TechAdvantage 2011 – Virtualization Questions

Questions asked before and after the presentation are posted here.

There’s been a big push in the Midwest for Google Gmail to take over in-house hosting our e-mail.  My Redhat is 7 years old, handles all our e-mail and should be replaced.  You mentioned Postini: should I outsource my e-mail entirely?

In my opinion, the fact alone that your server is 7 years old is not a compelling reason to move to Gmail.  There are usually 3 reasons people choose to upgrade: technology, security, and functionality mandate.  All of these are really driven by risk and cost.  Cost does not always have to equate to dollars but it is good to do so if you have to explain it to someone other than yourself.  The way I rationalize with it is that if the cost of holding what you have exceeds the cost of the technology upgrade, then you need to upgrade.

In your case, hardware “getting old” would fall into a technology mandate.  The hardware needs to be replaced because it is seven years old.  You can purchase a less-problematic and brand new box for relatively less cost than is required to maintain the current one.  Because your e-mail is doing everything that you want it to, this would not fall into a functionality mandated upgrade.  E-mail is really a simple and common service for an IT department.

Again, this is only my opinion, but moving to Gmail without defining a business need would be like throwing the baby out with the 7-year-old bathwater.  This is not a good practice in most cultures.  With virtualization, the bathwater can always be fresh.  No reconfiguration necessary.  All stays the same and essentially eliminates the technology mandated reasons for upgrading – such as a dated server.

Didn’t you guys do it backwards?  Should you have purchased a SAN first?

I get this question a lot and my answer is an emphatic “No!”  Why?  Because a SAN is a hardware virtualization layer for SMB data centers that need to fill one of two requirements: shared block storage or low-level-snapshots.  Large data centers buy SANs to centralize storage infrastructure.  Since many cooperatives have less than 50 servers, I don’t think that this applies to the majority of us.

While I’ll admit that SANs are very sexy, they are also very expensive.  After looking at our SAN-less physical infrastructure, I did not see a need.  My current business requirements did not dictate the need for one using a physical server, why should my business requirements change with a virtual server?

I’ve read numerous posts from people running SANs that ran into IO bottlenecks.  Their solution: run the application on DAS.  Huh?  If I’m reading this correctly, these people spent tens-of-thousands of dollars on a SAN that didn’t meet their requirements and when it failed to perform, they ran back to good’ole DAS on a RAID card.  Interesting…  So, aside from the bill, what did the SAN get them?

I have a conspiracy theory as to why every sales person pushes SAN talk when virtualization is the topic of discussion.  EMC is a manufacturer of SANs.  VMWare was a software company that does VMotion if you have a SAN.  EMC purchased VMWare.  EMC gives VMWare ESXi away for free with one catch: VMotion is a licen$ed feature of ESXi.  SANs are expensive.  Salesmen get paid on commission.  What they demo to you: VMotion.

I think you can connect-the-dots from here.  They are going to do their best to sell you something: it’s going to be a expensive SAN (or two) after demoing the cool-guy features of VMotion.  They’ll say, “Without a SAN, you won’t be able to use VMotion.”  or “Think of the countless times you are going to be called in to fix a broken host if you don’t buy a SAN!”  You’ll be compelled to buy it because, well, you really don’t know any better.

The thing that they leave out is the fact that you still have to back this SAN up.  Our industry is tied to the ground.  When a natural or man-made disaster strikes, we don’t have the luxury of moving somewhere else and opening up shop.  Our data centers are tied to the ground we serve.  SAN snapshots are NOT backups because they still reside on the SAN – it’s like backing up a disk to the same disk.  You must to present the LUN to a backup device to take it off of the SAN or use backup agents on the VMs to pull it off for it to be considered a backup, IMOH.  The method of backup that we’re doing with DAS gives us the same function as a SAN albeit a little bit slower.

Can you get support for the free version of ESXi?

Yes.  Full support is purchasable for both off of VMWare’s website.  The free version is a licensed instance of the VMWare hypervisor.

You mentioned VMDirectPath.  Do you use it with your IVR or modems?

VMware has introduced a new feature called VMDirectPath I/O which allows up to two PCI(e) devices on the host server to be connected to a Virtual Machine.

I am very interested in VMDirectPath.  It is very promising for certain applications like AMR and IVR.  We are not using it because the HP DL380G5 servers I’m using do not support this option.  I am very interested in talking to anyone who is doing it which is why I brought it up in the presentation.

Regarding AMR/AMI modems: I have virtualized Aclara and Turtle Command Center by virtualizing the serial ports prior to virtualizing the application.  I accomplished this with Digi serial-to-IP terminal servers and mapped the virtual COM port to the machine.  This can be done before virtualization.  Simply install the DigiTS, plug the modems into it, map the COM ports (Google: Digi RealPort) to the Aclara or Hunt box and do some test calls.  After you run on it for a couple of weeks consider P2V’ing it to a VM.

Does VMWare free care if the guest OS is Redhat?

No.  There are several OS options when creating VM.  Pretty much any guest OS is supported if it runs on an x86 platform.  Just choose “Other” if the guest is not in the list.

Regarding the backups: do I get better/faster backups with a SAN?

Method of backup/restore is dictated by the recovery point and recovery time objectives.  These objectives are derived from your company’s disaster recovery plan.  “Better” and “faster” are subjective terms and are difficult to apply to backup requirements.  The question I would ask if you do not yet have a stated RTO/RPO (a.k.a. “objective”), how do you feel protected from a systems failure or disaster right now?

It is true that you can perform a snapshot of a running VM using a SAN.  You can do this with DAS as well with the snapshot manager in vSphere; however, I would not think of this as a backup.  While it does provide a recovery point in the event something goes wrong, should the storage fail one would have to restore from backup.  If all one uses are snapshots, they would not have a backup.  This gives a false sense of security for those who think that snapshots are backups.
Herein lies the danger of contextual understanding when it comes to SANs vs. no-SAN in a virtualized environment.  I’ve actually listened to a salesman try to explain to me that a SAN would not fail because it is designed to never fail.  I’m sorry.  This sounds like the Titanic.  I don’t drink that kool-aid.

In my view, electric cooperatives that are “tied to the ground” should perform a more traditional disconnected backup unless they can prove that an application’s RTO/RPO is so time-sensitive that a recovery using other methods would cause damage.  If we were supporting an operation like EBay or a NASDAQ brokerage firm where downtime amounts to lost revenue, I would be singing a different tune.  To date, I have not found a single cooperative computer application that is unforgiving of downtime inasmuch to put a coop out of business.

We virtualized one weekend.  After bringing it online, my administrator told me that we needed to purchase new licenses because the software wouldn’t work.  We reverted back to physical.  Why did this happen?

Software vendors use several methods to keep their software from being pirated.  Companies, like Milsoft, use a USB fob that you have to plug in to your machine when running their EA software.  Schweitzer uses the MAC address of a network card to verify that you are running their software only on the single machine licensed to run it; you have to call them to get a new activation key to install it on another machine or if you change out your network card.  Microsoft uses a process called “product activation”.  These methods are anti-piracy schemes.  A license is a legal instrument governing the usage or redistribution of software.  It is important not to confuse the two.

If you are currently licensed to run the software, I implore you to read the end user license agreement (EULA). Moving your software from one machine to another is generally allowed.  You get into trouble if you are copying the software and using more instances than your are licensed to.  Again, it is all outlined in the EULA and each vendor has their own agreement.  If you don’t understand the EULA, call your vendor and tell them that you are moving the licensed installed instance from one machine to another.  If their anti-piracy methods are significant, you may have to jump through some technical hoops to make it work. In the end, if you are licensed to run the software, you aren’t breaking any rules by finding ways around the anti-piracy protection methods.

For my research as virtualization applies to Microsoft licensing, click here.

Note: When P2V’ing a OEM instance of a Windows server that was installed at the factory, I noticed that the COA sticker on the box was not the same as the activation key used to install the OS.  Dell, in this case, uses the same key on the assembly line.  I had to get the OEM COA key off of the physical box, and type it into the wizard in order to activate my VM after converting it.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s