By The Bell

Despite the extraordinary hype around VDI and the rapidly burgeoning VDI industry, it’s difficult to find sizeable enterprise deployments.  Part of the issue is that of the two real contenders in the market, VMware’s View 3 has only been shipping for 4 ½ months, while Citrix’s Xen Desktop represents a complete paradigm shift away from the 98.5% of its sales that are Microsoft Terminal Server based.  While it hopefully will pass without much more pain, swine flu unfortunately does have the potential to accelerate deployment of VDI.

Citrix got its big break in 1994 when Novell started referring its resellers to Citrix's OS/2-based remote access product, WinView.  As the Citrix technology matured, though, it was not positioned nor implemented as a widespread hosted desktop solution.  The limitations of Terminal Server made such an environment more confusing for users and harder to effectively administer.  The simplicity of VDI is appealing to users because their virtual desktops have the same look-and-feel as their normal PCs.  It appeals to IT administrators because it eliminates the management challenges of an enterprise Terminal Server-based deployment.   

As with all big IT changes, though, VDI is taking time to work its way into corporate consciousness as a viable alternative to traditional desktop computing.  Just the threat of pandemic disasters such as swine flu may give IT managers an incentive to start setting up virtual desktops for users as a preemptive strike.  VDI would let users work from home or other remote locations as easily as from headquarters.  As was the case with Citrix WinView many years ago, this could spark many more instances of VDI.  The advantage of the new technology, though, is that now IT managers are familiar with the concept and savings of a server virtual machine.  It won't take them long to realize that they can achieve much greater benefits by making their remote access desktop virtual machines the organizational computing standard from headquarters as well.

Check out my article on VDI coming imminently on searchvmware.com.

Note:  This blog has been transformed to an article on DABCC.com. 

http://www.dabcc.com/article.aspx?id=10627.  DABCC is a leading virtualization Web site with huge traffic.  Doug is also a very sharp observer who is literally world renown.

Virtualization.info http://www.virtualization.info/2009/04/how-microsoft-and-vmware-use.html and vInternals http://vinternals.com/2009/04/microsoft-myths-and-realities/ provide excellent analyses on recent internal documents/presentations from Microsoft and VMware respectively on utilizing their virtualization products internally.  Microsoft's internal use of Hyper-V from a January 2009 Technical Case Study http://technet.microsoft.com/en-us/library/cc974012.aspx and VMware's internal use of ESX from a VMworld Europe 2009 presentation by CIO Taylor Stansbury http://sessions.vmworld.com/mgrCourse/launchCourse.cfm?mL_method=player.

To summarize, VMware uses server virtualization internally for 97% of its servers, and the remaining servers will be virtualized by the end of this quarter.  Microsoft, on the other hand, expects to have 50% of their server instances running on virtual machines by the end of Q2.  VMware is able to handle twice the number of VMs per 8 core/32 GB host as Microsoft (Microsoft actually uses a combination of 8 core and 12 core hosts, so the discrepancy is even greater).  VMware's deployment has no performance or stability issues and is both flexible and easy to manage.  Microsoft, on the other hand, has this to say about their deployment:

"Because of the required brief outage every time a virtual machine is moved from one host to another, Microsoft IT found that coordinating the server update processes with virtual machine owners was difficult.  Because one physical host could contain several virtual machines, Microsoft IT had to communicate with each of the virtual machine owners and coordinate host server maintenance with virtual machine maintenance."

Microsoft discusses its limitation of 23 LUNs because each LUN must be available to the Parent Partition" (Host OS). Windows does not deal with drives in terms of numbers, it deals in terms of letters (of which there are 26).  "A" and "B" are traditionally reserved for disk drives and, as such, cannot be assigned to a LUN.  "C" is the local hard drive and cannot be assigned to a LUN.  Therefore, Hyper-V can only address 23 LUNs.  Microsoft says it had to acquire new storage frames that supported more LUNs because they ran out with its 1 LUN: 1 VM strategy.  

Microsoft says it uses 802.1q trunking but not 802.3, and doesn't support NIC teaming.  This means that there is no network redundancy for the VMs in a Hyper-V environment.  This is a huge failing on the network side — and much more important than VLAN tagging they do support.  If a VM network port goes down, all of those VMs are offline until an administrator intervenes (Microsoft plans to fix this in the R2 release of Server 2008).  VMware, on the other hand, not only fully supports 802.3 and NIC teaming today, but with the vNetwork Distributed Switch (VDS) of the upcoming vSphere, will span many ESX hosts allowing quick scale up of networking capacity.  vNetwork also includes Private VLAN support, network VMotion, off-loaded network I/O and the ability for organizations such as Cisco to build VMotion-aware networking applications on top of it.  Cisco's Nexus 1000V virtual switch is expected to be announced on 4/21 in conjunction with vSphere.

When a VMware virtual machine wants to communicate with the network, it must be processed by the Guest OS and then by the Hypervisor.  Once the Hypervisor gets hold of it, the traffic gets pushed out to the network at large.  On Hyper-V, the traffic must be processed first by the Guest OS, then by the Hypervisor, and then by the Parent Partition (the Host OS).  The added layer (host OS) is the one that has traditionally been a bottleneck (which is one reason why ESX performs so much better than Hyper-V).

Here is a summary of the internal virtualization environments at VMware and Microsoft 

  Internal Virtualization Environment    VMware Microsoft

Current % of servers that run as virtual instances   97% < 50%

% of Servers that will be virtual instances by end of Q2    100%   50%

# of Production VMs per 8 core/32 GB host     10.4     5.7

High Availability enabled?    Yes No

Migration of live server instances without downtime?    Yes     No

Natively supports NIC teaming (network redundancy)      Yes No

Can add vSwitches without requiring host rebooting  Yes    No

Efficient communication of VMs with the network    Yes    No

LUN limitation    255    23

# of VMs managed per administrator    145 ?

Thanks to Jason Coleman and Steve Jones of INX who explained the networking and storage issues for me (though any mistakes in transcribing their remarks are solely the author's).

Hyper-V vs. Market Leaders http://www.bitpipe.com/detail/RES/1237562441_234.html

IT expert Nelson Ruest has impecable credentials as a well-published author.  Then again, I've co-authored many Osborne/McGraw-Hill technical books, and you wouldn't want me anywhere near your data center.   But even I understand enough to see that this is a pretty weak attempt to show Microsoft Hyper-V as a legitimate contender to VMware.  Take for instance, the only criticism of VMware from the presentation:

“Hyper-V is based on Windows Server 2008 and because of that you can run these machines on pretty well any hardware configuration, any hardware configuration that is designed to support Windows.  So, that means that you have hundreds and hundreds, if not thousands, of configurations that you can run Hyper-V on  whereas because ESX Server, VMware is more…a more limited edition…a more limited product because of that.  You can only run VMware on maybe dozens or fewer number of server configurations than you can run Windows.”
 
Is this really relevant to anything?  How many ESX host options does any organization possibly require?   Furthermore, new VM hosting platforms such as Cisco's UCS will start to have a major impact in data center virtualization, and UCS is optimized for VMware.
 
Check out these links which do a great job of dispelling Microsoft FUD:
 
http://itknowledgeexchange.techtarget.com/server-virtualization/vmware-fires-back-against-microsofts-mythbusters/
http://vinternals.com/2009/04/microsoft-myths-and-realities/
http://itknowledgeexchange.techtarget.com/server-virtualization/microsofts-embarassing-hyper-v-vs-vmware-video/
http://vteardown.com/2009/04/06/how-stable-is-hyper-v/
http://www.vcritical.com/2009/04/would-you-buy-a-hypervisor-from-these-guys/
 

http://www.burtongroup.com/Research/PublicDocument.aspx?cid=1464

Unfortunately, unless you're a Burton subscriber, you can't read their document.  Nonetheless, I'll go ahead and address the issues it raises.  Burton has a lot of clout in the industry, and although I disagree with some of the specific content of this paper, I recommend subscribing to their service for those who value generally well researched reports.

At a high level, I agree that virtualization has a dark side.  The dark side, though, has little to do with the purported issues presented in the Burton report.  Rather, it’s an implemenation done without the financial analysis, assessment, planning, proof-of-concept testing, piloting, beta deployment, project management and the carefully executed roll-out that should be a prerequesite to any successful enterprise deployment.  This tends to frequently limit the expansion of VMware deployments that were implemented originally as point solutions, and then began expanding beyond the original intention.  The organization consequently misses out on tremendous cost savings and other advantages while having to manage both a physical and virtual environment.

I think that The Burton Group knows this – they clearly reach during the document for any “dark side” bits that they can drum up in an attempt to write an interesting paper.  Their conclusioin, though, states that “Virtualization is an overwhelming success story in most IT shops and delivers on promised ROI.”  I agree with everything the conclusion says, including “awareness and taking action to address these new challenges”.  The interesting thing, though, is that they just tip-toed around the only true challenge of successful virtualization (other than lack of treating it as an enterprise deployment as mentioned above), which is the network. 

While the VMware virtual switch has been a remarkable way to achieve much faster inter-virtual machine communication on an ESX host, it limits the enforcement of security best practices which in turn impacts the environments that can be virtualized.  The VMware virtual switch is rudimentary; it is a basic layer 2 switch that doesn’t route, does not support QOS and provides no visibility to individual virtual machines.  Virtual machines running on an ESX host communicate with each other without going through the physical network –administrators cannot apply traditional security practices such as access control lists and private VLANs.  Administrators also have no way of easily isolating traffic to an individual virtual machine, and even if they do, a VMotion or DRS instance leaves them in the dark once again.  Managing virtual switches is painful because each one must be administered on an individual basis.  Since the server administrator is doing the configuration rather than the network team, misconfigurations and inconsistent policies often result.

Fortunately, the Virtual Distributed Switch (VDS) of vSphere addresses these issues.  And Cisco shops will be able to purchase the Cisco Nexus 1000V which makes managing the vSwitch just part of the overall Cisco network management scheme.

Let’s look at some of Burton’s “dark side” points:

Organizational Management

Burton claims that the difficulty of managing storage and network along with servers can cause a challenge.  Again, if a virtual infrastructure is put in without planning, then this could be a true statement.  Incorporating planning, however, enables a simpler environment than physical – even with the existing networking deficiencies.  Here’s an article I recently wrote about this topic that should shed some light  http://www.dabcc.com/channel.aspx?id=232.  Again, with proper planning and training, IT staffs inevitably really appreciate all of the advantages of a virtualized data center.  If you ever go to VMware’s VMworld, it’s like a 12,000 person love fest.

 Systems Management and Monitoring

While the performance and management tools are certainly evolving, again I’d argue that they are already superior to anything you can do in a physical data center given proper assessment/planning is required.  A good example of this took place with one of my clients a few years ago – when the technology was much less advanced than it was today.  An IT manager for a bay area bank told me that he liked everything that I told him about virtualization, but he worried that his security guy would never allow it.  I asked him, “How many servers do you have again?”  He replied, “Between 250 – 300”.  “But you don’t know exactly?” I asked.  “Not exactly,”  he said.  “If I asked your security guy how many servers you have, would he know?”  He replied, “IF I don’t know, then he certainly won’t know.”  I said, “So how is a virtual environment where you can view every server at any time, know the individual and aggregate resource consumption and know who was on what server at what time than in your existing environment where you don’t even know how many servers you have?”

Security

Burton makes a big deal about VMware having 22 vulnerabilities.  Every OS has vulnerabilities.  Even Cisco IOS has vulnerabilities.  The big question is whether there is any Exploit code available that goes along with the vulnerabilities.  As far as I know, the answer is no.  I’ve yet to hear of a single case of a VMware bypervisor-based security breach.  VMware even provided the NSA with their source code several years ago, and the NSA couldn’t hack between virtual machines.  The VMware hypervisor is extremely thin (probably over 1,000 times fewer lines of code of Windows Server), and therefore very difficult to exploit.  Burton Group again hedges here by saying that “Virtualization increases risk by adding complexity, but can be used to reduce risk by providing another means of separation.”  As my banking example above shows, when you virtualize, it is intuitive that fewer control points and much more granular monitoring and tracking capabilities in turn reduces security risk.

Burton says that, “customers will have to spend a lot on upgrades from the vendors for so-called ‘virtual appliances’.  First of all, virtual appliances are not by any means a mandatory part of a VMware deployment.  They are terrific, low-cost VMs that are generally superior to the physical versions – but are certainly not mandatory.  They also bring up the network security vulnerability, but as I mention above, that is addressed fully in vSphere and can be handled today through other means with proper planning.

Compliance and Audit

Clearly regulatory compliance is simplified in a VMware environment.  We were seeing this four years ago with the very heavily regulated pharmaceutical industry.  In that industry, products can be life or death.  When you get a prescription filled, it better be exactly the same as the product you received two years ago.  Regulation trumps all, and the FDA requires rigorous “validation” of all servers.  But since VMware virtual machines are provisioned from software and are thus 100% identical, pharmaceutical industry companies have long found it easier to receive and maintain FDA validation of virtual machines than their physical counterparts.

Vendor Licensing and Support

Burton first complains about the MS policy prohibiting movement of server OS licenses between hosts more than once every 90 days, and then goes ahead and gives the obvious resolution which is to simply purchase Windows Server Data Center Edition for each ESX host.  What they don’t discuss is just how economically advantageous this can be. 

Suppose, for instance, that an organization has 100 copies of Windows Server Enterprise.  We’re going toconsolidate those onto three Dell R910s with four 6-core CPUs each and 256 GB RAM.  Assuming that Windows Server Enterprise and Windows Server Data Center Edition both go for around $2,000 street price (they both list for around $3,700), then in the physical realm this organization has to spend $200,000 on Windows Server license (Windows Server Enterprise is licensed by physical server).  In a virtual environment, however, they simply license Windows Server Data Center Edition for the underlying CPUs of the ESX hosts, and can then run unlimited instances of Windows Server.  So the cost becomes $2,000 X 4 X 3 = $24,000.  The organization therefore saves $186,000 every time they renew their Microsoft Server licensing.  Other large licensing advantages can be obtained with SQL Server.  And with vSphere, there will be no reason to purchase Microsoft Clustering software any longer – thereby still saving more money. 

Regarding Oracle licensing in a VMware environment, well – I don’t understand Oracle’s licensing model (but then, I’m not sure anyone else does either).

Storage, Networking and Architectural Considerations

Again, proper planning will address these issues.  And VSphere, with vStorage and the Virtual Distributed Switch, takes storage and network management to a level beyond anything possible in a physical environment.  SRM already enables storage management for disaster recovery beyond anything possible in a physical DR scenario.

Burton says they advocate going with low server consolidation densities on blades so that a server failure doesn’t impact many servers.  This is baffling to me as, 1)  Servers rarely fail and 2) If a server does fail, the VM is off-line for only an average of seconds while it reboots – since it’s software, it reboots very fast.  Of course, with the Fault Tolerance feature of vSphere, there will be no down-time at all so Burton’s argument is totally moot.  We also disagree with their advocacy of blades for most situations as we wrote in an article last year, and our opinion is shared by most virtualization industry experts with whom I have spoken http://www.dabcc.com/article.aspx?id=9114.

Burton says that the ROI may not be there for smaller organizations.  We’ve found that organizations with as few as 7 servers can still achieve a nice ROI, even when purchasing a new SAN as part of the deal.  But, the key of course is to conduct the ROI analysis prior to virtualization in order to make sure.

Burton says that, “Virtualization sprawl has been a potential worry that has only been kept in check by the added management overhead that an IT shop has incurred to manage multiple virtual platforms.”  This is kind of silly.  Most physical data centers still have server sprawl despite the large expense and effort it takes to purchase, configure, rack, stacked, cable, connect, power, cool, protect, back-up and maintain physical servers.  Virtual machine sprawl can easily be contained either through policy or through automated workflow utilizing VMware’s Lifecycle Manager.

Recommendations

Burton says if you have an ROI of 18 months or less, you should virtualize (actually the terminology should be payback period as ROI is not a unit of time measurement, but we’ll let that slide).  I don’t think you can set a hard number in any case.  It depends on what else the organization can do with the money, and what other not quantified benefits result – examples being advantages such as no more server failure, no need for hardware-based maintenance windows, greatly enhanced disaster recovery, and on and on.  The rest of their recommendations pretty much imply that organizations should plan their deployments.  I agree.