vSphere 5 Ups the Ante
VMware's next-generation cloud infrastructure suite is packed with new features that many customers are eager to implement.
- By Eric Beehler
VMware Inc. products are synonymous with virtualization the way Google Inc. is synonymous with search. The reach of the ESX/ESXi hypervisor is clear, with various surveys still pegging VMware deployment for server virtualization beyond the 80 percent mark. As IT departments have made a massive shift to virtualized servers over the past five years, the market has become more crowded, with companies such as Microsoft and Citrix Systems Inc. gaining ground on the feature set that has made VMware the gold standard.
As the old saying went, no one ever got fired for buying IBM, but that changed as new competitors created viable alternatives to Big Blue's solutions -- and it's also changing with VMware and virtualization. Now that we're dealing with vSphere 5, it's time for users to reevaluate their hypervisor investments, their management tools and their overall strategies going forward.
The Big Features
When evaluating vSphere 5, the big feature updates are at the top of the list. vSphere 4 and 4.1 have been rock-solid for many customers, so the need to upgrade, at least in the short term, can only be made on a company-by-company basis. One thing is certain: vSphere 5 has plenty of upgrades and new features that could help justify the migration.
Virtual machines (VMs) get a boost with new support for RAM, CPUs and devices. A VM can scale to 32 virtual CPUs with up to 1TB of RAM. This is a significant increase from the eight-processor limit, and compared with the Microsoft Hyper-V 2.0 limit of four vCPUs, vSphere certainly bests the competition for big workloads. However, the upcoming Hyper-V 3.0 portion of "Windows Server 8" will match the number of 32 virtual processors and increase supported memory to 512GB, which is still a big number regardless of how it compares to VMware.
Also, users can now set up the number of vCPUs or cores to allocate on a single CPU. With the current crop of CPUs having at least four cores -- and increases to six, eight or even 16 cores on a single CPU dye with the latest AMD Opteron 6200 CPUs -- the advantage can really be seen in licensing costs for many enterprise applications that base pricing on the number of physical CPUs, not the number of cores. Other niceties include USB 3.0 support, better solid-state drive (SSD) handling, and EFI BIOS emulation that will even support Mac OS X in a VM, which is great news for iPhone developers. You can even get the Windows 7 Aero glass-like 3-D interface without graphical hardware acceleration.
There are significant improvements in storage, with a new virtual disk format that will enable vSphere VMs to support an increased number of scenarios that previously required dedicated server hardware. For many administrators, the 2TB disk limit was a red light for big-data applications, but the updated Virtual Machine File System 5 (VMFS5) virtual disk format will support a raw device mapping size up to 64TB and a 64TB VMFS volume using the new VMFS5 format. This makes virtualization more compatible with applications such as large, quickly expanding databases. It also means you don't have to use klugdy workarounds like calling upon the Windows iSCSI initiator in a VM to access a bigger disk.
One of the biggest challenges for virtualization administrators is managing storage as their virtual environments expand. Finding proper space on available LUNs carved out to your environment from the SAN is only complicated by the effort to estimate how much real space will be consumed by thin-provisioned disks. Even though thin-provisioned disks help save expensive disk space, you have to avoid filling up those LUNs and starving your VMs of promised disk space. Storage Distributed Resource Schedule (DRS) will help balance placement of those disks by recommending a location for your VM disk based on space as well as disk I/O load balancing.
Users can also define thresholds for allocated space and I/O latency, which provides ongoing recommendations for possible moves to balance the environment. Beyond that, they can separate their data stores into clusters, or pods, to separate availability for that resource pool. Another critical feature for services such as clustering or distributed services such as Active Directory is the affinity rules that will either prevent VMDK disks from sharing datastores or force them to stay together.
Array-based thin-provisioned LUNs that no longer show a full disk after a virtual disk has been moved due to dead space are a valuable addition for storage administrators. Now, dead space reclamation features make those blocks available. Low disk-space alarms have also been modified to better report on thin-provisioned disks.
If you're looking forward to newer storage technology such as Fibre Channel over Ethernet (FCoE), vSphere 5 provides an FCoE adapter for VMs, which will support some offloading. In comparison, Microsoft is letting third parties control the FCoE piece via their own software and drivers. This seems to make sense until you consider the full support for iSCSI offered by Microsoft. Speaking of iSCSI, the new VMware initiator is fully configurable via the GUI, unlike the command-line-driven implementation from version 4.
VMware has always been a leader in the networking portion of virtualization, as it showed by offering the ability to insert a virtual Cisco switch that enabled network administrators to control virtual environments just as they do their own gear. This hasn't been such a big advantage for smaller infrastructures, as most of these environments have relatively straightforward vSwitch configurations that don't utilize those extra features. Some practical additions to vSphere 5 include NetFlow features that enable extensive traffic monitoring and port mirroring to enable better analysis and troubleshooting within virtual networks.
Network discovery protocols have been expanded from the Cisco Discovery Protocol to Link Layer Discovery Protocol (LLDP). In addition, support is available for 802.1p tagging that prioritizes network traffic between the host and the overall network infrastructure. VMware administrators who have been battling VMware's preference for Cisco solutions might find some relief with the newer standards-based support in virtual networking devices. In addition, very large hosts can help prioritize I/O resources with definable network resource pools. This goes beyond the system-defined pools and allows users to create weighted distribution of I/O, so they can guarantee more network bandwidth for critical applications.
These vSphere 5 networking features certainly seem to outgun the competition, but Windows 8 will introduce the Hyper-V Extensible Switch, matching many of the features VMware has today -- and even showing that famous Cisco Nexus 1000V virtual switch at a demonstration that had been an exclusive to VMware. Citrix XenServer 6 wins in the licensing department because it has NetFlow and RSPAN built into its standard switch, whereas VMware forces customers to buy the Enterprise Plus license in order to use the distributed switch that includes many of these enhanced features.
The Security Situation
When it comes to security, the VMware emphasis was focused on the transition to ESXi, where the attack surface was significantly reduced by removing general-purpose OS features. The firewall was removed from ESXi 4.0, the reason being that the attack surface had been reduced. ESXi 5.0 brings you back to the future with a new firewall that's service-oriented, stateless, and can block based on IP address and entire subnets. Users can customize beyond the default system ruleset by making use of the "esxcli network firewall" command. The xml-based network firewall rules are easy to interface with, especially when using third-party management software. If you want to quickly see the rules in effect on your server, they're in the Security Policy section of the GUI, where you can monitor and change firewall settings.
This is great, but not necessarily unique. Microsoft Hyper-V has a host firewall as well -- the software firewall that comes with Windows. With the extensible features expected in Windows Server 8 Hyper-V, third-party firewall products have already been demonstrated. For overall management, VMware is making much-needed improvements to its logging, allowing for SSL-based logging as well as options for TCP or UDP transport. The logs are also easier to manage, with settings streamlined into a single configuration file.
Software depot and deployment is catching up with Citrix XenServer provisioning services via the VMware vSphere 5 Image Builder. Installation packages can use VMware Installation Bundles (VIBs) to automatically configure hosts, boot them, and apply customizations like unique device drivers or custom actions via the PowerCLI command-line interface. The Image Builder server will bring the various VIBs -- such as OEM customizations, drivers and profile details -- and apply them to an ISO image. From there, you'll be able to deploy it to a PXE bootable host, which can obtain the bootable VMware image from the Auto Deploy server.
The Auto Deploy Server also includes a rules engine that allows users to assign image and host profiles to specific hosts. Instead of having to manually determine which profiles should apply to the host, the host provides details on its hardware, such as make and model, which will assist in choosing the correct image. The host profile now includes additional configuration details necessary for modern deployments -- such as iSCSI, FCoE and multipathing -- that will allow the host to be configured correctly. If users require even more control, they can set up answer files for each host to deal with details not included in the profile settings. As mentioned, Citrix has been a leader in this area (and Microsoft's suite of System Center applications also provides this functionality), but VMware now has a more fully integrated solution to automate deployments.
The interfaces have also received an upgrade. From a lower level, the various command-line interfaces have been updated to the esxcli. This idea is to unify the command-line interface of various subsystems that can be accessed on every ESXi host and installed on Windows or Linux machines to interface with the ESXi hosts. The formatting options for output makes it much easier to export details -- from comma-delimited to XML formats -- for logging or reporting. There are also numerous authentication mechanisms that can make life easier for daily work, as well as improve security for scripts.
For those who miss the direct logon available with ESX, there's an attempt at an equivalent with localcli, which bypasses the hosted process and is very handy when the hypervisor stops responding. The disappointing part of esxcli is that it's not yet complete. Although you can pass other commands, such as vicfg commands, through the esxcli interface, it still requires you to keep your skills sharp in two worlds of commands until the transition is completed.
The interface updates aren't limited to the command line. vSphere 5 now includes a Web GUI that can be utilized as an alternative to the full installable client. This might be interesting to users who need to log on from a random PC or who don't have the option to use the client because they run Mac OS X or another OS. The Web interface approximates the vSphere client interface, with systems on the left, details in the middle, and monitoring and tasks to the right, with familiar tabs at the top as well. Users can view many details of their machines, create and edit VMs, and migrate VMs between hosts. For serious host and network work the full client is still necessary, but users can get many daily tasks done with the Web interface.
When it comes to virtualization for small to midsize businesses (SMBs), high availability (HA) has always been a challenge. Smaller organizations often can't afford the expense of a SAN, but still have requirements for HA. Because of the need for very fast, shared storage, they're often out of luck. The new Storage Appliance has the ability to set up storage for HA without a SAN or other shared storage. As long as there's sufficient space and a fast network, the storage appliance will keep frequent snapshots between servers. If a server fails, the VM will recover on the next host from its last snapshot. This is not quite as good a recovery point as a real SAN, but good enough for many small businesses. This is not a feature matched by Microsoft yet, but it's planned for Hyper-V on Windows Server 8. Do note that if you want this feature in VMware, you'll need the more expensive Essentials Plus license.
The Pricing Controversy
vSphere 5 may have a solid set of features, but they're far from free, and pricing has been embroiled in controversy since the structure was changed. The previous rules set prices based on server processors and cores on the host. Now, pricing is based on the amount of virtual RAM assigned to VMs on the host. With the current crop of servers designed to host two sockets with four or more cores on each CPU -- and what seems to be a common 256GB of RAM -- customers used to buy a license for each CPU, allowing them to use 256GB of RAM per license. With vSphere 5, these servers will require more licenses, as each Enterprise Plus license only brings with it 192GB of virtual RAM.
Licensing requirements for customers using less virtual RAM will not likely change. Other changes, such as averaging RAM usage over a 12-month period instead of recording the peak point of RAM usage, could make this licensing easier to deal with, but it still introduces some uncertainty into future requirements.
The competition has pounced on this shift in pricing to push the benefits of their pricing models. Microsoft is showing how Hyper-V is licensed per server, as opposed to per processor or memory. The simplicity of the Hyper-V model makes it an easy sell, but the management toolsets are another matter. Microsoft does offer System Center Virtual Machine Manager, but to gain the full features of vSphere in Microsoft Hyper-V environments, you might have to add System Center Configuration Manager, System Center Operations Manager and System Center Service Manager to the mix.
Stacking vSphere 5 up against the competition isn't easy, especially because virtualization vendors are working feverishly to gain a competitive edge. One thing is clear: vSphere is a technically sound solution that will run your virtual environment reliably with great performance and plenty of options to provide HA, cloud services and tight management. Still, is it worth the price, or is another solution doing something similar for less? If you haven't looked at alternate vendors such as Citrix or Microsoft in a while, you might want to take a closer look. VMware is no longer the only great virtualization solution, but one of several solutions.