Data Center Strategies

Greetings from Catalyst 2008 in San Diego. For those of you not in attendance, I wanted to take a moment to summarize the virtualization track's highlights. My summary follows the Catalyst format of rapid fire content, so if you have follow-up questions, please post them as a comment to this post.

Morning Keynote - Server Virtualization: What a Difference a Year Makes

In the morning keynote, I summarized Burton Group's thoughts on the direction of virtualization. I applauded the progress made in the industry, but spent the majority of the presentation highlighting the work that still remains. This includes:

• Software licensing and support clarity and feasibility for the virtualized dynamic data center. The pressure you're putting on vendors by leveraging RFPs to compel them to support virtualization is making a huge difference. Keep it up!
• Virtualization allows high availability (HA) to be extended to all applications, not just those that are cluster-aware. While this is great, we can do better. It's time to rethink traditional HA architectures to include policy-driven application response. I'd like to see VM tool integration to include application monitoring components that can be passed down to the hypervisor's native HA or to a third party orchestration tool.
• Today's existing security models are not practical nor are they scalable for virtual environments. VMware's VMsafe is a good start, but I'd like to see a industry standard driven by the DMTF that would ease the burden of security ISVs having to develop products to support a myriad of different hypervisors.
• There's no reason to have multiple virtual hard disk formats. Vendors have collaborated on CIM standards for virtualization, and open virtualization format (OVF) is on the cusp on mainstream adoption by many virtualization vendors. It's now time to settle on a single virtual disk format. This would remove the vendor lock-in concerns of many organizations as well as simplify the distribution of virtual machine appliances.
• All vendors in the desktop space have to be thinking about virtual desktops. Microsoft already won the traditional desktop game and is running out the clock. We're on the cusp of a new generation of desktop delivery and opportunities exist for assertive, innovative vendors to leave their mark.
• Raw storage (connecting VMs directly to LUNs) improves VM performance, provides better integration with storage and data management solutions, and prevents vendor lock-in. If you're not using raw storage in any capacity for your virtual environments, you should be asking yourself "Why not?" Sure, virtual hard disk files are nice, but even in VMware environments I can create a snapshot of a LUN presented as a raw device map in virtual compatibility mode and write the snapshot as a new .vmdk virtual disk file. So it's possible to have the best of both worlds.

Software Licensing for Virtual Environments: Vendor Roundtable

This vendor panel included the following representatives:

• CiRBA: Andrew Hillier - CTO
• Computer Associates: Edward Marootian, Jr. - VP, Product Management and Strategy Platform Services
• Microsoft: Edwin Yuen - Senior Product Manager
• VMware: Parag Patel - VP of Alliances, ISVs and Storage Ecosystem

As fate would have it, the setup crew placed one extra chair on stage. I couldn't resist the opportunity, so I stated that the chair belonged to a man named Mr. O'Racle who was invited to participate in the discussion but declined. The conversation was quite productive, with all vendors agreeing that organizations needed choices of licensing, with models that are applicable to virtual instances. Also, all vendors agreed that clarity in support agreements was needed. It's not enough to say "we support virtualization." Support incidents that require a V2P migration should be clearly defined. Also, to my delight Microsoft's Edwin Yuen noted that Microsoft has listened to feedback from the user community and is actively working toward clarifying product licensing so that issues such as VM mobility restrictions no longer remain. I understand that changes to licensing policy are very complex, and the fact that Microsoft is responding to feedback regarding problems with product licensing is very encouraging. My hope is that within a few months we'll no longer even need to have this discussion.

New Trends in High Availability for Virtual Environments (Richard Jones)

Richard added further clarity to my keynote message of solving IT problems in different ways, including high availability. We don't need to continue to use legacy HA architectures when we can improve high availability by leveraging orchestration tools to monitor application state and automate the response (e.g., restart application, restart VM on the same host, restart the VM on a different host) to application failures. This is far superior to treating a VM and its installed applications as a "black box." Highlights:

• Don't take HA at face value. Under the hood, virtualization vendor HA architectures are vastly different. Those that offer a fan-out failover cluster architecture  have a significant edge up over vendors without such solutions. To validate fan-out failover, you should evaluate virtualization HA solutions using at least 3 physical nodes. If you unplug node 1 and all VMs first try and start on node 2, then you don't have a solution that incorporates fan-out failover. In a fan-out failover solution, node 1's VMs would fail over and restart on the remaining nodes (2 and 3, for example).
• For cluster sizing, six nodes continues to be the sweet spot, but Richard expects that number to incrementally rise as cluster technology for virtual environments improves.
• For CPU-bound applications running in VMs, limit the number of virtual CPUs (vCPUs) to <= the number of physical CPU (pCPU) cores. This reduces the load on hypervisor CPU scheduling.
• HA architectures for Xen-based platforms continues to lag VMware HA in terms of feature-set
• SteelEye and Veritas Cluster provide good third party alternatives and application awareness for clustering virtual machines
• Forthcoming future trends include:
• Broader failure mode monitoring and response (VM's will no longer be treated as black boxes)
• Brach office failover solutions that do not require a SAN (e.g., Stratus Avance, Marathon FT, Lefthand VSA)
• Automated business continuity response (vendors with such solutions today include VMware Site Recovery Manager and Symantec Veritas global/wide area cluster)

The Real Security Risks of Virtual Data Centers (Alessandro Perilli)

Alessandro did an excellent job breaking down security myths as well as threats to the virtual data center. Highlights:

• Be wary of the VMware recommendation of the DMZ in a box architecture. If you haven't seen it, take a look at page 6 of the DMZ Virtualization with VMware Infrastructure white paper. Alessandro noted that software isolation has not reached a point where it can be fully trusted, and thus physical isolation of security zones is required. His points, mirrored Burton Group's reference architecture virtualization template, so I could not agree more with his assessment.
• Any software can be compromised, including the hypervisor. Alessandro pointed out that VMware has issued over 60 patches this year alone. If you think that number is surprising, go here and take a look. Select your ESX server version from the drop-down menu, click Go, and you'll see the results. To be fair, many of the ESX patches are for the Red Hat Enterprise Linux-based ESX console. If you do a similar search on ESXi 3.5 (the embedded hypervisor), only five patches have been issued this year.
• Alessandro discussed the threat of VMM guest hopping and pointed to a Google study as a proof of concept.
• Be wary of attack avenues against a hypervisor based on the hypervisor's APIs (e.g. VMsafe).
• Bottom line - do not blindly trust virtualization and look to port existing security practices to your virtual environment.

Virtual Desktops: Ready for Mainstream Adoption (Simon Crosby)

Simon hammered away on the Citrix message that separation of applications from operating systems, data center workloads from servers, and desktops from PCs was key to virtualized desktop delivery. He also noted that single instance storage was key to virtual desktop scalability and feasibility on an enterprise scale. I agree. Even at a modest 4GB per virtual desktop image, if you consider 2,000 desktops you would need 8TB of storage. Separation and runtime insertion of applications will clearly play a large role in the future virtual desktop, and Crosby was quick to highlight Citrix's position in this area. When asked about a hypervisor for the physical desktop, Crosby indicated that such a solution was not something Citrix would have in the near future. To me, the desktop hypervisor is important, as it would allow the mobile user to maintain separate and secure work and personal environments. I see the desktop hypervisor as a long term requirement of virtual desktop infrastructures as it will be warranted by some use cases.

Simon naturally was pushing the Xen architecture is his usually subtle ways, but not all Citrix customers have been ready to run Citrix XenDesktop on XenServer. In fact, one of the Citrix XenDesktop customers highlighted at the recent Citrix Synergy conference was running XenDesktop on VMware Virtual Infrastructure 3. Still, there's no doubt that XenServer development is coming along quickly and I agree with Simon's assessment that booting thousands of desktop VMs from a single shared VM instance (with a user's applications and profile injected at runtime) is the right architecture. As XenDesktop matures, VMware is going to need a similar delivery model in order to remain competitive. VMware Server has supported linked cloning for years, which could provide a similar type of service. So it's not out of the question for us to expect to see a similar architecture in ESX environments at some point. Still, when linking virtual disk images to support a large VDI environment, VMware is going to have to show us some very good scalability numbers for such an architecture to be considered enterprise-ready. On the other hand, leveraging single instance storage features in the array, such as with a Network Appliance filer, is something you can do already for both VMware and Citrix virtual desktop environments today. The simplicity of managing virtual desktops, user profiles, and desktop applications is ultimately going to determine who wins the virtual desktop war. Citrix has shown specific examples of how they make this all possible. It's time for VMware to do the same. VMware, please don't just point out the individual components of your VDI architecture. Show us how you can go head-to-head with Citrix with regards to application management and lowering the cost of ownership for managing desktop operating systems. Citrix has shown us an end-to-end solution for desktops, applications, and user profiles. Many Burton Group clients are considering deploying virtual desktops on a large scale and are eager to see how VMware helps them to address "the big picture." VMware - Simon Crosby just lobbed a heavy virtual desktop volley in your direction. What's your response?

Posted by: Chris Wolf