Amazon Banner

Tuesday, October 11, 2016

Is Network Virtualization to stay?

Network Virtualization (NV) and Software Defined Network (SDN) has been a hype over the last 2 years through media and lots of news publicity.

The adoption for many is still new.  In fact, most customers around the world has either yet to start, or just starting, or have a setup just running not at full scale.

Over the last two years, we see lots of solutions ranging from NS from VMware NSX via software to SDN from Cisco ACI via hardware.  This then also started up many new comers from companies like Nuage Networks to vArmour.

Having meeting many customers from different industry and verticals the questions often been asked are like the below:
why this and not that?
what the different from your competitors?
isn't going to SDN or NV makes visibility more complex?
how secure is logical compare to physical?

While some of the questions and more cannot be explained in details, from a personal point of view it often drive down to a few factors:

1) Will the company be around in the next 3-5 years time?
Adopting a technology, you definitely want your ROI and supportability to last you the tenure the software support or beyond else you will have to do that exercise again.  That can be a good consideration.

2) Can the technology or solution chosen be used in a multi-cloud, multi-platform environment?
The technology and solution chosen, will it work with multi-cloud in your organization or even some hosted in a public cloud where on premies you might be running VMware or Hyper-V and in the public cloud you might be running Amazon or Azure where there is a platform difference.  Even today you ain't looking doing so, at least you won't be restricted.  During VMworld 2016, VMware showcase the use of maintaining firewall policy on premies as well as on Amazon and Azure public cloud with its Cross Platform Services.  This is a real tie breaker to many solutions on the market making it no longer platform dependent.  The solution is protect your existing and future planning.  Since you cannot dictate your public cloud vendor hardware nor software, the solution should not tie you down to one in particular that does.  Now you not just get Application mobility but security portability be it within or across cloud keeping policy in check.

3) Will we lose visibility?
In fact, you gain by doing software defined or network virtualization.  Reason is simple, today using existing tools typically only provide you the information on the physical space or physical fabric.  This does not show you what is happening within the host especially when VM of the same communicate within each other on the same hosts.  With NV, things has changed, with not only do you get to see information coming from the VMs, you also gain extra ways of performing troubleshooting.

4) How secure is it comparing to hardware?
In fact, most logical solution just like hardware have gone through proper security certification like FIPS and Common Criteria.  In fact, even with physical air gap, penetration still happens.  In fact, logical make costing cheaper and giving you better protection at fraction of the cost if you have gone using the hardware route.  If you were to just look at NSX, it is run in the thin abstract of the hypervisor in kernel where nearline performance is provided.  ESXi have never been breached and with its thin profile of 160Mb, unlike solution that depends heavily on OS which exposed many vulnerability upon penetrated.

In a summary, logical networking is just getting its adoption now.  While we are so used to physical separation, industry is moving towards adopting logical separation away from what we used to do. With virtualization, we are now not only able to gain more visibility, scaling possibility without creating managing silo networks and as well as security and compliance mobility. On a contrary doing it on physical solution will incur a huge cost and creates overheads in terms of management and at scale, lots of silos.

With the preview of VMware NSX Cross Platform Service and last year on Distributed Network Encryption (DNE), this not open a great lots of opportunities where technology can create beyond what hardware has limits on, it also allows unrestricted application placement headache as security policy goes with the VM.

So what do you think?  Share your view in the comments.

Tuesday, October 4, 2016

VMware vCenter Desktop and vCenter Standard Licensing

Awhile a go I wrote an article about how the different vSphere Desktop licensing is for and the entitlement.

Having meeting many customer with big and small environment, projects or used cases for certain requirements.  There were some question revolving around vCenter licensing especially for the desktop related.

Here is an article of the FAQ on vSphere Desktop licensing.  One of the question in this article states:

Q. Do I need a separate vCenter Server for my VDI hosts? 
A. Yes, like Horizon 7 deployments on vSphere 5.x, you will need a separate VMware vCenter Server® for your VDI hosts. vCenter is not included in vSphere Desktop. 

Let me further explain the above.  If you are running a 3rd party VDI solution riding on vSphere Desktop licensing, vCenter is not included.  You would need to purchase vCenter Standard to manage that environment.

However if you are a Horizon customer, the bundle include vCenter Desktop use to manage a vSphere Desktop environment.

You now will asked, what about using 3rd parties VDI, why don't I purchase vCenter Desktop instead of vCenter Standard.  The answer is, vCenter Desktop is not for sale and is only available in Horizon Bundle.  That also explains why running 3rd parties VDI on top of vSphere always cost more and its always more cost effective just to run Horizon VDI.

Next common ask will be can I manage vSphere Desktop environment and Infra vSphere environment with one single vCenter?

The answer is not recommended but you can with caveats.  Not recommended is because of the way VDI runs we typically want to keep it separate and the load on the vCenter are typically high as VDI are highly dense and have lots of activities.

Let's address with 3rd parties VDI and with Horizon.

For 3rd Parties VDI, you will need to complete your purchase of vCenter Standard and vSphere Desktop for the VDI environment.  You will then have a Infra environment with the normal vSphere Standard/Enterprise Plus with a vCenter Standard.  You notice each environment must have their vCenter.  After owning two vCenter licenses, one for each, will you be able to utilize one to manage both environment.  This is part of End User Licensing Agreement.

For Horizon customer, since the bundle already comes with vCenter Desktop, customer would need to have a copy of a vCenter Standard for the infra environment will they be allowed to use one vCenter to manage both environment.

Hope this explains better if you do have an environment that really need a vCenter to manage both.

Friday, September 2, 2016

VMware Cloud Foundation

During the first day of VMworld 2016, VMware Cloud Foundation (VCF) was announced.  Some of us who are following what VMware has in its portfolio might be really confused.  I am just one of the few.

So what is VMware Cloud Foundation?  Basically remember we used to have a platform known as EVO?  EVO Rail and EVO Rack.  EVO Rail has been deprecated and was only leaving the EVO Rack which was later rebrand as EVO SDDC.  VMware Cloud Foundation is the replacement for EVO SDDC.

As of 1st Sept today, EVO SDDC is no longer available as stated here.  You can read more of VMware Cloud Foundation here.  The FAQ that clearly describe here.

In a simple summary, EVO SDDC is been replaced by VMware Cloud Foundation and VCF is no longer limited to the few (actual 4) vendors exclusively, in fact customer can choose to use even a VSAN Ready Nodes with VCF and use the supported switches from Cisco or Arista making sure TOR and Spine are from the same vendor.

On a personal view, VMware has just created another ecosystem for VCF just like how it has done for vSphere and VSAN but with a complete solution which consist of vSphere, NSX and VSAN.  Vendors will leverage VCF and build their lifecycle management into VCF to support their hardware all together.

As for the support, licenses can be bundled with OEM licenses in such, total support comes from the specific vendor.  However customer can choose to purchase the license direct from VMware to have VMware direct support instead.  Though this comparing to build your own system it is still more simplified but customer will still need to contact two vendors for support.

VCF does not stop there, all summarized above are for on premises.  However, VCF can also be leverage by public cloud vendors e.g. vCloud Air Network Partners (VCAN) and for the first partner this will be IBM Softlayer as announced.

This way, it creates a better solution to create a SDDC platform on and across cloud.  Allowing vendors to build a unified SDDC platform while customer enjoying the benefits of a unified SDDC Platform.  This remove the complexity to ensure compatibility and reduce interoperability between versions of software on premies and off premises where customer will have when moving workload between hybrid clouds.

Tuesday, August 30, 2016

VMware vSphere 6.5 What's New

In most announcement in VMworld, often there will be a release every other time for vSphere.  This time round, there isn't any announcement or a given date.  However, there are session on vSphere 6.5 and also on VM encryption feature which will be introduced in the next version.  This year it was announced at VMworld Barcelona 2016.

There ain't major features but some great enhancement and requests that customer has been asking for.  So here is a breakdown of some of the important features enhancements or addition to this release:

vCenter Server Appliance (vCSA)
VMware has already introduce this back in version 5.0.  And at 6.0, it has already been in par with the Windows version.  In this release, there will be no update to vSphere Client and Update Manager is now part of vCSA.  API is also provided for automation.

vCenter Migration, a new feature to help existing Windows vCenter Server customers to move to the vCSA.  This tool will also migrate the database to the embedded PostgreSQL database in vCSA.  The main problem for customer here is that the tool only migrate it to the embedded database and not allowed them to choose an external or remain as external DB.

Auto Deploy improvement with API and workflows to improve lifecycle management.

Host Profile improvement with search functionality and simplification for troubleshooting if needed.

Open VMware Tools, the aim to provide bootless Linux upgrade and more streamline in-guest lifecycle management.

vCenter High Availability.  A ask for the replacement on vCenter Heartbeat and finally VMware has come out with a solution.  No more requirement of WFCS or RDM.  vCenter HA will be able to handle an outage of within 10 mins.

PSC HA.  A native PSC HA which does not require a Load Balance will be introduced.  This will only be available in the vCSA.

vSphere Web Client.  Further enhancements been done to the vSphere Web Client where all will be in HTML5.  

UEFI Secure Boot.  This has been a delayed feature as most OS would have this function and glad vSphere is now supporting it.  Just simple way if a rootkit for e.g. is compromise, ESXi will not boot due to boot chain been compromise.

VM Encryption.  Lots of ask in the public sector space and financial industry.  Currently solution is to work with 3rd party solutions to have agent in OS to have encryption been done.  If this feature, you can now encrypt a VM using 3rd party KMS.  Also VM secure boot and secure vMotion.

Proactive DRS
Working tightly with vRealize Operations, DRS will be triggered to make sure resource is available before a VM become demanding.  A scenario will be e.g. A VM typically become busy during month end closing, DRS will move certain VM out knowing it will need more resources and making sure there won't encounter a resource contention when this happens.  In the past, DRS alone will only be perform when such contention happens.

Proactive HA
With hardware vendor working to reflect meaningful sensor notification that a possible of a hardware failure e.g. DIMM Slot, vSphere HA can leverage DRS to vMotion out VM from a hardware box before a kernel panic.

Will further update this with more details.

Update 18th Oct 2016
Education courses are releasing for vSphere 6.5 here.

vSphere 6.5 just announced! Check it out.


Friday, July 22, 2016

VMware Certified Advanced Professional 6 Exam GA!

If you head to VMware Certification site, you will be able now to book the following VCAP6 exams at USD400 each and USD100 for the beta exam:

Data Center Virtualization
VCAP6-DCV Design (GA)
VCAP6-DCV Deploy

Network Virtualization
VCAP6-NV Design (pending release)
VCAP6-NV Deploy

Cloud Management and Automation
VCAP6-CMA Design (GA)
VCAP6-CMA Deploy

Desktop and Mobility
VCAP6-DTM Design
VCAP6-DTM Deploy

Apparently only VCAP6- NV Design is not yet release.   During this period, passing VCAP6-NV Deploy will give you direct access to be VCIX6 waving the two VCAPs requirement.  So if you are keen, do be fast.   This is also stated here.

As for the rest of the track, well you will need both VCAPs in Design and Deploy to be VCIX unless you are upgrading our certification from VCAP5.  Read more about it in my previous post.

One of our VMUG SG Member pointed this out.  Apparently only the VCAP6-DCV Design and VCAP6-CMA Design has GA.  The rest are in better.  It is announced here.  Whichever you take, as long a pass in beta or GA you will be VCAP6 in the respective track.  Look at the price to know if it's beta or not.

Saturday, July 9, 2016

VMware Certification for VCAP6 Deploy Beta Exam is OUT!

VMware has release the public beta exam for VCAP6 Deploy in Data Center Virtualization, Cloud Management Automation and Network Virtualization tracks.  For Desktop Mobility, this has been run the last time.  You can read about the announcement here.

This time the beta is extended to North America, Middle East, Europe and Africa.  This will give VMware Education a good statistic of the certification level and attempts around the world.

This is also running on a new interface like the VMware Hands-on Labs.

Hurry down to make your booking and provide valuable feedback to the exam to have it be GA later on.

Head over here and register for the beta.  Do note that exam centers are limited as this is beta exam and the dates as well since there are always limited sets that can utilized for each session of exam.

Tuesday, July 5, 2016

vBlog 2016 Results Release!

Every year multiple bloggers around the world get to be listed into the ranking of vBlog.  Without fail, this year the results has been release here.

I like to take this chance to thank all followers and supporters.  I would not have made it thus far without feedback and suggestions to come out with new articles.

In the chinese culture "8" is a lucky number and my blog got ranked 88.  This comes with double joy and indeed is so as I have also moved into my new place with my wife.

Deeply appreciate all the votes from everyone.  Please support me in future so I can do more and better.  Share my articles whenever you find it useful to you am sure it will for others.

Friday, June 17, 2016

VMware NSX 6.2.3 for vShield Endpoint

VMware announced the release of NSX 6.2.3 with the release notes.  So what is unusual of this release you might ask.  Well other than feature and functions or bug fixes, this also something on licensing.

So what on licensing you might ask other than the previous announcement on having Standard, Advanced and Enterprise editions of NSX.

Finally moving forward, vCNS Manager which has always been the key function for vShield Endpoint for AV offloading function is been replaced by NSX in this release.

Looking the release notes:
"Change in default license & evaluation key distribution: default license upon install is "NSX for vShield Endpoint", which enables use of NSX for deploying and managing vShield Endpoint for anti-virus offload capability only. Evaluation license keys can be requested through VMware sales."

This means default installation of NSX will be enabled with vShield Endpoint function just like vCNS Manager which is ending its support soon.

So are you entitled?  Well all existing vSphere customer will be entitled to use NSX moving forward.  If you head to the download site, you will no longer see vCNS Manager but NSX 6.2.3 in this case.

So if you are thinking that you are able to use NSX for routing and switches you will be disappointed, by default the NSX license does not enable any routing switching ability unless you have applied a evaluation license based on the editions accordingly.  This is also stated in the document center.

Friday, May 27, 2016

Release of VMware NSX Editions

If you have been following, VMware release NSX from acquisition of Nicira over the last two years.  The concept of overlay was new to the market and change many from looking at Network Virtualization.  It also introduced the first micro-segmentation concept into the virtualization world where it is not possibly done.

NSX was released with the capability from distributed firewall (DFW), Routing and Switching, VPN as well as Load Balancing in the virtual network environment.

Many have viewed NSX as an expensive solution however many wasn't aware what NSX really provide.  A majority of NSX deployment were attracted by the micro-segmentation ability which at today context the only way to do so is to place a firewall behind every single physical server.  That however still does not provide protection on all the VMs that can be running on one physical server which DFW has the ability to do so.

Looking at just the above example, the cost of implementing micro-segmentation would be way out of the picture for any company even with a deep pocket as manageability will be a nightmare.  With NSX is not just providing the same security ability but also provide an ease of operations by working of rules based on policy.  On top of this, it also provide other functions of routing switching without stepping into the data center, VPN and Load Balancing capabilities.

With all these, does it still sound pricy to you?  The next questions many will answer is I do not use all the functions.  With NSX licensing the in past, it is regardless which function you use you just license the same.

That make VMware to start implementing Editions into NSX.  This strategy is to help also Small Medium Business and Enterprise (SMB/SME) to be able to adapt NSX based on their requirement.

For the routing and switching function, customer can now look at NSX Standard Edition while for Micro-segmentation, Advanced Edition can be considered.  And lastly a mutli-site with cross vCenter  Servers requirement will consider Enterprise Edition.

This makes NSX more easy affordable to adopt especially for customers looking at cost perspective.  You can now pay for what you need.

You can check out the editions comparison here.

Thursday, May 19, 2016

RIP vSphere Client for Windows (C# Client)

Today marks the announcement from VMware to end the availability in future release of vSphere Client for Windows also known as the C# Client by many.  The last version and will be vSphere Client 6.0.  Any version of vSphere alongside with support will still be released.

With this, there will only be one client moving forward in the next release of vSphere (lightly announced in Aug 2016 during VMworld as usual).  As also stated there will be two edition of Web Client in next release namely: Flex and HTML5.

There will be plugins from other vendors that will not work since the time to create support for HTML5 will take times, so it makes sense for those who are dependent on those plugin to utilize the Flex.  For users who are not using any Flex dependent plugin, you can fully utilize the HTML5 based web client completely and enjoy the requirement of using Flash and away from the security vulnerability that comes with it.

Currently there is a Fling of the HTML5 client for testing released.  If you are curious feel free to test it out.

Catch more updates of the future vCenter from here as well.  One of the mentioned is vCenter HA which will be look into.  Let's hope something like vCenter Heartbeat replacement can be seen soon.

While some users find that the vSphere Web Client is slower than the vSphere Client.  This is true and will remain in no matter how much VMware put into R&D.  This is because this is a web based client in such it can never be as fast as been on a Windows based GUI.  We do have to understand there will be loading and refresh requirement by moving to web based and giving independency of end point OS.

Nevertheless let's take a minute to pray for our beloved vSphere Client a last bit goodbye.