Author's posts
Jan 25 2015
How to implement good security in a virtual environment without sacrificing performance
We live in a world were security is very top of mind and companies and individuals are going to great lengths to protect their valuable data and assets. One of the trade-offs of having good security is that it tends to be very intrusive, this is just the nature of the job though, you have to examine and keep a very close eye on things to be able to effectively protect them. If you aren’t looking for anything then you’re not going to find anything until it’s too late.
In a computing environment this means you have to have special security applications running in the background to monitor for any malicious behavior or applications that might harm your files and data. This of course requires computing resources that add overhead to your computer which can take away resources and slow down the applications that you use. In a virtual environment this effect is amplified even more, because resources are shared by many VMs, the combined effect of all those VMs trying to protect themselves can really impact performance and steal away your valuable resources.
As a result of this performance vs security dilemma you need to ensure that you use good security products that are designed to to protect virtual environments with minimal impact on performance. To achieve this you need as small a security footprint as possible inside a VM, centralized security management and monitoring along with security tools that can integrate with vSphere using the vShield security APIs as shown below:
To help with you understand this better Bitdefender has published a white paper entitled “Newest Data Center Dilemma:
Security vs. Performance” that highlights the following:
- Traditional IT security solutions rely on agents, which are not designed to operate in today’s complex virtual environments
- The agent-based approach to security diminishes the business value of virtualization and complicates management
- Virtualized data centers require a centralized approach that eliminates the need for agents on every VM
The paper helps you understand the challenges with security in a virtual environment, Bitdefender has also published a white paper entitled “Securing the virtual infrastructure without impacting performance” which demonstrates the impact that traditional A/V tools can have in a virtual environment compared to security tools that are optimized for virtualization. An example of the performance impact that they found is shown below:
Most notable is the impact that traditional A/V tools have on CPU which is pretty significant. To help provide the best security in your virtual environment with minimal performance impact I encourage you to give this papers a read and also check out their security tool designed specifically for virtualization, Gravity Zone: Security of Virtualized Environments. Based on competitive performance testing run with Login Virtual Session Indexer, (Login VSI), GravityZone – SVE has the lowest impact on applications running in virtualized environments, when compared to other virtualization security solutions. The net result of this is overall improved performance, increased resource availability and and better ROI on your investment in virtualization.
Jan 20 2015
A don’t miss live whiteboard virtualization show: Veeam R&D Inside Out with Gostev
Veeam is one of those companies that really tries hard to innovate and listens and responds to their customers needs and feedback. I’ve written in detail on what makes them special in this post about VeeamOn. If you know Veeam and use their products you’ve probably heard about the legendary Gostev who leads their product management team and takes the time to work with individual customers to make sure they are happy and also listens to their suggestions for improving Veeam’s products. So if he’s giving a live whiteboard session you’re going to want to be there, well turns out he is and the details are below so make sure and sign up for it:
What:
Attend a LIVE whiteboard virtualization show on Jan. 22 and hear Anton Gostev discuss the past, present and future of Veeam technology. Anton will reveal exactly how the entire product lifecycle works behind the scenes, including Veeam’s R&D, product management, quality control and support processes. Whether you are an end user or a Veeam ProPartner, this information will definitely help you interact more efficiently with the “non-sales” side of Veeam!
This session is built around live Q&A, so don’t miss your chance to ask questions* and get answers on the air at this live show.
When:
January 22 NA @ 10 a.m. ET EMEA @ 4 p.m. CET
Why:
So you can learn the answers to the following:
- How does Veeam innovate?
- Why is “roadmap” a banned word at Veeam?
- How does Veeam receive and work with your feedback?
- Why is it important to “keep pushing” in Veeam forums?
- What is the dark magic in the feature selection process?
How:
Register here: http://go.veeam.com/veeam-whiteboard.html
Jan 19 2015
Last call for blog-o-hol before Top vBlog 2015 voting begins
I’ve added lots of new blogs to my vLaunchpad but I’m sure there are some that I’ve missed. Every year I get emails from bloggers after the voting starts wanting to be added but once it starts its too late as it messes up the ballot. I’ve also archived a bunch of blogs that have not blogged in over a year in a special section, those archived blogs still have good content so I haven’t removed them but since they are not active they will not be on the Top vBlog ballot.
So if you’re not listed on the vLaunchpad, here’s your last chance to get listed. Please use this form and give me your name, blog name, blog URL, twitter URL & RSS URL. I have received a bunch of entries after I updated it a few months ago that I need to add, so if you haven’t submitted your blog here’s your last chance to do it so you don’t miss out on the cool commemorative coin that the top 50 blogs will receive. So hurry on up so the voting can begin, the nominations for voting categories will be opening up very soon.
Jan 19 2015
Toss your VMs into the clouds and easily get them back again with Boomerang
Not everyone wants to run their production VMs off premise in a public cloud but there are definitely some situations where leveraging cloud based virtualization for some specific scenarios makes a lot of sense. Let’s look at a few scenarios where you might consider moving some VMs to a public cloud infrastructure and a great solution from Unitrends called Boomerang that can make the transition from private data center to public cloud and back again simple and painless.
Upgrades and migrations
Upgrading your virtual environment to a new version of vSphere can be both disruptive and stressful. As a VMware administrator I was both excited and fearful when it came time to upgrade to newer versions. Excited to start enjoying all the new features and enhancements but scared to death that something might break in a big way as a result of the upgrade. I’ll even admit I’ve stayed on older versions of vSphere way too long just because I didn’t want to go through the hassle and disruptions of an upgrade.
My preferred upgrade method to major new vSphere releases is to setup a new environment running the latest version of vSphere and then once I am sure that everything is running smooth in the new environment migrate VMs from the old environment to it. This method also provides you with an easy fallback method in case you have issues with your new environment. To do this though means you have to have new or spare hardware available which can be a showstopper unless you are close to a multi-year hardware refresh cycle.
Having a short-term off-site virtual environment available allows you to move your VMs off your existing hosts while you perform upgrades and then move them back once your upgraded virtual environment is ready.
Backup and recovery
One of the big reasons that companies are still using tape backups today is for off-premise storage of backed up VMs. You can’t afford to have your virtual environment and backups of it all in one location as a single disaster could take out both and leave you without any recovery options. Many companies have also moved to disk-based backup targets which provides more recovery options and faster recovery, replication is also widely used to provide duplicate copies of critical VMs.
Doing backup and replication to an off-premise public cloud has many advantages including having your virtual environment and backup environment physically separated by distance, no ongoing capex or opex costs for a backup environment and less administration. You also get the benefits of having disk-based backups and having them off-premise so you can easily recover if something happens at your primary site. This is especially beneficial to smaller companies that may not be able to afford the cost of implementing a backup infrastructure and may not have the expertise or time to manage it.
Short term demand increase
If you work in retail you almost always have to deal with seasonal demand peaks which your virtual environment may not have adequate resources to handle effectively. Unless you don’t care about money, short term demand increases are a challenge for every company. To be able to meet these big spikes you have to size your virtual environment way larger then it needs to be to meet your typical everyday workload demands. If you do this you are just wasting money as the rest of the time you have too many physical resources just sitting there not being used.
The whole purpose of virtualization is to be efficient with physical resources and maximize resource usage. Sizing to met short term peaks goes against the goals of virtualization. However you can’t afford to not be able to handle those peaks though and a great solution is to expand your environment when needed to the public cloud. That way your virtual environment can temporarily grow to a public cloud when it needs to accommodate heavy demand without having to buy and maintain all that extra equipment that you may only need for 30 days out of the year. This method is referred to as “cloudbursting”.
All these scenarios require a method of getting your VMs from your private data center to a public cloud and back again, preferably in a way that is easy and cost-effective. To help with this Unitrends recently announced Boomerang which enables virtualization administrators to simply and affordably move VMs from a vSphere environment to Amazon Web Services (AWS) public cloud.
How it works is you deploy a Unitrends Boomerang virtual appliance in your vSphere environment and then sign-up for an Amazon Web Services (AWS) account. Amazon has a Free Tier available that allows you to try out AWS for free for 12 months. In addition they provide a resource usage based pricing model so you are not paying for hardware that you don’t need or use. Once Boomerang is installed you setup a Protection Group in your vSphere environment which defines which VMs you want to replicate to AWS, you can then configure an automated backup and ongoing synchronization schedule.
Once you setup a Protection Group you simply click ‘Replicate’ which will kick off an efficient replication process of your VMs within your Protection Group to AWS storage. This process typically takes 15-20 minutes for an 8GB sized VM. When the replication process is complete, you can click the ‘Deploy’ button to spin up (or power up) the VM into a running EC2 instance. Once you are happy with the newly deployed instance in AWS, you can power down your original VM at your leisure, thus completing the migration process.
When you want to bring VMs back you can “CopyBack” deployed instances inside AWS back into your vSphere environment by simply clicking the “Copy Back” button next to the “Deployed Instance” in the Boomerang Management Dashboard.
To use Boomerang, it simply costs $29.95 to protect each VM per month, or if you pay annually it’s only $19.95 for each VM per month. The first VM you protect is for free forever. Unitrends also supports a free 30 days trial for unlimited VMs, couple that with the AWS Free Trial and it costs you next to nothing to try out Boomerang and extend your virtual environment into the clouds. To find out more check out the vmboomerang website.
Jan 08 2015
Sneak peek at Top vBlog 2015 blogger prize
This year I thought I would do something different and designed a custom commemorative coin that each of the top 50 bloggers will receive. The coin is 2″ in size and has a diamond cut edge on it, you can see some sample coins cut the same way here. I had wanted to do separate coins for Top 10, Top 25 and Top 50 but that would of required paying for a separate die mold for each which gets costly. So instead I put Top 50 on the coin and am using different metal finishes to signify this. The Top 10 will get a Shiny Gold coin, 11-25 will get a Antique Silver coin and 26-50 will get a Antique Copper coin.
Of course all this is made possible by Infinio who is the official sponsor for Top vBlog 2015, stay tuned for more info as things will be starting up soon. Make sure you don’t miss out on any info related to the contest by subscribing via email using my sidebar widget to be notified of any new posts from vSphere-land. You can check out the coin design proofs below.
Jan 07 2015
The annual VMUG Virtual Event is coming to a PC near you
The VMUG organization is having their annual VMUG virtual event on Tuesday, Feb. 17th which you can attend in your pajamas if you so desire. I know the virtual events don’t compare to the physical ones but I thought they actually did a good job executing it last year and it was definitely worth checking out. Much of the success of those types of events resides in the platform used, I think it worked well last year as it was very interactive and had a lot to explore and see as well as being able to check out vendor sponsors, chat with attendees and listen to sessions whenever you have the time.
As an added bonus they have Chris Wolf, VMware’s Chief Technology Officer in the Americas scheduled to deliver the keynote which should be great. So be sure and register for the event, if you register by tomorrow you have a chance to win a cool quadcopter drone.
The physical VMUG season kicks off soon as well here in the US, you can view the calender of 2015 VMUG User Conferences here.
Jan 06 2015
You can now signup for VMware’s BIG event on Feb. 2nd
Still no word about what it’s all about though but I’m sure you can figure it out from this other post I did on it. The banner for the event says Live and Online but the link only takes you to the Online registration page. No word on the Live part and who can attend it but the event does correspond with PEX and is timed (1:00pm PST) a few hours before the Welcome Reception (5:00pm PST) so maybe they will broadcast it from Moscone West. Also not sure what the 28 Days of February event is all about either, coincidentally VMware just did a blog post today on “28 Days Later, Physical to Cloud … Done” Technically though if they start on 2/2 and with February having only 28 days it will only be a 27 days event.
As far as being the biggest launch in VMware’s history, I’d argue that the vSphere 5 launch was bigger as it had much more new and enhanced features in it. You can sign-up for the online event by clicking the above image.
Dec 31 2014
Something big is about to happen…
…according to VMware, they posted this banner on their website a week or so ago hinting at a big announcement coming soon. Hmmm, I wonder what that could be? If one had to make a guess I would suspect a new vSphere version which is overdue. The date corresponds with VMware Partner Exchange (PEX) which runs from 2/2 to 2/5 this year, there are no keynotes on Monday (2/2), just the Welcome Reception which opens at 5:00pm. Being that PEX is only a partner audience I suspect VMware will hold a separate online event earlier that day so customers can hear all about whatever big thing they are announcing. They did this with the release of vSphere 5 (banner below) which was a small event broadcast live at the Terra Galley in SF at which I was one of a handful of bloggers that VMware invited to.
I still have the solid metal keepsake that they gave out to us at the vSphere 6 event.
One thing to note is that all of VMware’s recent new vSphere version launches have occurred at VMworld, and PEX has always been pretty un-exciting so hopefully this will spice it up. It also breaks VMware’s traditional one year release cycle of new vSphere major releases as I outlined in this post on VMware’s ever shortening release cycle for hypervisor versions. I suspect that the new VVOLs storage architecture took more effort to perfect than anticipated which may have caused the delay. Whatever they are announcing though I’ll guess you’ll have to wait a few more days until they officially let the cat out of the bag. I’ll be at PEX so I’ll be reporting on whatever they announce and show off at the event.