Securing VMware Cloud on AWS remote access to your SDDC with an SSL VPN

The Use Case

What is an SSL VPN?

An SSL VPN (Secure Sockets Layer virtual private network) is a form of VPN that can be used with a standard Web browser. In contrast to the traditional Internet Protocol Security (IPsec) VPN, an SSL VPN does not require the installation of specialised client software on the end user’s computer. -www.bitpipe.com

Why?

• SSL VPN is not an available feature by the Management Gateway or Compute Gateway in VMware Cloud on AWS
• Enable client VPN connections over SSL to an SDDC in VMware Cloud on AWS for secure access to the resources
• Avoid site-to-site VPN configurations between on-premises and the Management Gateway
• Avoid opening vCenter to the Internet

Not all customers want to setup site-to-site VPNs using IPSEC or Route-based VPNs between their on-premises data centre to an SDDC on VMware Cloud on AWS. Using a client VPN such as an SSL VPN to enable a client-side device to setup an SSL VPN tunnel to the SDDC.

Benefits

• Improve remote administrative security
• Enable users to access SDDC resource including vCenter over a secure SSL VPN from anywhere with an Internet connection

Summary

This article goes through the requirements and steps needed to get OpenVPN up and running. Of course, you can use any SSL VPN software, OpenVPN is a freely available open source alternative that is quick and easy to setup and is used in this article as a working example.

Review the following basic requirements before proceeding:

• Access to your VMware Cloud on AWS SDDC
• Basic knowledge of Linux
• Basic knowledge of VMware vSphere
• Basic knowledge of firewall administration

Steps

vCenter Server

In this section you’ll deploy the OpenVPN appliance. The steps can be summarised below:

• Download the OpenVPN appliance to the SDDC. The latest VMware version is available with this link:

https://openvpn.net/downloads/openvpn-as-latest-vmware.ova

• Deploy the OpenVPN appliance into a logical network.
• Configure the appliance.
• Follow the OpenVPN guide for the OpenVPN VMware appliance version.

  https://openvpn.net/vpn-server-resources/deploying-the-access-server-appliance-on-vmware-esxi/

Make a note of the IP address of the appliance, you’ll need this to NAT a public IP to this internal IP using the HTTPS service later. My appliance is using an IP of 192.168.1.201.

• Log in as root with password of openvpnas to change a password for the openvpn user. This user is used for administering the admin web interface for OpenVPN.

VMware Cloud on AWS

In this section you’ll need to create a number of firewall rules as summarised in the tables further below.

Here’s a quick diagram to show how the components relate.

What does the workflow look like?

1. A user connects to the SSL VPN to OpenVPN using the public IP address 3.122.197.159.
2. HTTPS (TCP 443) is NAT’d from 3.122.197.159 to the OpenVPNAppliance with an IP of 192.168.1.201 also to the HTTPS service.
3. OpenVPN is configured with subnets that VPN users are allowed to access. 192.168.1.0/24 and 10.71.0.0/16 are the two allowed subnets. OpenVPN configures the SSL VPN tunnel to route to these two subnets.
4. The user can open up a browser session on his laptop and connect to vCenter server using https://10.71.224.4.

Rules Configured on Management Gateway

The rule should look similar to the following.

Rules Configured on Compute Gateway

The two rules should look similar to the following.

I won’t go into detail on how to create these rules. However, you will need to create a few User Defined Groups for some of the Source and Destination objects.

NAT Rules

You’ll need to request a new Public IP before configuring the NAT rule.

The NAT rule should look similar to the following.

OpenVPN Configuration

We need to configure OpenVPN before it will accept SSL VPN connections. Ensure you’ve gone through the initial configuration detailed in this document

https://openvpn.net/vpn-server-resources/deploying-the-access-server-appliance-on-vmware-esxi/

• Connect to the OpenVPNAppliance VM using a web browser. The URL is for my appliance is https://192.168.1.201:943
• Login using openvpn and use the password you set earlier.

• Click on the Admin button

Configure Network Settings

• Click on Network Settings and enter the public IP that was issued by VMware Cloud on AWS earlier.
• Also, only enable the TCP daemon.

• Leave everything else on default settings.
• Press Save Settings at the bottom.
• Press the Update Running Server button.

Configure Routing

• Click on VPN Settings and enter the subnet that vCenter runs on under the Routing section. I use the Infrastructure Subnet. 10.71.0.0/16.

• Leave all other settings default, however this depends on what you configured when you deployed the OpenVPN appliance initially. My settings are below:

• Press Save Settings at the bottom.
• Press the Update Running Server button.

Configure Users and Users’ access to networks

• Click on User Permissions and add a new user
• Click on the More Settings pencil icon and configure a password and add in the subnets that you want this user to be able to access. I am using 192.168.1.0/24 – this is the OpenVPN-network subnet and also 10.71.0.0/16 – this is the Infrastructure Subnet for vCenter, ESXi in the SDDC. This will allow clients connected through the SSL VPN to connect directly to vCenter.

If you don’t know the Infrastructure Subnet you can obtain it by going to Network & Security > Overview

• Press Save Settings at the bottom.
• Press the Update Running Server button.

Installing the OpenVPN SSL VPN client onto a client device

The desktop client is only required if you do not want to use the web browser to initiate the SSL VPN. Unfortunately, we need signed certificates configured on OpenVPN to use the browser. I don’t have any for this example, so we will use the desktop client to connect instead.

For this section I will use my laptop to connect to the VPN.

• Open up a HTTPS browser session to the public IP address that was provisioned by VMware Cloud on AWS earlier. For me this is https://3.122.197.159.
• Accept any certificates to proceed. Of course, you can use real signed certificates with your OpenVPN configuration.
• Enter the username of the user that was created earlier, the password and select the Connect button.

• Click on the continue link to download the SSL VPN client

• Once downloaded, launch the installation file.
• Once complete you can close the browser as it won’t connect automatically as we are not using signed certificates.

Connecting to the OpenVPN SSL VPN client from a client device

Now that the SSL VPN client is installed we can open an SSL VPN tunnel.

• Launch the OpenVPNConnect client, I’m on OSX, so SPACEBAR “OpenVPNConnect” will bring up the client.
• Once launched, you can click on the small icon at the top of your screen.

• Connect to the public IP relevant to your OpenVPN configuration.
• Enter the credentials then click on Connect.
• Accept all certificate prompts and the VPN should now be connected.

Connect to vCenter

Open up a HTTPS browser session and use the internal IP address of vCenter. You may need to add a hosts file entry for the public FQDN for vCenter to redirect to the internal IP instead. That’s it! You’re now accessing vCenter over an SSL VPN.

It’s also possible to use this method to connect to other network segments. Just follow the procedures above to add additional network segments and rules in the Compute Gateway and also add additional subnets to the Access Control section when adding/editing users to OpenVPN.

Call to Action

Learn more with these resources:

• VMware Cloud on AWS VMware Page
• VMware Cloud on AWS YouTube
• VMware Cloud on AWS: Advanced Networking and Security with NSX-T SDDC

Using FaceTime on your Mac for Conference Calls with Webex, GoToMeeting and GlobalMeet

If like me you’re generally plugged into your laptop with a headset when working in a nice comfy place and dislike using your cellphone’s speaker and mic or apple headset for calls but instead prefer to take calls on your laptop using the Calls From iPhone feature.

This enables you to easily transition from what you were doing on your laptop – for example, listening to Apple Music, watching YouTube or whatever and flawlessly pick up a call or make a new call directly from your laptop. The benefits here are that you don’t need to take off your headset and continue working without switching devices or changing audio inputs for those with Bluetooth connected headsets.

But have you noticed that the FaceTime interface on OSX has no keypad? This is a problem when you need to pick up a call from the call-back function from Webex for example. Webex asks you to press ‘1’ on the keypad to be connected to the conference. Likewise, if you need to dial into a conference call with Webex, GoToMeeting or Globalmeet, you’ll need to use a keypad to enter the correct input followed generally by ‘#’ to connect. This is a little difficult if there is no keypad right?

If you tried to open up the keypad on your iPhone whilst connected to a call on your Mac, then the audio will transfer from your Mac to your iPhone and you cannot transfer it back.

Luckily there is a workaround. Well two actually, one will enable you to use the call-back functions from conference call systems and the other will enable you to dial into the meeting room directly.

When you receive a call-back call from Webex for example, and are asked to enter ‘1’ to continue, press the Mute button, then use your keyboard’s keys to provide the necessary inputs – press Mute, press 1, press #, then unmute as necessary.

The second workaround involves using direct-dial by just typing/pasting the conference number and attendee access codes directly into FaceTime before making the call. A comma ‘,’ sends a pause to the call, enabling you to enter the attendee access code and any other inputs that you need.

I find that both these work very well for me, mute works for call-back functions and direct-dial works very well when I need to join a call directly. The mute workaround is also very effective when using an IVR phone system too, think banking, customer services systems.

I hope this helps!

Atlantis USX 3.5 – What’s New?

I’m excited to announce the latest enhancements to the Atlantis USX product following the release of Atlantis USX 3.5.

Before we delve too deep in what’s new in USX 3.5, let’s take a brief recap on some of the innovative features from our previous releases.

We delivered USX 2.2 back in February 2015 where we delivered XenServer Support and LDAP authentication, USX 3.0 followed in August 2015 with support for VMware VVOLs, Volume Level Snapshot and Replication and the release of Atlantis Insight. USX 3.1 gave us deduplication aware stretched cluster and also multi-site disaster recovery in October 2015. Two-node clusters were enabled in USX 3.1.2 as well as enhancements to SnapClone for workspace in January 2016.

Some of these features were first in the industry features, for example, support for VMware VVOLs on a hyperconverged platform, all-flash hyperconverged before it became an industry standard and deduplication-aware stretched cluster using the Teleport technology that we pioneered in 2014 and released with USX 2.0.

Figure 1. Consistent Innovation

The feature richness and consistent innovation is something that we strive to continue to deliver with USX 3.5 coupled with additional stability and operationally ready feature set.

Let’s focus on the key focus areas with this latest release and what makes it different from the previous versions. Three main areas with the USX 3.5 enhancements are Simplify, Solidify and Optimize. These areas are targeted to provide a better user experience for both administrators and end users.

Simplify

XenServer 7 – USX 3.5 adds support for running USX on XenServer 7, in addition to vSphere 6.2.

Health Checks – We’ve added the ability to perform system health checks at any time, this is of course useful when planning for either a new installation or an upgrade of USX. Of course you can also run a health check on your USX environment at any time to make sure that everything is functioning as it should. This great feature helps identify any configuration issues prior to deployment of volumes. The tool will give pass or fail results for each of the test items, however, not all failed items prevent you from continuing your deployment, these will be flagged as a warning. For example, Internet Accessibility is not a requirement for USX, it is used to upload Insight logs or check for USX updates.

Figure 2. Health Checks

Operational Simplicity – enhancing operational simplicity, making things easier to do. On-demand SnapClone has been added to the USX user interface (UI), this enables the ability to create a full SnapClone – essentially a full backup of the contents of an in-memory volume to disk before any maintenance is done on that volume. This helps with maintenance of your environment where you need to quickly take a hypervisor host down for maintenance, the ability to instantly do a SnapClone through the UI makes this an easier method than in previous versions.

Figure 3. On-demand and scheduled SnapClones

Simple Maintenance Mode – We’ve also added the ability to perform maintenance mode for Simple Volumes. Simple Volumes can be located on local storage to present the memory from that hypervisor as a high performance in-memory volume for your virtual machine workloads such as VDI desktops. You can now enable maintenance mode using the Atlantis USX Manager UI or the REST API on simple volumes. What this does is that it will migrate the volume from one host to another, enabling you to put the source host into maintenance mode to perform any maintenance operations. This works with both VMware and Citrix hypervisors.

Figure 4. Simple Maintenance Mode

Solidify

Alerting is an area that has also been improved. We have added new alerts to highlight utilization of the backing disk that a volume uses. Additionally, alerts to highlight snapshot utilization is also now available. Alerts can be easily accessed using the Alerts menu in the GUI and are designed to be non-invasive however due to their nature, highly visible within the Alerts menu in the USX web UI for quick access.

Disaster Recovery for Simple Hybrid Volumes

Although this is now a new feature in USX 3.5, we’ve actually been deploying this in some of our larger customers for a few years now and the automation and workflows are now being exposed into the USX 3.5 UI. This feature enables simple hybrid volumes to be replicated by underlying storage with replication enabled technology, coupled with the automation and workflows, simple hybrid volumes can be recovered at the DR site with volume objects like the export IP addresses and volume identities being changed to suit the environment at the DR site.

Optimize

Plugin Framework is now a key feature to the USX capabilities. It is an additional framework which is integrated into the USX Web UI. It allows for the importing and running of Atlantis and community created plugins written in Python that enhance the functionality of USX. Plugins such as guest VM operations or guest VM query capabilities. These plugins enable guest-side operations such as restart of all VMs within a USX volume, or query the DNS-name of all guest VMs residing in a USX volume.

Figure 5. USX Plugin Framework

I hope you’ll agree that the plugin framework will provide an additional level of capabilities on top of the great capabilities we already have for automation and management such as the USX REST API and USX PowerShell Cmdlets.

Reduced Resource Requirements for volume container memory – we’ve decreased the metadata memory requirements by 40%. In previous versions the amount of memory assigned to metadata was a percentage of the volume export size before data reduction, for example, if you exported a volume of 1TB in size, the amount of memory reserved for metadata would then be 50GB, with USX 3.5 this is now reduced down to just 30GB, whilst still providing the same great performance and data reduction capabilities with fewer memory resources requirements. USX 3.5 optimizations also include the reduction of local flash storage required for the performance tier when using hybrid volumes, we’ve decreased the flash storage requirements by 95%!

In addition to reducing the metadata resource and local flash requirements, we’ve also reduced the amount of storage required for SnapClone space by 50%. This reduction reduces the SnapClone storage footprint on the underlying local or shared storage enabling you to use less storage for running USX.

ROBO to support vSphere Essentials.

ROBO use case is now even more cost effective with USX 3.5. This enhancement enables the use of the VMware vSphere Essentials licensing model for customers who prefer the VMware hypervisor over Citrix XenServer. This is a great option for remote and branch offices with three or less servers that wish to enable high performance, data reduction aware storage for remote sites.

Availability

Atlantis USX 3.5 is available now from the Atlantis Portal. Download now and let me know what you think of the new capabilities.

Release notes and online documentation are available here.

Deduplication – By the Numbers

Atlantis HyperScale appliances come with effective capacities of 12TB, 24TB and 48TB depending on the model that is deployed. These capacities are what we refer to as effective capacity, i.e., the available capacity after in-line de-duplication that occurs when data is stored onto HyperScale Volumes. HyperScale Volumes always de-duplicate data first before writing data down to the local flash drives. This is what is known as in-line deduplication which is very different from post-de-duplication which will de-duplicate data after it is written down to disk. The latter incurs storage capacity overhead as you will need the capacity to store the data before the post-process de-duplication is able to then de-duplicate. This is why HyperScale appliances only require three SSDs per node to provide the 12TB of effective capacity at 70% de-duplication.

Breaking it down

Data Reduction Table

Formulas

Formula for calculating Reduction Rate

Taking the capacity from a typical HyperScale appliance of 3,600GB, this will give 12,000TB of effective capacity.

Summary

HyperScale provides a guarantee of 12TB per CX-12 appliance, however some workloads such as DEV/TEST private clouds and stateless VDI workloads could see as much as 90% data reduction. That’s 36,000GB of effective capacity. Do the numbers yourself, in-line de-duplication eliminates the need for lots of local flash drives or slower high capacity SAS or SATA drives. HyperScale runs the same codebase as USX and as such utilizes RAM to perform the in-line de-duplication which eliminates the need for add-in hardware cards or SSDs as staging capacity for de-duplication.

For more information please visit this site www.atlantiscomputing.com/hyperscale.

Introducing Atlantis HyperScale

What is it?

A hyper-converged appliance running pre-installed USX software on either XenServer or VMware vSphere and on the hardware of your choice – Lenovo, HP, SuperMicro and Cisco.

How is it installed?

HyperScale comes pre-installed by Atlantis Channel Partners. HyperScale runs exactly the same software as USX, however HyperScale is installed automatically from USB key by the Channel Partner. When it is delivered to your datacenter, it is a simple 5 step process to get the HyperScale appliance ready to use.

Watch the video.

Step 1

Step 2

Step 3

Step 4

Step 5

Done.

What do you get?

The appliance is ready to use in about 30 minutes with three data stores ready for use. You can of course create more volumes and also attach and optimize external storage such as NAS/SAN in addition to the local flash devices that come with the appliance.

Atlantis HyperScale Server Specifications
Server Specifications Per Node	CX-12	CX-24	CX-48 (Phase 2)
Server Compute	Dual Intel E5-2680 v3
Hypervisor	VMware vSphere 5.5 or Citrix XenServer 6.5
Memory	256-512 GB	384-512 GB	TBD
Networking	2x 10GbE & 2x 1GbE
Storage
Local Flash Storage	3x 400GB Intel 3710 SSD	3x 800GB Intel 3710 SSD	TBD
Total All-Flash Effective Capacity (4 Nodes)*	12 TB	24 TB	48 TB
Summary
Failure Tolerance	1 node failure (FTT=1)
Number of Deployed Volumes	3
IOPs per Volume	More than 50,000 IOPs
Latency per Volume	Less than 1ms
Throughput per Volume	More than 210 MB/s

Key Differentiators vs other Hyper-converged Offerings

Apart from lower cost (another post to follow) or you can read this post from Chris Mellor from The Register, HyperScale runs on exactly the same codebase as USX. USX has advanced data services that provide very efficient data reduction and IO acceleration patented technology. For a brief overview of the Data Services please see this video.

Pricing

Sizing

Number of nodes = 4

SSDs per node = 3

SSD capacity = 400GB

Usable capacity per node = 1200GB

Usable capacity per appliance with FTT=1 = 3,600GB

Effective capacity with 70% de-duplication = 12,000GB

Summary

USX 2.1 Whats New?

USX 2.1 is now available and has some minor improvements over previous versions. There are some major milestones and some minor improvements that are part of this release.

USX Volume Dashboard

Major milestones:

1. VMware support for USX on the VMware HCL, the VMware KB is in this link.
2. VMware support for Atlantis NAS VAAI Plugin, the VMware Compatibility Guide for USX is in this link.
   • The Atlantis NAS VAAI Plugin is now officially supported as VMwareAccepted: VIBs with this acceptance level go through verification testing, but the tests do not fully test every function of the software. The partner runs the tests and VMware verifies the result. Today, CIM providers and PSA plugins are among the VIBs published at this level. VMware directs support calls for VIBs with this acceptance level to the partner’s support organization.
   • Atlantis NAS VAAI Plugin can now be installed using VMware Update Manager.

Minor improvements:

1. Added Incremental Backups for SnapClones for Simple Volumes (VDI use cases).
2. Added Session Timeout – A new preference was added so that you can configure the number of minutes that a session can be idle before it is terminated.
3. Added vCenter hierarchy view for Mount and Unmount of Volumes.
4. Added new Volume Dashboard that shows availability & status reporting improvements, including colour codes for various conditions, all of which roll up to an redesigned volume dashboard that provides an overview of a volume’s configuration, resource use, and health
5. Improved Status Updates.
6. Added Active Directory and LDAP Authentication to USX Manager.
7. Added option to have one node failure for USX clusters of up to 5 nodes. Previously this was up to 4 nodes.
8. REST API to support changing the USX database server.

Coming to VMworld US? Get yourself a VVOL compliant all software storage array

This article details all of my and Atlantis’ activities at VMworld US. Read more to get an introduction of what we will be doing and announcing and a sneak peek at our upcoming technology roadmap that solves some of the major business issues concerning performance, capacity and availability today. It is indeed going to be a VMworld with ‘no limits’ and one of the great innovations that we will be announcing is Teleport. More on this later!

No limits with Teleport

I’ll be at in San Francisco from Saturday 23^rd August until Thursday 28^th August where I’ll be representing the USX team and looking after the Hands on Labs, running live demos and having expert one on ones at the booth. Come and visit to learn more about USX and how I can help you get more performance and capacity out of your VMware and storage infrastructure. I’d love to hear from you.

Where can you find me?

Atlantis is a Gold sponsor this year with Hands on Labs, a booth and multiple speaking sessions. Read on to find out what we’ll be announcing and where you can find my colleagues and me.

Booth in the Exhibitor Hall

I’ll mostly be located at booth 1529, you can find me and my colleagues next to the main VMware booth, just head straight up pass the HP, EMC, NetApp and Dell stands and come speak to me on how USX can help you claim more performance and capacity from these great enterprise storage arrays.

Speak to me about USX data services and I’ll show you some great live demos on how you can reclaim up to 5 times your storage capacity and gain 10 times more performance out of your VMware environment.

Here’s one showing USX as storage for vCloud Director in a Service Provider context and also for Horizon View.

https://www1.gotomeeting.com/register/626574592

If that’s not enough then come and speak to me about some of these great innovations:

• If you’ve been waiting for a VVOL compliant all software vendor to try VVOLs with vSphere 6 beta then wait no more.
• VMware VVOL Support – all of your storage past, present and future instantly become VVOL compliant with USX.
• Teleport – the vMotion of the storage world which gives you the ability to move VMs, VMDKs and files between multiple data centers and the cloud in seconds to improve agility (if you’re thinking its Storage vMotion, trust me it is not).
• And more….

Location in Solutions Exchange

Sessions

We have three breakout sessions this year, two of them with our customers UHL and Northim Bank where Dave Rose and Erick Stoeckle respectively will take you through how they use USX in production.

The other breakout session is focused on VVols, VASA, VSAN and USX Data Services and will be delivered by our CTO and Founder Chetan Venkakesh (@chetan_). If you have not had the pleasure to hear Chetan speak before, then please don’t miss this opportunity. The guy is insane and uses just one slide with one picture to explain everything to you. He is a great storyteller and you shouldn’t miss it – even if it’s just for the F bombs that he likes to drop.

Chetan will also do a repeat 20-minute condensed session in the Solutions Exchange for a brain dump of Atlantis USX Data Services. Don’t miss this! Chetan will take you through the great new technology in the Atlantis kitbag.

Hands on Labs

You can find the hands on labs in the Hands on Labs hall, I’ll also be here to support you if you’re taking this lab. The Atlantis USX HOL is titled:

HOL-PRT-1465 – Build a Software-based Storage Infrastructure for Tier 1 VM Workloads with Atlantis USX Data Services.

This HOL consists of three modules, each of which can be taken separately or one after the other.

Modules 1 and 2 are read and click modules where you will follow the instructions in the lab guide and create the USX constructs using the Atlantis USX GUI.

Module 3 however uses the Atlantis USX API browser to quickly perform the steps in Module 1 with some JSON code.

All three modules will take you approximately an hour and a half to complete.

I had an interesting time writing this lab which was a balancing exercise in working with the limited resources assigned to my Org VDC. Please provide feedback on this lab if you can, it’ll help with future versions of this HOL. Just tweet me at @hugophan. Thanks!

Note that performance will be an issue because we are using the VMworld Hands on Labs hosted on Project NEE/OneCloud. This is a vCloud Director cloud in which the ESXi servers that you will see in vCenter are actually all virtual machines. Any VMs that you run on these ESXi servers will themselves be what we call nested VMs. In some cases you could actually see 2 more or nested levels. How’s that for inception? Just be aware that the labs are for a GUI, concept and usability feel and not for performance.

If you want to see performance, come to our booth!

VMware Hands on Labs with 3 layers of nested VMs!

Hands on Labs modules

Giveaways

Oculus giveaway! See the reality in software defined storage

That’s right! I’ll be giving some of these away at the booth, make sure you stop by to see the new reality in software defined storage!

You can also pick up some of the usual freebies like T-shirts, pens, notepads etc.

There are also Google Glasses, Chromecasts, quad copters and others. We’re also working on something special. Watch this space.

Live Demos at the Booth

Come and speak to me and my colleagues to learn how USX works. We will be running live demos of the following subjects:

• USX – Storage Consolidation for any workload on any storage.
• USX – Database Performance Acceleration.
  • Run Tier-1 workloads on commodity hardware.
  • Run Tier-1 high performance workloads on non all-flash or hybrid storage arrays.
• USX – All Flash Hyper-Converged with SuperMicro/IBM/SANdisk.
• USX – Teleport (think vMotion for VMs, VMDKs and files over long distances and high latency links). Come talk to me for a live demo.

Beam me up Scotty!

• USX Tech Preview – Cloud Gateway – using USX data services with AWS S3 as primary storage.
• USX – VDI on USX on VSAN.
• VDI – NVIDIA 3D Graphics.

Atlantis Events

SF Giants Game

SF Giants Game, Mon, Aug 25^th at 19:00. Please contact your Atlantis Representative or ping me a note if you haven’t received an invite.

USX Partner Training & Breakfast, Wed, Aug 27^th at 08:00. Please contact your Atlantis Representative or ping me a note if you’re an Atlantis Partner but have not received an invite.

Let’s meet up!

If you’re at VMworld or in the SF Bay area then let’s meet up and expand our networks.

Can’t meet up?

Follow me and my colleagues on Twitter for live updates during VMworld and send us messages and questions, we’d love to hear from you.

Hugo Phan @hugophan

Chetan Venkakesh @chetan_

Seth Knox @seth_knox

Mark Nijmeijer @MarkNijmeijerCA

Gregg Holzrichter @gholzrichter

Toby Colleridge @tobyjcol

Is Atlantis USX the future of Software Defined Storage?

Virtual Volumes – Explained with Carousels, Horses and Unicorns – in pictures

Virtual Volumes – Explained with Carousels, Horses and Unicorns – in pictures

[Tongue in cheek. There’s no World Cup on today so I made this. Please don’t take this too seriously.]

A SAN is like a carousel

• It provides capacity (just like a carousel) and performance (when the carousel goes around).
• People ride on static horses bolted to the carousel and try to enjoy the ride.
• This horse is like a LUN. The horse does not know who is riding it.
• Everybody travels at the same speed unless you happen to sit on the outside where things go a little bit faster.
• The speed is relative to how fast the carousel rotates and how quickly you can get to an outside seat (if you want that extra speed and wind through your hair).
• If you want to guarantee an outside seat, you can get to the front of the queue by having a FastPass+.
• Get a bigger motor, or increase the speed, the carousel will respond to the required needs.
• Everybody experiences the same relative performance even though they may want different things – to go faster or to go slower.
• If the motor dies, the carousel is closed.

A Virtual Volume is like a horse

• It has a trusting relationship with its rider and the rider with it.
• It can roam free on green pastures and prairies.
• It can go fast or slow.
• It can be large or small.
• It can go faster or slower than another horse.
• A small horse can carry a small rider.
• A large horse can carry a large rider.
• A small horse could go faster than a big horse and vice versa.
• You can go for a ride with your horse and bring another one just like it. If it gets tired, let it go and jump on the other horse.
• It can by put out to stud to make more little foals just like it.
• A horse can do all these things.

You get the point right? Enjoy the picture!

The Storage Unicorn

Atlantis USX Data Services with Hyper-Converged Architecture – Web Scale, Virtual Volumes & In-line Deduplication

Atlantis USX Data Services with Hyper-Converged Architecture – Web Scale, Virtual Volumes & In-line Deduplication

Atlantis USX has some very cool technology which I’ve had the pleasure to ‘play’ with over the past few weeks. In these series of posts I’ll attempt to cover the various technologies within the Atlantis USX stack.

The key technologies in the Atlantis USX In-Memory Data Services are:

1. Inline IO and Data de-duplication
2. Content aware IO processing
3. Compression
4. Fast Clone
5. Storage Policies
6. Thin Provisioning

This post focuses on Inline IO and Data de-duplication (or just dedupe for short) and Fast Clone and how these rich data services enable a hyper converged solution to outperform enterprise storage arrays.

Why would you use Atlantis USX?

The best way to approach this is to look at some use cases: Crazy as it seems, Atlantis USX delivers All-Flash Array performance but also gives five times the capacity of traditional storage arrays. Doing this with 100% software, no hardware appliances, and true software defined storage with software, enabling true web-scale architecture.

The majority of storage vendors today either do one of the other, not both. So you could end up with storage silos where IOPS are provided by an all-flash array and capacity is provided by a traditional SAN.

USX Use Cases

The three key Atlantis USX messages are:

• Why buy more storage when you can do more with the storage you already have
  
  • Get up to 5X the capacity out of your existing storage array
  • Avoid buying any new storage hardware for the next 5 years
  • Reduce storage costs by up to 75%

   

  Use cases: Storage capacity running out in your current arrays.
  

  • Don’t buy another disk tray or array, free up capacity by leveraging Atlantis USX Inline Deduplication.
    
  • Get more capacity out of your all-flash array purchase – all-flash arrays (AFA) provide great performance but not great capacity, get 5X more capacity by using USX on-top of your AFA.
    

   

  

   

• Accelerate the performance of your existing storage array
  
  • Deliver all-flash performance to applications with your existing storage at a fraction of the cost
  • Works with any storage system type – SAN, NAS, Hybrid, DAS

   

  Use cases: Current storage arrays not providing enough IOPS to your applications – place USX in front of your array and gain all-flash performance by using RAM from your hypervisor to accelerate and optimize the IO.
  

   

• Build hyper-converged systems INSTANTLY without buying any new hardware
  
  • With RAM, local disk (SSD/SAS/SATA) or VMware VSAN on your existing servers
  • Don’t replace your servers of choice with alternative appliances
  • Use blade servers for hyper-converged infrastructure

  Use cases: Leverage existing investment in your compute estate by using USX to pool and protect local RAM and DAS to create a hyper-converged solution which can leverage both the DAS and any shared storage resources already deployed, including traditional SAN/NAS and VMware VSAN. Also use your preferred server architecture for hyper-converged, USX allows you to use both blade and rack server form factors due to the reduction in the number of disks required.
  

What if I want to do all of the above, all at the same time?

Well yes you can. And yes Duncan, we are doing this today (http://www.yellow-bricks.com/2014/05/30/looking-back-software-defined-storage/).

You can get the benefits of rich data services coupled with crazy fast storage and in-line deduplication enabling immediate capacity savings today.

What is Inline IO and Data de-duplication?

In short, it is the ability to dedupe data blocks and therefore IO operations before those blocks and IO operations reach the underlying storage. Atlantis USX reduces the load on the underlying storage by processing IO using the distributed in-memory technology within Atlantis USX.

To demonstrate this, the blue graph below represents IOPS provided by USX to VMs. The red graph represents the actual IOPS that USX then sends down to the underlying storage (if it needs to). [The red graph would be for IO operations that are required for unique writes, however I won’t go into detail about that here in this post.]

Conversely, the same graphs can be used to show data de-duplication, just replace the IOPS metric on the y-axis with Capacity Utilization (GB) and you will also see the same savings in the red graph. Atlantis USX uses in-memory in-line de-duplication to offload IOPS from the underlying storage and to reduce consumed capacity on the underlying storage. I’ll show you how this works in the following labs below.

Examples in the lab

Let’s see some of these use cases in action in the lab.

Lab setup

• 3 x SuperMicro servers installed with vSphere 5.5 U1b with 32GB RAM, 1 x SSD, 1 x SATA and some shared storage (which is not in use in this post) presented from an all-flash array (violin memory) and SAN (Nexenta) both over iSCSI.
• Local direct attached storage (DAS) pooled, protected and managed by Atlantis USX.

Use Case 1: Building hyper-converged using Atlantis USX for VDI

In this use case I’ve created a hyper-converged system using the three servers and pooling the local SSDs as a performance pool and the local SATA drives as a capacity pool.

Memory is not used as a performance pool due to the servers only having 32GB of RAM. In a real world deployment you can of course use RAM as the performance pool and not require any SSDs altogether. I’ll use RAM in another blog post.

In the vSphere Client, these disks are shown as local VMFS5 data stores.

Pooling Local Resources

What USX then does is pool the SSDs into a Performance Pool and the SATA disks into a Capacity Pool.

Performance Pools

Atlantis USX pools the SSDs into a Performance Pool to provide performance. Performance Pools provide redundancy and resiliency to the underlying resources. In this example, where we are only using three servers, the RAW capacity provided by the SSDs are 120 x 3 = 360, however due to the Performance Pool providing redundancy, the actual usable capacity will be 66% of this, so 240GB is usable. This is the minimum configuration for a 3-node vSphere cluster. If you had a 4-node cluster then you will have the option to deploy a Performance Pool with a ‘RAID-10’ configuration. This will then give you 480GB RAW and 240GB usable. It’s really up to you to define how local resources are protected by Atlantis USX and by adding more nodes to your vSphere cluster and/or more local resources you can create hyper-converged infrastructure which is truly web scale.

Side note 1: an aside on web scale

Atlantis USX can pool, protect and manage multiple vCenter Servers and their resources. vCenter Servers can manage thousands of vSphere ESXi hosts. You can even create a Virtual Volume from resources which span over multiple ESXi servers, which are not in the same vSphere Cluster and not managed by the same vCenter Server. Heck, you can even use USX to provide the rich data services through Virtual Volumes which use multiple vsanDatastores (VMware VSAN). What I’m trying to say is that your USX Virtual Volume is not restricted to a vCenter construct and as such is free to roam as it is in essence decoupled from any underlying hardware. More on Virtual Volumes later.

Roaming Free

Back to Capacity Pools

Atlantis USX pools the SATA disks into a Capacity Pool to provide capacity. Capacity Pools also provide redundancy and resiliency to the underlying resources. In this example, where we are only using three servers, the RAW capacity provided by the SATA disks are 1000 x 3 = 3000, however due to the Capacity Pool providing redundancy, the actual usable capacity will be 66% of this, so 2000GB is usable.

The resources from the Performance Pool and Capacity Pool are then used to carve out resources to Virtual Volumes.

Side note 2: a quick introduction to Atlantis USX Virtual Volumes

The concept of a Virtual Volume is not new, it was proposed by VMware back in 2012 (http://blogs.vmware.com/vsphere/2012/10/virtual-volumes-vvols-tech-preview-with-video.html) and in more detail by Duncan here (http://www.yellow-bricks.com/2012/08/07/vmware-vstorage-apis-for-vm-and-application-granular-data-management/) but since then has not really had the engineering focus that it deserves until now (http://www.punchingclouds.com/2014/06/30/virtual-volumes-public-beta/). The concept is very straightforward – your application should not be dependent on the underlying storage for its storage needs.

“Virtual Volumes is all about making the storage VM-centric – in other words making the VMDK a first class citizen in the storage world” – Cormac Hogan

Your application should be able to define its own set of requirements and then the storage will configure itself to accommodate the application. Some of these requirements could be:

• The amount of capacity
• The performance – IOPS and latency
• The level of availability – backup and replication
• The isolation level – single virtual volume container just for this application or shared between multiple applications of a similar workload

With Atlantis USX, Virtual Volumes have a storage policy which defines those exact requirements. Atlantis USX will provide the rich data services for the virtual volumes which can then be consumed by the application at the request of an Application Owner. Enabling self-service storage request and management for an application without waiting for a storage admin to calculate the RAID level and getting your LUN two weeks later. Is this still happening?

An Atlantis USX Virtual Volume is created from some memory from the hypervisor, some resource from the Performance Pool and some resource from the Capacity Pool. The Atlantis USX rich data services – inline data deduplication and content aware IO processing happens at the Virtual Volume level. The Virtual Volume is then exported by Atlantis USX as NFS or iSCSI (today. Object and CIFS very soon) either to the underlying hypervisor as a datastore or directly to the application. Think of a Virtual Volume as either a) an application container or b) a datastore – all with the storage policy characteristics as explained above and of course supporting all of the lovely vSphere, Horizon View, vCloud, VCAC features that you’ve come to love and depend on:

• HA
• DRS
• vMotion
• Fault Tolerance
• Snapshots
• Thin Provisioning
• vSphere Replication
• Storage Profiles
• Linked Clones
• Fast Provisioning
• VAAI

Back to creating Virtual Volumes from Pools

In our example here, the maximum size for one Virtual Volume would be constructed from 240GB from the Performance Pool and 2000GB from the Capacity Pool. However, to take advantage of Atlantis USX in-memory I/O optimization and de-duplication, you would create multiple Virtual Volumes, one for a particular workload type. Doing so will make the most out of the Atlantis USX Content Aware IO Processing engine.

Let’s configure a single Virtual Volume for a VDI use case. I’ll create a Virtual Volume with just 100GB from the Capacity Pool and 5GB from the Performance Pool. We will then deploy some Windows 8 VMs into this Virtual Volume and see the Atlantis USX in-memory data deduplication and content aware IO processing in action.

Here’s our Virtual Volume below, configured from 100GB of resilient SATA and just 5GB of resilient SSD. Note that VAAI integration is supported and for NFS the following primitives are currently available: ‘Full File Clone’ and ‘Fast File Clone/Native Snapshot Support’.

[Dear VMware, how about a new ‘Drive Type’ label named ‘In-Memory’, ‘USX’, ‘Crazy Fast’?]

As you can see the datastore is empty. Very empty. The status graphs within USX currently show no IO offload and no deduplication. There’s nothing to dedupe and no IO to process.

Let’s start using this datastore by cloning a Windows 8 template into it. We will immediately see deduplication savings on the full clone after it is copied to our new virtual volume.

Here’s our new template, cloned from the ‘Windows 8.1 Template’ template above which is now located on the new usx-hyb-vol1 virtual volume.

The same graph below shows that for just that single workload, USX has been able to perform data de-duplication by 18%.

Let’s jump into Horizon View and create a desktop pool and use Full Clones for any new desktops, I’ll use the template named win8-template-on-usx as the base template for the new desktop pool and our new virtual volume usx-hyb-vol1 as the datastore.

Let’s see what happens when we deploy one new virtual machine via a full clone with Horizon View which uses an Atlantis USX Virtual Volume. Hint: The clone happens almost instantly due to the VAAI Full Clone offload to USX. We will also see the deduplication ratio increase and IO offload will also increase.

The Full Clone completes in about 9 seconds. Happy days!

The deduplication has increased to 63%! With just two VMs on this datastore – the template win8-template-on-usx and the first VM usx-vdi1.

Taking a look with the vSphere Client datastore browser again, we now see two VMs in the virtual volume which are both full VMs, not linked clones.

Two Full VMs, only occupying 8.9GB.

Let’s now go ahead and deploy an additional 5 VMs using Horizon View.

All five new VMs are provisioned pretty much instantly as shown in the vSphere Client Recent Tasks pane.

Checking the Atlantis USX status graphs again, the deduplication ratio has increased to 88%.

And we now see 6 Full Clones and the template in the datastore but still just consuming 10.57GB.

Additionally because the workloads are pretty much exactly the same, with all six VMs deployed and running in the usx-hyb-vol1 Virtual Volume and with Atlantis USX in-memory Content Aware IO processing, IO and data de-duplication, the IO Offload is pretty much at 100%. This will decrease accordingly as users start using the virtual desktops and more unique data is created but Atlantis USX will always try to provide all IO from the Performance Pool (RAM, Flash or SSD).

No storage blog post is complete without an Iometer test

Let’s do a VDI Iometer profile with 80% writes, 20% reads at 80% random with 4k blocks using the guide from Jim (http://www.jimmoyle.com/2013/08/how-to-use-iometer-to-simulate-a-desktop-workload/).

Here’s the result:

55k IOPS (fifty five thousand IOPS!) and pretty much negligible read and write latency on just three vSphere ESXi hosts. To put that into context, if I deployed one hundred Windows 8 VDI desktops into that Virtual Volume, each desktop (and therefore user) would basically have 550 IOPS. You can read more about IOPS per user in this post by Brian Madden (http://searchvirtualstorage.techtarget.com/video/Brian-Madden-discusses-VDI-IOPS-SSD-storageless-VDI). To put this IOPS number into further context, that Virtual Volume is configured to use just 10GB of RAM from the hypervisor, 5GB of SSD and 100GB (of which only 10.57GB is in use, which is a 88% capacity saving) of super slow SATA disks in total over the three vSphere ESXi hosts. If you want more IOPS, you just need to create more Virtual Volumes or add more ESXi hosts to scale out the hyper-converged solution.

In other words… crazy performance on hyper converged architecture with just a few off-the shelf disks on a few servers. No unicorns or magic in Atlantis USX, just pure speed and space savings. BOOM!

Summary

To summarize, Atlantis USX is a software-defined storage solution that delivers the performance of an All-Flash Array at half the cost of traditional SAN or NAS. You can pool any SAN, NAS or DAS storage and accelerate its performance, while at the same time consolidating storage to increase storage capacity by up to five times. With Atlantis USX, you can avoid purchasing additional storage for more than five years, meet the performance needs of any application without buying hardware, and transition from costly shared storage systems to lower cost hyper-converged systems based on direct-attached storage as I’ve demonstrated here.

In part 2. I’ll use local RAM instead of SSDs and in part 3. I’ll demonstrate how Atlantis USX can be used to get more capacity and IOPS from your current storage array.

Cannot decrypt password in sysprep after upgrading vCenter Server Appliance

A really quick post.

I’ve recently just upgraded from vCSA 5.1 to vCSA 5.5 link and found that Horizon View can no longer complete sysprep customization due to the public key being changed when you upgrade to a new appliance.

Just edit the customization specification to fix. Hope this helps.

Accelerating SDDC at Atlantis Computing

Sometimes an opportunity comes along that is just too damn exciting to pass.

This is a short post on my latest move to Atlantis Computing from Canopy Cloud. My new role is primarily with the USX team to help drive the adoption of USX into large Enterprises and Service Providers. USX is Atlantis Computing’s newest technology which does for server workloads what ILIO did for EUC. Quite simply my job is to make USX a success. I’ll be helping the virtualization community understand Atlantis Computing’s USX and ILIO technologies, working with customers and partners and also with our technology partners, such as VMware, NetApp, VCE, Fusion-IO and IBM. Even though USX is new, the technology is based on ILIO which has been shipping since 2009 and is powering the largest VDI deployments in the world.

Today was officially my first day and it was a pretty interesting one. It started with a customer meeting with a large bank in London and then to BriForum, both in a listening capacity but I couldn’t help myself and ended up talking  about both ILIO and USX to some techies at the bank and then some people that came to the stand at BriForum. There is definitely hot interest with using RAM to accelerate storage in both EUC and server workloads.

Atlantis Computing’s ILIO and USX technologies are truly software defined and in simple terms enables the in-line optimisation of both IOPS and capacity BEFORE the IOPS and blocks hits the underlying storage. For example the blue graph represents IOPS to the storage array for 200 VDI VMs without ILIO, the red graph represents IOPS to the same storage array with ILIO, a saving of 80%.

In addition because storage is deduped in-line, there is also massive capacity savings on the underlying storage too. Dedupe occurs in-line, there is no requirement for dedupe to blocks written to disk as data is deduped before being written to disk, hence no overhead caused by a dedupe job on the storage processor or spindles.

In-line de-duplication is not the only capability within the Atlantis Computing technology, some of the others are:

I won’t go into each one in this post, I’ll save that for another day. I’m very excited with my new role at a new company and hope to blog a lot more often as I learn more about Atlantis Computing and of course storage virtualization and optimisation in general.

If you want to read more, some of these resources help explain the tech. Oh and we offer a completely free ILIO license for use in POCs/Lab environments, be sure to check it out!

• Run Atlantis ILIO, Stateless VDI with No Storage, Now for Free! – http://blog.atlantiscomputing.com/2014/05/atlantis-ilio-stateless-vdi-with-no-storage-now-for-free/
• ILIO Best Practices – http://blog.atlantiscomputing.com/category/best-practices/
• VMware Horizon 6, Virtual SAN and Atlantis ILIO – http://blogs.vmware.com/euc/2014/04/vmware-horizon-6-virtual-san-atlantis-ilio-convergence-desktop-virtualization-software-defined-storage.html
• USX – Link for Virtualization Field Day sessions
• IOPS deep dive – http://www.jimmoyle.com/2011/05/windows-7-iops-for-vdi-deep-dive/
• Recorded Webinars – http://www.atlantiscomputing.com/company/resources
• 1 Million IOPS – http://agnosticcomputing.com/2014/03/09/vfd3-day-one-atlantis-computings-1-million-iops/

#VMwarePEX parties

Quick post to list all the parties and tweetups that are happening this week.

2012 in review

2012 summary of VMwire, not too bad although I did not blog much this year. Will try to do more in 2013. Thanks for visiting.

The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog.

Here’s an excerpt:

About 55,000 tourists visit Liechtenstein every year. This blog was viewed about 250,000 times in 2012. If it were Liechtenstein, it would take about 5 years for that many people to see it. Your blog had more visits than a small country in Europe!

Click here to see the complete report.

VMworld Session Proposal(s) – not a single PowerPoint slide in sight!

Please influence the success of VMworld by spending some time to vote for the sessions that you would like see at San Francisco and Barcelona. Voting is as simple as a left mouse click, by going to http://www.vmworld.com.

This year I decided to submit three sessions for VMworld based on work that I have done over the past few months.

However, only one of which is available for public voting, the other two, unfortunately, are deemed top secret and cannot be disclosed until VMworld. Let’s hope they make it as they are different and focussed on real-life use cases and customer design considerations of product features based on VMware’s upcoming releases. Get your cool-aid ready.

Session ID:   2335

Title:   Bring Your Desktop to Your Mobile – Bringing EUC to the User

Abstract:   With EUC becoming more prevalent in organizations that demand agile, mobile and secure client computing, the use of thin clients and all in one devices are ever becoming the normal operating model of organizations deploying EUC.

The use of mobile devices such as smartphones to access VMware View desktops could be the option going forward.

Let’s bring EUC to the user by allowing the user to access secure VMware View sessions on their own devices eliminating the need for organizations to manage the thin client devices.

Tracks: End-User Computing

Technical Level: Business Solution.

This session focuses on the possibilities of using Horizon Mobile to allow secure computing from mobile smartphone devices (cell phones). I’ve briefly blogged about it in my previous post to give you a taster. If the session is accepted, I’m hoping to make it stand out by including gadgetry, big screens and the like for a live demonstration with a little help from some friends. There won’t be any PowerPoint that’s for sure!

Cloud computing gets a lot more personal

I’ve just bought the biggest smartphone that I could find and have been using it for the past couple of weeks with great results. I’ve had both admiring looks and a few sniggers due to its size. It’s kind of a cross between a tablet and a phone.

I’ve never put it up to my ear however, as I think it’s a bit too much, I use a hands free kit instead. I don’t really want to be seen looking like this now do I?

At the moment I’m really happy with my purchase because it means that not only do I have a new phone, I now have a phone with a big screen and cool functionality. One of the reasons I decided to go for such a hybrid is so that I can read e-books on it without squinting to see the text.

It also means that I do not have to take my iPad around with me when I travel, which means one less device to manage. So how is this related to the blog post title you may ask? Well, I wanted to take this a little further to see if I can use only my mobile phone as my primary computing device. I say primary but this little guy still needs help from his friends in the cloud. So I thought wouldn’t it be cool if I could hook up my phone to an external monitor, connect some peripherals and see what happens…

Well this is the result:

The image above shows my Galaxy Note connected to a 24″ monitor using a HDMI cable for full 1080p resolution. I’ve connected my Apple Bluetooth keyboard and Magic Mouse to it, and also installed VMware View Client for Android. It’s running a VMware View session using PCoIP over a WIFI connection to my View desktop in one of VMware’s datacentres. How awesome is that?

So why would you want to do this? Well, for one thing it’s pretty cool, the simplicity and usability is amazing and it feels quite natural. Why wouldn’t you use a small personal device such as a mobile phone as a thin client for accessing cloud resources such as a remote desktop hosted on VMware View?

It’s simple yet solves quite a few issues regarding end user access points. We’ve all seen those reports and calculators that justify thin client devices over traditional fat PCs. I’m not an EUC/VDI guy so I just typed “cost of thin client” into Google and went to http://www.2x.com/whitepapers/savings-thin-client-computing/ to take a look at the report.

A report by Bloor Research states that moving over to thin client computing could save costs of up to 70%. I’m going to be a little lazy and quote directly from the web page:

^*1 Explanation of savings on administration

These were calculated at $1000 per PC. Many research studies indicate that the amount is between $800 and $1,700 per year. Beyond day-to-day maintenance of installation of patches, software upgrades, etc, there is also the 3 year upgrade cycle which requires an administrator to move all the data and profiles to the new PC. On average this will cost $300 per PC, making for an additional cost of $50 per year (over a 6 year period). Since administration is simplified, an enterprise will require fewer IT staff to perform the same number functions. This means lower training costs and fewer salaries to pay. Bloor Research estimates that the number of helpdesk staff needed can be reduced typically by 50% and often by 75%.

^*2 Explanation of savings on client hardware

These were calculated to be $208 per PC per year. You can get an adequate thin client for $250, in contrast with the average price for a PC of about $750 – this results in a saving of $500. Since PC hardware has to be upgraded approximately every 3 years as opposed to a thin client which only needs to be replaced every 6 years, the savings increase to $1250 over a span of 6 years ($1500 spent on 2 PCs as opposed to $250 on 1 thin client device). This amount is then divided by 6 to calculate a yearly saving. If you are using existing PCs instead of thin clients, the hardware savings can still be applied because you would be extending the life span of the converted computers. Furthermore, the MTBF of a thin client device is higher and it uses far less energy.

^*3 Explanation of extra server hardware costs

These were calculated at $50 per user. Because all processing is done on the server, when using thin clients you will need to buy additional servers to act as terminal servers. On average 30 users will need a dual processor server with 4 gigs of RAM and SCSI hard disks. A brand name server should cost around $4,500 and will depreciate on average in 3 years (in reality you can use them for longer than that).

So that’s a 70% saving according to Bloor Research for just using thin clients over traditional PCs. But hang on, what about further savings? How about ditching the thin client concept altogether and allow users to use their smartphones?

With the popularity of BYOD (bring your own mobile device: expense the monthly costs for calls and line rental) programs, could be the coup de grâce for thin clients everywhere. Most smartphones nowadays are a lot more powerful than the average thin client and for the average office application and e-mail worker, a smartphone may be just the right device to use.

Some other benefits I see since using my smartphone to access my View Desktop:

• It’s my device, I look after it, I clean it, I never spill coffee on it. No one else can touch it. It’s my personal device so I sure as hell am going to take care of it. Do you ever clean your thin client or work computer?
• I can take it with me when I go to make coffee, or to the printer, or to a meeting. My office and most of my customer’s offices have WIFI everywhere, so my View session does not disconnect. And when I return to my desk, I just plug the HDMI cable back in and everything is still there. No work is lost as everything just resumes.
• I can take my device anywhere, it’s a smartphone, it’s got my e-mail, calendar, messages, contacts, Twitter and a web browser. I can use it to communicate when I’m out of the office, I can continue working when I’m out and about. And when I return to my desk or home, I can just reconnect it to an external monitor and paired input devices and my session is still there and I can continue where I left off.
• It’s secure, no-one is going to attempt to log into my session if there’s nothing to log in to! I don’t even have to ‘lock my computer’ anymore, as it’s safely secured in my jacket pocket.
• Oh and it can still make and receive calls.

Coupled with VMware Horizon Mobile http://www.vmware.com/products/mobile/overview.html, I think we are onto a sure winner. Click on the image below to watch a short video of what Horizon Mobile is all about.

Let’s just see if this little idea kicks off and makes 2012 the year of VDI… again.

Eye candy below… Comments always welcome, video guide to follow.

Uploading vShield Manager 5.0.1 to vCloud Director as a vApp Template

A quick post on how to enable the import of vShield Manager 5.0.1 OVA as a vApp Template into vCloud Director. This will allow you to spin up vCloud Director labs inside of vCloud Director for some crazy inception action.

Note: that this method can be used for other appliances.

As you know if you downloaded vShield Manager from VMware, the file format would be in OVA format, which is not compatible with vCloud Director.

This post goes through some of the steps required to

• Convert the OVA to OVF
• Edit the OVF to remove vCloud Director unsupported features (vmw:ExtraConfig)
• Create a new manifest file with the new SHA-1 hash

What you will need

1. VMware OVF Tool available to download here http://www.vmware.com/technical-resources/virtualization-topics/virtual-appliances/ovf.
2. Notepad++ available to download here http://notepad-plus-plus.org/download/v5.9.8.html.
3. A SHA-1 generator available online here http://hash.online-convert.com/sha1-generator.

Converting OVA to OVF

Once you’ve downloaded the VMware-vShield-Manager-5.0.1-638924.ova file, use the VMWare OVFTool to convert it to OVF format.

Open up the command prompt and run the following, assuming that the ova file is saved in C:\Users\Hugo Phan\Downloads\

C:\Program Files\VMware\VMware OVF Tool>ovftool.exe “c:\users\Hugo Phan\Downloads\VMware-vShield-Manager-5.0.1-638924.ova” “C:\Users\Hugo Phan\Downloads\VMware-vShield-Manager-5.0.1-638924.ovf”

The following files will then be extracted within the directory

VMware-vShield-Manager-5.0.1-638924.mf

VMware-vShield-Manager-5.0.1-638924.ovf

VMware-vShield-Manager-5.0.1-638924-disk1.vmdk

Editing the OVF file to be compatible with vCloud Director

If you now tried to use the current .ovf file to upload vShield Manager into VCD as a vApp Template, you will see the following error:

We need to remove the vmw:ExtraConfig elements from the .ovf file. To do this follow these instructions:

1. Open the VMware-vShield-Manager-5.0.1-638924.ovf file in Notepad++ or your preferred text editor that does not add carriage returns.
2. Search for the three vmw:ExtraConfig lines and remove them from the file.

   

3. Save your file and exit Notepad++.
4. Now visit http://hash.online-convert.com/sha1-generator and upload the VMware-vShield-Manager-5.0.1-638924.ovf file and click on the Calculate Hash button.

   

5. When you see the message You hash has been successfully created, copy the top lower case hex hash and open up the VMware-vShield-Manager-5.0.1-638924.mf file in Notepad++

   

6. Replace the current hash for VMware-vShield-Manager-5.0.1-638924.ovf with the new one.

   

7. Save the file.
8. Now you can successfully upload the new VMware-vShield-Manager-5.0.1-638924.ovf to vCloud Director without the error occurring.

   

Creating (a better) vSphere 5 ESXi embedded USB Stick (HP)

In a previous post I blogged about creating a vanilla vSphere 5 ESXi USB drive using the VMware .iso file from VMware. This post shows how to create one using the HP version of vSphere ESXi (5.0_Oct_2011_ESXi_HD-USB-SDImgeInstlr_Z7550-00253.iso).

Note: (You can use any vendor customized vSphere ESXi .iso file: VMware, Dell and IBM).

The HP version comes pre-installed with all the HP CIM providers which work very well with HP servers, including the HP MicroServer. Using the HP version gives you the more details in the Hardware Status tab.

I’m going to be using a different method, recommended by Will Rodbard (thanks Will), who is a colleague of mine at VMware, you can see his comments from the previous post. In summary the steps are:

1. Find and download the following tools:

   HPUSBFW & UNETBOOTIN

2. Run the HPUSBFW tool, click on the USB drive, select ‘Fat32′ and click Format
3. Run UNETBOOTIN, select Diskimage and browse to the ESXi 5 ISO file
4. Select the USB drive you have just formatted and click OK
5. If you want to make more USB keys for more servers, then now is the time to create .IMG files using WinImage, then you can basically clone the image of the USB key to more USB keys. Or if you don’t wish to use WinImage then just perform steps 1 to 4 again.

Once completed your USB drive will boot into the ESXi 5 installer. Once booted, install the ESXi 5 Hypervisor to the USB drive (overwriting the installer). This will then leave you with the installed ESXi Hypervisor on the USB.

Note that using this method creates a brand new bootable USB key for use in a new installation of vSphere ESXi. You will have to go through the process of installing ESXi onto the USB key, or another disk or LUN on the target server. If you want a USB key that is already installed with ESXi which saves you from going through the installation wizard, you can use the other method in this post.

[Aside]

I coincidently left an older USB key in my laptop and booted. Here’s a picture of my Macbook Pro running vSphere ESXi, and it all works by the way, including networking!