Citrix, microsoft, vmware

I’ve got problems but 99.999 (five nines) storage isn’t one of them

I recently have been in front of a few customers discussing various designs for application and desktop virtualization.  Inevitably, or at some point, we discuss storage.  When it comes to storage I often pause and read the room because most people i know on the VAR and customer side have their favorites and have what I would refer to as a Dallas Cowboys team (I’m an Eagles fan, if you are a Dallas fan, just reverse the teams, it’ll work).

I’ve architected (is that a real word?) large deployments involving multiple datacenters, high availability and disaster recovery. My focus isn’t on what is the single best technology and gluing things together, it’s about what works (and hopefully, what works well).  Storage can be a very big issue with VDI, traditional SAN-based storage was not designed for desktop workloads and we’ve been oblivious to faster disk speeds and low latency on drives that hum under our wrists when typing.  Moving these workloads to the data center doesn’t always work and when you add in latency from a server reaching out to a separate SAN, it compounds the problem.

The traditional SAN isn’t usually the best fit for heavy desktops and applications, however, adding flash technology to the mix often deals with the IOPs issue and latency can be minimized.  Is flash necessary?  Nope.  I’ve had designs involving 15K SAS drives local to blades work very well.  The Citrix stream to memory, overflow to disk can perform even better with 10k or 7k drives.  However, I often don’t get to position that solution which brings me back to my first point…everyone has favorites.

I can take almost any storage and find a solution.  Even a traditional SAN, if I can use memory to cache, I can make that work.  Local disk? Easy.  Flash appliances, they are great!  But there is one thing I’m hearing that I don’t need.  The storage providing high availability or five nines.  There is a simple reason I don’t need five nines and I cringe when I hear others use it and lean back.

Your application doesn’t solely rely on storage to be available!

How will five nines prevent downtime when your hypervisor crashes or profile corruption occurs?  What about a failed backup on SQL that just eats up disk space?  What should we do?

We need to embrace failure and assume things fail.  It’s so much cheaper than having the hardware give you a warm fuzzing feeling.  When that business app fails, the business doesn’t care whether it’s storage or a cleaning person tripping over a server cord (I hope that isn’t even possible in most of your environments!). They see IT as the failure, not storage.

I wish I could take credit for this thought process but netflix has pretty much perfected this thought.  If you haven’t heard of the chaos monkey you should learn – http://techblog.netflix.com/2012/07/chaos-monkey-released-into-wild.html .

Spend enough time in IT and you’ll realize that chaos always wins and you burn out quick if you’re fighting it.  However, returning to my original point, the design and architecture can do this also.  When we talk of desktops, many argue persistent versus non-persistent.  Persistent means you keep your desktop, non-persistent means you can roam (which usually means some flavor of roaming profiles).  I’m a big advocate of non-persistent.  Your storage or server fails, you get logged off, you log back in and you’re right where you were (or very close to it).  If the application is database driven and supports mirroring, you can survive storage failures, if setup correctly.

Going back to storage, this means two of whatever I have.  Two local drives, two appliances, two SANs.  I’ll take two 95% up-time appliances over a single 99.999% appliance anytime.  I’d rather save costs with single controllers than try to make a single point of failure not fail (because your application never has a single point of failure, it’s got multiple points of failure).

I’m not arguing five nines doesn’t have a place somewhere.  If you can’t use non-persistent, it might be for you.  However, I’d argue that virtualizing your applications and desktops is not a good move if you need persistence anyways.  Just my two cents, feel free to comment if you agree, disagree or think I’m full of it, I’m always open to suggestions!

PS – This is a first draft to publish, I’m sure there some typos and run-on sentences in there.

vmware

vCenter 5.1 Installation with SQL

This post is a very descriptive way to install vCenter 5.1 on a 2008 R2 server and utilize SQL on another server. We’ll install the database, necessary prerequisites and ensure it all works. On a single server, we’ll install the SSO, Inventory Manager and the vCenter server (including the fat and web client).
I want to start by saying that this isn’t intended for a VCDX, this is intended for someone to get this up in the lab, check what I did and perhaps suggest some improvements. I also want to state I’ve started with a 2008 R2 Standard server, joined to the domain and run through Microsoft updates.
First off, you need .NET Framework 3.5 installed, open the server manager, and add a new feature. Expand and select the .NET Framework 3.5.1 only (otherwise you’ll end up installing IIS).


I always use service accounts, so I’m going to use contoso\svcvc (vcenter service account) and add that guy to the local Administrators group (I do not use a domain admin account for the service account, there is no need and if you follow what I’m doing, you’ll see it all works, just need to add him to the local admins)
Mount that ISO for 5.1 vCenter and open it up, select the 2nd option (the 1st is a simple all-in-one install, you don’t want that, trust me). Select the SSO (which is the 2nd option). Accept the EULA and all that. When you get to the Deployment Type, accept the default for the primary node (this is your first time, right?)


This screen is actually NOT the default, and it’s why we are installing the SSO option , not the simple install. Select the second so we can add other nodes and utilize and hardware load balancer (I see no downside from setting this up regardless if you use a load balancer). BTW, I would suggest an open source Load Balancer than nothing at all, you really should be learning load balancing if you haven’t already, you’ll need to for vCloud and other more complex deployments. That being said, you don’t have to setup any load balancer yet.




We can’t change the name so that’s set. The password needs to be somewhat complex, mine was so I had no issue but testpassword probably won’t cut it. Don’t forget this password. You need it at least twice more and you need it if you update the SSL certifcates which you ALWAYS should 😉


Honestly, if I wanted to install 2008 R2 Express I’d be in a lab or I would just use the vCenter virtual appliance. The whole point of the full vcenter is scale and the “small” deployment can handle 1,000 VMs and 100 hosts, so you really ought to be using a full SQL install. I believe you can even use SQL 2008 R2 Express on another server by hacking it a little bit and opening ports and enabling protocols. I’m not explaining how to do that here. I have a SQL 2008 R2 Enterprise I can use (Standard is perfectly fine. BTW, the big difference between the two (other than scale) is the SQL Reporting functionality. Need something with SQL Reporting, think Enterprise.)
Below you can see I’ve filled out my SQL server, database name and user already. They aren’t setup yet so stop what you’re doing and head on over to your sql server to set this guy up. Before you do, copy the files from the vCenter installation in the directory listed above (on the screenshot) to your sql server so you can open/edit it.


This is the file but modified. I would recommend using it even if you know SQL. The database name can change but the actual filegroup names need to be RSA_DATA and RSA_INDEX. This script also sets SIMPLE recovery and auto-shrink. Go ahead and modify the FILENAME to point to the right directory. Did you just install SQL? Well add an E: drive and save your stuff there. Notice I added the DEMOVC_SSO directory? Don’t forget to create the directory, if you don’t it won’t work.




Now we need to create a database user. Why? Because I know vCenter 5.0 didn’t work well with AD authentication and I’m assuming the same is true here. Honestly, if I have to use even one SQL user, I might as well have all these services use it. Once they fix VUM, I’ll probably stick to AD since it’s MUCH MORE than SQL users. What I did is create a user called demovc (the name I called my vcenter server) and set a password, unchecked password enforcement and made that user sysadmin. Once I create the the database (I called mine DEMOVC_SSO) I select User Mapping and checked the db_owner.



Ok so back to the demovc server, we can now hit next.


This is the Load Balancer name but I’m not using one yet so I’m entering the server name.


Ok, anytime you get the option to use network or system account, you should think twice. Generally, the most secure way to run multi-node services in windows is through a domain service account. That’s what we’re using. No SPN is needed here, SSO install does all the work.

Again, I made him a member of the local admins group (check again now if you’re not sure)


I believe someone mentioned that changing from C: didn’t work, I have no idea, I install to C: since it’s all the server does.


I accept the default port.




Last chance? Did you hit Install? Let’s go!




Done! That was easy! Ok now install the Inventory Service






Accept the defaults here.


This is pretty self-explanatory. Remember this is per inventory “cluster” if I may use the term. If you are segmenting inventory to multiple databases, don’t use the total, just what you’re managing. We’re managing about 10 hosts maximum and 300 servers so “small” is what I want.


Here is where you remember your password from SSO. The administrator user name should already be filled in.


Here is where it would be awesome for Vmware to let you import/generate a SSL certificate to use. As it is, they do not, you just need to install the self-signed insecure certificate they give you.


Ok, now hit install.






Done! That was easy! Now for something a little more complicated.


I entered a key below, if you have one, you should also. No, I will not let you use my key. I actually just used my 5.0 Enterprise Plus vCenter key, worked great! (It’s an NFRU key btw)


Obviously we want the existing supported database, but before you think you can hit next, you can not. You need to create an ODBC connection.


Sounds simple enough. Hit Start button, type ODBC and open up that app. Uh-oh, we don’t have the native drive installed. Vmware doesn’t link or have it, you need to add it. I’m going to show you the complicated way to install it here (for VUM we’ll use a webpage download). Feel free to vary but I know my way works.


Mount the SQL 2008 R2 install somewhere and run the autorun.exe from the vcenter server.


Click New Installation or add features to an existing installation


OK.


I didn’t use Evaulation but you could, we’re just installed the client parts.


All passed except the firewall, you can ignore that.




Select the first option.


Only click Client Tools Conenctivity, click next.




Click next.



Finally! Install.





That was a lot of work to get this. Select it.


Oh wait! We didn’t setup the database yet! This one is easy. Remote or open SQL Management and create a new database. Here are my entries. I only changed the name on this page. Select the Options on the left before clicking OK.


Change the recovery model to Simple. We do this because we probably aren’t backing this up. If you are, leave as Full. Otherwise, your transaction logs will grow and eventually consume all the free space on the drive. Also select Auto Shrink and set it to True, leave the rest as defaults.


Click OK and create the database. Open our demovc user (or whatever you named him). This user can differ from the other user but you need to have User Mapping selected and add them to db_owner.


Now let’s go back to the ODBC and fill in the blanks. The only thing important here is the server name. You need to remember the Name for later but you can call it what you want. Hit Next.


Select SQL authentication and put in the username and password


Select Change the default database and select the correct one we just created.


Leave the defaults and click Finish.


Check and Test, it should be successful, if not you messed something up, go back and check your password.




Type in the name of the ODBC connection and click next on the vcenter install.


Click next. Fill in the username and password for the sql user account.


Uncheck Use SYSTEM account and enter your service account information.


You probably want a standalone right?


Accept the default ports. You only need to increase ephemeral if you’re doing a dense View deployment. That is probably the only way I see you powering one 2000 at once. Don’t select that if you don’t need it.


Again, select your size, I say small. I would still have multiple vcenters before I had 400 hosts on a vcenter but that’s just me. BTW I have 4GB memory on my server for this.


Enter the SSO password.


Now I want to show you my AD usergroup, I called this VCAdmins for vCenter Administrators.


When I enter the GROUP in here I use the groupname@domain.com format. I leave the check box checked. Even if it’s only you doing this, create a global group in AD, add yourself to it (I also added the service account) and use that.


Click next accepting the defaults.






This install is a little long.




And we’re done! Now just install the clients.










I accept the defaults.


Again, enter that SSO password.








Here I test the fat client using my AD credentials.


I hate this self-signed certificate warning. Once I figure out how to perfectly update to a signed cert I’ll post it.




Testing the web client (link is in your start menu). You need to click ignore in IE.


You need flash also apparently. No, I don’t want Google desktop, stop asking Adobe.




And I’m in! Most functions are now through the web client. You can see Orchestrator is in there.


All my services look good


I create the datacenter


I create my Cluster


I add a host.













And I’m done. Congratulations, you’ve installed vCenter 5.1!

vmware

VMworld 2012

VMworld 2012

I’ve just returned from VMware’s VMWorld 2012 and had a great time. Some extremely interesting announcements from the General Sessions.

Nicira

Obviously, the acquisition of Nicira is very interesting. There was some virtual pearl-clutching going on during the session by Cisco in my opinion. Nicira isn’t going to impact Cisco this year, but the following years might be of significant concern. While many feel networks cannot be fully virtualized I would disagree. The virtualization of networks will allow more appliances that can connect directly to circuits and internally provide storage, network, compute and other resources that I can’t list just yet. This is just my opinion but if I was a betting man, which I am not, I would certainly believe that software networks will have a much greater impact going forward. VMware certainly hopes so, having just spend a lot of money on this company.

Obviously I’m not the only one who feels this way

Mirage
 
Most talks were suspiciously silent on VMware View, the desktop virtualization product. However, Mirage (Wanova) was recently bought and some slides listed View / Mirage. Mirage is a product that has some great features. In a nutshell, it syncs a laptop or desktop back to the datacenter allowing restores and the ability to layer personalization and apply it to a different OS (upgrading to Windows 7 from XP). In fact, the upgrade was discussed and shown by Vittorio who then proceeded to break his Lenovo and show how restores could be accomplished.
Here’s the real issue with this though, applications are the issue with Windows XP upgrades and that point seems to be a bit lost. Sure, if we just used web apps and Office upgrading to Windows 7 is simple and Wanova (I mean Mirage) would be perfect (I’m ignoring the cost completely). However, one critical app is all it takes for an upgrade to be impractical. I know companies who put off installing service pack 1, 2 or 3 for XP (within the last 3 years!) because of app compatibility issues (or at least that’s what was claimed!). Mirage seems like a great product but don’t kid yourself, a Windows 7 upgrade to XP requires a good look at your applications. You could look at some software like Lakeside to do this and I would heavily recommend it.
vCloud
 
Of course we’re going to here about the internet, I mean cloud, in any conference today. vCloud Suite is a great idea to encourage users of Enterprise Plus to do more with it. From experience, I can certainly tell you that many users of Enterprise Plus do not use any advanced features on it (or maybe one). vCloud upgrades are great and I’m eager to see the integration of Orchestrator, Director and the new DynamicOps included.
Horizon
 
Horizon was announced as a platform for tying all applications together including XenApp. That was good to hear although saying Citrix felt as if you were saying “bomb” in an airport at this thing. One guy was all over Twitter just for wearing a Citrix backpack (there were a few of them). I like both but left my Citrix backpack at home…but I digress…
Horizon is eerily similar to CloudGateway Enterprise (Citrix). And both are fantastic products. I’m not going to get into all the details right now but I would recommend taking a look at them both. Both are designed to manage your credentials for SaaS applications, such as Salesforce.com. So you could terminate an employee and remove access through AD and in turn, when you hire one, the account is provisioned automatically. Although SAML has been around, I think people are still wowed by this stuff as they are by adding the word “cloud” to a product (which is really a must now if you think about it!).
vSphere
 
vSphere is adopting a new web interface and it’s long overdue. Also there was talk of the appliance being more stable although the scalability numbers were a bit short on detail. vRAM entitlements are now removed so a big thank you to Microsoft is in order 😉
Teradici RDSH
 
I was expecting to hear much more about this and almost thought I missed it (maybe I did!) Anyway, Teradici has announced this as specified here. RDSH, or the ability to present a desktop that really is a Server desktop, is a great move. What is also possible if this works, is utilizing AppBlast to present the application to the end user (this is strictly my imagining, Teradici has not claimed to be doing this nor have they told me they are planing it (otherwise I’d be breaking some rules here!)). Now, this product is in Beta stage and at least a few years from being a strong competitor to XenApp if it works. However, it is a step in the right direction and I eagerly look for more developments on that front.
Well, there was more but that’s my summary of VMworld for now. I thought the conference went very well and it was exactly what I was hoping for. I think my coworkers set the bar too high though as I had attended Citrix’s conference at the same location earlier this year and they have perfected a few things simply by repetition. For vmworld, this was my first and I would like to mention the MagicalYak’s wish list for changes at Vmworld2013
  1. The lunches were so bad! I would rather have had good pizza than bad food in an expensive box served by way too many people. I heard everyone complain about the quality of food, how it’s pulled away immediately so people are racing to jam it their bags. Also having people outside was not a good idea. What if it had rained? Have food served in ALL buildings and use buffet or stations to serve it. It’s not that hard and you won’t have people reminding you they spent thousands to be there and are getting served bad food.
  2. The Labs need work. I flew in Saturday to do them Sunday. I got there around 10:30, doors opened at 11am and I waited and waited in what I call vPrison. This dark room was a holding pen where you couldn’t leave. Once my badge is scanned, I should be able to walk around and be given an estimate of when the lab is ready. Give me 10 minutes to make it there and if not, back of the line. Instead, I was told to stare at a list of names that didn’t move and 3 hours later, I get called. My lab doesn’t work so I spent 4 hours 30 minutes in Sunday not to do a lab. My pregnant wife who asked why I had to leave Saturday wasn’t happy either. Use a phone call/email/txt to alert me so I don’t waste my time in there. I will say that lack of communication (everyone denied an issue at first) was a big problem but things did get better. The labs weren’t bad (get the lab guides into PDF, a scroll within a scroll format was bad)). Also, knowing you’re releasing them online at some point is great!!! I wish you told people that (even if it’s a while from now).
  3. Use social media to also distribute PPT slides immediately when sessions begin. Let the presenters update up until the start of the session but have a site for each session for the slides so we’re not copying them down instead of listening.
  4. Lastly, go back to Vegas please!!!