Archive for the ‘Quick Take’ Category

h1

Quick-Take: vCMA Updated, SSL now Default

March 17, 2011
vCMA Login Screen, iPhone

vCMA Login Screen

In February, we detailed the installation and first use of the VMware vCenter Mobile Access appliance (version 1.0.41). In that write up, we pointed out that vCMA had some security issues and said the following:

Being HTTP-only, vCMA doesn’t lend itself to secure computing over the public Internet or untrusted intranet. Instead, it is designed to work with security layer(s) in front of it. While it IS possible to add HTTPS to the Apache/Tomcat server delivering its web application, vCMA is meant to be deployed as-is and updated as-is – it’s an appliance.

- SOLORI’s blog, 28-Feb-2011

Seems VMware is listening. Yesterday, VMware announced the release and immediate availability of vCMA v1.0.42 with HTTPS/SSL enabled by default. We got this from the “vSphere MicroClient Functional Specification Guide:”

SSL Connections
By default “https” (or SSL certificate) is enabled in the appliance for the vCMA for enhanced security. You can replace the out-of-the-box certificate with your own, if needed. However, http->https redirection is currently not supported.

Other deployment considerations

  1. The vCMA server comes with a default userid/password. For security reasons, we strongly recommended that you change root password.
  2. If you prefer, you can set a hostname or IP address for the appliance.
  3. Using standard Linux utilities, you can change the date and time in the appliance.
  4. You can also upgrade the hardware version and VMware Tools in the vCMA appliance following standard procedures.

SOLORI’s Take: This welcomed change circumvents any additional kludge work necessary to secure the appliance. Using an HTTPS proxy was cumbersome and kludgey in its own right and “hacking” the appliance was tricky and doomed to be reversed by the next appliance update. VMware’s move opens the door for more widespread use vCMA and (hopefully) more interesting applications of its use in the future.

h1

Quick-Take: Buying an iPad2 on Friday

March 10, 2011

New iPad2, launcing in White and Black "on day one"

If you’re chomping at the bit to buy an iPad2 on launch day, the question remains: which one to buy? There seems to be many options and ways to go, but ultimately this will end-up being a personal decision. However, there is an economic and functional rational that you should consider before coughing up nearly $1K on an arguably cool device.

Given the choices of models and network options, this should definitely NOT be an impulse buy, and I hope you look at it in a reasoned – if not somewhat giddy – way. Here are my thoughts for personal acquisition (not for businesses – you guys need to run POC for at least 3-6 months!):

Basically, there are three models: WiFi, WiFi+3G/ATT & WiFi+3G/Verizon, with three flash variants of each – 16GB, 32GB & 64GB – and two color variants of those – black & white. That’s a total of 18 different SKU’s for iPad2. So here’s how the process breaks down to me:

  1. Since WiFi/Bluetooth is the same on all models, choose first between 3G (includes aGPS) or WiFi-only (no aGPS);
    1. Choose carrier between ATT & Verizon (either are month-to-month):
      1. ATT offers two options for iPad2:
        1. $15/month for 250MB/month; with automatic charge of $15/250MB overage;
        2. $25/month for 2GB/month; with automatic charge of $10/1GB overage;
      2. Verizon offers four options for iPad2 WiFi-only + MiFi:
        1. $20/month for 1GB/month; with automatic charge of $20/GB overage;
        2. $35/month for 3GB/month; with automatic charge of $10/GB overage;
        3. $50/month for 5GB/month; with automatic charge of $10/GB overage;
        4. $80/month for 10GB/month; with automatic charge of $10/GB overage;
        5. Note: MiFi device is free only with a 2-year contract.
      3. Verizon offers four plans for iPad2 WiFi+3G:
        1. $20/month for 1GB/month; with automatic charge of $20/GB overage;
        2. $35/month for 3GB/month; with automatic charge of $10/GB overage;
        3. $50/month for 5GB/month; with automatic charge of $10/GB overage;
        4. $80/month for 10GB/month; with automatic charge of $10/GB overage;
    2. Choose memory size; 3G Models will cost according to their memory size regardless of carrier:
      1. $630 for 16GB, black or white;
      2. $730 for 32GB, black or white;
      3. $839 for 64GB, black or white;
    3. Choose color;
      1. Black;
      2. White;
  2. For WiFi-only models, you’ll give-up accurate location (no aGPS) but save money (see MiFi above for mobile access):
    1. Choose memory size; 3G Models will cost according to their memory size regardless of carrier:
      1. $630 for 16GB, black or white;
      2. $730 for 32GB, black or white;
      3. $839 for 64GB, black or white;
    2. Choose color;
      1. Black;
      2. White;
  3. Choose how you want to purchase:
    1. In-store (5PM local time):
    2. On-line (1AM PST):
  4. Enjoy iPad2 nirvana!

SOLORI’s Take: Steve Jobs really wants to see you on-camera and in line. Apple made a point to require retailers to coordinate sale starts at 5PM local time to be able to maximize “free” advertising benefits based on local, mobile news feeds from “high demand queues” at retailers. There’s no discount for purchasing after standing in a retail store line, so why queue-up without compensation just to be part of the iPad2 marketing push? Buy from an on-line retailer (or wait) and avoid the lines.

As for the model and plan, economically the 16GB iPad2 makes the most sense. If you need 3G but have no interest in using your iPad as a navigation unit while you drive, get MiFi and get the benefit of being able to use it with up to 5 other devices (laptop, iPad1, Android tablet, etc.) If you’re replacing your 32GB+ iPad and laptop (good luck) in this purchase, you may go all out, but don’t be surprised when buyer’s remorse sets-in a month or so hence. Then it comes down to 3G variant: ATT has more global reach (see link above), but beware of “data roaming” charges, while Verizon has a bit better $/GB rates (see above).

If you choose to que-up and volunteer for Steve Jobs unpaid marketing army, good luck and stay safe. According to BestBuy’s playbook, you’ll get a “ticket” for the model you want in line. There will only be tickets enough for the actual models they have and they’ll likely only know what that list is one to two hours before 5PM local time. When all tickets are gone, they’ll issue standby tickets for the next day, etc. At BestBuy at least, you’ll need to leave a $100 deposit with your standby ticket and it will be issued in the form of a $100 gift card usable towards your iPad purchase.

[Update: SOLORI's iPad2 ordered for the lab at 2:53AM CST from ATT on-line - black, 16GB WiFi+3G, 2GB/mo. data plan. Verizon, Walmart, Target all show iPad2 as unavailable on-line and in stores at 5PM.]

[Update: On-line supplies of iPad2 started at 2-3 business day promised delivery and had gone to 2-3 week delivery by 9:30AM PST.]

[Update: 15-Mar-2011 - USPS delivered iPad2 - 2 business days achieved.]

h1

Quick-Take: iPad2 Launched, Features Left on the Drawing Board

March 2, 2011

The iPad2, Available in "Black or White" on March 11, 2011

No doubt that Apple is the 800lb gorilla in the room when it comes to mobile tablets and phones today. With lack-lustre acceptance of the first “official” Android tablet – Motorola’s Xoom – the new aspects of the Apple iPad2, announced today, will surely keep iPad adopters on-board for the next version. Coming March 11, 2011, the new iPad will come in three memory sizes (16, 32 and 64GB) and be available as an WiFi-only variant (802.11a/b/g/n) as well as a Wi-Fi+3G+aGPS variant (UMTS/HSDPA/HSUPA/GSM/EDGE or CDMA/EV-DO Rev. A) – both with Bluetooth 2.1+EDR.

Besides coming in a “white” model from “day one,” the iPad2 sports the anticipated Apple A5 dual-core system on chip based on the ARM Cortex-A9 CPU. The 9.7 inch LED-backlit multi-touch display features the coveted IPS display technology that gave the original iPad such great color. Additionally, the iPad2 joins the iPhone4 in the dual-camera club with a front-facing VGA camera (suitable for FaceTime) and a rear-facing HD camera (suitable for 720p, 30 fps video).

Apple's HDMI "mirroring" connector includes pass-through 30-pin port for charging.

Rounding-out the features include HDMI output via proprietary 30-pin to HDMI+30-pin adapter (dongle) supporting video to 1080p. Missing from the “dreamed about” feature list are: high-resolution display, removable media, standard USB ports,  autonomous GPS and near field communications interface. At 0.34 inches thick and 1.33 lbs, the iPad2 shed 0.17 lbs and 0.16 inches in thickness by removing the additional display glass, but it kept the original’s 1024×768 display – a slip behind the standard 1280×800 display profile of Honeycomb-wielding 10″ tablets.

Out of the gate, iPad2 versions will be available for AT&T and Verizon Wireless in the US (although specific launch dates for either carrier are not yet available). The iPad in Business section of the release site looks impressive on the surface. The existing list of business oriented applications for iPad together with the obvious polish of the product represents a real obstacle for its competitors (like QNX-based Blackberry Playbook and Android-based Motorola Xoom).

SOLORI’s Take: The iPad2 represents a conservative update to the existing and wildly successful iPad (over 10M units in 2H 2010). Loyalist iPad users are early adopters, so it’s a no-brainer to predict that 3M iPad2′s will ship in H1/2011 to “iPad1″ owners. If it happens, that makes for a solid supply of discarded iPads over the next few months which can actually HELP Apple entrench – giving them an artificial low-end product due to upgrades. Given that there is zero reference to the original iPad on Apple’s site, it’s safe to say that when inventories are gone, iPad2 will be the only game for Apple.

The shortcoming for iPad2 over its Android contenders is physical standards. I mentioned the screen resolution as compared to Android Honeycomb standard, but the Blackberry Playbook comes in under both devices at 1024×600 (last year’s “unofficial” Android tablet standard). While the Playbook is lighter at 0.9 lbs, it’s also smaller (and 0.1″ thicker) – more of a challenger for Galaxy Tab than iPad. Most of the Tegra2 tablets have mini-USB (some have full-size USB) and offer either mini-HDMI or full-size HDMI ports – either on-board or through a docking port. It’s rumoured that Apple has locked-up the IPS display market, but at 1024×768, those opting for higher resolution may turn to Android competitors for more desktop real estate.

Besides matching iPad2 feature-for-feature, Tegra2 Android tablets represent a serious threat (technologically) to iPad2. Another issue is storage: nearly every Android comes with both removable and built-in memory options – something neither iPad or Blackberry offer. In a business world, the ability to quickly exchange data without using WiFi or 3G/4G is huge – especially where remote access applications are concerned. That makes iPad dependent on its wireless carriers and WiFi/hot-spots for data exchange (or docking/undocking to notebook, laptop, etc.) The removable memory feature also allows enterprises to purchase the low-end memory configuration and supplement them with third-party memory or require end-users to supply their own.

Where iPad2 has the biggest advantage is turn-key applications through Apple’s iTunes market, and this is something they’re pressing heavily in today’s marketing message. Forget the clever iPad2 cover, its applications that ultimately make the product valuable to business. If Apple can stay ahead here, enterprise will follow. Unfortunately, Apple may find its “hatred” for Adobe’s Flash a position that could erode its market faster than anything else. Flash could be the great equalizer (or market accelerator) for Android and Blackberry, allowing businesses to rely on web-apps instead of native ones… in the meantime, Google has the clout and growth rate to compel all but the staunchest of application vendors to play both sides of the split market.

h1

Quick-Take: Google Turns to Zynamics after recent Malware Proof

March 2, 2011

With enterprises eyeing mobile “smart” phones and tablets as the next wave of technology to improve worker productivity, responsiveness and presence, the recent infiltration of trojan malware into Google’s Android Market is likely to go unnoticed. However, the ramifications appear to be crystal clear to Google as they responded by quickly snatching-up German reverse engineering firm Zynamics. In a blog post yesterday, Zynamics’ CEO Thomas Dullien – aka Halvar Flake – simply stated:

We’re pleased to announce that zynamics has been acquired by Google! If you’re an existing customer and do not receive our email announcement within the next 48 hours, please contact us at info@zynamics.com. All press inquiries should be sent to press@google.com.

There is still no official press release from Google on the matter, however SecurityWeek and other sources have stated that Google has indeed confirmed the acquisition. It is unlikely that the timing of this announcement is unrelated to the recent Android Market fiasco or the “rumoured” Apple iPad2 launch supposedly to take place today at 10:00 AM PST.

An estimated 50,000-200,000 users downloaded tainted apps from Google Market before the items were pulled-off the site. Of course, Apple is not without its share of  problems in iPad. There was a major breach in June, 2010 resulting in at least 114,000 compromised iPad users including then Obama White House Chief of Staff Rahm Emanuel.  However, in the iPad case the breach came as a result of a direct attack on iPad vulnerabilities where the Android compromise attacked a weakness in Google’s Market policies – essentially taking a “trusted back door” approach.

Meanwhile, VMware has been on the road promoting it’s mobile virtualization platform with partner LG. In a hands-on video at the 2011 Mobile World Congress taken by Engadget, the VMware mobile hypervisor can be seen fronting two phones within a phone. While this approach can help to secure corporate data from infiltration of the “consumer” side of the schizophrenic cell phone, it cannot protect the phone from OS vulnerabilities (like the iPad Safari weakness) or authorized deployment vectors (like Google’s Market infiltration.) To protect assets from these kind of attacks, the use of mobile anti-virus and anti-malware will be imperative.

SOLORI’s Take: VMware’s type II hypervisor does enable corporate policy enforcement that would bee too “draconian” for most users to co-exist with their personal or mixed-use phone or tablet . While no official word from VMware has been given on when their mobile hypervisor will make the leap from phone to tablet, it’s not a huge leap given the software has already been shown on the Nexus One and LG Optimus Black.

Given that the LG Optimus is based on TI’s Omap 3630 and the Nexus One incorporates the older Qualcomm Snapdragon chipset, and both are based on ARM Cortex-A8 CPU core found in many Android and Apple iOS devices, VMware’s offering appears to be very mature. Also, it is only a type II hypervisor so it should be no time until we see it running on more current, mainstream devices running ARM Cortex-A9 CPUs used in Nvidia Tegra2-based devices like LG Optimus 2X, Motorola Altrix/4G & Xoom or the rumoured Apple A5 chip “destined” for iPad2 and iPhone 5 or even the new TI Omap 4430 that power the like of the Blackberry Playbook.

Can a type II hypervisor quell corporate America’s security concerns about information leakage and IP theft? Given the right deployment model, tools and resources it represents a step in the right direction. The jury’s still out to see how wireless sharing, two separate data plans and two anti-malware threads affect run-time on platforms that threaten the delicate balance of usability and battery life…

h1

Quick-Take: VMware View 4.6 and PCoIP Software Gateway

March 1, 2011

VMware View 4.6 has been released. Andre Leibovici has a nice summary of the PCoIP Software Gateway (PSG) functionality – new in 4.6 – that finally allows PCoIP to be negotiated without external VPN tunnels.

VMware View 4.6 has been just released and as everyone expected this release introduces support for external secure remote access with PCoIP, without requirement for a SSL VPN. This feature is also known as View Secure Gateway Server. VMware’s Mark Benson, in his blog article, does a very good job explaining why tunnelling PCoIP traffic through the Security Server using SSL was never a viable solution because VMware didn’t want to interfere with the advanced performance characteristics of the protocol.

Andre Leibovici – myvirtualcloud.net

Other enhancements in the 4.6 release include:

  • Enhanced USB device compatibility – View 4.6 supports USB redirection for syncing and managing iPhones and iPads with View desktops. This release also includes improvements for using USB scanners, and adds to the list of USB printers that you can use with thin clients. For more information, see the list of View Client resolved issues.
  • Keyboard mapping improvements – Many keyboard-related issues have been fixed. For more information, see the list of View Client resolved issues.
  • New timeout setting for SSO users – With the single-sign-on (SSO) feature, after users authenticate to View Connection Server, they are automatically logged in to their View desktop operating systems. This new timeout setting allows administrators to limit the number of minutes that the SSO feature is valid for.For example, if an administrator sets the time limit to 10 minutes, then 10 minutes after the user authenticates to View Connection Server, the automatic login ability expires. If the user then walks away from the desktop and it becomes inactive, when the user returns, the user is prompted for login credentials. For more information, see the VMware View Administration documentation.
  • VMware View 4.6 includes more than 160 bug fixes – For descriptions of selected resolved issues, see Resolved Issues.
  • Support for Microsoft Windows 7 SP1 operating systems

SOLORI’s Take: The addition of WAN-enabled PCoIP functionality takes VMware’s flagship desktop protocol to the next level. However, considerable tuning at the PCoIP desktop agent is necessary for most WAN configurations. The upside is the solution maintains PCoIP’s UDP basis without tunneling inside TCP.

Since PCoIP has always been AES encrypted by default, this is not really an issue of security but one of performance and delivery. Right-sizing the PCoIP payload for the intended WAN application will be challenging for most, so expect to see PSG use in campus-wide applications where security of PCoIP (UDP) has been difficult.

For a twist on PSG using Internet connections with dynamically assigned IP addresses, check-out Gabe’s Virtual World post – powershell included!

[updated to include links to VMware's View release notes, and link to Gabe's post.]

h1

Quick-Take: Merry Christmas and Happy Holidays

December 15, 2010

Merry Christmas and happy holidays from our family to yours! God has truly blessed us this year, and we’ve been privileged to share some of those blessings with you. Read the rest of this entry ?

h1

Quick-Take: Is Your Marriage a Happy One?

November 12, 2010

I came across a recent post by Chad Sakac (VP, VMware Alliance at EMC) discussing the issue of how vendors drive customer specifications down from broader goals to individual features or implementation sets (I’m sure VCE was not in mind at the time.) When it comes to vendors insist on framing the “client argument” in terms of specific features and proprietary approaches, I have to agree that Chad is spot on. Here’s why:

First, it helps when vendors move beyond the “simple thinking” of infrastructure elements as a grid of point solutions and more of an “organic marriage of tools” – often with overlapping qualities. Some marriages begin with specific goals, some develop them along the way and others change course drastically and without much warning. The rigidness of point approaches rarely accommodates growth beyond the set of assumptions that created the it in the first place. Likewise, the “laser focus” on specific features detracts from the overall goal: the present and future value of the solution.

When I married my wife, we both knew we wanted kids. Some of our friends married and “never” wanted kids, only to discover a child on the way and subsequent fulfillment through raising them. Still, others saw a bright future strained with incompatibility and the inevitable divorce. Such is the way with marriages.

Second, it takes vision to solve complex problems. Our church (Church of the Highlands in Birmingham, Alabama) takes a very cautious position on the union between souls: requiring that each new couple seeking a marriage give it the due consideration and compatibility testing necessary to have a real chance at a successful outcome. A lot of “problems” we would encounter were identified before we were married, and when they finally popped-up we knew how to identify and deal with them properly.

Couples that see “counseling” as too obtrusive (or unnecessary) have other options. While the initial investment of money are often equivalent, the return on investment is not so certain. Uncovering incompatibilities “after the sale” provides for difficult and too often a doomed outcome (hence, 50% divorce rate.)

This same drama plays out in IT infrastructures where equally elaborate plans, goals and unexpected changes abound. You date (prospecting and trials), you marry (close) and are either fruitful (happy client), disappointed (unfulfilled promises) or divorce. Often, it’s not the plan that failed but the failure to set/manage expectations and address problems that causes the split.

Our pastor could not promise that our marriage would last forever: our success is left to God and the two of us. But he did help us to make decisions that would give us a chance at a fruitful union. Likewise, no vendor can promise a flawless outcome (if they do, get a second opinion), but they can (and should) provide the necessary foundation for a successful marriage of the technology to the business problem.

Third, the value of good advice is not always obvious and never comes without risk. My wife and I were somewhat hesitant on counseling before marriage because we were “in love” and were happy to be blind to the “problems” we might face. Our church made it easy for us: no counseling, no marriage. Businesses can choose to plot a similar course for their clients with respect to their products (especially the complex ones): discuss the potential problems with the solution BEFORE the sale or there is no sale. Sometimes this takes a lot of guts – especially when the competition takes the route of oversimplification. Too often IT sales see identifying initial problems (with their own approach) as too high a risk and too great an obstacle to the sale.

Ultimately, when you give due consideration to the needs of the marriage, you have more options and are better equipped to handle the inevitable trials you will face. Whether it’s an unexpected child on the way, or an unexpected up-tick in storage growth, having the tools in-hand to deal with the problem lessens its severity. The point is, being prepared is better than the assumption of perfection.

Finally, the focus has to be what YOUR SOLUTION can bring to the table: not how you think your competition will come-up short. In Chad’s story, he’s identified vendors disqualifying one another’s solutions based on their (institutional) belief (or disbelief) in a particular feature or value proposition. That’s all hollow marketing and puffery to me, and I agree completely with his conclusion: vendors need to concentrate on how their solution(s) provide present and future value to the customer and refrain from the “art” of narrowly framing their competitors.

Features don’t solve problems: the people using them do. The presence (or absence) of a feature simply changes the approach (i.e. the fallacy of feature parity). As Chad said, it’s the TOTALITY of the approach that derives value – and that goes way beyond individual features and products. It’s clear to me that a lot of counseling takes place between Sakac’s EMC team and their clients to reach those results. Great job, Chad, you’ve set a great example for your team!

h1

Quick-Take: ZFS and Early Disk Failure

September 17, 2010

Anyone who’s discussed storage with me knows that I “hate” desktop drives in storage arrays. When using SAS disks as a standard, that’s typically a non-issue because there’s not typically a distinction between “desktop” and “server” disks in the SAS world. Therefore, you know I’m talking about the other “S” word – SATA. Here’s a tale of SATA woe that I’ve seen repeatedly cause problems for inexperienced ZFS’ers out there…

When volumes fail in ZFS, the “final” indicator is data corruption. Fortunately, ZFS checksums recognize corrupted data and can take action to correct and report the problem. But that’s like treating cancer only after you’ve experienced the symptoms. In fact, the failing disk will likely begin to “under-perform” well before actual “hard” errors show-up as read, write or checksum errors in the ZFS pool. Depending on the reason for “under-performing” this can affect the performance of any controller, pool or enclosure that contains the disk.

Wait – did he say enclosure? Sure. Just like a bad NIC chattering on a loaded network, a bad SATA device can occupy enough of the available service time for a controller or SAS bus (i.e. JBOD enclosure) to make a noticeable performance drop in otherwise “unrelated” ZFS pools. Hence, detection of such events is an important thing. Here’s an example of an old WD SATA disk failing as viewed from the NexentaStor “Data Sets” GUI:

Disk Statistics showing failing drive

Something is wrong with device c5t84d0...

Device c5t84d0 is having some serious problems. Busy time is 7x higher than counterparts, and its average service time is 14x higher. As a member of a RAIDz group, the entire group is being held-back by this “under-performing” member. From this snapshot, it appears that NexentaStor is giving us some good information about the disk from the “web GUI” but this assumption would not be correct. In fact, the “web GUI” is only reporting “real time” data so long as the disk is under load. In the case of a lightly loaded zpool, the statistics may not even be reported.

However, from the command shell, historic and real-time access to per-device performance is available. The output of “iostat -exn” shows the count of all errors for devices since the last time counters were reset, and average I/O loads for each:

Device statistics from 'iostat' show error and I/O history.

Device statistics from 'iostat' show error and I/O history.

The output of iostat clearly shows this disk has serious hardware problems. It indicates hardware errors as well as transmission errors for the device recognized as ‘c5t84d0′ and the I/O statistics – chiefly read, write and average service time – implicate this disk as a performance problem for the associated RAIDz group. So, if the device is really failing, shouldn’t there be a log report of such an event? Yes, and here’s a snip from the message log showing the error:

SCSI error with ioc_status=0x8048 reported in /var/log/messages

SCSI error with ioc_status=0x8048 reported in /var/log/messages for failing device.

However, in this case, the log is not “full” with messages of this sort. In fact, it only showed-up under the stress of an iozone benchmark (run from the NexentaStor ‘nmc’ console). I can (somewhat safely) conclude this to be a device failure since at least one other disk in this group is of the same make, model and firmware revision of the culprit. The interesting aspect about this “failure” is that it does not result in a read, write or checksum error for the associated zpool. Why? Because the device is only loosely coupled to the zpool as a constituent leaf device, and it also implies that the device errors were recoverable by either the drive or the device driver (mapping around a bad/hard error.)

Since these problems are being resolved at the device layer, the ZFS pool is “unaware” of the problem as you can see from the output of ‘zpool status’ for this volume:

zpool status output for pool with undetected failing device

Problems with disk device as yet undetected at the zpool layer.

This doesn’t mean that the “consumers” of the zpool’s resources are “unaware” of the problem, as the disk error has manifested itself in the zpool as higher delays, lower I/O through-put and subsequently less pool bandwidth. In short, if the error is persistent under load, the drive has a correctable but catastrophic (to performance) problem and will need to be replaced. If, however, the error goes away, it is possible that the device driver has suitably corrected for the problem and the drive can stay in place.

SOLORI’s Take: How do we know if the drive needs to be replaced? Time will establish an error rate. In short, running the benchmark again and watching the error counters for the device will determine if the problem persists. Eventually, the errors will either go away or they wont. For me, I’m hoping that the disk fails to give me an excuse to replace the whole pool with a new set of SATA “eco/green” disks for more lab play. Stay tuned…

SOLORI’s Take: In all of its flavors, 1.5Gbps, 3Gbps and 6Gbps, I find SATA drives inferior to “similarly” spec’d SAS for just about everything. In my experience, the worst SAS drives I’ve ever used have been more reliable than most of the SATA drives I’ve used. That doesn’t mean there are “no” good SATA drives, but it means that you really need to work within tighter boundaries when mixing vendors and models in SATA arrays. On top of that, the additional drive port and better typical sustained performance make SAS a clear winner over SATA (IMHO). The big exception to the rule is economy – especially where disk arrays are used for on-line backup – but that’s another discussion…

h1

Quick-Take: NexentaStor AD Shares in 100% Virtual SMB

July 19, 2010

Here’s a maintenance note for SMB environments attempting 100% virtualization and relying on SAN-based file shares to simplify backup and storage management: beware the chicken-and-egg scenario on restart before going home to capture much needed Zzz’s. If your domain controller is virtualized and it’s VMDK file lives on SAN/NAS, you’ll need to restart SMB services on the NexentaStor appliance before leaving the building.

Here’s the scenario:

  1. An afterhours SAN upgrade in non-HA environment (maybe Auto-CDP for BC/DR, but no active fail-over);
  2. Shutdown of SAN requires shutdown of all dependent VM’s, including domain controllers (AD);
  3. End-user and/or maintenance plans are dependent on CIFS shares from SAN;
  4. Authentication of CIFS shares on NexentaStor is AD-based;

Here’s the typical maintenance plan (detail omitted):

  1. Ordered shutdown of non-critical VM’s (including UpdateManager, vMA, etc.);
  2. Ordered shutdown of application VM’s;
  3. Ordered shutdown of resource VM’s;
  4. Ordered shutdown of AD server VM’s (minus one, see step 7);
  5. Migrate/vMotion remaining AD server and vCenter to a single ESX host;
  6. Ordered shutdown of ESX hosts (minus one, see step 8);
  7. vSphere Client: Log-out of vCenter;
  8. vSphere Client: Log-in to remaining ESX host;
  9. Ordered shutdown of vCenter;
  10. Ordered shutdown of remaining AD server;
  11. Ordered shutdown of remaining ESX host;
  12. Update SAN;
  13. Reboot SAN to update checkpoint;
  14. Test SAN update – restoring previous checkpoint if necessary;
  15. Power-on ESX host containing vCenter and AD server (see step 8);
  16. vSphere Client: Log-in to remaining ESX host;
  17. Power-on AD server (through to VMware Tools OK);
  18. Restart SMB service on NexentaStor;
  19. Power-on vCenter;
  20. vSphere Client: Log-in to vCenter;
  21. vSphere Client: Log-out of ESX host;
  22. Power-on remaining ESX hosts;
  23. Ordered power-on of remaining VM’s;

A couple of things to note in an AD environment:

  1. NexnetaStor requires the use of AD-based DNS for AD integration;
  2. AD-based DNS will not be available at SAN re-boot if all DNS servers are virtual and only one SAN is involved;
  3. Lack of DNS resolution on re-boot will cause a failure for DNS name based NTP service synchronization;
  4. NexentaStor SMB service will fail to properly initialize AD credentials;
  5. VMware 4.1 now pushes AD authentication all the way to ESX hosts, enabling better credential management and security but creating a potential AD dependency as well;
  6. Using auto-startup order on the remaining ESX host for AD and vCenter could automate the process (steps 17 & 19), however, I prefer the “manual” approach after a SAN upgrade in case the upgrade failure is detected only after ESX host is restarted (i.e. storage service interaction in NFS/iSCSI after upgrade).

SOLORI’s Take: This is a great opportunity to re-think storage resources in the SMB as the linchpin to 100% virtualization.  Since most SMB’s will have a tier-2 or backup NAS/SAN (auto-sync or auto-CDP) for off-rack backup, leveraging a shared LUN/volume from that SAN/NAS for a backup domain controller is a smart move. Since tier-2 SAN’s may not have the IOPs to run ALL mission critical applications during the maintenance interval, the presence of at least one valid AD server will promote a quicker RTO, post-maintenance, than coming up cold. [This even works with DAS on the ESX host]. Solution – add the following and you can ignore step 15:

3a. Migrate always-on AD server to LUN/volume on tier-2 SAN/NAS;

24. Migrate always-on AD server from LUN/volume on tier-2 SAN/NAS back to tier-1;

Since even vSphere Essentials Plus has vMotion now (a much requested and timely addition) collapsing all remaining VM’s to a single ESX host is a no brainer. However, migrating the storage is another issue which cannot be resolved without either a shutdown of the VM (off-line storage migration) or Enterprise/Enterprise Plus version of vSphere. That is why the migration of the AD server from tier-2 is reserved for last (step 17) – it will likely need to be shutdown to migrate the storage between SAN/NAS appliances.

h1

Quick Take: Q1 DRAM Price Follow-up, 8GB DDR3 Below Target

March 3, 2010

In September 2009 we predicted that average 8GB DIMM prices (DDR2 and DDR3) would reach $565/stick by year end (with DDR3 being higher than DDR2) and at now we’re seeing the reversal of fortunes for DDR2. At year end, the average price for benchmark DDR2/DDR3 was $591 retail, with promotional pricing pushing that below$550 as predicted. Today, we’re seeing DDR3 begin to overtake DDR2 in the 8GB ECC category, dropping below $510/stick, while DDR2 climbs to $550/stick (promotional, on $625/stick retail.)

In 4GB ECC configurations, DDR2 enjoys only a slight retail advantage (13%) while promotional pricing (likely due to inventory reduction initiatives) are providing a bit better value short term. However, the price gap is only 1/2 the power gap, with DDR3 delivering a greater than 35% reduction in power over its DDR2 equivalent (about $1.25/year/stick at $0.10/kWh). The honeymoon is almost over for DDR2.

Benchmark Server (Spot) Memory Pricing – Dual Rank DDR2 Only
DDR2 Reg. ECC Series (1.8V) Price Jun ’09 Price Sep ’09 Price Dec ’09 Price Mar ’10

KVR800D2D4P6/4G
4GB 800MHz DDR2 ECC Reg with Parity CL6 DIMM Dual Rank, x4
(5.400W operating)
$100.00 $117.00
up 17%
$140.70
up 23% promo
$128.90

($151 retail)

KVR667D2D4P5/4G
4GB 667MHz DDR2 ECC Reg with Parity CL5 DIMM Dual Rank, x4 (5.940W operating)
$80.00 $103.00
up 29%
$97.99
down 5%
$128.74

($149 retail)

KVR667D2D4P5/8G
8GB 667MHz DDR2 ECC Reg with Parity CL5 DIMM Dual Rank, x4 (7.236W operating)
$396.00 $433.00 $433.00 (promo) $550.00
(Promo price, retail $625)
Benchmark Server (Spot) Memory Pricing – Dual Rank DDR3 Only
DDR3 Reg. ECC Series (1.5V) Price Jun ’09 Price Sep ’09 Price Dec ’09 Price Mar ’10

KVR1333D3D4R9S/4G
4GB 1333MHz DDR3 ECC Reg w/Parity CL9 DIMM Dual Rank, x4 w/Therm Sen (3.960W operating)
$138.00 $151.00
up 10%
$135.99
down 10%

$150.74

($170 retail)

KVR1066D3D4R7S/4G
4GB 1066MHz DDR3 ECC Reg w/Parity CL7 DIMM Dual Rank, x4 w/Therm Sen (5.085W operating)
$132.00 $151.00
up 15%
$137.59
down 9% (promo)
$150.74
($170 retail)

KVR1066D3D4R7S/8G
8GB 1066MHz DDR3 ECC Reg w/Parity CL7 DIMM Dual Rank, x4 w/Therm Sen (4.110W operating)
$1035.00 $917.00 down 11.5% $667.00
down 28%
$506.59

(retail $584, avail. 3/15)

KVR1333D3D4R9S/8GHA
8GB 1333MHz DDR3 ECC Reg CL9 DIMM 2R x4 w/TS Server Hynix A (4.635W operating)
$584.00

SOLORI’s Take: With strong DDR3 demand and short-falls in DDR2 supply (according to DRAMeXchange), the only thing keeping DDR3 prices above DDR2 at this point is demand and inventory. As Q2/2010 introduces a rush of new workstation and server products based on DDR3 systems, the DRAM production ramp will eventually stabilize demand somewhere towards the end of Q3/2010. Meanwhile, technology companies like VMware, Microsoft, Intel and AMD are betting on new infrastructure spending on operating systems, virtualization and hardware refresh to drive-up economic market factors. If the global economic crisis deepens, this anticipated spending spree could be short-lived and its impact shallow.

Follow

Get every new post delivered to your Inbox.

Join 48 other followers