I was at VMWorld last week. Unfortunately, my network connectivity was limited so I was unable to post my notes during the conference.
Keynote – Diane Green / President and CEO of VMWare
The most interesting part of the keynote for me was the introduction of ESX Server 3i. The existing ESX Server has a 2 GB footprint. ESX Server 3i has a footprint of 32MB which can be embedded in flash memory by hardware manufacturers. Virtual Center will also be fed hardware status information including CPU, Power and temperature information. The chief marketing officer for Dell, Mark Jarvis, came on stage to demonstrate 3i on some new hardware Dell plans on shipping in November. Other vendors announcing support for 3i include Dell, IBM, HP, Fujitsu / Siemans and NEC.
Other announcements included disaster recovery and desktop consolidation products.
Keynote – Pat Gelsinger, Sr. VP and General Manager, Digital Enterprise Group, Intel
Virtualization is disaggregating the OS. It breaks the 1 to 1 relationship between the operating system and hardware.
Intel is viewing support for virtualization in 4 areas:
- Processors- VT-x / VT-i architecture
- Core Platform – Intel VT for directed IO
- Networking & Storage – Intel VT for Connectivity
VMDq Network Architecture: Allows hardware to queue packets per virtual machine (instead of ESX figuring it out) which should improve network throughput.
Keynote– Hector de J. Ruiz, PhD, Chairman and CEO, AMD
Barcelona quad core architecture was released the prior day. In addition, includes better support for virtualization, especially VMotion.
AMD Senior Fellow Leendert Van Doorn can on stage to discuss the architecture in more detail.
Virtual Center Administration: Top Ten
1. Overview of Virtual Center Architecture
2. Virtual Center Updates
All updates are full releases
Basic procedure: Shutdown virtual center, backup database, apply update
When Virtual Center is updated, the Virtual Center agent is pushed out to each ESX Server. For this to succeed, the directory /tmp/vmware-root directly must exist. Unfortunately, there is a cron job that will remove the directory. There is a script,
CreateTmpDirs.vbs, that will create these directories but the script will only work it ssh root access is enabled.
3. What is new in Virtual Center 2
2 patch / maintenance release in past year.
- Came out in February, build #40644
- Improve statistics with rolling process (TempDB growth issue)
- Server recovery options
- License directory instead of 1 file
- Came out in July, build #50618
- Support SQL Server 2005 SP2
- Installer enhancements with better database advisor
- Alarm on VM heartbeat
- Performance improvements
4. Virtualizing Virtual Center
VC can be run in a VM and is fully supported.
Since license server usually runs in VC, need to get a host based license for ESX server running VC.
Database should be kept in a seperate VM or physical center
5. Virtual Center Availability
Run VMWare HA, VC in a VM
MS Clustered Server
Note: VC will shutdown on DB connectivity issues
Prior to 2.0.1 patch 2, VC reported a non-error exit code when shutting down so service control manager thought it was an expected shutdown.
6. Virtual Center Database
DB schema is often modified with VC updates
A DB restart will require a VC restart
Statistics collection level can be set to 1-4. Default is 1. Do not run more than 2
New sizing calculator available
Recovery mode should be set to simple if not backing up transaction logs
7. Virtual Center Diagnostics
Look up slides from last year VMWorld on VC diagnostics
VC log files found in c:\windows\temp
8. Understand VMotion CPU compatibility
9. VC-Support Scripts
Used when contacting tech support — zips up various system configuration and log files for sending to support
May want to run on a regularly scheduled basis to track trends.
10. Common VC Support Issues
Administrator lockout (can disable authorization checks temporarily)
VI3 Resource Management and DRS – Performance Use Cases
Aravind Pavuluri, VMWare
Chirag Bhatt, VMWare
DRS – Distributed Resource Scheduler
A VM will only start if its reservations can be guaranteed (CPU, memory, etc.)
Reservations – Minimum requirements
Limits – Maximum usageShares – Allow VMs to compete for resource pools.
RM – Resource Manager (single host)
Better performance generally occurs with reservations
If no resource pools are specified, the default pool is used
Internal memory swapping – avoid if possible. 2 types of swapping, within the guest and at the ESX server
Memory balooning – requires VMWare tools be installed in guest OS. Will swap out guest memory which is not in use when ESX server needs additional memory.
Performance Benchmarking in Virtual Environments
Hemant Guidhani, Technical Marketing Manager, VM Ware
- Physical to virtual comparisons but settings are not comparable
- Using different virtual products (VMWare server vs ESX server)
- Standard benchmarking guidelines still apply
- No tuning should be required for VI3 (ESX should be optimal out of the box)
- Virtual overhead depends on work loads
- Always use release or GA builds
- Use hardware on the compatibility list
- When benchmarking specific components, make sure other system resources are not constrained
- Install latest version of VM Tools
- Disable unused components
- Set minimum reservation to the working set of the application
- Do not disable memory ballooning or page sharing
- Set appropriate caching and IO policy (Read & write cache. Write back and NOT write through policy)
- Create virtual disk from Virtual Center to ensure disk is aligned
- Use vmxnet network adaptor from VMWare tools for network performance
- Use esxtop to monitor VM / ESX interactions
IT Service Management – A technical overview
Eddue Dinel, Product Manager, VMWare
As a system progresses through the SDLC process:
- Lots of copies of the system in development (Lab Manager)
- Fewer copies in staging and other pre-production environments
- Single system in production
- Optimized for high churn environment
- All copies of VM in lab manager are linked clones (not full copies)
- Network fencing – can duplicate IP addresses, machine names, etc.
- Product in development to support pre-production environment
- Work on servers as a group (as a system, not individual VMs)
- Access control
- Integrate workflow
- Service operations: start, stop, clone, promote, demote, archive
Design Implementation and Management of Computing Security Lab Environment
Brian Hag, University of Alaska, Fairbanks
I had hoped that this would be a discussion of how to study real world security exploits in a safe environment. Instead it ended up being about a lab where students could learn how to scan systems, sniff traffic and look for vulnerabilities in their own projects.