Archive for the ‘Quick Take’ Category

Older Entries »
h1

VMware vCenter5: Revenge of Y2K, aka Worst Host Import Fail Ever!

January 6, 2012

I was recently involved in a process of migrating from vSphere 4 to vSphere 5 for an enterprise client leapfrogging from vSphere 4.0 to vSphere 5.0. Their platform is and AMD service farm with modern, socket G34 CPU blades and 10G Ethernet connectivity – all moving parts on VMware’s Hardware Compatibility List for all versions of vSphere involved in the process.

Supermicro AS-2022TG Platform Compatibility

Intel 10G Ethernet, i82599EB Chipset based NIC

Although VMware lists the 2022TG-HIBQRF as ESXi 5.0 compatible and not the 2022TG-HTRF, it is necessary to note the only difference between the two is the presence of a Mellanox ConnectX-2 QDR infiniband controller on-board: the motherboards and BIOS are exactly the same, the Mellanox SMT components are just mission on the HTRF version.

It is key to note that VMware also distinguishes the ESXi compatible platform by supported BIOS version 2.0a (Supermicro’s current version) versus 1.0b for the HTRF version. The current version is also required for AMD Opteron 6200 series CPUs which is not a factor in this current upgrade process (i.e. only 6100-series CPUs are in use). For this client, the hardware support level of the current BIOS (1.0c) was sufficient.

Safe Assumptions

So is it safe to assume that a BIOS update is not necessary when migrating to a newer version of vSphere? In the past, it’s been feature driven. For instance, proper use new hardware features like Intel EPT, AMD RVI or VMDirectPath (pci pass-through) have required BIOS updates in the past. All of these features were supported by the “legacy” version of vSphere and existing BIOS – so sounds safe to assume a direct import into vCenter 5 will work and then we can let vCenter manage the ESXi update, right?

Well, not entirely: when importing the host to vCenter5 the process gets all the way through inventory import and the fails abruptly with a terse message “A general system error occurred: internal error.” Looking at the error details in vCenter5 is of no real help.

Import of ESXi 4 host fails in vCenter5 for unknow reason.

A search of the term in VMware Communities is of no help either (returns non-relevant issues). However, digging down to the vCenter5 VPXD log (typically found in the hidden directory structure “C:\ProgramData\VMware\VMware VirtualCenter\Logs\”) does return a nugget that is both helpful and obscure.

Reviewing the vCenter VPXD log for evidence of the import problem.

If you’ve read through these logs before, you’ll note that the SSL certificate check has been disabled. This was defeated in vCenter Server Settings to rule-out potentially stale SSL certificates on the “legacy” ESXi nodes – it was not helpful in mitigating the error. The section highlighted was, however, helpful in uncovering a relevant VMware Knowledgebase article – the key language, “Alert:false@ D:/build/ob/bora-455964/bora/vim/lib/vdb/vdb.cpp:3253″ turns up only one KB article – and it’s a winner.

Knowledge Base article search for cryptic VPXD error code.

It is important – if not helpful – to note that searching KB for “import fail internal error” does return nine different (and unrelated) articles, but it does NOT return this KB (we’ve made a request to VMware to make this KB easier to find in a simpler search). VMware’s KB2008366 illuminates the real reason why the host import fails: non-Y2K compliant BIOS date is rejected as NULL data by vCenter5.

Y2K Date Requirement, Really?

Yes, the spectre of Y2K strikes 12 years later and stands as the sole roadblock to importing your perfectly functioning ESXi 4 host into vCenter5. According the the KB article, you can tell if you’re on the hook for a BIOS update by checking the “Hardware/Processors” information pane in the “Host Configuration” tab inside vCenter4.

ESXi 4.x host BIOS version/date exposed in vCenter4

According to vCenter date policy, this platform was minted in 1910. The KB makes it clear that any two-digit year will be imported as 19XX, where XX is the two digit year. Seeing as how not even a precursor of ESX existed in 1999, this choice is just dead stupid. Even so, the x86 PC wasn’t even invented until 1978, so a simple “date check” inequality (i.e. if “two_digit_date” < 78 then “four_digit_date” = 2000 + “two_digit_date”) would have resolved the problem for the next 65 years.

Instead, VMware will have you go through the process of upgrading and testing a new (and, as 6200 Opterons are just now available to the upgrade market, a likely unnecessary) BIOS version on your otherwise “trusty” platform.

Non-Y2K compliant BIOS date

Y2K-compliant BIOS date, post upgrade

Just to add insult to injury with this upgrade process, the BIOS upgrade for this platform comes with an added frustration: the IPMI/BMC firmware must also be updated to accommodate the new hardware monitoring capabilities of the new BIOS. Without the BMC update, vCenter will complain of Northbridge chipset overheat warnings from the platform until the BMC firmware is updated.

So, after the BIOS update, BMC update and painstaking hours (to days) of “new” product testing, we arrive at the following benefit: vCenter gets the BIOS version date correctly.

vCenter5 only wants Y2K compliant BIOS release dates for imported hosts

Bar Unnecessarily High

VMware actually says, “if the BIOS release date of the host is in the MM/DD/YY format, contact the hardware vendor to obtain the current MM/DD/YYYY format.” Really? So my platform is not vCenter5 worthy unless the BIOS date is four-digit year formatted? Put another way, VMware’s coders can create the premier cloud platform but they can’t handle a simple Y2K date inequality. #FAIL

Forget “the vRAM tax”, this obstacle is just dead stupid and unnecessary; and it will stand in the way of many more vSphere 5 upgrades. Relying on a BIOS update for a platform that was previously supported (remember 1.0b BIOS above?) just to account for the BIOS date is arbitrary at best, and it does not pose a compelling argument to your vendor’s support wing when dealing with an otherwise flawless BIOS.

SOLORI’s Take:

We’ve submitted a vCenter feature request to remove this exclusion for hundreds of vSphere 4.x hosts, maybe you should too…

Posted in Quick Take, Servers, Virtualization, VMWare | Tagged , , , , , , , , , , , , , | 3 Comments »

h1

Quick-Take: VMworld 2011, Thoughts on the Airplane

August 28, 2011

On the way to VMworld this morning this morning I started-out by listening to @Scott_lowe, @mike_laverick and @duncanyp about stretched clusters and some esoteric storage considerations. Then i was off reading @sakacc blogging about his take on stretch clusters and the black hole of node failure when I stumbled on a retweet @bgracely via @andreliebovici about the spectre of change in our industry. Suddenly these things seemed very well related within the context of my destination: VMworld 2011.

Back about a month ago when vSphere 5 was announced the buzz about the “upgrade” was consumed by discussions about licensing and vRAM. Naturally, this was not the focus VMware was hoping for, especially considering how much of a step forward vSphere 5 is over VS4. Rather, VMware – by all deserved rights – wanted to hear “excited” conversations about how VS5 was closing the gap on vCloud architecture problems and pain-points.

Personally, I managed to keep the vRAM licensing issue out of SOLORI’s blog for two reasons: 1) the initial vRAM targets were so off that VMware had to make a change, and 2) significant avenues for the discussion were available elsewhere. That does not mean I wasn’t outspoken about my thoughts on vRAM – made obvious by contributions to some community discussions on the topic – or VMware’s reasoning for moving to vRAM. Suffice to say VMware did “the right thing” – as I had confidence they would – and the current vRAM targets capture 100% of my clients without additional licenses.

I hinted that VS5 answers a lot of the hanging questions from VS4 in terms of facilitating how cloud confederations are architected, but the question is: in the distraction, did VS5′s “goodness” get lost in the scuffle? If so, can they get back the mind share they may have lost to Chicken Little reactionaries?

First, if VMware’s lost ground to anyone, it’s VMware. The vast majority of cool-headed admins I talked to were either not affected by vRAM or were willing to take a wait-and-see outlook on vSphere 5 with continued use of vSphere 4.1. Some did evaluate Hyper-V’s “readiness” but most didn’t blink. By comparison, vSphere 4.1 still had more to offer private cloud than anything else.

Secondly, vSphere 5 “goodness” did get lost in the scuffle, and that’s okay! It may be somewhat counter intuitive but I believe VMware will actually come out well ahead of their “would be” position in the market, and it is precisely because of these things, not just in spite of them. Here’s my reasoning:

1) In the way the vSphere 5 launch announcement and vRAM licensing debacle unfolded, lot of the “hot air” about vRAM was vented along the way. Subsequently, VMware gained some service cred by actually listening to their client base and making a significant change to their platform pricing model. VMware got more bang-for-their-buck out of that move as the effect on stock price may never be known here, given the timing of the S&P ratings splash, but I would have expected to see a slight hit. Fortunately, 20-30% sector slides trump vRAM, and only Microsoft is talking about vRAM now (that is until they adopt something similar.)

On that topic, anytime you can get your competitor talking about your product instead of theirs, it usually turns out to be a good thing. Even in this case, where the topic has nothing to do with the needs of most businesses, negative marketing against vRAM will ultimately do more to establish VMware as an innovator than an “already too expensive alternative to XYZ.”

2) SOLORI’s law of conservation of marketing momentum: goodness preserved, not destroyed. VMworld 2011 turns out to be perfectly timed to generate excitement in all of the “goodness” that vSphere 5 has to offer. More importantly, it can now do so with increased vigor and without a lot of energy siphoned-off discussing vRAM, utilization models and what have you: been there done that, on to the meat and away with the garnish.

3) Again it’s odd timing, but the market slide has more folks looking at cloud than ever before. Confidence in cloud offerings has been a deterrent for private cloud users, partly because of the “no clear choices” scenario and partly because concerns about data migration in and around the public cloud. Instability and weak growth in the world economy have people reevaluating CAPEX-heavy initiatives as well as priorities. The bar for cloud offerings has never been lower.

In vSphere 5, VMware hints at the ability for more cloud providers to be transparent to the subscriber: if they adopt vSphere. Ultimately, this will facilitate vendor agnosticism much like the early days of the Internet. Back then, operators discovered that common protocols allowed for dial-up vendors to share resources in a reciprocal and transparent manner. This allowed the resources of provider A to be utilized by a subscriber of provider B: the end user was completely unaware of the difference. For those that don’t have strict requirements on where their data “lives” and/or are more interested in adherence to availability and SLA requirements, this can actually induce a broader market instead of a narrower one.

If you’ve looked past vRAM, you may have noticed for yourself that vSphere has more to deliver cloud offerings than ever before. VMware will try to convince you that whether cloud bursting, migrating to cloud or expanding hybrid cloud options, having a common underlying architecture promotes better flexibility and reduces overall cost and complexity. They want you to conclude that vSphere 5 is the basis for that architecture. Many will come away from Las Vegas – having seen it – believing it too.

So, as I – and an estimated 20K+ other virtualization junkies – head off to Las Vegas for a week of geek overload, parties and social networking, my thoughts turn to @duncanyp‘s 140+ improvements, enhancements and advances waiting back home in my vSphere 5 lab. Last week he challenged his “followers” to be the first to post examples of all of them; with the myriad of hands-on labs and expert sessions just over the horizon, I hope to do it one better and actually experience them first hand.

These things all add up to a win-win for VMware and a strong showing for VMworld. It’s going to be an exciting and – tip of the hat to @bgracely - industry changing week! Now off to the fray…

References:

See Mike Laverick’s chinwag podcasts

See Chad’s Sakacc’s VirtualGeek blog on stretched cluster issues to overcome

(excuse typos today, wordpress iPad…)

Posted in New Products, Quick Take, VMWare | Tagged , , , , , | Leave a Comment »

h1

Quick-Take: vCMA Updated, SSL now Default

March 17, 2011
vCMA Login Screen, iPhone

vCMA Login Screen

In February, we detailed the installation and first use of the VMware vCenter Mobile Access appliance (version 1.0.41). In that write up, we pointed out that vCMA had some security issues and said the following:

Being HTTP-only, vCMA doesn’t lend itself to secure computing over the public Internet or untrusted intranet. Instead, it is designed to work with security layer(s) in front of it. While it IS possible to add HTTPS to the Apache/Tomcat server delivering its web application, vCMA is meant to be deployed as-is and updated as-is – it’s an appliance.

- SOLORI’s blog, 28-Feb-2011

Seems VMware is listening. Yesterday, VMware announced the release and immediate availability of vCMA v1.0.42 with HTTPS/SSL enabled by default. We got this from the “vSphere MicroClient Functional Specification Guide:”

SSL Connections
By default “https” (or SSL certificate) is enabled in the appliance for the vCMA for enhanced security. You can replace the out-of-the-box certificate with your own, if needed. However, http->https redirection is currently not supported.

Other deployment considerations

  1. The vCMA server comes with a default userid/password. For security reasons, we strongly recommended that you change root password.
  2. If you prefer, you can set a hostname or IP address for the appliance.
  3. Using standard Linux utilities, you can change the date and time in the appliance.
  4. You can also upgrade the hardware version and VMware Tools in the vCMA appliance following standard procedures.

SOLORI’s Take: This welcomed change circumvents any additional kludge work necessary to secure the appliance. Using an HTTPS proxy was cumbersome and kludgey in its own right and “hacking” the appliance was tricky and doomed to be reversed by the next appliance update. VMware’s move opens the door for more widespread use vCMA and (hopefully) more interesting applications of its use in the future.

Posted in Applications, Management, Mobile, Quick Take, Virtualization, VMWare | Tagged , , , , , | 2 Comments »

h1

Quick-Take: Buying an iPad2 on Friday

March 10, 2011

New iPad2, launcing in White and Black "on day one"

If you’re chomping at the bit to buy an iPad2 on launch day, the question remains: which one to buy? There seems to be many options and ways to go, but ultimately this will end-up being a personal decision. However, there is an economic and functional rational that you should consider before coughing up nearly $1K on an arguably cool device.

Given the choices of models and network options, this should definitely NOT be an impulse buy, and I hope you look at it in a reasoned – if not somewhat giddy – way. Here are my thoughts for personal acquisition (not for businesses – you guys need to run POC for at least 3-6 months!):

Basically, there are three models: WiFi, WiFi+3G/ATT & WiFi+3G/Verizon, with three flash variants of each – 16GB, 32GB & 64GB – and two color variants of those – black & white. That’s a total of 18 different SKU’s for iPad2. So here’s how the process breaks down to me:

  1. Since WiFi/Bluetooth is the same on all models, choose first between 3G (includes aGPS) or WiFi-only (no aGPS);
    1. Choose carrier between ATT & Verizon (either are month-to-month):
      1. ATT offers two options for iPad2:
        1. $15/month for 250MB/month; with automatic charge of $15/250MB overage;
        2. $25/month for 2GB/month; with automatic charge of $10/1GB overage;
      2. Verizon offers four options for iPad2 WiFi-only + MiFi:
        1. $20/month for 1GB/month; with automatic charge of $20/GB overage;
        2. $35/month for 3GB/month; with automatic charge of $10/GB overage;
        3. $50/month for 5GB/month; with automatic charge of $10/GB overage;
        4. $80/month for 10GB/month; with automatic charge of $10/GB overage;
        5. Note: MiFi device is free only with a 2-year contract.
      3. Verizon offers four plans for iPad2 WiFi+3G:
        1. $20/month for 1GB/month; with automatic charge of $20/GB overage;
        2. $35/month for 3GB/month; with automatic charge of $10/GB overage;
        3. $50/month for 5GB/month; with automatic charge of $10/GB overage;
        4. $80/month for 10GB/month; with automatic charge of $10/GB overage;
    2. Choose memory size; 3G Models will cost according to their memory size regardless of carrier:
      1. $630 for 16GB, black or white;
      2. $730 for 32GB, black or white;
      3. $839 for 64GB, black or white;
    3. Choose color;
      1. Black;
      2. White;
  2. For WiFi-only models, you’ll give-up accurate location (no aGPS) but save money (see MiFi above for mobile access):
    1. Choose memory size; 3G Models will cost according to their memory size regardless of carrier:
      1. $630 for 16GB, black or white;
      2. $730 for 32GB, black or white;
      3. $839 for 64GB, black or white;
    2. Choose color;
      1. Black;
      2. White;
  3. Choose how you want to purchase:
    1. In-store (5PM local time):
    2. On-line (1AM PST):
  4. Enjoy iPad2 nirvana!

SOLORI’s Take: Steve Jobs really wants to see you on-camera and in line. Apple made a point to require retailers to coordinate sale starts at 5PM local time to be able to maximize “free” advertising benefits based on local, mobile news feeds from “high demand queues” at retailers. There’s no discount for purchasing after standing in a retail store line, so why queue-up without compensation just to be part of the iPad2 marketing push? Buy from an on-line retailer (or wait) and avoid the lines.

As for the model and plan, economically the 16GB iPad2 makes the most sense. If you need 3G but have no interest in using your iPad as a navigation unit while you drive, get MiFi and get the benefit of being able to use it with up to 5 other devices (laptop, iPad1, Android tablet, etc.) If you’re replacing your 32GB+ iPad and laptop (good luck) in this purchase, you may go all out, but don’t be surprised when buyer’s remorse sets-in a month or so hence. Then it comes down to 3G variant: ATT has more global reach (see link above), but beware of “data roaming” charges, while Verizon has a bit better $/GB rates (see above).

If you choose to que-up and volunteer for Steve Jobs unpaid marketing army, good luck and stay safe. According to BestBuy’s playbook, you’ll get a “ticket” for the model you want in line. There will only be tickets enough for the actual models they have and they’ll likely only know what that list is one to two hours before 5PM local time. When all tickets are gone, they’ll issue standby tickets for the next day, etc. At BestBuy at least, you’ll need to leave a $100 deposit with your standby ticket and it will be issued in the form of a $100 gift card usable towards your iPad purchase.

[Update: SOLORI's iPad2 ordered for the lab at 2:53AM CST from ATT on-line - black, 16GB WiFi+3G, 2GB/mo. data plan. Verizon, Walmart, Target all show iPad2 as unavailable on-line and in stores at 5PM.]

[Update: On-line supplies of iPad2 started at 2-3 business day promised delivery and had gone to 2-3 week delivery by 9:30AM PST.]

[Update: 15-Mar-2011 - USPS delivered iPad2 - 2 business days achieved.]

Posted in Ethics and Technology, iPad/iPhone, Mobile, New Products, Quick Take | Tagged , , , , , , , , | Leave a Comment »

h1

Quick-Take: iPad2 Launched, Features Left on the Drawing Board

March 2, 2011

The iPad2, Available in "Black or White" on March 11, 2011

No doubt that Apple is the 800lb gorilla in the room when it comes to mobile tablets and phones today. With lack-lustre acceptance of the first “official” Android tablet – Motorola’s Xoom – the new aspects of the Apple iPad2, announced today, will surely keep iPad adopters on-board for the next version. Coming March 11, 2011, the new iPad will come in three memory sizes (16, 32 and 64GB) and be available as an WiFi-only variant (802.11a/b/g/n) as well as a Wi-Fi+3G+aGPS variant (UMTS/HSDPA/HSUPA/GSM/EDGE or CDMA/EV-DO Rev. A) – both with Bluetooth 2.1+EDR.

Besides coming in a “white” model from “day one,” the iPad2 sports the anticipated Apple A5 dual-core system on chip based on the ARM Cortex-A9 CPU. The 9.7 inch LED-backlit multi-touch display features the coveted IPS display technology that gave the original iPad such great color. Additionally, the iPad2 joins the iPhone4 in the dual-camera club with a front-facing VGA camera (suitable for FaceTime) and a rear-facing HD camera (suitable for 720p, 30 fps video).

Apple's HDMI "mirroring" connector includes pass-through 30-pin port for charging.

Rounding-out the features include HDMI output via proprietary 30-pin to HDMI+30-pin adapter (dongle) supporting video to 1080p. Missing from the “dreamed about” feature list are: high-resolution display, removable media, standard USB ports,  autonomous GPS and near field communications interface. At 0.34 inches thick and 1.33 lbs, the iPad2 shed 0.17 lbs and 0.16 inches in thickness by removing the additional display glass, but it kept the original’s 1024×768 display – a slip behind the standard 1280×800 display profile of Honeycomb-wielding 10″ tablets.

Out of the gate, iPad2 versions will be available for AT&T and Verizon Wireless in the US (although specific launch dates for either carrier are not yet available). The iPad in Business section of the release site looks impressive on the surface. The existing list of business oriented applications for iPad together with the obvious polish of the product represents a real obstacle for its competitors (like QNX-based Blackberry Playbook and Android-based Motorola Xoom).

SOLORI’s Take: The iPad2 represents a conservative update to the existing and wildly successful iPad (over 10M units in 2H 2010). Loyalist iPad users are early adopters, so it’s a no-brainer to predict that 3M iPad2′s will ship in H1/2011 to “iPad1″ owners. If it happens, that makes for a solid supply of discarded iPads over the next few months which can actually HELP Apple entrench – giving them an artificial low-end product due to upgrades. Given that there is zero reference to the original iPad on Apple’s site, it’s safe to say that when inventories are gone, iPad2 will be the only game for Apple.

The shortcoming for iPad2 over its Android contenders is physical standards. I mentioned the screen resolution as compared to Android Honeycomb standard, but the Blackberry Playbook comes in under both devices at 1024×600 (last year’s “unofficial” Android tablet standard). While the Playbook is lighter at 0.9 lbs, it’s also smaller (and 0.1″ thicker) – more of a challenger for Galaxy Tab than iPad. Most of the Tegra2 tablets have mini-USB (some have full-size USB) and offer either mini-HDMI or full-size HDMI ports – either on-board or through a docking port. It’s rumoured that Apple has locked-up the IPS display market, but at 1024×768, those opting for higher resolution may turn to Android competitors for more desktop real estate.

Besides matching iPad2 feature-for-feature, Tegra2 Android tablets represent a serious threat (technologically) to iPad2. Another issue is storage: nearly every Android comes with both removable and built-in memory options – something neither iPad or Blackberry offer. In a business world, the ability to quickly exchange data without using WiFi or 3G/4G is huge – especially where remote access applications are concerned. That makes iPad dependent on its wireless carriers and WiFi/hot-spots for data exchange (or docking/undocking to notebook, laptop, etc.) The removable memory feature also allows enterprises to purchase the low-end memory configuration and supplement them with third-party memory or require end-users to supply their own.

Where iPad2 has the biggest advantage is turn-key applications through Apple’s iTunes market, and this is something they’re pressing heavily in today’s marketing message. Forget the clever iPad2 cover, its applications that ultimately make the product valuable to business. If Apple can stay ahead here, enterprise will follow. Unfortunately, Apple may find its “hatred” for Adobe’s Flash a position that could erode its market faster than anything else. Flash could be the great equalizer (or market accelerator) for Android and Blackberry, allowing businesses to rely on web-apps instead of native ones… in the meantime, Google has the clout and growth rate to compel all but the staunchest of application vendors to play both sides of the split market.

Posted in iPad/iPhone, Mobile, New Products, Quick Take | Tagged , , , , , , | Leave a Comment »

h1

Quick-Take: Google Turns to Zynamics after recent Malware Proof

March 2, 2011

With enterprises eyeing mobile “smart” phones and tablets as the next wave of technology to improve worker productivity, responsiveness and presence, the recent infiltration of trojan malware into Google’s Android Market is likely to go unnoticed. However, the ramifications appear to be crystal clear to Google as they responded by quickly snatching-up German reverse engineering firm Zynamics. In a blog post yesterday, Zynamics’ CEO Thomas Dullien – aka Halvar Flake – simply stated:

We’re pleased to announce that zynamics has been acquired by Google! If you’re an existing customer and do not receive our email announcement within the next 48 hours, please contact us at info@zynamics.com. All press inquiries should be sent to press@google.com.

There is still no official press release from Google on the matter, however SecurityWeek and other sources have stated that Google has indeed confirmed the acquisition. It is unlikely that the timing of this announcement is unrelated to the recent Android Market fiasco or the “rumoured” Apple iPad2 launch supposedly to take place today at 10:00 AM PST.

An estimated 50,000-200,000 users downloaded tainted apps from Google Market before the items were pulled-off the site. Of course, Apple is not without its share of  problems in iPad. There was a major breach in June, 2010 resulting in at least 114,000 compromised iPad users including then Obama White House Chief of Staff Rahm Emanuel.  However, in the iPad case the breach came as a result of a direct attack on iPad vulnerabilities where the Android compromise attacked a weakness in Google’s Market policies – essentially taking a “trusted back door” approach.

Meanwhile, VMware has been on the road promoting it’s mobile virtualization platform with partner LG. In a hands-on video at the 2011 Mobile World Congress taken by Engadget, the VMware mobile hypervisor can be seen fronting two phones within a phone. While this approach can help to secure corporate data from infiltration of the “consumer” side of the schizophrenic cell phone, it cannot protect the phone from OS vulnerabilities (like the iPad Safari weakness) or authorized deployment vectors (like Google’s Market infiltration.) To protect assets from these kind of attacks, the use of mobile anti-virus and anti-malware will be imperative.

SOLORI’s Take: VMware’s type II hypervisor does enable corporate policy enforcement that would bee too “draconian” for most users to co-exist with their personal or mixed-use phone or tablet . While no official word from VMware has been given on when their mobile hypervisor will make the leap from phone to tablet, it’s not a huge leap given the software has already been shown on the Nexus One and LG Optimus Black.

Given that the LG Optimus is based on TI’s Omap 3630 and the Nexus One incorporates the older Qualcomm Snapdragon chipset, and both are based on ARM Cortex-A8 CPU core found in many Android and Apple iOS devices, VMware’s offering appears to be very mature. Also, it is only a type II hypervisor so it should be no time until we see it running on more current, mainstream devices running ARM Cortex-A9 CPUs used in Nvidia Tegra2-based devices like LG Optimus 2X, Motorola Altrix/4G & Xoom or the rumoured Apple A5 chip “destined” for iPad2 and iPhone 5 or even the new TI Omap 4430 that power the like of the Blackberry Playbook.

Can a type II hypervisor quell corporate America’s security concerns about information leakage and IP theft? Given the right deployment model, tools and resources it represents a step in the right direction. The jury’s still out to see how wireless sharing, two separate data plans and two anti-malware threads affect run-time on platforms that threaten the delicate balance of usability and battery life…

Posted in Android, Hypervisors, iPad/iPhone, Mobile, Quick Take, Virtualization, VMWare | Tagged , , , , , , , , , , , , , | Leave a Comment »

h1

Quick-Take: VMware View 4.6 and PCoIP Software Gateway

March 1, 2011

VMware View 4.6 has been released. Andre Leibovici has a nice summary of the PCoIP Software Gateway (PSG) functionality – new in 4.6 – that finally allows PCoIP to be negotiated without external VPN tunnels.

VMware View 4.6 has been just released and as everyone expected this release introduces support for external secure remote access with PCoIP, without requirement for a SSL VPN. This feature is also known as View Secure Gateway Server. VMware’s Mark Benson, in his blog article, does a very good job explaining why tunnelling PCoIP traffic through the Security Server using SSL was never a viable solution because VMware didn’t want to interfere with the advanced performance characteristics of the protocol.

Andre Leibovici – myvirtualcloud.net

Other enhancements in the 4.6 release include:

  • Enhanced USB device compatibility – View 4.6 supports USB redirection for syncing and managing iPhones and iPads with View desktops. This release also includes improvements for using USB scanners, and adds to the list of USB printers that you can use with thin clients. For more information, see the list of View Client resolved issues.
  • Keyboard mapping improvements – Many keyboard-related issues have been fixed. For more information, see the list of View Client resolved issues.
  • New timeout setting for SSO users – With the single-sign-on (SSO) feature, after users authenticate to View Connection Server, they are automatically logged in to their View desktop operating systems. This new timeout setting allows administrators to limit the number of minutes that the SSO feature is valid for.For example, if an administrator sets the time limit to 10 minutes, then 10 minutes after the user authenticates to View Connection Server, the automatic login ability expires. If the user then walks away from the desktop and it becomes inactive, when the user returns, the user is prompted for login credentials. For more information, see the VMware View Administration documentation.
  • VMware View 4.6 includes more than 160 bug fixes – For descriptions of selected resolved issues, see Resolved Issues.
  • Support for Microsoft Windows 7 SP1 operating systems

SOLORI’s Take: The addition of WAN-enabled PCoIP functionality takes VMware’s flagship desktop protocol to the next level. However, considerable tuning at the PCoIP desktop agent is necessary for most WAN configurations. The upside is the solution maintains PCoIP’s UDP basis without tunneling inside TCP.

Since PCoIP has always been AES encrypted by default, this is not really an issue of security but one of performance and delivery. Right-sizing the PCoIP payload for the intended WAN application will be challenging for most, so expect to see PSG use in campus-wide applications where security of PCoIP (UDP) has been difficult.

For a twist on PSG using Internet connections with dynamically assigned IP addresses, check-out Gabe’s Virtual World post – powershell included!

[updated to include links to VMware's View release notes, and link to Gabe's post.]

Posted in New Products, Quick Take, Virtual Desktop, Virtualization, VMWare | Tagged , , , , | 1 Comment »

h1

Quick-Take: Merry Christmas and Happy Holidays

December 15, 2010

Merry Christmas and happy holidays from our family to yours! God has truly blessed us this year, and we’ve been privileged to share some of those blessings with you. Read the rest of this entry ?

Posted in Quick Take | Tagged , , | Leave a Comment »

h1

Quick-Take: Is Your Marriage a Happy One?

November 12, 2010

I came across a recent post by Chad Sakac (VP, VMware Alliance at EMC) discussing the issue of how vendors drive customer specifications down from broader goals to individual features or implementation sets (I’m sure VCE was not in mind at the time.) When it comes to vendors insist on framing the “client argument” in terms of specific features and proprietary approaches, I have to agree that Chad is spot on. Here’s why:

First, it helps when vendors move beyond the “simple thinking” of infrastructure elements as a grid of point solutions and more of an “organic marriage of tools” – often with overlapping qualities. Some marriages begin with specific goals, some develop them along the way and others change course drastically and without much warning. The rigidness of point approaches rarely accommodates growth beyond the set of assumptions that created the it in the first place. Likewise, the “laser focus” on specific features detracts from the overall goal: the present and future value of the solution.

When I married my wife, we both knew we wanted kids. Some of our friends married and “never” wanted kids, only to discover a child on the way and subsequent fulfillment through raising them. Still, others saw a bright future strained with incompatibility and the inevitable divorce. Such is the way with marriages.

Second, it takes vision to solve complex problems. Our church (Church of the Highlands in Birmingham, Alabama) takes a very cautious position on the union between souls: requiring that each new couple seeking a marriage give it the due consideration and compatibility testing necessary to have a real chance at a successful outcome. A lot of “problems” we would encounter were identified before we were married, and when they finally popped-up we knew how to identify and deal with them properly.

Couples that see “counseling” as too obtrusive (or unnecessary) have other options. While the initial investment of money are often equivalent, the return on investment is not so certain. Uncovering incompatibilities “after the sale” provides for difficult and too often a doomed outcome (hence, 50% divorce rate.)

This same drama plays out in IT infrastructures where equally elaborate plans, goals and unexpected changes abound. You date (prospecting and trials), you marry (close) and are either fruitful (happy client), disappointed (unfulfilled promises) or divorce. Often, it’s not the plan that failed but the failure to set/manage expectations and address problems that causes the split.

Our pastor could not promise that our marriage would last forever: our success is left to God and the two of us. But he did help us to make decisions that would give us a chance at a fruitful union. Likewise, no vendor can promise a flawless outcome (if they do, get a second opinion), but they can (and should) provide the necessary foundation for a successful marriage of the technology to the business problem.

Third, the value of good advice is not always obvious and never comes without risk. My wife and I were somewhat hesitant on counseling before marriage because we were “in love” and were happy to be blind to the “problems” we might face. Our church made it easy for us: no counseling, no marriage. Businesses can choose to plot a similar course for their clients with respect to their products (especially the complex ones): discuss the potential problems with the solution BEFORE the sale or there is no sale. Sometimes this takes a lot of guts – especially when the competition takes the route of oversimplification. Too often IT sales see identifying initial problems (with their own approach) as too high a risk and too great an obstacle to the sale.

Ultimately, when you give due consideration to the needs of the marriage, you have more options and are better equipped to handle the inevitable trials you will face. Whether it’s an unexpected child on the way, or an unexpected up-tick in storage growth, having the tools in-hand to deal with the problem lessens its severity. The point is, being prepared is better than the assumption of perfection.

Finally, the focus has to be what YOUR SOLUTION can bring to the table: not how you think your competition will come-up short. In Chad’s story, he’s identified vendors disqualifying one another’s solutions based on their (institutional) belief (or disbelief) in a particular feature or value proposition. That’s all hollow marketing and puffery to me, and I agree completely with his conclusion: vendors need to concentrate on how their solution(s) provide present and future value to the customer and refrain from the “art” of narrowly framing their competitors.

Features don’t solve problems: the people using them do. The presence (or absence) of a feature simply changes the approach (i.e. the fallacy of feature parity). As Chad said, it’s the TOTALITY of the approach that derives value – and that goes way beyond individual features and products. It’s clear to me that a lot of counseling takes place between Sakac’s EMC team and their clients to reach those results. Great job, Chad, you’ve set a great example for your team!

Posted in Ethics and Technology, Quick Take | Tagged , , , , , , , , , , | Leave a Comment »

h1

Quick-Take: ZFS and Early Disk Failure

September 17, 2010

Anyone who’s discussed storage with me knows that I “hate” desktop drives in storage arrays. When using SAS disks as a standard, that’s typically a non-issue because there’s not typically a distinction between “desktop” and “server” disks in the SAS world. Therefore, you know I’m talking about the other “S” word – SATA. Here’s a tale of SATA woe that I’ve seen repeatedly cause problems for inexperienced ZFS’ers out there…

When volumes fail in ZFS, the “final” indicator is data corruption. Fortunately, ZFS checksums recognize corrupted data and can take action to correct and report the problem. But that’s like treating cancer only after you’ve experienced the symptoms. In fact, the failing disk will likely begin to “under-perform” well before actual “hard” errors show-up as read, write or checksum errors in the ZFS pool. Depending on the reason for “under-performing” this can affect the performance of any controller, pool or enclosure that contains the disk.

Wait – did he say enclosure? Sure. Just like a bad NIC chattering on a loaded network, a bad SATA device can occupy enough of the available service time for a controller or SAS bus (i.e. JBOD enclosure) to make a noticeable performance drop in otherwise “unrelated” ZFS pools. Hence, detection of such events is an important thing. Here’s an example of an old WD SATA disk failing as viewed from the NexentaStor “Data Sets” GUI:

Disk Statistics showing failing drive

Something is wrong with device c5t84d0...

Device c5t84d0 is having some serious problems. Busy time is 7x higher than counterparts, and its average service time is 14x higher. As a member of a RAIDz group, the entire group is being held-back by this “under-performing” member. From this snapshot, it appears that NexentaStor is giving us some good information about the disk from the “web GUI” but this assumption would not be correct. In fact, the “web GUI” is only reporting “real time” data so long as the disk is under load. In the case of a lightly loaded zpool, the statistics may not even be reported.

However, from the command shell, historic and real-time access to per-device performance is available. The output of “iostat -exn” shows the count of all errors for devices since the last time counters were reset, and average I/O loads for each:

Device statistics from 'iostat' show error and I/O history.

Device statistics from 'iostat' show error and I/O history.

The output of iostat clearly shows this disk has serious hardware problems. It indicates hardware errors as well as transmission errors for the device recognized as ‘c5t84d0′ and the I/O statistics – chiefly read, write and average service time – implicate this disk as a performance problem for the associated RAIDz group. So, if the device is really failing, shouldn’t there be a log report of such an event? Yes, and here’s a snip from the message log showing the error:

SCSI error with ioc_status=0x8048 reported in /var/log/messages

SCSI error with ioc_status=0x8048 reported in /var/log/messages for failing device.

However, in this case, the log is not “full” with messages of this sort. In fact, it only showed-up under the stress of an iozone benchmark (run from the NexentaStor ‘nmc’ console). I can (somewhat safely) conclude this to be a device failure since at least one other disk in this group is of the same make, model and firmware revision of the culprit. The interesting aspect about this “failure” is that it does not result in a read, write or checksum error for the associated zpool. Why? Because the device is only loosely coupled to the zpool as a constituent leaf device, and it also implies that the device errors were recoverable by either the drive or the device driver (mapping around a bad/hard error.)

Since these problems are being resolved at the device layer, the ZFS pool is “unaware” of the problem as you can see from the output of ‘zpool status’ for this volume:

zpool status output for pool with undetected failing device

Problems with disk device as yet undetected at the zpool layer.

This doesn’t mean that the “consumers” of the zpool’s resources are “unaware” of the problem, as the disk error has manifested itself in the zpool as higher delays, lower I/O through-put and subsequently less pool bandwidth. In short, if the error is persistent under load, the drive has a correctable but catastrophic (to performance) problem and will need to be replaced. If, however, the error goes away, it is possible that the device driver has suitably corrected for the problem and the drive can stay in place.

SOLORI’s Take: How do we know if the drive needs to be replaced? Time will establish an error rate. In short, running the benchmark again and watching the error counters for the device will determine if the problem persists. Eventually, the errors will either go away or they wont. For me, I’m hoping that the disk fails to give me an excuse to replace the whole pool with a new set of SATA “eco/green” disks for more lab play. Stay tuned…

SOLORI’s Take: In all of its flavors, 1.5Gbps, 3Gbps and 6Gbps, I find SATA drives inferior to “similarly” spec’d SAS for just about everything. In my experience, the worst SAS drives I’ve ever used have been more reliable than most of the SATA drives I’ve used. That doesn’t mean there are “no” good SATA drives, but it means that you really need to work within tighter boundaries when mixing vendors and models in SATA arrays. On top of that, the additional drive port and better typical sustained performance make SAS a clear winner over SATA (IMHO). The big exception to the rule is economy – especially where disk arrays are used for on-line backup – but that’s another discussion…

Posted in Management, Nexenta, Open Source Storage, Performance, Quick Take | Tagged , , , , , , | 5 Comments »

Older Entries »
Follow

Get every new post delivered to your Inbox.