vCENTER RELEASES MULTI-HYPERVISOR MANAGER 1.0

vQuicky – For the impatient like me..

>Vmware introduces multi-hypervisor support in vCenter

> This allows one to manage multiple hypervisors using vCenter

> Currently only Hyper-V 2008/2008 R2 is supported with hope of support in the future for KVM, Citrix XEN server and even OpenStack.

> The manager allows you to add, remove connect, disconnect and view host configuration.

> You can even provision new virtual machines on the hosts and edit the vm settings.

> It is fully supported and available for download – link below.

inDepth – 

Vmware on 19th of this month, released the vCenter Multi-hypervisor manager. As you can guess – with this one can use vCenter to manage multiple hypervisors from other vendors such as HyperV, KVM, Citrix XEN server and who knows may be even Openstack.

Currently it only supports HyperV but this is a 1.0 version and is a start in that direction. It only supports Hyper-V severs 2008 and Hyper-V servers 2008 R2. So I haven’t been able to download and try it. But if you want to just click here and scroll all the way down and download the server and the client.

From the release notes I picked up some of the features that it will be capable of.

>Management of non-esxi hosts with the ability to provision vms.

> Edit vm settings and also install guest OS’es on the vms.

> It can also integrate vcenter’s authorization mechanism across ESXi and non-ESXi hosts.

For now this seems pretty basic of what vmware can do and I am sure Openstack folks will not find it cool considering Openstack can manage other hypervisors. However this is a great start for vmware. This will allow any firm to mix multiple hypervisors and be able to offer customers the same level of service while having a single pane of glass management layer.

Also note that this is not available via the web client and is supported online the the vcenter client 5.1

Below is what the release notes says about its features –

  • Third-party host management including add, remove, connect, disconnect and view the host configuration.
  • Ability to provision virtual machines on third-party hosts.
  • Ability to edit virtual machine settings.
  • Integrated vCenter Server authorization mechanism across ESX and third-party hosts inventories for privileges, roles, and users.
  • Automatic discovery of pre-existing third-party virtual machines
  • Ability to perform power operations with hosts and virtual machines.
  • Ability to connect and disconnect DVD, CD-ROM, and floppy drives and images to install operating systems.

Security is taken care of by HTTPS communications.

A REVERSE PROXY THAT DOES THE JOB!

vQuicky – For the impatient like me

> Double cloud proxy is the fastest reverse proxy to work with

> It is simple to run and does not need to be installed or anything.

> It is simple to implement and capture api data

inDepth

So we were running into some issues with an application using vcenter via the vcenter APIs. Now we were unsure about the issue and needed a reverse proxy that can spit out all the api calls going back and forth from the application to the vcenter API.

Now before I say more – having vcenter set to trivial logging will give you all the info needed but thats a lot of lines to go through in the logs and the logs can grow beyond a decent size very easily. You can also use onyx, but I had no experience with it.

Doublecloud to the rescue. Doublecloud proxy is a java based application written by Steve Jin and it can’t get any better than this. This not only captures all the api calls in soap but also can spit out java code – how cool is that. It also has python code in the works – basically spitting out python code for a call.

Its super easy to run this. Simple download the java program and make sure you have java installed on your system. Once done just doubleclick the proxy jar file. You will a gui as follows.

Click play, and it shows the following dialog box. Fill in the dns name or ip for the vcenter and leave the port mappings as default.

Once you are done, use your vmware client or what ever application that wants to connect to vcenter and use the proxy’s ip and your regular vcenter id and password to connect to it. For instance if doublecloud proxy is run on your computer then the vmware client should connect to localhost on port 1545 with your regular login id and password.

Below is what you will see in the doubleproxy cloud gui while vmware client is connected the vcenter.

Once you have all the info here – you can save it to a file as well.

More info – http://www.doublecloud.org/doublecloud-proxy/

vCENTER 5.1 VUM NOTES

vQuicky – For the impatient like me

> No webclient support for plugin installs especially vmware update manager.

> Need to use vsphere client to update your hosts

> Don’t forget to check if your hosts are able to resolve to the vum/vcenter server using the dns or else scanning of hosts will fail

inDepth

Over the weekend I spent time rebuilding my lab. My lab has servers running on usb sticks @ ESXi 5.0 . I needed them to be on 5.1 but really didn’t want to rekick these boxes.

The only right way to do it was to rebuild my vcenter part of the lab from 5.0 to 5.1. Now the way to do that was to blow away what I have right now and do a proper upgrade because with 5.1 – the Single Sign On has been introduced. Now I can cheat by doing a vcenter simple install – basically an all in one vcenter instance but I wanted to mimic a typical production environment.

So I rolled out 4 vms – a webclient, a SSO, a Inventory service and a vCenter server which also had VUM installed.

The order of installation is SSO first, then comes the inventory service followed by the webclient and then the vcenter server. Once the install is done, you login to the webclient using the [email protected] default id and add the domain in the SSO configuration part. Once done you can login as a domain user and mess around with your vcenter.  Also don’t forget, if you look closely by default, [email protected] has admin access to the vcenter. In a production environment, you may not want this. Again its not a big deal but really, you typically don’t want any stale accounts be granted the admin role when not needed.

I had to login to the vcenter client and get the plugin installed and start to patch my two hosts. Now patch failed at the initial scan. I forgot to update the hosts with the right dns entries so they can lookup the vum server to pull the downloads. After a quick dns update all worked well.

Hopefully I will have a demo going for you in a video.

Feel free to comment or correct me 🙂

 

MY LAB AND VCENTER UPGRADE

So I blew it, I tried upgrading vcenter but found it was easier for me to just uninstall the vcenter 5.0 and reinstall it with vcenter 5.1

However I underestimated the processes. I had to install vcenter SSO service first, then vcenter inventory service and finally the vcenter server. I do not recall that there was this dependency with 5.0 but its clear that in 5.1 we need those.
It just surprised me. It just threw an error if it should overwrite the vcenter server thats already registered with the current inventory service from the 5.0 version, I chose yes.
What I would ideally like is independent boxes doing one thing only. As in a separate machine doing db and separate vcenter, sso and inventory service boxes. I run two Dell T110 boxes and one AMD box that I built.
I might have to order more ram to max them to be able to support all my desires.
On a second thought, wanting to run nested vmware over OpenStack. Get a taste of both worlds!
More as I know it. How does your lab look?

VIRTUAL NETWORKING WITH VMWARE VXLAN

Very few I have talked to heard about VXLan so here is a post. I will do my best to cover most of the info.

vQuicky – For the impatient like me

> VXLAN – Virtual eXtensible Local Area Network

> VXLAN is a way to move towards Network Virtualization

> VXLAN is an Mac-over-ip based methodology/protocol

> VXLAN is an attempt to solve the datacenter problems of 4095 vlans or 4095 mac address limits in top of the rack switches (TOR switches)

> VXLAN is a way to float “virtual domains” called VNI (VXLAN Network Identifier) over current hardware and network layers (Layer 2 and layer 3)

> Only VMs with in the same VXLAN segment can talk to each other.

> The VNI is a 24 bit segment id which allows for 16 million VXLAN segment ids in a single administrative domain.

>  The VNI is a outer header address with the inner MAC address of the VM

> VXLAN can also be considered similar to a L2 tunneling over L3 however it is stateless

> VTEP – VXLAN Tunnel End Point is where the VXLAN packet terminates and is within the hypervisor that houses the VM

>  VTEP’s can also be a VXLAN aware physical server or even a physical switch.

> VXLAN’s currently don’t take security into account as of today but its in works to make this a more inherent protocol to provide some sort of security towards a rogue node in L2 layer.

> There are recommendations of coupling VXLANs using IPSEC

inDepth

Before I even attempt to write about VXLAN – let me snag this nice picture – courtesy of VMware.

Get the idea? Well VXLAN is a way to solve the datacenter issues where you are limited by vlans, switch ports and/or mac address limits. Its all about network virtualization and VMware is to work with Cisco and hopefully other software vendors to make this happen.

Looks like VMware finally realized that even though provisioning a vm can take any where from a few minutes to seconds (if you have SSDs) – getting the network part done can take days and sometimes even weeks. Clearly this is a big deal for Enterprises. There are ways to speed things up however they all still reply on the vlan, mac address and switch port limits.

So how does a typical vm to vm communication take place over VXLAN. Any machines on the same VNI are said to be in the same VXLAN Overlay Network. Now a vm in the VXLAN overlay network may be unaware that it is actually participating in MAC-Over-IP network virtualization. Now if this vm wants to send data to another vm – it does this by sending the packets to that mac address. Now the VXLAN Tunnel End point (VTEP) which lives on the host looks up the VNI to which this vm belongs to. The VTEP also checks if the destination vm belongs to the same VNI as well and if it does then it takes the outer ip address, outer mac and the VXLAN header are inserted to the original mac frame. Now the packet is sent over to the destination which is the remote ip of the VTEP hypervisor that hosts the destination vm.

When the other VTEP receives the packet, it verifies if the VNI is valid and if the vm belongs to it, then stripes off the headers to the mac frame that were added by the source VTEP and then passes the packet to the VM. The destination vm also learns about the inner source mac of the source vm and the outer ip address as well. It records/stores this info so if that vm needs to send a response or has to communicate in the future, it does not have to flood the request.

A brief about broadcast communications – Any broadcast traffic with the VXLAN is done by adding a header that includes VXLAN VNI information along with the IP header and the UDP header. Now this broadcast traffic is sent to the IP Multicast group that has the VXLAN overlay network defined to it. For this to be possible there must be a association of the IP multicast group to a specific VXLAN overlay group and this is done at the management layer and provided to the VTEP through a management channel.

Within VMware’s context – the encapsulation is performed between the virtual NIC of the guest VM and the logical port on the virtual switch. This makes VXLAN transparent to both the guest VMs and the underlying Layer 3 network. Gateway services between VXLAN and non-VXLAN hosts are performed by Security Edge gateway appliance. The Edge gateway translates VXLAN segment IDs to VLAN IDs, so that non-VXLAN hosts can communicate with VXLAN virtual servers.

Feel free to comment 🙂

http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-00

http://www.vmware.com/solutions/datacenter/vxlan.html

http://blog.ioshints.info/2011/08/finally-mac-over-ip-based-vcloud.html

http://networkheresy.com/2011/08/31/vxlan-moving-towards-network-virtualization/

 

PACEMAKER LINUX HIGH AVAILABILITY STACK FOR OPENSTACK!

In a conference here about Openstack HA which is one of the most wanted requirements by enterprise customers. An over view of PaceMaker Linux Hugh availability stack for Openstack.

I am pretty new to this so glad I signed up for this and looking forward to find out more about it.

Will write more as I know it.

RIVERBED AND DESKTONE WITH OPENSTACK- Good stuff!

20121015-113957.jpg

I am here sitting down with the VP Of Engineering at Desktone – a managed hosted desktop virtualization firm and RiverBed that does WAN optimization

These two seem pretty cool stuff. While Desktone uses its own proprietary technology to do desktop virtualization, Riverbed uses intelligent packet analysis to only send differences across WAN. It’s smart enough to pick differences between multiple protocols as well.

VMware will soon allow Openstack hosting!

20121015-112104.jpg

At OpenStack summit in SanDiego and news from the VMware booth is that VMware ESXi will soon support spinning up OpenStack instances on VMware.

So does that mean the compute node will manage ESXi? Or does it mean ESXi will manage the compute nodes?
It surely is exciting. VMware already bought Nycera which is virtualization for networking and PAAS with Cloudfoundry.

I suspect it will be more than just this!

More as we know it 🙂

GeekTernet IS NOW RJAPPROVES

Wanted to move my domain to something that does not sound too gadgety. Thanks to Jason Castello, my site is now called RJAPPROVES – and every post I do – RJ Approves this message 🙂

ESXi 5.1 SUPPORTS SPAN, RSPAN AND ERSPAN – BUT WHAT ARE THESE?

vQuicky – For the impatient like me 😉

>vSphere 5.1 enhancements include support SPAN and RSPAN for network monitoring and analysis

> SPAN is a feature that allows you to mirror a target port to analyze traffic. It stands for Switch Port Analyzer

> In SPAN, you have a source port that is mirrored to a destination port. A single source SPAN port can be mirrored to multiple destination ports but it won’t work vice-versa

> In a SPAN session, both the source SPAN port and the destination SPAN port are on the same physical switch.

> For multiple switch analysis, RSPAN is used. It stands for Remote SPAN.

> RSPAN works exactly as SPAN however all the source SPAN port traffic is flooded in a special RSPAN VLAN. A port on this vlan can be used to analyze traffic.

> For WAN traffic analysis, ERSPAN is used which stands for Encapsulated Remote Switch Port Analyzer.

> ERSPAN is for routable traffic which spans over WAN.

> ERSPAN uses a ERSPAN source session, a routable ERSPAN GRE-Encapsulated traffic and a ERSPAN destination session. The source and destination sessions live on different switches across networks.

> Remember to enable promiscuous mode to pick up traffic.

inDepth

While going through whats new in vSphere 5.1, it is clear that they talk about ESXi 5.1 supporting network monitoring and troubleshooting features – SPAN and RSPAN. For as long as I have been in IT, I did not have a clear understanding of what these are so here goes.

SPAN – SPAN stands for Switch Port Analyzer. Think of this as port mirroring where you have a span port that mirrors all traffic going in and out of the mirrored port. The mirroring span port or destination span port is where you attach your traffic analyzer to check on the traffic that is nothing but a mirror of the source or mirrored span port. Traffic analyzer can be any thing such as wireshark for instance. The source port being monitored can be a switched or a routed port that is subjected to network analysis. You can also monitor bi-directional traffic or just sent or received traffic.

From my reading, a source port can be a anything such as a ether channel, fast ethernet, gigabit ethernet etc. A source port can also be monitored by multiple span sessions. As for the destination port, for a SPAN session, they should reside on the same switch and one destination port can participate in one span session only. So that means, it can only mirror traffic of one source span port. It cannot also self mirror – as in it cannot be the source port and the port cannot be a ether channel group either.

RSPAN – RSPAN stands for Remote SPAN. Now from above, it is easy enough to mirror a port on the same physical switch to sniff traffic but what if traffic is traversing across another switch or over the network? RSPAN allows you to monitor traffic all over your network. It is similar to SPAN in functionality but the only difference is that traffic is that mirrored traffic is flooded in the special RSPAN VLAN. Now you can hook up to any destination port that is part of this RSPAN VLAN and pick up traffic. SPAN and RSPAN work only at Layer 2 or LAN.

ERSPAN – ERSPAN stands for Encapsulated Remote Switch Port Analyzer. To be able to analyze traffic over WAN, use the ERSPAN feature. The way this works is that ERSPAN has a ERSPAN Source session, routable ERSPAN GRE-Encapsulated traffic and a ERSPAN destination session. For this to work you separately configure ERSPAN source and destination sessions on different switches.

Please comment or correct me if needed 🙂

More reading – http://www.ciscozine.com/2008/09/29/how-to-analyze-traffic-with-span-feature/

ESXi White paper – http://www.vmware.com/files/pdf/techpaper/Whats-New-VMware-vSphere-51-Network-Technical-Whitepaper.pdf