Monthly Archives: October 2016

vForumAU 2016: #VMDownUnderground

vForumAU is just over a week away and for those that are in Sydney for the event and are around a day earlier should cancel any existing plans and attend VMDownUnderground that is happening at the King Street Brewhouse from 6pm. The little brother of the VMworld US event is running for a sixth year and it’s a great way to kick off the vForumAU week and also gives you a rare opportunity to mingle with the local VMware community as they gather from all across ANZ.

Returning for an amazing sixth year, VMdownunderground will again help you get in the social mood before vForum in Sydney. This is a great way to catch up with people from out of town and meet new people who work in virtualisation.  Taking place at the new venue of King Street Brewhouse, on Sydney’s amazing water front. Places will be limited, so get yours early.

https://www.eventbrite.com/e/vmdownunderground-vforum-sydney-2016-tickets-27589931227

Numbers where a little on the low side as of last week which is crazy given how well received this event is in the US (and the fact there is free food and booze), so please circulate this post if you know of anyone else who is going to be around Sydney next week and drag them along to the evening…I am sure it will be worthwhile and did I mention that attendance is free with sponsorship of the event provided by Veeam.

Secure your ticket here.

 

Worth a Repost: Debunking Three Common Myths Around vCloud Director #LongLivevCD

It seems that all with all the announcements of late around VMware’s (re)shifting Hybrid Cloud strategy with Cross Cloud Foundation and VMware’s partnership with AWS people where again asking what is happening with vCloud Director. While vCD is still not available for VMware’s enterprise customers, the vCloud Director platform has officially never been in a stronger position. Those who where lucky to attend the various product team NDA and SIG sessions at VMworld US and Europe have an idea of not only whats coming…but also that there has been a serious ramp up in focus and development.

Those outside the vCAN inner circles probably didn’t know this and I still personally field a lot of questions about vCD and where it sits in regards to VMware’s plans. Apparently the vCloud Team has sought to clear the air about vCloud Director’s future and posted this fairly emotive blog post overnight. I’ve reposted the article below:

MythBusters: Debunking Three Common Myths Around vCloud Director

For while now, there’s been some speculation that VMware vCloud Director was no longer a priority for VMware – but that couldn’t be further from the truth. With the release of vCloud Director 8.10 this spring, VMware has doubled down on its dedication to enhancing the product, and we’ve even expanded our training program to keep pace with the evolving needs of its users.

Make no mistake, vCloud Director fits into VMware’s larger vision for the software defined data center (SDDC) now more than ever before. So let’s take the time to clear up a few of the biggest misconceptions out there today.

  • MYTH #1 – vCloud Director is End-of-Life or End-of-Support: Not at all! In May 2016, VMware released vCloud Director 8.10, the latest version of the product, in response to customer feedback and an industry-wide move to the hybrid cloud. New features in this release includes distributed resource scheduler affinity and anti-affinity for VMs and UI integration of NSX for heightened security. To get customers up to speed with the new release, our team has launched a free vCloud Director 8.10 Fundamentals eLearning course, and after VMworld Europe, we plan to expand these offerings through new vCloud Director Hands-on Labs via the VMware HOL Online portal. Later this month, we are also offering an extensive 5-day lab from October 31 – November 4, titled “vCloud Director 8.10: Install, Configure, Manage” that walks participants through the process of building a data center environment that leverages not only vCloud Director but also Virtual SAN and NSX.
  • MYTH #2 – Usage is Lagging: False! In fact, the opposite is true. Not only is usage of vCloud Director increasing, but it’s reaching new levels of growth.Look no further than Zettagrid, a cloud computing infrastructure as a service (IaaS) provider, which deployed vCloud Director to simplify data center provisioning. Or iland, an award-winning enterprise cloud infrastructure provider that uses vCloud Director to supply greater flexibility and customization to its clients. Furthermore, VMware continues to partner with members of its independent software vendor program group to catalogue and support the most recent products built by ISVs that are compatible with VCD through it through the VMware solution exchange. vCloud Director has proven itself a valued partner for customers across industries and hybrid cloud ecosystems, and version 8.10 only solidifies VMware’s continued commitment to the product and its users.
  • MYTH #3 – User Interface (UI) is Static: Wrong again. You spoke, and we listened. A change in direction from previous versions, the release of vCloud Director 8.10 demonstrated a commitment to the UI by exposing all features directly through the UI and achieving feature parity with the API. Features now available on the UI include storage profiling, tenant throttling, and self-service VDC templates that give vCloud Director a more robust and flexible platform for delivering IaaS solutions.

Through a combination feature updates that increase agility, new training opportunities, and an enhanced UI with heightened functionality, VMware continues to actively invest in the vCloud Director user experience. Rest assured, there’s more to come.

So overall, that’s a pretty blunt message from the vCloud Director SP Product team that..for the foreseeable future vCloud Director is here to stay and continue to be improved upon. Again, I’ll state with absolute fact that there is no more stable and mature multi-tenant cloud management platform in the market today for IaaS. Look out for the next BETA release and also for Alliance partners like Veeam building even stronger offerings on top of vCloud Director.

Rest assured, there’s more to come.

References:

MythBusters: Debunking Three Common Myths Around vCloud Director

 

NSX Bytes: Important Bug in 6.2.4 to be Aware of

[UPDATE] In light of this post being quoted on The Register I wanted to clarify a couple of things. First off, as mentioned there is a fix for this issue (the KB should be rewritten to clearly state that) and secondly, if you read below, you will see that I did not state that just about anyone running NSX-v 6.2.4 will be impacted. Greenfield deployments are not impacted.

Here we go again…I thought maybe we where over these, but it looks like NSX-v 6.2.4 contains a fairly serious bug impacting VMs after vMotion operations. I had intended to write about this earlier in the week when I first became aware of the issue, however the last couple of days have gotten away from me. That said, please be aware of this issue as it will impact those who have upgraded NSX-v from 6.1.x to 6.2.4.

As the KB states, the issue appears if you have the Distributed Firewall enabled (it’s enabled and inline by default) and you have upgraded NSX-v from 6.1.x to 6.2.3 and above, though for most this should be applicable to 6.2.4 upgrades due to all this issues in 6.2.3. If VM’s are migrated between upgraded hosts they will loose network connectivity and require a reboot to bring back connectivity.

If you check the vmkernal.log file you will see similar entries to that below.

Cause

This issue occurs when the VSIP module at the kernel level does not handle the export_version deployed in NSX for vSphere 6.1.x correctly during the upgrade process.

The is no current resolution to the issue apart from the VM reboot but there is a workaround in the form of a script that can be obtained via GSS if you reference KB2146171. Hopefully there will be a proper fix in future NSX releases.

<RANT>

I can’t believe something as serious as this was missed by QA for what is VMware’s flagship product. It’s beyond me that this sort of error wasn’t picked up in testing before it was released. It’s simply not good enough that a major release goes out with this sort of bug and I don’t know how it keeps on happening. This one specifically impacted customers and for service providers or enterprises that upgraded in good faith, it puts egg of the faces of those who approve, update and execute the upgrades that results in unhappy customers or internal users.

Most organisations can’t fully replicate production situations when testing upgrades due to lack or resources or lack of real world situation testing…VMware could and should have the resources to stop these bugs leaking into release builds. For now, if possible I would suggest that people add more stringent vMotion tests as part of NSX-v lab testing before promoting into production moving forward.

VMware customers shouldn’t have to be the ones discovering these bugs!

</RANT>

[UPDATE] While I am obviously not happy about this issue coming in the wake of previous issues, I still believe in NSX and would recommend all shops looking to automate networking still have faith in what the platform offers. Bug’s will happen…I get that, but I know in the long run there is huge benefit in running NSX.

References:

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2146171

Free Guide: Building NetApp ONTAP 9 Lab

In computing, there is one thing you shouldn’t compromise on…and that thing is storage. This carries over to Lab or NestedESXi environments as poor lab performance can be just as frustrating as production performance issues. I’ve used a number of nested storage platform’s for my lab environments and I’m always on the lookout for alternative solutions.

When Neil Anderson asked my to write a short introductory post on his new how-to guide Build Your Own NetApp ONTAP 9 Lab I decided to flick through the guide to check it out and see if it could add any value to my future plans for a homelab. The e-book is professionally laid out and has excellent diagrams, notes and step by step…it’s extremely comprehensive.

NetApp Simulator 9 Free eBook – Build Your Own NetApp ONTAP 9 Lab!

While I’ve never been a NetApp guy there does seem to be a level of complexity in the NetApp VSA setup, but with the step by step in the e-book any ambiguity is removed. If you are looking for lab storage this is a great end to end example of how to install and configure one based on ONTOP 9 NetApp Simulator.

Give it a look over here.

A New Direction …A New Company …A New Role

Three and a half years ago I was given a brilliant opportunity to join what was at the time Australia’s leading vCloud Powered Service Provider…Zettagrid. At that time I talked about needing direction in my career and the opportunity to join Zettagrid was undeniably one of the best decisions I have made in my life. Fast forward to today and there is no doubt that Zettagrid has extended it’s lead as the premier vCloud Air Network provider, not only in Australia, but also in ANZ and beyond.

I’ve been lucky to work with a tremendous team that pushes the envelope when it comes to automation and innovation and we have been able to produce a number of great products over the past three and half years as well as grow Zettagrid into a mature and respected IaaS provider with a rock solid platform and great customer success.

In a nutshell Zettagrid do great things with great technology by taking leading vendor technologies and automating around those vendor products to create new service offerings for Zettagrid customers to consume. One of those leading vendor’s is Veeam and it’s with great excitement (and indeed a touch of sadness) that I can finally announce that I will be leaving Zettagrid today to start a new role at Veaam as a Technical Evangelist in the Technical Product Marketing & Evangelism team headed by Rick Vanover.

The role will be focused on Veeam’s Service Provider market and will allow me to continue the great work I’ve been able to achieve with the talented team at Zettagrid in bringing to market Veeam Cloud Connect and Veeam Cloud Connect Replication as well as working with Veeam Cloud Service Providers to continue to use the whole Veeam Availability Suite to protect workloads and ensure they are always on.

When Veeam announced their vision for the next generation of availability in August I was more than impressed with what I saw…for the first time I understood the bigger picture and also saw a company that was more than just about backing up VMs.

The vision is there to see in the graphic above and Veeam Cloud Connect and Service Provider technologies are core to what Veeam wants to achieve. In addition to that, the company has reinvested in developing around vCloud Director and is about to launch a game changing self service, multi-tenant portal for vCloud Director in Veeam 9.5. In addition to the cloud and service provider angle, the opportunity to work in Rick Vanover‘s team that contains people of which I have huge respect for in the industry in addition to have the opportunity to work with Veeam’s Product and Engineering teams meant this was a role I had to seriously consider.

Technical marketing and content creation is something that I have gravitated towards and I am going to enjoy the challenge of stepping a little bit out of my existing technical comfort zone. Certainly this role will expand my current technical and product space beyond VMware technologies and I’ll have to dust off my old Microsoft Hyper-V skills and not be so quick to write off (sic) Azure.

In terms of what this means for my work in and around the vCloud Air Network of which am extremely passionate about…this role should and will allow me to interact with more people within the vCAN and I get to continue working with vCloud Director and other VMware technologies. This won’t change the drive that I have to ensure the vCAN continues to grow…and as you have hopefully read over the past week, the passion remains strong…and will remain strong!

To the team at Zettagrid and all who have made the last three and half years enjoyable, rewarding and above all extremely satisfying…I thank you. I expect the company to continue to innovate in the space and start to branch out beyond Australia and become a true powerhouse in IaaS as well as Backup and DR as a Service.

Change is not only the only constant in life, it’s one that has to be embraced and I look forward to starting on the next chapter of my career with Veeam.

#LongLivevCD

VMware on AWS: vCloud Director and What Needs to be Done to Empower the vCAN

Last week VMware and Amazon Web Services officially announced their new joint venture whereby VMware technology will be available to run as a service on AWS in the form of bare-bones hardware with vCenter, ESXi, NSX and VSAN as the core VMware technology components. This isn’t some magic whereby ESXi is nested or emulated upon the existing AWS platform, but a fully fledged dedicated virtual datacenter offering that clients can buy through VMware and have VMware manage the stack right up to the core vCenter components.

Earlier in the week I wrote down some thoughts around the possible impact to the vCloud Air Network this new offering could have. While at first glance it would appear that I was largely negative towards the announcement, after having a think about the possible implications I started to think about how this could be advantageous for the vCloud Air Network. What it comes down to is how much VMware was to open up the API’s for all components hosted on AWS and how the vCloud Director SP product team develops around those API’s.

From there it will be on vCloud Air Network partners that have the capabilities to tap into the VMC’s. I believe there is an opportunity here for vCAN Service Providers to go beyond offering just IaaS and combine their offerings with the VMware AWS offering as well as help extend out to offer AWS PaaS without the worry that traditional VM workloads will be migrated to AWS.

For this to happen though VMware have to do something they haven’t done in the past…that is, commit to making sure vCAN providers can cash in on the opportunity and be empowered by the opportunity to grow VMware based services… as I mentioned in my original post:

In truth VMware have been very slow…almost reluctant to pass over features that would allow this cross cloud compatibility and migration be even more of a weapon for the vCAN by holding back on features that allowed on-premises vCenter and Workstation/Fusion connect directly to vCloud Air endpoints in products such as Hybrid Cloud Manager. I strongly believed that those products should have been extended from day zero to have the ability to connect to any vCloud Director endpoint…it wasn’t a stretch for that to occure as it is effectively the same endpoint but for some reason it was strategically labeled as a “coming soon” feature.

Extending vCloud Director SP:

I have taken liberty to extend the VMWonAWS graphic to include what I believe should be the final puzzle in what would make the partnership sit well with existing vCloud Air Network providers…that is, allow vCloud Director SP to bridge the gap between the on-premises compute, networking and storage and the AWS based VMware platform infrastructure.

vCloud Director is a cloud management platform that abstracts physical resources from vCenter and interacts with NSX to build out networking resources via the NSX Manager API’s…with that it’s not hard in my eyes to allow any exposed vCenter or NSX Manager to be consumed by vCloud Director.

With that allowed, any AWS vCenter dedicated instance can become a Virtual Datacenter object in vCloud Director and consumed by an organisation. For vCloud Air Network partners who have the ability to programatically interact with the vCloud Director APIs, this all of a sudden could open up another 70+ AWS locations on which to allow their customers to deploy Virtual Datacenters.

Take that one step further and allow vCD to overlay on-premises compute and networking resources and then allow connectivity between all locations via NSX hybridity and you have a seriously rock solid solution that extends a customer on-premises to a more conveniently placed (remember AWS isn’t everywhere) vCloud Air Network platform that can in turn consume/burst into a VMware Dedicated instance on AWS and you now have something that rivals the much hyped Hybrid Cloud Strategy of Microsoft and the Azure Stack.

What Needs to Happen:

It’s pretty simple…VMware need to commit to continued/accelerated development of vCloud Director SP (which has already begun in earnest) and give vCloud Air Network providers the ability to consume both ways…on-premises and on VMware’s AWS platform. VMware need to grant this capability to vCloud Air Network providers from the outset and not play the stalling game that was apparent when it came to feature parity with vCloud Air.

What I have envisioned isn’t far off becoming a reality…vCloud Director is mature and extensible enough to do what I have described above, and I believe that in my recent dealings with the vCloud Director product and marketing teams at VMworld US earlier this year that there is real belief in the team that the cloud management platform will continue to improve and evolve…if VMware allow it to.

Further improving on vCloud Directors maturity and extensibility, if the much maligned UI is improved as promised…with the upcoming addition of full NSX integration completing the network stack, the next step in greater adoption beyond the 300 odd vCAN SPs currently use vCloud Director needs a hook…and that hook should be VMWonAWS.

Time will tell…but there is huge potential here. VMware need to deliver to their partners in order to have that VMWonAWS potential realised.

 

VMware on AWS: Thoughts on the Impact to the vCloud Air Network

Last week VMware and Amazon Web Services officially announced their new joint venture whereby VMware technology will be available to run as a service on AWS in the form of bare-bones hardware with vCenter, ESXi, NSX and VSAN as the core VMware technology components. This isn’t some magic whereby ESXi is nested or emulated upon the existing AWS platform, but a fully fledged dedicated virtual datacenter offering that clients can buy through VMware and have VMware manage the stack right up to the core vCenter components.

Note: These initial opinions are just that. There has been a fair bit of Twitter reaction over the announcement, with the majority being somewhat negative towards the VMware strategy. There are a lot of smart guys working on this within VMware and that means it’s got technical focus, not just Exec/Board strategy. There is also a lot of time between this initial announcement and it’s release first release in 2017 however initial perception and reaction to a massive shift in direction should and will generate debate…this is my take from a vCAN point of view.

The key service benefits as taken from the AWS/VMware landing page can be seen below:

Let me start by saying that this is a huge huge deal and can not be underestimated in terms of it’s significance. If I take my vCAN hat off, I can see how and why this was necessary for both parties to help each other fight off the growing challenge from Microsoft’s Azure offering and the upcoming Azure Stack. For AWS, it lets them tap into the enterprise market where they say they have been doing well…though in reality, it’s known that they aren’t doing as well as they had hoped. While for VMware, it helps them look serious about offering a public cloud that is truly hyper-scale and also looks at protecting existing VMware workloads from being moved over to Azure…and to a lesser extent AWS directly.

There is a common enemy here, and to be fair to Microsoft it’s obvious that their own shift in focus and direction has been working and the industry is taking note.

Erasing vCloud Air and The vCAN Impact:

For VMware especially, it can and should erase the absolute disaster that was vCloud Air… Looking back at how the vCloud Air project transpired the best thing to come out of it was the refocus in 2015 of VMware to prop back up the vCloud Air Network, which before that had been looking shaky with the vCANs strongest weapon, vCloud Director, being pushed to the side and it’s future uncertain. In the last twelve months there has an been apparent recommitment to vCloud Director and the vCAN and things had been looking good…however that could be under threat with this announcement…and for me, perception is everything!

Public Show of Focus and Direction:

Have a listen to the CNBC segment embedded above where Pat Gelsinger and AWS CEO Andy Jassy discuss the partnership. Though I wouldn’t expect them to mention the 4000+ strong vCloud Air Network (or the recent partnership with IBM for that matter) the fact that they are openly discussing about the unique industry first benefits the VMWonAWS partnership brings to the market, in the same breath they ignore or put aside the fact that the single biggest advantage that the vCloud Air Network had was VMware workload mobility.

Complete VMware Compatibility:

VMware Cloud on AWS will provide VMware customers with full VM compatibility and seamless workload portability between their on-premises infrastructure and the AWS Cloud without the need for any workload modifications or retooling.

Workload Migration:

VMware Cloud on AWS works seamlessly with vSphere vMotion, allowing you to move running virtual machines from on-premises infrastructure to the AWS Cloud without any downtime. The virtual machines retain network identity and connections, ensuring a seamless migration experience.

The above features are pretty much the biggest weapons that vCloud Air Network partners had in the fight against existing or potential client moving or choosing AWS over their own VMware based platform…and from direct experience, I know that this advantage is massive and does work. With this advantage taken away, vCAN Service Providers may start to loose workloads to AWS at a faster clip than what was done previously.

In truth VMware have been very slow…almost reluctant to pass over features that would allow this cross cloud compatibility and migration be even more of a weapon for the vCAN by holding back on features that allowed on-premises vCenter and Workstation/Fusion connect directly to vCloud Air endpoints in products such as Hybrid Cloud Manager. I strongly believed that those products should have been extended from day zero to have the ability to connect to any vCloud Director endpoint…it wasn’t a stretch for that to occure as it is effectively the same endpoint but for some reason it was strategically labeled as a “coming soon” feature.

VMware Access to Multiple AWS Regions:

VMware Virtual Machines running on AWS can leverage over 70 AWS services covering compute, storage, database, security, analytics, mobile, and IoT. With VMware Cloud on AWS, customers will be able to leverage their existing investment in VMware licenses through customer loyalty programs.

I had mentioned on Twitter that the image below was both awesome and scary mainly because all I think about when I look at it is the overlay of the vCloud Air Network and how VMware actively promote 4000+ vCAN partners contributing to existing VMware customers in being able to leverage their existing investments on vCloud Air Network platforms.

Look familiar?

 

In truth of those 4000+ vCloud Air Network providers there are maybe 300 that are using vCloud Director in some shape or form and of those an even smaller amount that can programatically take advantage of automated provisioning and self service. There in lies one of the biggest issues for the vCAN…while some IaaS providers excel, the majority offer services that can’t stack up next to the hyper-scalers. Because of that, I don’t begrudge VMware to forgetting about the capabilities of the vCAN, but as mentioned above, I believe more could, and still can be been done to help the network complete in the market.

Conclusion:

Right, so that was all the negative stuff as it relates the vCloud Air Network, but I have been thinking about how this can be a positive for both the vCAN and more importantly for me…vCloud Director. I’ll put together another post on where and how I believe VMware can take advantage of this partnership to truly compete against the looming threat of the Azure Stack…with vCAN IaaS providers offering vCloud Director SP front and center of that solution.

References:

http://www.vmware.com/company/news/releases/vmw-newsfeed.VMware-and-AWS-Announce-New-Hybrid-Cloud-Service,-%E2%80%9CVMware-Cloud-on-AWS%E2%80%9D.3188645-manual.html

https://aws.amazon.com/vmware/

VMware Cloud™ on AWS – A Closer Look

https://twitter.com/search?f=tweets&vertical=default&q=VMWonAWS

Released – vCloud Director SP 8.0.2 Important Upgrade for Zerto Clients

Last week VMware released vCloud Director SP 8.0.2 Build 4348775. While there a a number of minor bug fixes in this release there is one important fix that will make service providers who offer replication services built upon Zerto happy, as it resolves a bug that had stopped many service providers upgrading from vCD SP 5.6.x. Apart from that there are only a couple new things in this build…that being an updated JRE version, some additional language support in the WebMKS console and probably of more importance is official support for NSX-v 6.2.4

 

As usual I’ve gone through the Resolved Issues list and highlighted the ones I feel are most relevant…the ones in red are issues we have seen in our vCloud Zones and Zettagrid Labs.

  • Intermittent failure of vCD vApp deployment
    When you attempt to deploy vApp either manually or through the vCO workflow, the deployment might fail with the following error:
    Could not find resource pool for placement of edge gateway.
  • Downloading a large vApp template as an OVF file from the vCloud Director fails
    Attemps to download a large vApp template as an OVF file from vCloud Director fails due to an operation timeout error in both vCloud Director and vCenter Server. This issue is seen when the size of the vApp template is greater than 100 GB.
  • vCloud Director Cell uses a high percentage of the CPU
    The vCloud Director cell uses more than 90 percent of the CPU. As a result, the vCloud Director workload is affected
  • During a heavy load, vCloud Director can have two or more VMs that have the same CloudUUID in the system
    During a heavy load, vCloud Director can have two or more VMs with the same CloudUUID in the system. This causes the Managed Object Reference (moref) of the VM to be overwritten by another VM. Due to the duplicated CloudUUID, a wrong VM might get deleted.
  • In the latest Mac version (OS X El Capitan), the Upload, or Download dialog box does not close correctly
    After you update your system to the latest Mac version (OS X El Capitan), when you attempt to upload a file from the data store the Upload, or Download dialog box does not close correctly.
  • vApp deployment from a template fails with certain direct organization VDC networks, when there are multiple direct organization VDC networks in a VDC that are mapped to the same external network
    When there are multiple direct organization VDC networks in a VDC that are mapped to a single external network, deploying a vApp from the template is possible with only one of these networks. The deployment fails when other networks are selected.
  • Edge gateway fails to deploy when a create request is invoked from the vCloud Director cell that does not have a vCenter Server proxy listener
    In a multi-cell vCloud Director setup, the Edge gateway creation is successful only when the create request is invoked from the vCloud Director cell that has a vCenter Server proxy listener.

Zerto vs VMware Standoff:

With regards to the Zerto issue, this bug actually exists in vCD SP 8.10 as well and will be resolved in an upcoming build later in November. There is a hotfix available if Service Providers want to deploy vCD SP 8.10 before the official release. There was a significant delay before this that impacted Zerto clients and to be honest it wasn’t handled well from both sides. Zerto claim to offer official support 90 days after the release of vCD however that was not possible and the finger was pointed at VMware to fix the bug rather than try to work around the issue.

“Creating or modifying a VM in vCD fails (VMware KB 2144385)” and Zerto is prevented from recovering into a vCD environment. 

That VMwareKB has been pulled back internally and there isn’t any specific reference to that issue in the release notes, however we do know and have confirmed that the bug has been resolved in this build and the upcoming 8.10 build. It highlights the fact that vendors who partner together in delivering solutions that rely on one an others solutions need to work together so as to not impact their mutual clients.

References:

http://pubs.vmware.com/Release_Notes/en/vcd/802/rel_notes_vcloud_director_802.html

#300

Virtualization is Life! has hit post #300 and I thought I’d take this opportunity to list through some numbers and top posts since I launched this blog as Hosting is Life! back in April of 2012. Before going through the listing below I’d like to thank the extended VMware Virtualization Community for allowing me to create content that I hope is useful for anyone that comes across it. I love blogging around great technology and I’m extremely lucky to have fallen into an industry that not only has great technology, great technology companies, but also great people.

Blog Tag Post Numbers:

Top 5 Posts All Time:

  1. vSphere 6.0 vCenter Server Appliance: Upgrading from 5.x
  2. How-To: vCenter 5.1 SSO Adding AD Identity Source
  3. Quick Post: E1000 vs VMXNET3
  4. NSX Edge vs vShield Edge: Part 1 – Feature and Performance Matrix
  5. ESXi 5.5 Update 2: vMotion Fails at 14% with Stale Admission Control and VM Reservations

Top 5 Posts of 2016:

  1. vSphere 6.0 vCenter Server Appliance: Upgrading from 5.x
  2. NSX Edge vs vShield Edge: Part 1 – Feature and Performance Matrix
  3. ESXi Bugs – VMware Can’t Keep Letting This Happen!
  4. Nutanix Buying PernixData: My Critical Analysis
  5. CBT Bugs – VMware Can’t Keep Letting This Happen!

Top 5 vBlog Site Referrers All Time:

  1. virtuallyghetto.com
  2. vmwareblogs.com
  3. yellow-bricks.com
  4. theregister.co.uk
  5. blog.scottlowe.org

Again, thanks to all that read what I put out and especially those who work in and around vCloud Director, NSX and Veeam. Hopefully I can continue to create and…

#LongLivevCD

NSX Bytes: Updated – NSX Edge Feature and Performance Matrix

A question came up today around throughput numbers for an NSX Edge Services Gateway and that jogged my memory back to a previous blog post where I compared features and performance metrics between vShield Edges and NSX Edges. In the original post I had left out some key metrics, specifically around firewall and load balance throughput so thought it was time for an update. Thanks to a couple of people in the vExpert NSX Slack Channel I was able to fill some gaps and update the tables below.

A reminder that VMware has announced the End of Availability (“EOA”) of the VMware vCloud Networking and Security 5.5.x that kicked in on the September  of 19, 2016 and that vCloud Director 8.10 does not support vShield Edges anymore…hence why I have removed the VSE from the tables.

As a refresher…what is an Edge device?

The Edge Services Gateway (NSX-v) connects isolated, stub networks to shared (uplink) networks by providing common gateway services such as DHCP, VPN, NAT, dynamic routing, and Load Balancing. Common deployments of Edges include in the DMZ, VPN Extranets, and multi-tenant Cloud environments where the Edge creates virtual boundaries for each tenant.

Below is a list of services provided by the NSX Edge.

Service Description
Firewall Supported rules include IP 5-tuple configuration with IP and port ranges for stateful inspection for all protocols
NAT Separate controls for Source and Destination IP addresses, as well as port translation
DHCP Configuration of IP pools, gateways, DNS servers, and search domains
Site to Site VPN Uses standardized IPsec protocol settings to interoperate with all major VPN vendors
SSL VPN SSL VPN-Plus enables remote users to connect securely to private networks behind a NSX Edge gateway
Load Balancing Simple and dynamically configurable virtual IP addresses and server groups
High Availability High availability ensures an active NSX Edge on the network in case the primary NSX Edge virtual machine is unavailable
Syslog Syslog export for all services to remote servers
L2 VPN Provides the ability to stretch your L2 network.
Dynamic Routing Provides the necessary forwarding information between layer 2 broadcast domains, thereby allowing you to decrease layer 2 broadcast domains and improve network efficiency and scale. Provides North-South connectivity, thereby enabling tenants to access public networks.

Below is a table that shows the different sizes of each edge appliance and what (if any) impact that has to the performance of each service. As a disclaimer the below numbers have been cherry picked from different sources and are subject to change…I’ll keep them as up to date as possible.

NSX Edge (Compact) NSX Edge (Large) NSX Edge (Quad-Large) NSX Edge (X-Large)
vCPU 1 2 4 6
Memory 512MB 1GB 1GB 8GB
Disk 512MB 512MB 512MB 4.5GB
Interfaces 10 10 10 10
Sub Interfaces (Trunk) 200 200 200 200
NAT Rules 2000 2000 2000 2000
FW Rules 2000 2000 2000 2000
FW Performance 3Gbps 9.7Gbps 9.7Gbps 9.7Gbps
DHCP Pools 25 25 25 25
Static Routes 2048 2048 2048 2048
LB Pools 64 64 64 64
LB Virtual Servers 64 64 64 64
LB Server / Pool 32 32 32 32
IPSec Tunnels 512 1600 4096 6000
SSLVPN Tunnels 50 100 100 1000
Concurrent Sessions 64,000 1,000,000 1,000,000 1,000,000
Sessions/Second 8,000 50,000 50,000 50,000
LB Throughput L7 Proxy) 2.2Gbps 2.2Gbps 3Gbps
LB Throughput L4 Mode) 6Gbps 6Gbps 6Gbps
LB Connections/s (L7 Proxy) 46,000 50,000 50,000
LB Concurrent Connections (L7 Proxy) 8,000 60,000 60,000
LB Connections/s (L4 Mode) 50,000 50,000 50,000
LB Concurrent Connections (L4 Mode) 600,000 1,000,000 1,000,000
BGP Routes 20,000 50,000 250,000 250,000
BGP Neighbors 10 20 50 50
BGP Routes Redistributed No Limit No Limit No Limit No Limit
OSPF Routes 20,000 50,000 100,000 100,000
OSPF Adjacencies 10 20 40 40
OSPF Routes Redistributed 2000 5000 20,000 20,000
Total Routes 20,000 50,000 250,000 250,000

Of interest from the above table it doesn’t list any Load Balancing performance number for the NSX Compact Edge…take that to mean that if you want to do any sort of load balancing you will need NSX Large and above. To finish up, below is a table describing each NSX Edge size use case.

Use Case
NSX Edge (Compact) Small Deployment, POCs and single service use
NSX Edge (Large) Small/Medium DC or mult-tenant
NSX Edge (Quad-Large) High Throughput ECMP or High Performance Firewall
NSX Edge (X-Large) L7 Load Balancing, Dedicated Core

References:

https://www.vmware.com/files/pdf/products/nsx/vmw-nsx-network-virtualization-design-guide.pdf

https://pubs.vmware.com/NSX-6/index.jsp#com.vmware.nsx.admin.doc/GUID-3F96DECE-33FB-43EE-88D7-124A730830A4.html

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2042799

« Older Entries