Network Management, VMware and Who's Coming to the Party?

In this post by David Davis, there are a number of good observations and a couple of issues worth pondering.   

First might be what it means to "manage and monitor" virtualized infrastructure.  If Packttrap or Solarwinds permits that part of the IT organization responsible for the network to manage virtual network componentry, at what point do they pull it all together into a unified view of "the network"?  How does this happen without the network guys encroaching on the territory usually reserved for the "server tribe"?

One might argue that Cisco's Nexus 1000V recreates for the network organization a distributed virtual switch that, for all intents and purposes, acts like and is acted upon in a manner with which the network guys are familiar.  The question will be whether this is ultimately a case of defining the use of new, disruptive technology (server virtualization) in terms of the old established technologies (physical switching a la IOS). (You can see one point of view here, in which Davis sets out his take on the 1000V.)

As for the challenges he lays out ... well, we think we know the answers to some of this, and intend to prove it.  Answering the question about whether to support VMware ESX only, or other platforms is an interesting commercial decision for most players and bespeaks an understanding of the customer base. (When does Hyper-V have enough of a market share to justify the attention? Do customers have a requirement to manage both ESX and Hyper-V in the SAME virtualized datacenter?)

Yeah ... by all means, stay tuned.

Does your network management utility manage VMware? - David’s Cisco Networking Blog

More and more of the typical “physical computer” management & monitoring tools are being retooled to manage the new virtual infrastructure. I have talked with both Packettrap and Solarwinds and both have rumored that they will soon offer versions of their well known network management tools that will now recognize, not only network devices and physical servers, but the virtual guest operating systems that are on those physical servers.

For example, your network management & monitoring tool could query either each individual ESX server using traditional SNMP calls or it could query the VMware Virtual Center server using VMware’s API to obtain an inventory of what virtual guest is on what physical server, performance statistics for both host and guest systems, and status of guest systems (ie: which are powered on or off).

There are a few challenges that these vendors face:

    * do you go directly to each virtual host or to a centralized management server?
    * do you support only VMware ESX Server or do you try to support other virtualization platforms such as Microsoft’s Hyper-V?
    * how do you learn about guest VMs that have been “VMotion’ed” (for lack of a better term) from one host system to another? And what about the performance statistics when the storage for a guest is “SVMotion’ed” from one datastore to another?

So, “stay tuned”, as they say, for physical tools to now recognize the virtual world. And, if your vendor isn’t already doing this or doesn’t have plans to do it, I recommend that you pressure that vendor to make their product “virutalization ready” (or else you may have to go find another vendor).

Next Generation Infrastructure ... and its Management

Greg Ness is extending and enlarging his theme regarding the demands that next generation datacenters and cloud computing make on infrastructure... and particularly network infrastructure.  Notwithstanding the fact that he's now employed by a vendor of appliances and technologies that offers network services (like DNS, DHCP, IPAM, RADIUS, ...), the theme has merit -- it's not just a salespitch, folks.   So, while I might argue with his analysis of VMware's fortunes, the basic message ... new approaches to infrastructure for next generation IT ... is dead on, and with it the requisite new approaches to infrastructure management.

The Cloud will need Infrastructure 2.0 « ARCHIMEDIUS

... While many pundits have their heads in the clouds proclaiming the next big thing, there are a few issues that need to be resolved first. And those issues promise to fuel new demand for new types of networking solutions.

These new demands of scale and complexity and availability were beyond the wildest dreams of the creators of the core network services that support today’s increasingly strained network infrastructure. Many of these services, like DNS and DHCP are decades old. They were created in simpler days, usually in silos and with no concept of a need for interoperability between the protocols. Those days are now gone. DHCP servers, for example, now do dynamic DNS updates.

Bittman (Gartner) on VDC Infrastructure Management

Tom Bittman of Gartner has recently started blogging on cloud computing and virtualization. In a post made after the opening gun at VMworld 2008, he comments on two strategic shifts evident in the VMware story: infrastructure management (which he characterizes as throwing down the gauntlet with IBM, HP and MSFT) and cloud computing.

What interested me in the post are some of the presuppositions and his conclusions:
(a) it's inevitable that the datacenter becomes a virtualized
(b) in becoming virtualized, the virtual machine environment (in this case VDC OS) becomes the natural locus of end-to-end datacenter infrastructure management
(c) by adding service governance to the mix, one has a management system that competes directly with adaptive, utility computing management strategies promoted by IBM, HP and Microsoft

While this analysis of VMware's strategy makes sense on its face, it also seems to couch the competition in terms of failed or stalled initiatives at (some of) the competitors.  Bittman alludes to this in his commentary.  For some reason, when thinking about datacenter operation, administration and management, I would have been more likely to set the competition as being between VMware (and its hoped-for coterie of infrastructure management partners) and the Big 4 (and Little 4) systems management providers. 

The point worth noting: we need a more thorough discussion and definition of datacenter service governance (to use Gartner's terminology).  This becomes critical, for example, when considering the discussion of VMware and virtsec and even more so when reading Hoff's consideration of network issues in the virtualized datacenter.  Then, we'll be able to have a better conversation about how systems management in the datacenter actually comes to pass, and how VMware will compete with the Bigs.

VMware Strategy Reaches for the Clouds

VMware includes in their concept what Gartner calls a service governor, which adds policy-based management on top of a meta OS. Combined, these two create what Gartner calls a real-time infrastructure. The service governor is the real challenge for VMware, which is one reason they haven’t called it out.

What is interesting is that VMware is finally describing a larger strategy that is completely competitive with IBM (remember the On Demand Operating Environment?), HP (Adaptive Infrastructure) and Microsoft (Dynamic IT). The strategy is credible, but there are many, many gaps that need to be filled. In particular, while VMware is strong in virtualization, they are very weak in service management. Regardless, it will be difficult for IBM and HP to miss the competitive threat (which, of course, they should have seen starting in 2001). This is the only natural evolution for VMware, but the road is littered with challenges.

And, meanwhile, in Gotham City ...

Network World reports on a presentation at InterOp in New York by Joshua Corman, principal security analyst for IBM/ISS.  The major message seems to be that virtualization requires significantly greater attention to management discipline and the enforcement of policies.  Without this attention, virtualization in the datacenter represents a serious security risk.

In defining Replicate's products, this very issue ... the sociology and organizational impact of multiple management domains ... has played a big part in our thinking, as has the means by which to reduce the complexity inherent in managing the virtualized datacenter.  Corman's characterization of the tribal nature of the datacenter organizations is spot on, as is his assessment of the problems that result from it.

People a big security threat to virtualization, Interop speaker says - Network World

Just as teams of server, network, security and application specialists typically oversee the deployment of traditional physical server farms, the same group should plan virtual rollouts, Corman said. But often, the security team is left out and server administrators may inherit the responsibility without the proper expertise. “Before there was a healthy balance of skill sets distributed well [among a variety of administrators],” he said.

This lack of balance generates unproductive finger pointing when things go awry and in some cases creates grabs for power as IT staff recognizes a shift in how work is being distributed. In either case, security can suffer, Corman said.

Hoff's take on VMware and VirtSec

Chris Hoff has done a terrific job of putting in perspective the role of VMsafe as a fundament of VMware's  ecosystem in the next few years. Incidentally, it helps clarify the impression I took away from VMworld 2008 that security was the "dog that didn't bark."

The importance of FastPath and SlowPath in VMsafe were evident from the outset. But, as Chris points out, VMware seems now encouraging a mini-ecosystem to be built around VMsafe.  As I think about it, starting with Paul Maritz' keynote, there was a clear message encouraging a community of partners to make major use of VMsafe.  These invitations were usually couched in terms like "encouraging partners to embrace and enhance VDC OS infrastructure management" and took on real weight for me when I took in the extraordinarily GOOD job Cisco did in architecting their Nexus 1000V offer.

Thanks, Hoff. Great insights.

Rational Survivability: VMWare's VirtSec Vision...Virtual Validation?

...  What this ultimately means to me is that within the next 24 months with the delivery of VI4, a mature VMsafe API and shipping ISV code, we'll see some of the natural market consolidation activity occur and VMware will lock and load, snap up one or more of the emerging security players in the VirtSec space and bolster their platform's security capabilities.

Meanwhile Cisco will help secure VMware further in the enterprise with their integrated play and the remaining security ecosystem players will begrudgingly fight to stay on the good side of the fence...while they hedge their bets by supporting Microsoft and Hyper-V. ...

Watching Microsoft Positioning its V12N Offers

Today's a holiday that acts as a seasonal bookmark and starting gun. For all intents and purposes, everyone's back from the summer holiday, and about to kick into high gear. And with VMworld 2008 coming up in two weeks, we can all figure on getting bombarded with announcements from the ecosystem that relies on VMware.

Then, there are the alternate universes built around Xen and, as a universe unto itself, Microsoft. On Sept. 8, Microsoft is sponsoring a (re-)launch event that's clearly designed to steal some thunder. Here's CIO.com's take on it. The aspect that caught my eye is the emphasis on management of virtualized infrastructures ... manageable with "the same tools you're already using for your physical infrastructure."

Does anyone with experience in putting together a working server virtualization project actually believe that statement?

In the VMware ecosystem, a recently published (vendor-sponsored) survey reports that for infrastructure reporting, 35% use the same tools as as the physical environment, while 22% use VMware's management system (VirtualCenter), and 2% a third-party's solution. (What's not clear is how many of these are in-house "experiments" and how many are mission-critical deployments. ) What we will see this fall are announcements from a wide range of players who want to "fill the virtualization management gaps" in the VMware ecosystem. (Replicate will be no exception. We've staked out our part of that territory!)

But, what does this claim mean when uttered by Microsoft regarding Hyper-V? It suggests a time-honored Microsoft business model: Sell the hypervisor at a very low (give-away ?) price, then incorporate the requisite enhancements and functionality needed for Hyper-V into rather costly management systems. This approach has certainly worked for MSFT in the past as they addressed the corporate IT market for database, application, and workplace collaboration systems.

It makes me wonder just how open a marketplace will exist for Hyper-V infrastructure management.


Microsoft Starts Virtualization Hype Blitz - CIO.com - Business Technology Leadership

...
The question is whether Microsoft's content is worth the time and attention.

In general, the answer is probably yes. Microsoft's virtualization software still doesn't compare to VMware's, according to most of the experts I talk to, but it's much closer than a major Microsoft product could be expected to be at this stage of its development.

Even Microsoft can't hold center stage just talking about a hypervisor that's already been released, though. Even offering exclusive or semi-exclusive interviews with rarely accessible top Microsoft execs—which Microsoft is currently doing with both Kevin Turner and Bob Muglia—won't guarantee the amount of space needed to affect the potential impact of VMworld.

So Microsoft's expanding to take on the rest of the virtualization universe as well. The event materials it posted and distributed to the press say the company will roll out new products designed to build virtual infrastructures "from the data center to the desktop," that are manageable with "the same tools you're already using for your physical infrastructure."

Mind the gap - Corporate IT Management Shortcomings

Yes, the survey was sponsored by a company that has a vested interest in the result. And, yes, the press release is designed to make you shake your head in shocked bewilderment. That doesn't mean it's not accurate. The management challenges "arising from hybrid physical and virtual infrastructures" are for-real problems -- arguably sufficiently scary enough to be a real barrier to the adoption of virtualization for production computing in a large number of corporate datacenters.

NetIQ: NetIQ Virtualization Survey Results Reflect Lack of Systems and Application Management Basics

HOUSTON – As the adoption rate of virtualization technology increases, organizations face new management challenges arising from hybrid physical and virtual infrastructures. While companies turn to virtualization to reduce IT expense and increase service capacity, a recent study conducted by NetIQ Corporation, an Attachmate business, revealed that very few companies are taking the necessary steps to extend systems management basics to ensure application performance, service availability and end user experience across this complex hybrid environment. As a result, they risk offsetting the many benefits and ultimate cost savings virtualization technology promises.

Comprised of feedback from over 1,000 respondents within more than 800 different government, enterprise and small-to-medium organizations worldwide, only 21 percent of 759 respondents currently deploying virtualization have any kind of systems management solution for their virtual infrastructure. Overall, survey responses demonstrate that:

* Approximately 27 percent are managing the performance and availability of their virtual systems with the same tools they utilize on their physical servers;
* Just 17 percent are simply monitoring the virtual hardware or the operating system; and
* Only 10 percent are proactively gauging end-user response time while 15 percent are simply considering it.

Kensho - Will OVF make it to the next rung?

Grid Today's story on Kensho (Citrix' OVF tools) was a bit disappointing, if for no other reason than no one using Kensho other than Citrix would speak to its details. Replicate is pleased to have been extensively quoted, but it was clear that while we think quite highly of OVF and its potential, we don't have much insight into what Kensho brings to the party.

Citrix Says Kensho Tools Mean Hypervisor Liberation

Virtual appliances that can run in any virtual environment. It sounds almost like a campaign promise. But to realize that promise, someone has to give developers tools to build those appliances. That’s what Citrix says it will deliver in the next couple months with Project Kensho: tools that ISVs and in-house IT staff can use to create application machines that will run in any of the virtual environments, be it VMware ESX, Citrix XenServer, or Microsoft’s Windows Server 2008 Hyper-V.

MyCMDB - the CMDB as a Wikipedia Plug-in to FaceBook

At the risk of piling on, I'll join the refrain regarding the recently announced MyCMDB from Managed Objects. As described, it makes no sense to me. I can't for the life of me figure out how one uses social networking and the "principles of Web 2.0" to solve the CMDB data accuracy and completeness problems.

myCMDB - Managed Objects

... Managed Objects myCMDB™ solves CMDB data accuracy and accessibility issues incumbent with today's CMDB implementations. By integrating principles of Web 2.0 and social networking into a new web-based application, myCMDB delivers role-based “communities” where users can more easily and effectively view and interact with CMDB data – and other CMDB users as well. ...

Critically Under-damped Oscillations

Chris Hoff has a great, common-sense post on security and where in the data center it will eventually end up residing.  (If you don't want me to give away the plot, go directly to the post.  Don't read the snippet I've enclosed.)

Along with the "dampened oscillation" graphic that he alludes to (but doesn't actually draw), I'd like to add my two-cents about where security resides when dealing with server virtualization, and the network.  Server virtualization, and particularly hot migration (likeVMware's VMotion), has definitely changed the relative workload and tsuris (a technical term of art) experienced within the data center by the persons responsible for, respectively, server administration, storage administration, and network administration. 

In the days before widespread adoption of server virtualization, making a new application "production ready" was a PITA (another term of art) for the server admin, who had to specify servers, install the apps, move the appropriate data for use by the apps, test, stage, re-test, etc. 

The storage admin had a modest workload, requiring attention to allocation of storage space, setting quotas, setting policies, ... but once done at the planning stage, required modest tweaking thereafter. 

The network admin had it easiest (IMHO).  Over the course of the weeks (if not months) it took to arrange for a new application to be put into production, the network admin might have to allocate ports, set VLANs, set policies, and be present when doing the lash up with the network equipment.

Fast forward to the day when a new application goes through development, test, staging and cut-over into production ... ALL using server virtualization.  Besides the fact that the time horizon for the production deployment has likely been compressed from weeks to days, the relative workloads as this cut-over approaches is radically different from the one described above. 

• The server admin has a relative cakewalk: extend VME cluster, copy the image, or use a hot migration to herd the app into the new spot. 
• The storage admin has pretty much the same level of work in allocating space, setting quotas, etc.,  and will soon be using SAN "hot migration" (e.g. VMware's Storage VMotion).
  
• The network admin, however, just got a rude awakening.  If he's got SLAs to which his organization must commit, the network admin must allocate ports, set VLANs and VLAN policies, set up NIC teaming in both the virtual switches and physical server access switch, and set up trunking on the vSwitch and pSwitch.   Oh, and by the way... it has to be "right" for every physical server in the data center to which a virtualized application MIGHT migrate in the future.
  

Holy smoke, Chris!  It's not a single, oscillating signal.  It's (at least) three of 'em.  (... and if I were a better graphics hack, I'd drop in a jpg right about now.)

Rational Survivability: Security Will Not End Up In the Network...

... Here's the reality we actually already know and should not come to you as a surprise if you've been reading my blog: we will always need a blended investment in technology, people and process in order to manage our risk effectively.  From a technology perspective, some of this will take the form of controls embedded in the information itself, some will come from the OS and applications and some will come from the network.

Anyone who tells you differently has something to sell you or simply needs a towel for the back of his or her ears...