2 Confidential Audience Assumption This is a level 200 - 300 presentation. It assumes: Good understanding of vCenter 4, ESX 4, ESXi 4. Preferably hands-on We will only cover the delta between 4.1 and 4.0 Overview understanding of related products like VUM, Data Recovery, SRM, View, Nexus, Chargeback, CapacityIQ, vShieldZones, etc Good understanding of related storage, server, network technology Target audience VMware Specialist: SE + Delivery from partners
3 Confidential Agenda New features Server Storage Network Management Upgrade
4 Confidential 4.1 New Feature (over 4.0, not 3.5) : Server FeaturesDesignCostScalabilityPerformanceAvailabilitySecurityManageability ESXi: scripted install ESXi: SAN Boot Memory compression Serial Port Concentrator USB Device MS Cluster support HA Health Check HA: more VM per cluster FT enhancements DRS/HA/FT integration FT: enhanced logging
5 Confidential 4.1 New Feature (over 4.0, not 3.5) : Server FeaturesDesignCostScalabilityPerformanceAvailabilitySecurityManageability vMotion enhancements Power Management & Charts More VM per host? Reduced RAM overhead Host Affinity Rules AD integration Multi-core VM Local/Remote Console Total Lockdown Mode VMware Tools scripting
6 Confidential 4.1 New Feature (over 4.0, not 3.5) : Storage FeaturesDesignCostScalabilityPerformanceAvailabilitySecurityManageability API for Array Integration vscsiStats in ESXi Storage I/O Control iSCSI Hardware Offload VMware Data Recovery VADP enhancements Boot from iSCSI Software Pluggable Storage Arch VMFS enhancements Storage statistics Paravirtualised SCSI Improved performance 8 GB FC support
7 Confidential 4.1 New Feature (over 4.0, not 3.5) : Network FeaturesDesignCostScalabilityPerformanceAvailabilitySecurityManageability Network I/O Control IPv6 Enhancements Load-based Teaming vNIC enhancements Nexus 1000V v2.0 Distributed Switch
8 Confidential 4.1 New Feature: Management ComponentNew Features vMAAD authentication Host ProfilesCisco, AD, Tech Support Mode vCLI & PowerShellA set of new vCLI commands vCO64 bit. Improved performance. VMware Update Manager 3 rd party patching, provisioning, upgrading. Push update on critical notifications Licence Reporting Manager vCenter Faster performance, 64 bit, more VM per host, more hosts per vCenter, bigger vCenter, vCenter LinkedMode3x more VM Site Recovery Manager 4.1 Per-VM pricing. IP customization for Windows 7 and Win08 R2. Faster recovery time for iSCSI. 64-bit only. vDS support. Error ReportingSubmit error to VMware.com Partner plug-inUpdated vCenter plug-ins from partners (Server, Storage, etc) ConverterConvert to thin while converting. Hyper-V import Performance ChartsNew charts, new counters, especially Storage related
9 Confidential Builds: ESX build 260247 VC build 258902 Some stats: 4000 development weeks were spent to get to FC 5100 QA weeks were spent to get to FC 872 beta customers downloaded and tried it out 2012 servers, 2277 storage arrays, and 2170 IO devices are already on the HCL
10 Confidential Consulting Services: Kit The vSphere Fundamentals services kit Includes core services enablement materials for vSphere Jumpstarts, Upgrades, Converter/P2V and PoCs. The update reflects what’s new in vSphere 4.1 - including new resource limits, memory compression, Storage IO Control, vNetwork Traffic Management, and vSphere Active Directory Integration. The kit is intended for use by PSO Consultants, TAMs, and SEs to help with delivering services engagements, PoCs, or knowledge transfer sessions with customers. Located at Partner Central – Services IP Assets https://na6.salesforce.com/sfc/#version?selectedD ocumentId=069800000000SSi https://na6.salesforce.com/sfc/#version?selectedD ocumentId=069800000000SSi For delivery partner: Please download this. For delivery partner: Please download this.
12 Confidential PXE Boot Retry Virtual Machine -> Edit Settings -> Options -> Boot Options Failed Boot Recovery disabled by default Enable and set the automatically retry boot after X Seconds 12
13 Confidential Wide NUMA Support Wide VM Wide-VM is defined as a VM that has more vCPUs than the available cores on a NUMA node. A 5-vCPU VM in a quad-core server Only the cores count, and hyperthreading threads don’t ESX 4.1 scheduler introduces wide-VM NUMA support Improves memory locality for memory-intensive workloads. Based on testing with micro benchmarks, the performance benefit can be up to 11–17%. How it works ESX 4.1 allows wide-VMs to take advantage of NUMA management. NUMA management means that a VM is assigned a home node where memory is allocated and vCPUs are scheduled. By scheduling vCPUs on a NUMA node where memory is allocated, the memory accesses become local, which is faster than remote accesses
14 Confidential ESXi Enhancements to ESXi. Not applicable to ESX
15 Confidential Transitioning to ESXi ESXi is our architecture going forward
16 Confidential Moving toward ESXi Commands for configuration and diagnostics Management Agents Hardware Agents Service Console (COS) VMware ESXi CIM API Agentless vAPI-based “Classic” VMware ESX Agentless CIM-based vCLI, PowerCLI vSphere API Infrastructure Service Agents Native Agents: NTP, Syslog, SNMP Local Support Console Permalink to: VMware ESX and ESXi 4.1 ComparisonVMware ESX and ESXi 4.1 Comparison
17 Confidential Software Inventory - Connected to ESXi/ESX Enhanced CIM provider now displays great detail on installed software bundles. Before From vSphere 4.1 Enumerate instance of CIM_SoftwareIdentity
18 Confidential 18 Software Inventory – Connected to vCenter Enhanced CIM provider now displays great detail on installed software bundles. Before From vSphere 4.1 Enumerate instance of CIM_SoftwareIdentity
19 Confidential Additional Deployment Option Boot From SAN Fully supported in ESXi 4.1 Was only experimentally supported in ESXi 4.0 Boot from SAN supported for FC, iSCSI, and FCoE ESX and ESXi have different requirement: iBFT (Boot Firmware Table) required The host must have an iSCSI boot capable NIC that supports the iSCSI iBFT format. iBFT is a method of communicating parameters about the iSCSI boot device to an OS
20 Confidential Additional Deployment Option Scripted Installation Numerous choices for installation Installer booted from CD-ROM (default) Preboot Execution Environment (PXE) ESXi Installation image on CD-ROM (default), HTTP/S, FTP, NFS Script can be stored and accessed Within the ESXi Installer ramdisk On the installation CD-ROM HTTP / HTTPS, FTP, NFS Config script (“ks.cfg”) can include Preinstall Postinstall First boot Cannot use scripted installation to install to a USB device
21 Confidential PXE Boot Requirements PXE-capable NIC. DHCP Server (IPv4). Use existing one. Media depot + TFTP server + gPXE A server hosting the entire content of ESXi media. Protocal: HTTP/HTTPS, FTP, or NFS server. OS: Windows/Linux server. Info We recommend the method that uses gPXE. If not, you might experience issues while booting the ESXi installer on a heavily loaded Network. TFTP is a light-weight version of the FTP service, and is typically used only for network booting systems or loading firmware on network devices such as routers.
22 Confidential PXE boot PXE uses DHCP and Trivial File Transfer Protocol (TFTP) to bootstrap an OS over network. How it works A host makes a DHCP request to configure its NIC. A host downloads and executes a kernel and support files. PXE booting the installer provides only the first step to installing ESXi. To complete the installation, you must provide the contents of the ESXi DVD Once ESXi installer is booted, it works like a DVD-based installation, except that the location of the ESXi installation media must be specified.
23 Confidential Additional Deployment Option
24 Confidential Sample ks.cfg file # Accept the EULA (End User Licence Agreement) vmaccepteula # Set the root password to vmware123 rootpw vmware123 # Install the ESXi image from CDROM install cdrom # Auto partition the first disk – if a VMFS exists it will overwrite it. autopart --firstdisk --overwritevmfs # Create a partition called Foobar # Partition the disk identified with vmhba1:c0:t1:l0 to grow to a maxsize of 4000 partition Foobar --ondisk=mpx.vmhba1:C0:T1:L0 --grow –maxsize=4000 # Set up the management network on the vmnic0 using DHCP network –bootproto=dhcp --device=vmnic0 --addvmportgroup=0 %firstboot --level=90.1 --unsupported --interpreter=busybox # On this first boot, save the current date to a temporary file date > /tmp/foo # Mount an nfs share and put it at /vmfs/volumes/www esxcfg-nas -add -host 10.20.118.5 -share /var/www www # Accept the EULA (End User Licence Agreement) vmaccepteula # Set the root password to vmware123 rootpw vmware123 # Install the ESXi image from CDROM install cdrom # Auto partition the first disk – if a VMFS exists it will overwrite it. autopart --firstdisk --overwritevmfs # Create a partition called Foobar # Partition the disk identified with vmhba1:c0:t1:l0 to grow to a maxsize of 4000 partition Foobar --ondisk=mpx.vmhba1:C0:T1:L0 --grow –maxsize=4000 # Set up the management network on the vmnic0 using DHCP network –bootproto=dhcp --device=vmnic0 --addvmportgroup=0 %firstboot --level=90.1 --unsupported --interpreter=busybox # On this first boot, save the current date to a temporary file date > /tmp/foo # Mount an nfs share and put it at /vmfs/volumes/www esxcfg-nas -add -host 10.20.118.5 -share /var/www www
25 Confidential Full Support of Tech Support Mode There you go 2 types Remote: SSH Local: Direct Console
26 Confidential Full Support of Tech Support Mode Enter to toggle. That’s it! Disable/Enable Timeout automatically disables TSM (local and remote) Running sessions are not terminated. All commands issued in Tech Support Mode are sent to syslog
27 Confidential Full Support of Tech Support Mode Recommended uses Support, troubleshooting, and break-fix Scripted deployment preinstall, postinstall, and first boot scripts Discouraged uses Any other scripts Running commands/scripts periodically (cron jobs) Leaving open for routine access or permanent SSH connection Admin will be notified when active
28 Confidential Full Support of Tech Support Mode We can also enable it via GUI Can enable in vCenter or DCUI Enable/Disable
29 Confidential Security Banner A message that is displayed on the direct console Welcome screen.
30 Confidential Total Lockdown
31 Confidential Total Lockdown Ability to totally control local access via vCenter DCUI Lockdown Mode (disallows all access except root on DCUI) Tech Support Mode (local and remote) If all configured, then no local activity possible (except pull the plugs)
32 Confidential Additional commands in Tech Support Mode vscsciStats is now available in the console. Output is raw data for histogram. Use spreadsheet to plot the histogram Some use cases: Identify whether IO are sequential or random Optimizing for IO Sizes Checking for disk mis-alignment Looking at storage latency in more details
33 Confidential Additional commands in Tech Support Mode Additional commands for troubleshooting nc (netcat) http://en.wikipedia.org/wiki/Netcat tcpdump-uw http://en.wikipedia.org/wiki/Tcpdump
34 Confidential More ESXi Services listed More services are now shown in GUI. Ease of control For example, if SSH is not running, you can turn it on from GUI. ESXi 4.0 ESXi 4.1
35 Confidential TSM: Advanced troubleshooting (GSS) DCUI: misconfigs / restart mgmt agents ESXi Diagnostics and Troubleshooting ESXi Remote Access vCenter vCLI vSphere APIs During normal operations: If things go wrong: Local Access
36 Confidential Common Enhancements for both ESX and ESXi 64 bit User World Running VMs with very large memory footprints implies that we need a large address space for the VMX. 32-bit user worlds (VMX32) do not have sufficient address space for VMs with large memory. 64-bit User worlds overcome this limitation. NFS The number of NFS volumes supported is increased from 8 to 64. Fiber Channel End-To-End Support for 8 GB (HBA, Switch & Array). VMFS Version changed to 3.46. No customer visible changes. Changes related to algorithms in the vmfs3 driver to handle new VMware APIs for Array Integration (VAAI).
37 Confidential Common Enhancements for both ESX and ESXi VMkernel TCP/IP Stack Upgrade Upgraded to version based on BSD 7.1. Result: improving FT logging, VMotion and NFS client performance. Pluggable Storage Architecture (PSA) New naming convention. New filter plugins to support VAAI (vStorage APIs for Array Integration). New PSPs (Path Selection Policies) for ALUA arrays. New PSP from DELL for the EqualLogic arrays.
38 Confidential USB pass-through New Features for both ESX/ESXi
39 Confidential USB Devices 2 steps: Add USB Controller Add USB Devices
40 Confidential USB Devices Only devices listed on the manual is supported. Mostly for ISV licence dongle. A few external USB drives. Limited list of device for now Only devices listed on the manual is supported. Mostly for ISV licence dongle. A few external USB drives. Limited list of device for now
41 Confidential Example 1 Source: http://vstorage.wordpress.com/2010/07/15/usb- passthrough-in-vsphere-4-1/ After vMotion, the VM will be on another (remote) ESXi. Communication inter-ESXi will use Mgmt Network (ESXi has no SC network) After vMotion, the VM will be on another (remote) ESXi. Communication inter-ESXi will use Mgmt Network (ESXi has no SC network) You cannot multi-select devices at this stage – add them one by one.
42 Confidential Example 1 From the source “I have tested numerous brands of USB mass storage devices (Kingston, Sandisk, Lexar, Imation) as well a couple of of security dongles and they all work well.”
43 Confidential Example 2: adding UPS Source: http://vninja.net/virtualization/ using-usb-pass-through-in-vsphere-4-1/
44 Confidential Example 2 Source: http://vninja.net/virtualization/ using-usb-pass-through-in-vsphere-4-1/
45 Confidential USB Devices: Supported Devices
46 Confidential USB Devices Up to 20 devices per VM. Up to 20 devices per ESX host. 1 device can only be owned by 1 VM at a given time. No sharing. Supported vMotion Communication via the management network DRS Unsupported DPM. DPM is not aware of the device and may turn it off. This may cause loss of data. So disable DRS for this VM so it stays in this host only. Fault Tolerance Design consideration Take note of situation when the ESX host is not available (planned or unplanned downtime)
47 Confidential MS AD integration New Features for both ESX/ESXi
48 Confidential AD Service Provides authentication for all local services vSphere Client Other access based on vSphere API DCUI Tech Support Mode (local and remote) Has nominal AD groups functionality Members of “ESX Admins” AD group have Administrative privilege Administrative privilege includes: Full Administrative role in vSphere Client and vSphere API clients DCUI access Tech Support Mode access (local and remote)
49 Confidential The Likewise Agent ESX uses an agent from Likewise to connect to MS AD and to authenticate users with their domain credentials. The agent integrates with the VMkernel to implement the mapping for applications such as the logon process (/bin/login) which uses a pluggable authentication module (PAM). As such, the agent acts as an LDAP client for authorization (join domain) and as a Kerberos client for authentication (verify users). The vMA appliance also uses an agent from Likewise. ESX and vMA use different versions of the Likewise agent to connect to the Domain Controller. ESX uses version 5.3 whereas vMA uses version 5.1. 49
52 Confidential AD Service A third method for joining ESX/ESXi hosts and enabling Authentication Services to utilize AD is to configure it through Host Profiles
53 Confidential AD Likewise Daemons on ESX lwiod is the Likewise I/O Manager service - I/O services for communication. Launched from /etc/init.d/lwiod script. netlogond is the Likewise Site Affinity service - detects optimal AD domain controller, global catalogue and data caches. Launched from /etc/init.d/netlogond script. lsassd is the Likewise Identity & Authentication service. It does authentication, caching and idmap lookups. This daemon depends on the other two daemons running. Launched from /etc/init.d/lsassd script. root 18015 1 0 Dec08 ? 00:00:00 /sbin/lsassd --start-as-daemon root 31944 1 0 Dec08 ? 00:00:00 /sbin/lwiod --start-as-daemon root 31982 1 0 Dec08 ? 00:00:02 /sbin/netlogond --start-as-daemon
54 Confidential ESX Firewall Requirements for AD Certain ports in SC are automatically opened in the Firewall Configuration to facilitate AD. Not applicable to ESXi Before After
55 Confidential Time Sync Requirement for AD Time must be in sync between the ESX/ESXi server and the AD server. For the Likewise agent to communicate over Kerberos with the domain controller, the clock of the client must be within the domain controller's maximum clock skew, which is 300 seconds, or 5 minutes, by default. The recommendation would be that they share the same NTP server.
56 Confidential vSphere Client Now when assigning permissions to users/groups, the list of users and groups managed by AD can be browsed by selecting the Domain.
57 Confidential Info in AD The host should also be visible on the Domain Controller in the AD Computers objects listing. Looking at the ESX Computer Properties shows a Name of RHEL (as it the Service Console on the ESX) & Service pack of ‘Likewise Identity 5.3.0’
58 Confidential Memory Compression New Features for both ESX/ESXi
59 Confidential Memory Compression VMKernel implement a per-VM compression cache to store compressed guest pages. When a guest page (4 KB page) needs to swapped, VMKernel will first try to compress the page. If the page can be compressed to 2 KB or less, the page will be stored in the per-VM compression cache. Otherwise, the page will be swapped out to disk. If a compressed page is again accessed by the guest, the page will decompressed online.
60 Confidential Changing the value of cache size
62 Confidential Monitoring Compression 3 new counters introduced to monitor Host level, not VM level.
63 Confidential Power Management
64 Confidential Power consumption chart Per ESX, not per cluster Need hardware integration. Difference HW makes have different info
65 Confidential Performance Graphs – Power Consumption We can now track the Power consumption of VMs in real-time Enabled through Software Settings ->Advanced Settings -> Power -> Power.ChargeVMs 65
66 Confidential Host power consumption In some situation, may need to edit /usr/share/sensors/vmware to get support for the host Different HW makers have different API. VM power consumption Experimental. Off by default
67 Confidential ESX Features only for ESX (not ESXi)
68 Confidential ESX: Service Console firewall Changes in ESX 4.1 ESX 4.1 introduces these additional configuration files located in /etc/vmware/firewall/chains: usercustom.xml userdefault.xml Relationship between the 2 files “user” overwrites. The default files custom.xml and default.xml are overridden by usercustom.xml and userdefault.xml. All configuration is saved in usercustom.xml and userdefault.xml. Copy the original custom.xml and default.xml files. Use them as a template for usercustom.xml and userdefault.xml.
69 Confidential Cluster HA, FT, DRS & DPM
70 Confidential Availability Feature Summary HA and DRS Cluster Limitations High Availability (HA) Diagnostic and Reliability Improvements FT Enhancements vMotion Enhancements Performance Usability Enhanced Feature Compatibility VM-host Affinity (DRS) DPM Enhancements Data Recovery Enhancements
71 Confidential DRS: more HA-awareness vSphere 4.1 adds logic to prevent imbalance that may not be good from HA point of view. Example 20 small VM and 2 very large VM. 2 ESXi hosts. Same workload with the above 20 collectively. vSphere 4.0 may put 20 small VM on Host A and 2 very large VM on Host B. From HA point of view, this may result in risks when Host A fails. vSphere 4.1 will try to balance the number of VM.
72 Confidential HA and DRS Cluster Improvements Increased cluster limitations Cluster limits are now unified for HA and DRS clusters Increased limits for VMs/host and VMs/cluster Cluster limits for HA and DRS: 32 hosts/cluster 320 VMs/host (regardless of # of hosts/cluster) 3000 VMs/cluster Note that these limits also apply to post-failover scenarios. Be sure that these limits will not be violated even after the maximum configured number of host failovers.
73 Confidential HA and DRS Cluster Limit 5-host cluster, tolerate 1 host failure vSphere 4.1 supports 320 VMs/host Supports 320x5 VMs/cluster? NO Cluster can only support 320x4 VMs 5-host cluster, tolerate 2 host failures Supports 320x5 VMs/cluster? NO Cluster can only support 320x3 VMs X X X
74 Confidential HA Diagnostic and Reliability Improvements HA Healthcheck Status HA provides an ongoing healthcheck facility to ensure that the required cluster configuration is met at all times. Deviations result in an event or alarm on the cluster. Improved HA-DRS interoperability during HA failover DRS will perform vMotion to free up contiguous resources (i.e. on one host) so that HA can place a VM that needs to be restarted
75 Confidential HA Diagnostic and Reliability Improvements HA Operational Status Displays more information about the current HA operational status, including the specific status and errors for each host in the HA cluster. It shows if the host is Primary or Secondary!
76 Confidential HA Operational Status Just another example
77 Confidential HA: Application Awareness Application Monitoring can restart a VM if the heartbeats for an application it is running are not received Expose APIs for 3rd party app developers Application Monitoring works much the same way that VM Monitoring: If the heartbeats for an application are not received for a specified time via VMware Tools, its VM is restarted. ESXi 4.0 ESXi 4.1
78 Confidential Fault Tolerance
79 Confidential FT Enhancements FT fully integrated with DRS DRS load balances FT Primary and Secondary VMs. EVC required. Versioning control lifts requirement on ESX build consistency Primary VM can run on host with a different build # as Secondary VM. Events for Primary VM vs. Secondary VM differentiated Events logged/stored differently. Resource Pool DRS FT Primary VM FT Secondary VM
80 Confidential No data-loss Guarantee vLockStep: 1 CPU step behind Primary/backup approach A common approach to implementing fault-tolerant servers is the primary/backup approach. The execution of a primary server is replicated by a backup server. Given that the primary and backup servers execute identically, the backup server can take over serving client requests without any interruption or loss of state if the primary server fails
81 Confidential New versioning feature FT now has a version number to determine compatibility Restriction to have identical ESX build # has been lifted Now FT checks it’s own version number to determine compatibility Future versions might be compatible with older ones, but possibly not vice-versa Additional information on vSphere Client FT version displayed in host summary tab # of FT enabled VMs displayed there For hosts prior to ESX/ESXi 4.1, this tab lists the host build number instead. FT versions included in vm-support output /etc/vmware/ft-vmk-version: product-version = 4.1.0 build = 235786 ft-version = 2.0.0
82 Confidential FT logging improvements FT traffic was bottlenecked to 2 Gbit/s even on 10 Gbit/s pNICs Improved by implementing ZeroCopy feature for FT traffic Tx, too For sending only (Tx) Instead of copying from FT buffer into pNIC/socket buffer just a link to the memory holding the data is transferred Driver accesses data directly- no copy needed
83 Confidential FT: unsupported vSphere features Snapshots. Snapshots must be removed or committed before FT can be enabled on a VM. It is not possible to take snapshots of VMs on which FT is enabled. Storage vMotion. Cannot invoke Storage vMotion for FT VM. To migrate the storage, temporarily turn off FT, do Storage vMotion, then turn on FT. Linked clones. Cannot enable FT on a VM that is a linked clone, nor can you create a linked clone from an FT-enabled VM. Back up. Cannot back up an FT VM using VCB, vStorage API for Data Protection, VMware Data Recovery or similar backup products that require the use of a VM snapshot, as performed by ESXi. To back up VM in this manner, first disable FT, then re-enable FT after backup is done. Storage array-based snapshots do not affect FT. Thin Provisioning, NPIV, IPv6, etc
84 Confidential FT: performance sample MS Exchange 2007 1 core handles 2000 Heavy Online user profile VM CPU utilisation is only 45%. ESX is only 8% Based on previous “generation” Xeon 5500, not 5600 vSphere 4.0, not 4.1 Opportunity Higher uptime for customer email system
85 Confidential Integration with HA Improved FT host management Move host out of vCenter DRS able to vMotion FT VMs Warning if HA gets disabled and following operations will be disabled Turn on FT Enable FT Power on a FT VM Test failover Test secondary restart
86 Confidential VM-to-Host Affinity
87 Confidential Background Different servers in a datacenter is a common scenario Differences by memory size, CPU generation or # or type of pNICs Best practice up to now Separate different hosts in different clusters Workarounds Creating affinity/ anti-affinity rules Pinning a VM to a single host by disabling DRS on the VM. Disadvantage Too expensive as each cluster needed to have HA failover capacity New feature: DRS Groups Host and VM groups Organize ESX hosts and VMs into groups Similar memory Similar usage profile …
88 Confidential Rule enforcement: 2 options Required: DRS/HA will never violate the rule; event generated if violated manually. Only advised for enforcing host-based licensing of ISV apps. Preferential: DRS/HA will violate the rule if necessary for failover or for maintaining availability Required rules Preferential rules VM-host Affinity (DRS)
89 Confidential Hard Rules DRS will follow the hard rules With DPM hosts will get powered on to follow a rule If DRS can’t follow, vCenter will display an alarm Can not be overwritten by user DRS will not generate any recommendations which would violate hard rules DRS Groups and hard rules with HA Hosts will be tagged as “incompatible” in case of “Must Not run…” so HA will take care of these rules, too
90 Confidential Soft Rules DRS will follow a soft rule if possible Will allow actions User-initiated DRS-mandatory HA actions Rules are applied as long as their application does not impact satisfying current VM cpu or memory demand DRS will report a warning if the rule isn’t followed DRS does not produce a move recommendation to follow the rule Soft VM/host affinity rules are treated by DRS as "reasonable effort"
91 Confidential Grouping Hosts with different capabilities DRS Groups Manager Defines Groups VM groups Host groups
92 Confidential Managing ISV Licensing Example Customer has 4-node cluster Oracle DB and Oracle BEA are charged for every hosts that can run it. vSphere 4.1 introduces “hard partitioning” Both DRS and HA will honour this boundary. DMZ VM Oracle BEA Rest of VMs Oracle DB DMZ LAN Production LAN
93 Confidential Managing ISV Licensing Hard partitioning If a host is in a VM-host must affinity rule, they are considered compatible hosts, all the others are tagged as incompatible hosts. DRS, DPM and HA are unable to place the VMs on incompatible hosts. Due to the incompatible host designation, the mandatory VM-Host is a feature what can be (undeniably) described as hard partioning. You cannot place and run a VM on incompatible host Oracle has not acknowledged this as hard partitioning. Sources http://frankdenneman.nl/2010/07/vm-to-hosts-affinity-rule/ http://www.latogalabs.com/2010/07/vsphere-41-hidden-gem-host-affinity- rules/
94 Confidential Example of setting-up: Step 1 In this example, we are adding the “WinXPsp3” VM to the group. The group name is “Desktop VMs”
95 Confidential Example of setting-up: Step 2 Just like we can group VM, we can also group ESX
96 Confidential Example of setting-up: Step 3 We have grouped the VMs in the cluster into 2 We have grouped the ESX in the cluster into 2
97 Confidential Example of setting-up: Step 4 This is the screen where we do the mapping. VM Group mapped to Host Group
98 Confidential Example of setting-up: Step 5 Mapping is done. The Cluster Settings dialog box now display the new rules type.
99 Confidential HA/ DRS DRS lists rules Switch on or off Expand to display DRS Groups Rule details Rule policy Involved Groups
101 Confidential Enhancement for Anti-affinity rules Now more than 2 VMs in a rule Each rule can have a couple of VMs Keep them all together Separate them through cluster For each VM at least 1 host is needed 101
102 Confidential DPM Enhancements Scheduling DPM Turning on/off DPM is now a scheduled task DPM can be turned off prior to business hours in anticipation for higher resource demands Disabling DPM It brings hosts out of standby Eliminates risk of ESX hosts being stuck in standby mode while DPM is disabled. Ensures that when DPM is disabled, all hosts are powered on and ready to accommodate load increases.
103 Confidential DPM Enhancements
104 Confidential vMotion
105 Confidential vMotion Enhancements Significantly decreased the overall migration time (time will vary depending on workload) Increased number of concurrent vMotions: ESX host: 4 on a 1 Gbps network and 8 on a 10 Gbps network Datastore: 128 (both VMFS and NFS) Maintenance mode evacuation time is greatly decreased due to above improvements
106 Confidential vMotion Re-write of the previous vMotion code Sends memory pages bundled together instead of one after the other Less network/ TCP/IP overhead Destination pre-allocates memory pages Multiple senders/ receivers Not only a single world responsible for each vMotion thus limit based on host CPU Sends list of changed pages instead of bitmaps Performance improvement Throughput improved significantly for single vMotion ESX 3.5 – ~1.0Gbps ESX 4.0 – ~2.6Gbps ESX 4.1 – max 8 Gbps Elapsed reduced by 50%+ on 10GigE tests. Mix of different bandwidth pNICs not supported
107 Confidential vMotion Aggressive Resume Destination VM resumes earlier Only workload memory pages have been received Remaining pages transferred in background Disk-Backed Operation Source host creates a circular buffer file on shared storage Destination opens this file and reads out of it Works only on VMFS storage In case of network failure during transfer vMotion falls back to disk based transfer Works together with aggressive resume feature above
108 Confidential Enhanced vMotion Compatibility Improvements Preparation for AMD Next Generation without 3DNow! Future AMD CPUs may not support 3DNow! To prevent vMotion incompatibilities, a new EVC mode is introduced.
109 Confidential EVC Improvements Better handling of powered-on VMs vCenter server now uses a live VM's CPU feature set to determine if it can be migrated into an EVC cluster Previously, it relied on the host's CPU features A VM could run with a different vCPU than the host it runs on I.e. if it was initially started on an older ESX host and vMotioned to the current one So the VM is compatible to an older CPU and could possibly be migrated to the EVC cluster even if the ESX hosts the VM runs on is not compatible
110 Confidential Enhanced vMotion Compatibility Improvements Usability Improvements VM's EVC capability: The VMs tab for hosts and clusters now displays the EVC mode corresponding to the features used by VMs. VM Summary: The Summary tab for a VM lists the EVC mode corresponding to the features used by the VM.
111 Confidential EVC (3/3) Earlier Add-Host Error detection Host-specific incompatibilities are now displayed prior to the Add-Host work- flow when adding a host into an EVC cluster Up to now this error occurred after all needed steps were done by the administrator Now it’ll warn earlier
113 Confidential Multi-core CPU inside a VM Click this
114 Confidential Multi-core CPU inside a VM 2-core, 4-core, 8 core. No 3-core, 5 core, 6 core, etc 2-core, 4-core, 8 core. No 3-core, 5 core, 6 core, etc Type this manually
115 Confidential Multi-core CPU inside a VM How to enable (per VM, not batch) Turn off VM. Can not be done online. Click Configuration Parameters Click Add Row and type cpuid.coresPerSocket in the Name column. Type a value (2, 4, or 8) in the Value column. The number of virtual CPUs must be divisible by the number of cores per socket. The coresPerSocket setting must be a power of two. Notes: If enabled, CPU Hot Add is disabled
116 Confidential Multi-core CPU inside a VM Once enabled, it is not readily shown to administrator This is not shown easily in the UI. VM listing in vSphere Client does not show core Possible to write scripts Iterates per VM Sample tools CPU-Z MS SysInternals
117 Confidential Customers Can Self-Enforce Per VM License Compliance When customer use more than they bought Alert by vCenter But will be able to continue managing additional VMs. So can over use. Customers are responsible for purchasing additional licenses and any back- SNS. So Support & Subscription must be back dated. This is consistent with current vSphere pricing.
120 Confidential vSphere Guest API It provides functions that management agents and other software can use to collect data about the state and performance of a VM. The API provides fast access to resource management information, without the need for authentication. The Guest API provides read‐only access. You can read data using the API, but you cannot send control commands. To issue control commands, use the vSphere Web Services SDK. Some information that you can retrieve through the API: Amount of memory reserved for the VM. Amount of memory being used by the VM. Upper limit of memory available to the VM. Number of memory shares assigned to the VM. Maximum speed to which the VM’s CPU is limited. Reserved rate at which the VM is allowed to execute. An idling VM might consume CPU cycles at a much lower rate. Number of CPU shares assigned to the VM. Elapsed time since the VM was last powered on or reset. CPU time consumed by a particular VM. When combined with other measurements, you can estimate how fast the VM’s CPUs are running compared to the host CPUs