypervisor from the external facing systems. This becomes especially important as the virtual appliance space allows organizations to easily consider firewall, intrusion detection, VPN and other external facing roles to be placed into the virtual environment as well as the frequent goal to virtualize everything.  

A more isolating strategy creates a separate environment with hosts dedicated to hosting virtual machines (VMs) that are external facing and not simultaneously host VMs on the internal network. While the hosts may be connected both to the internal and external networks in a DMZ network role, a compromise to the hypervisor or host system would not have as direct of an impact to the VMs running only on the internal networks. This also helps in emergency remediation by allowing a virtual host to be fully isolated or powered off until the issue is identified without impacting the internal network VMs.

When planning your next generation of server-side virtualization, consider the risks of placing internal and external network zones on resources that may contain external facing and internal only VMs. This type of architecture can bake in some inherent security into your environment that may save the day in the event of a zero-day vulnerability situation that affects the guest operating system or the virtualization hypervisor.

In following with Joe Foran’s recent blog about virtualizing Citrix Presentation Server (PS) systems, I too have had success with this practice. I took the approach that, for certain PS configurations, there can be great virtualization candidates depending on how you use Citrix. A web interface for PS is a great candidate for a virtual system if it is on its own server, but additional criteria determine what can be configured for a virtualized Citrix environment.

Based on my experience, the deciding factor for virtualizing PS systems is how many sessions will be concurrent for your published applications. For published applications that are rarely used or will not have very many sessions, this is a good starting point for virtualized PS systems. An example would be a line of business published applications that would not expect more than four concurrent users. A few of these types of applications on a virtual machine in ESX can work very well.

The biggest question becomes virtual machine provisioning from the memory and processor standpoint. If you have a baseline of your current Citrix usage, that is a good starting point for estimating the concurrent session usage. Take the following observations of a Citrix environment:

• Each PS session takes 16 MB of RAM
• Each published application within that environment requires 11 MB of RAM
• There are 4 published applications on a server, that have not exceeded 5 concurrent sessions

Just under 3.5 GB of RAM is required to meet the same environment requirements from the Citrix session perspective. By adding the base server and Citrix PS memory requirements to this calculated amount, you have identified the provisioning requirements of the Citrix server for the virtual role. From the processor standpoint, I generally provision the frequency limit at the rate of the physical system processor.

The good news is that Citrix is licensed by client connection and not the number of servers. Therefore, distributing virtualized Citrix servers in a VMware environment is well poised to meet performance and availability requirements.