Brave New World: VDC-OS

VMware wants to own your data center. The key? The Virtual Datacenter Operating System.

Virtualization is as cutting-edge as any technology you'll find in IT today. Products are released every day that are so new that they are, essentially, inventions. VMware Inc. CEO Paul Maritz announced at the company's September conference, VMworld, that it wants to take virtualization even further into the future. How? By turning back the clock to the days of Henry Ford, the Model-T and assembly-line manufacturing.

As strange as that may sound, it's not a contradiction. The cornerstone of the company's vision is called the Virtual Datacenter Operating System (VDC-OS). If it works the way VMware envisions, it will forever change the way IT administrators manage their networks. When it comes to IT management, there tends to be "a lot of heavy lifting," says Bogomil Balkansky, VMware's senior director of product marketing. "Whatever operation you need to perform, it still tends to be a very manual, very custom, one-step-at-a-time" process, he says.

Back to the Future
Not so with VDC-OS, which Balkansky likens to the era when "Henry Ford introduced automation to the manufacturing world.

"We're transitioning from swinging hammers to pushing buttons," he continues. "The focus becomes on what needs to happen, not spending the majority of your time executing it and making it happen. Ford introduced speed and efficiency and predictability in the [manufacturing] process." Those same elements will characterize VDC-OS, he says.

"There are a lot of ecosystem products that play a crucial role in VDC-OS ... Being partner-friendly has always been an imperative for us."
Bogomil Balkansky, Senior Director, Product Marketing, VMware Inc.

The first step toward understanding VDC-OS is to properly define the term. It's not a product, but rather a category of software, a generic term for a flexible, agile datacenter, Balkansky explains. "Just like 'operating system' is a category no one owns, [VDC-OS] is a category," he says. "The brand name continues to be VMware Virtual Infrastructure [VI]." Balkansky further compares it to the operating system being the category, and Windows and Linux being brands within the category. "VDC-OS is the category, VI is the product," Balkansky says.

The paradigm shift will occur when an admin sets parameters for an application, and VDC-OS does the rest, Balkansky explains. "The sys admin world will be changed. To deploy an application, [the administrator] will specify the service levels the application requires: availability, security, scalability. [Whether an app] needs five-nines availability, security-it needs to scale to this point. Then the infrastructure that supports and runs the application will interpret policies, execute and guarantee service levels, and do it at the lowest total cost of ownership [TCO] possible. TCO is really a parameter" in VDC-OS, Balkansky adds.

At Your vService
VDC-OS is complicated, but the thumbnail sketch looks like this: It's an umbrella operating system with two primary areas of focus -- applications and infrastructure -- to which VMware has added a small "v" at the beginning, as in Application vServices and Infrastructure vServices. Each of these areas is further broken down into subcategories. Tying it all together is vCenter, the new name for VirtualCenter, VI's management tool.

Application vServices includes three important areas of enhanced functionality:

  • Availability: VMware says this will be achieved primarily through VMware Fault Tolerance, which makes a duplicate copy of a virtual machine (VM) on a separate physical server.
  • Security: VMware announced VMsafe last February; it will be delivered in future versions of VI. VMsafe provides application-programming interfaces (APIs) for third-party security vendors to write programs for VMs created by ESX. It will allow those programs to go deeper inside VMs and detect more malware than in the past.
  • Scalability: While no new products were announced in this area, VMs will scale up in capacity, with the ability to use double the number of virtual CPUs (vCPUs)-up to eight-and quadruple the amount of RAM they can us, up to 256GB. Similarly, there are three main components that make up Infrastructure vServices:
  • vCompute: The main upgrade here is VMDirectPath, which allows devices like a physical NIC to directly access a VM, cutting down on processing overhead.
  • vStorage: Storage is a promising area with a number of new offerings, starting with vStorage. Much like VMsafe, vStorage provides APIs for storage vendors to hook into VI and integrate their products more directly. vStorage Thin Provisioning saves storage space by allocating storage on an as-needed basis, rather than setting aside a block of storage space that may or may not get used. vStorage Linked Clones is another space-saving technology that shares common OS images in storage, avoiding a duplication of that information for each VM.
  • vNetwork: The most excitement in networking is around virtual distributed switches. One of the biggest VMworld announcements was about the Cisco Nexus 1000V switch, Cisco Systems Inc.'s first-ever virtual switch. Expect other vendors to come out with similar products quickly.
"VMware is promoting a stack including parts where Microsoft historically hasn't gone in the past: in server, storage, network infrastructure and so on."
Chris Wolf, Senior Analyst, Burton Group

On the management side, the biggest update to vCenter -- other than the name change -- is the integration of AppSpeed, the fruit of VMware's B-hive Networks acquisition. A VMworld demo showed AppSpeed's ability to monitor VMs at a level far deeper than formerly available with vCenter.

Architecture vs. Marketecture
Although VDC-OS is an ambitious undertaking, the announced goals aren't groundbreaking. In fact, some believe it's as much a marketing campaign as anything else.

"I think [VMware CEO] Paul Maritz understands IT technology on a large scale and has articulated their IT strategy better," says Burton Group Senior Analyst Chris Wolf, a virtualization specialist. "VDC-OS allows them to group all this together under a common message."

Wolf believes the new message is less technology-focused, and he says that's a good thing. "The problem was that they weren't tying their solutions back to applications and back to the user," he explains. "IT decision makers worry about [issues like] 'How do I solve this problem?'"

Rachel Chalmers, research director, infrastructure management for the analyst firm The 451 Group, agrees that much of VDC-OS is about rebranding rather than new technology. "VDC-OS is partly marketecture, and signals a changing of the guard" from former CEO Diane Greene to Maritz, Chalmers says. "Greene was always very careful to say that the hypervisor is not an OS."

Maritz doesn't have those same concerns, she says. "Maritz described the new raft of releases, the new roadmap, as an OS," she says. "It's just a different way of framing the conversation." Chalmers adds that VDC-OS contains "no radical departures from the roadmap. It's exactly what you would have expected from a VI announcement."

Independent consultant Edward Haletky, a VMware specialist who has written a book on ESX, says, "VDC-OS is a concept. It's a different way of looking at the existing VMware product line. The interesting part is that it has split off the concept of compute resources, networking resources and so forth. For example, vCompute is ESX. vStorage is SRM [VMware's Site Recovery Manager]. vNetwork is a distributed virtual switch." Haletky adds that most of these products were known previously, and this is just a new way of organizing them.

The difference, he continues, "is in layering; putting the hypervisor below all these layers. VDC-OS is everything above the hardware." Haletky also believes that VDC-OS is VMware's way of minimizing the hypervisor, which has become commoditized. "Microsoft has been touting that its hypervisor is free," he says. "[VMware is] downplaying the hypervisor's role in all this -- virtualization is not just the hypervisor anymore. It gives a new view of the way VMware's going to design and architect things in future."

Admins as Button Pushers
An important part of that design is vApp, which enables multitier applications to be configured, deployed and managed as a single unit. Leveraging open virtual machine format (OVF) -- which allows virtual appliances to be run on disparate hypervisors -- vApp promises to further simplify virtualization. VMware's Balkansky goes back to the assembly-line analogy: "It's how manufacturing happens nowadays; you push some buttons and the product comes out at the other end."

For instance, consider a typical three-tier architecture for an application such as Oracle CRM or SAP. It consists of a Web server, application server and database. "Instead of managing each tier separately, you can bundle them, move and manage them together, and assign policies to the whole instead of individual parts," Balkansky says. That involves combining multiple VMs. Using OVF, admins can specify policies for availability, security and other parameters, and extend the OVF schema to define their own requirements. "It's a production line for IT, [in which administrators] automate all of these tasks in IT, and produce high quality," Balkansky adds.

Security Concerns
That may be good, but the downside could come in increased security risk. VDC-OS has the potential of increasing vulnerabilities, especially in the era of HIPAA, Sarbanes-Oxley and so on, and additionally considering its central place as part of VMware's "cloud computing" strategy.

"Security's a huge, huge problem for a lot of organizations," Wolf says. "VMsafe should be the first product with a reliable security stack acceptable to security auditors. [VMware is] the first vendor to deliver that framework. Security auditors need to accept the [cloud computing] architecture as a security boundary, or none of this matters," he adds.

Haletky, who owns AstroArch Consulting Inc. and does a lot of virtual security work with clients, believes that without proper security measures, VDC-OS won't get off the ground. "Everyone's going to get their hands on the VMsafe APIs," he explains. "More APIs means more chances to hurt a system. They have to properly secure the system, and how they'll be implemented is a major concern."

That means a team effort, Haletky says: "It's not really VMware's problem in lot of ways. They've opened it up, [so it becomes] the vendor's problem-how do they secure it? Security's [often] an afterthought. As long as it's an afterthought, it's a weakness."

Security in the virtual realm requires a new way of thinking, Haletky says. "It has to change at the mindset layer for the security professional. It can't just end where hardware ends; it has to end where virtualization ends, which means ending with the VM," he explains.

Partner Proliferation
On the other hand, inviting partners with security expertise to add to the base security may be a good thing. And it's just one area that's more open to partners than ever before. With all the new exposed APIs, VMware's already large ecosystem could grow exponentially into areas like networking and storage that were closed until VDC-OS.

Wolf says that VMware doesn't have a reputation for being as partner-focused as, say, Microsoft. And partners were always wary about development.

"Some partners in the past have been burned, when they've developed a product and then VMware develops something that competes directly with them," he says. However, he believes that's changing with VDC-OS: "They're building a partner community."

Chalmers is more blunt: "They weren't partner-friendly, and have grown at the expense of their partners." She is also skeptical of the latest claims of being more partner-focused. "They've been changing that strategy as long as I've been covering them," she says.

Balkansky takes issue with those perceptions. "There are a lot of ecosystem products that play a crucial role in VDC-OS," he says. "This is nothing new in our strategy. Being partner-friendly has always been an imperative for us." He does believe, though, that there's more opportunity than ever before "with the new functionality coming out in 2009, based on opening up APIs in the platform and allowing partners to [build onto] the compute, storage and network areas."

One key way to measure a company's success, Balkansky adds, is by the "degree of strength, commitment and size of the ecosystem around us. It's important that partners of any size are innovating on and investing in our platform."

Deadline Pressures
Those partners will need to work quickly, as VMware has set an aggressive timetable to have all the pieces of VDC-OS in place by the end of 2009. Balkansky says that although VMware hasn't publicly announced a release schedule, it's committed to the 2009 time frame.

Chalmers is less sure. "This is the VI roadmap. They can't ship all of it. If they do 80 percent of it, they'll be doing well. Storage vMotion has been very, very difficult" to develop, she says, and "Network vMotion is a level of complexity even beyond that."

Wolf says that it's in VMware's best interest to hit those 2009 deadlines. "I have no doubt about them [hitting their shipping dates]," he asserts. "They have a small window of time to establish themselves as dominant in the market. They have to move extremely quickly; if they move slowly, it works right into Microsoft's hands."

In Microsoft's Sights
Indeed, Microsoft has itself been rushing virtualization products to market; witness Hyper-V, System Center Virtual Machine Manager 2008 (VMM 2008) and the standalone Hyper-V Server-three major products out in the first 10 months of 2008. And given how serious Microsoft -- and other companies like Citrix Systems Inc., Virtual Iron Software Inc., Red Hat Inc., Parallels Inc., Novell, Sun Microsystems Inc. and Hewlett-Packard Co. -- is about the emerging virtualization space, sitting still amounts to falling behind.

VMware still has a substantial technology lead, however, and seems intent on keeping that lead and trying to extend it. "VMware is promoting a stack including parts where Microsoft historically hasn't gone in the past: in server, storage, network infrastructure and so on," Wolf says. In Wolf's mind, one question that follows VMware's announcements is, "how much will Microsoft chase VMware or go down their own path? In terms of features, VMware is still ahead of their competitors."

That has been Chalmers' experience as well. "When we talk to end users, VMware is still their default choice," she explains. "And it's not just features and functionality that are so far ahead. Skill sets are overwhelmingly [built] around VMware."

Haletky says the VDC-OS concept puts more distance between VMware and the competition, now and in the future. "I think VMware's widening the gap, and they already have a wide gap," he explains. "No Storage vMotion [for Microsoft]; Hyper-V doesn't have VMotion," a technology for moving VMs from one physical host to another with no downtime.

"Distributed Resource Scheduling -- no one has that, other than VMware," Haletky adds. And when the new features of VDC-OS are included, the chasm grows even more, he continues: "When you add in fault tolerance, distributed virtual switches and VMsafe, I think it's just going to get wider."


Subscribe on YouTube