Professional Documents
Culture Documents
0
Tech Sharing for Partners
Confidential
© 2009 VMware Inc. All rights reserved
Audience Assumption
2 Confidential
Agenda
New features
• Server
• Storage
• Network
• Management
Upgrade
3 Confidential
4.1 New Feature (over 4.0, not 3.5): Server
Features Design Cost Scalability Performance Availability Security Manageability
ESXi: scripted install
ESXi: SAN Boot
Memory compression
Serial Port Concentrator
USB Device
MS Cluster support
HA Health Check
HA: more VM per cluster
FT enhancements
DRS/HA/FT integration
FT: enhanced logging
4 Confidential
4.1 New Feature (over 4.0, not 3.5): Server
Features Design Cost Scalability Performance Availability Security Manageability
vMotion enhancements
Power Management &
Charts
More VM per host?
5 Confidential
4.1 New Feature (over 4.0, not 3.5): Storage
VMFS enhancements
Storage statistics
Paravirtualised SCSI
Improved performance
8 GB FC support
6 Confidential
4.1 New Feature (over 4.0, not 3.5): Network
7 Confidential
4.1 New Feature: Management
8 Confidential
Builds:
• ESX build 260247
• VC build 258902
Some stats:
• 4000 development weeks were spent to get to FC
• 5100 QA weeks were spent to get to FC
• 872 beta customers downloaded and tried it out
• 2012 servers, 2277 storage arrays, and 2170 IO devices are already on the
HCL
9 Confidential
Consulting Services: Kit
10 Confidential
4.1 New Features: Server
Confidential
© 2009 VMware Inc. All rights reserved
PXE Boot Retry
Virtual Machine -> Edit Settings -> Options -> Boot Options
• Failed Boot Recovery disabled by default
• Enable and set the automatically retry boot after X Seconds
12 Confidential
12
Wide NUMA Support
Wide VM
• Wide-VM is defined as a VM that has more vCPUs than the available cores on
a NUMA node.
• A 5-vCPU VM in a quad-core server
• Only the cores count, and hyperthreading threads don’t
ESX 4.1 scheduler introduces wide-VM NUMA support
• Improves memory locality for memory-intensive workloads.
• Based on testing with micro benchmarks, the performance benefit can be up
to 11–17%.
How it works
• ESX 4.1 allows wide-VMs to take advantage of NUMA management. NUMA
management means that a VM is assigned a home node where memory is
allocated and vCPUs are scheduled. By scheduling vCPUs on a NUMA node
where memory is allocated, the memory accesses become local, which is
faster than remote accesses
13 Confidential
ESXi
Enhancements to ESXi. Not applicable to ESX
14 Confidential
Transitioning to ESXi
15 Confidential
Moving toward ESXi
Permalink to: VMware ESX and ESXi 4.1 Comparison
vCLI, PowerCLI
Commands for
configuration and
diagnostics
Local Support Console
16 Confidential
Software Inventory - Connected to ESXi/ESX
Enumerate instance of
CIM_SoftwareIdentity
Enhanced CIM provider now displays great detail on installed software bundles.
17 Confidential
Software Inventory – Connected to vCenter
Before From vSphere 4.1
Enumerate instance of
CIM_SoftwareIdentity
• Enhanced CIM provider now displays great detail on installed software bundles.
18 Confidential
18
Additional Deployment Option
19 Confidential
Additional Deployment Option
Scripted Installation
• Numerous choices for installation
Installer booted from
CD-ROM (default)
Preboot Execution Environment (PXE)
ESXi Installation image on
CD-ROM (default), HTTP/S, FTP, NFS
Script can be stored and accessed
Within the ESXi Installer ramdisk
On the installation CD-ROM
HTTP / HTTPS, FTP, NFS
Config script (“ks.cfg”) can include
Preinstall
Postinstall
First boot
• Cannot use scripted installation to install to a USB device
20 Confidential
PXE Boot
Requirements
• PXE-capable NIC.
• DHCP Server (IPv4). Use existing one.
• Media depot + TFTP server + gPXE
A server hosting the entire content of ESXi
media.
Protocal: HTTP/HTTPS, FTP, or NFS server.
OS: Windows/Linux server.
Info
• We recommend the method that uses gPXE.
If not, you might experience issues while
booting the ESXi installer on a heavily loaded
Network.
• TFTP is a light-weight version of the FTP
service, and is typically used only for network
booting systems or loading firmware on
network devices such as routers.
21 Confidential
PXE boot
PXE uses DHCP and Trivial File Transfer Protocol (TFTP) to bootstrap an OS
over network.
How it works
• A host makes a DHCP request to configure its NIC.
• A host downloads and executes a kernel and support files. PXE booting the
installer provides only the first step to installing ESXi.
• To complete the installation, you must provide the contents of the ESXi DVD
• Once ESXi installer is booted, it works like a DVD-based installation, except
that the location of the ESXi installation media must be specified.
22 Confidential
Additional Deployment Option
23 Confidential
Sample ks.cfg file
24 Confidential
Full Support of Tech Support Mode
There you go
2 types
• Remote: SSH
• Local: Direct Console
25 Confidential
Full Support of Tech Support Mode
26 Confidential
Full Support of Tech Support Mode
Recommended uses
• Support, troubleshooting, and break-fix
• Scripted deployment preinstall, postinstall, and first boot scripts
Discouraged uses
• Any other scripts
• Running commands/scripts periodically (cron jobs)
• Leaving open for routine access or permanent SSH connection
Admin will be
notified when active
27 Confidential
Full Support of Tech Support Mode
Enable/Disable
28 Confidential
Security Banner
29 Confidential
Total Lockdown
30 Confidential
Total Lockdown
31 Confidential
Additional commands in Tech Support Mode
32 Confidential
Additional commands in Tech Support Mode
33 Confidential
More ESXi Services listed
ESXi 4.0
ESXi 4.1
34 Confidential
ESXi Diagnostics and Troubleshooting
vSphere APIs
35 Confidential
Common Enhancements for both ESX and ESXi
36 Confidential
Common Enhancements for both ESX and ESXi
37 Confidential
USB pass-through
New Features for both ESX/ESXi
38 Confidential
USB Devices
2 steps:
• Add USB Controller
• Add USB Devices
39 Confidential
USB Devices
40 Confidential
Example 1
Source:
http://vstorage.wordpress.com/2010/07/15/usb-
passthrough-in-vsphere-4-1/
41 Confidential
Example 1
42 Confidential
Example 2: adding UPS
Source:
http://vninja.net/virtualization/
using-usb-pass-through-in-vsphere-4-1/
43 Confidential
Example 2
Source:
http://vninja.net/virtualization/
using-usb-pass-through-in-vsphere-4-1/
44 Confidential
USB Devices: Supported Devices
Device Model Device Display Name
Rainbow SafeNet Sentinel
SafeNet Sentinel Software Protection Dongle (purple)
45 Confidential
USB Devices
46 Confidential
MS AD integration
New Features for both ESX/ESXi
47 Confidential
AD Service
48 Confidential
The Likewise Agent
49
49 Confidential
Joining AD: Step 1
50 Confidential
Joining AD: Step 2
1. Select “AD”
@123.com
51 Confidential
AD Service
52 Confidential
AD Likewise Daemons on ESX
• lwiod is the Likewise I/O Manager service - I/O services for communication.
Launched from /etc/init.d/lwiod script.
• netlogond is the Likewise Site Affinity service - detects optimal AD domain
controller, global catalogue and data caches. Launched from
/etc/init.d/netlogond script.
• lsassd is the Likewise Identity & Authentication service. It does authentication,
caching and idmap lookups. This daemon depends on the other two daemons
running. Launched from /etc/init.d/lsassd script.
53 Confidential
ESX Firewall Requirements for AD
• Certain ports in SC are automatically opened in the Firewall Configuration to
facilitate AD.
• Not applicable to ESXi
Before
After
54 Confidential
Time Sync Requirement for AD
Time must be in sync between the ESX/ESXi server and the AD server.
For the Likewise agent to communicate over Kerberos with the domain
controller, the clock of the client must be within the domain controller's
maximum clock skew, which is 300 seconds, or 5 minutes, by default.
The recommendation would be that they share the same NTP server.
55 Confidential
vSphere Client
Now when assigning permissions to users/groups, the list of users and groups
managed by AD can be browsed by selecting the Domain.
56 Confidential
Info in AD
57 Confidential
Memory Compression
New Features for both ESX/ESXi
58 Confidential
Memory Compression
59 Confidential
Changing the value of cache size
60 Confidential
Virtual Machine Memory Compression
• Virtual Machine -> Resource Allocation
• Per-VM statistic showing compressed memory
61 Confidential
Monitoring Compression
62 Confidential
Power Management
63 Confidential
Power consumption chart
64 Confidential
Performance Graphs – Power Consumption
65
65 Confidential
Host power consumption
• In some situation, may need to edit /usr/share/sensors/vmware to get
support for the host
• Different HW makers have different API.
VM power consumption
• Experimental. Off by default
66 Confidential
ESX
Features only for ESX (not ESXi)
67 Confidential
ESX: Service Console firewall
68 Confidential
Cluster
HA, FT, DRS & DPM
69 Confidential
Availability Feature Summary
70 Confidential
DRS: more HA-awareness
vSphere 4.1 adds logic to prevent imbalance that may not be good from HA
point of view.
Example
• 20 small VM and 2 very large VM.
• 2 ESXi hosts. Same workload with the above 20 collectively.
• vSphere 4.0 may put 20 small VM on Host A and 2 very large VM on Host B.
• From HA point of view, this may result in risks when Host A fails.
• vSphere 4.1 will try to balance the number of VM.
71 Confidential
HA and DRS Cluster Improvements
72 Confidential
HA and DRS Cluster Limit
X X
73 Confidential
HA Diagnostic and Reliability Improvements
HA Healthcheck Status
• HA provides an ongoing healthcheck facility to ensure that the required cluster
configuration is met at all times. Deviations result in an event or alarm on the
cluster.
74 Confidential
HA Diagnostic and Reliability Improvements
HA Operational Status
• Displays more information about the current HA operational
status, including the specific status and errors for each host in the
HA cluster.
• It shows if the host is Primary or Secondary!
75 Confidential
HA Operational Status
76 Confidential
HA: Application Awareness
ESXi 4.0
ESXi 4.1
77 Confidential
Fault Tolerance
78 Confidential
FT Enhancements
DRS
FT fully integrated with DRS
• DRS load balances FT Primary and
Secondary VMs. EVC required.
FT Primary FT Secondary
VM VM Versioning control lifts
requirement on ESX build
consistency
• Primary VM can run on host with a
different build # as Secondary VM.
79 Confidential
No data-loss Guarantee
80 Confidential
New versioning feature
81 Confidential
FT logging improvements
• FT traffic was bottlenecked to 2 Gbit/s even on 10 Gbit/s pNICs
• Improved by implementing ZeroCopy feature for FT traffic Tx, too
For sending only (Tx)
Instead of copying from FT buffer into pNIC/socket buffer just a link to the memory
holding the data is transferred
Driver accesses data directly- no copy needed
82 Confidential
FT: unsupported vSphere features
Snapshots.
• Snapshots must be removed or committed before FT can be enabled on a VM. It is not
possible to take snapshots of VMs on which FT is enabled.
Storage vMotion.
• Cannot invoke Storage vMotion for FT VM. To migrate the storage, temporarily turn
off FT, do Storage vMotion, then turn on FT.
Linked clones.
• Cannot enable FT on a VM that is a linked clone, nor can you create a linked clone
from an FT-enabled VM.
Back up.
• Cannot back up an FT VM using VCB, vStorage API for Data Protection, VMware Data
Recovery or similar backup products that require the use of a VM snapshot, as
performed by ESXi. To back up VM in this manner, first disable FT, then re-enable FT
after backup is done.
• Storage array-based snapshots do not affect FT.
Thin Provisioning, NPIV, IPv6, etc
83 Confidential
FT: performance sample
MS Exchange 2007
• 1 core handles 2000 Heavy Online user profile
• VM CPU utilisation is only 45%. ESX is only 8%
Based on previous “generation”
• Xeon 5500, not
5600
• vSphere 4.0, not
4.1
Opportunity
• Higher uptime for
customer email
system
84 Confidential
Integration with HA
85 Confidential
VM-to-Host Affinity
86 Confidential
Background
87 Confidential
VM-host Affinity (DRS)
Required rules
Preferential rules
Rule enforcement: 2 options
• Required: DRS/HA will never violate the
rule; event generated if violated manually.
Only advised for enforcing host-based
licensing of ISV apps.
• Preferential: DRS/HA will violate the rule if
necessary for failover or for maintaining
availability
88 Confidential
Hard Rules
Hard Rules
• DRS will follow the hard rules
• With DPM hosts will get powered on to follow a rule
• If DRS can’t follow,
vCenter will
display an alarm
• Can not be
overwritten by user
• DRS will not generate any recommendations which would violate hard rules
DRS Groups and hard rules with HA
• Hosts will be tagged as “incompatible” in case of “Must Not run…” so HA will
take care of these rules, too
89 Confidential
Soft Rules
Soft Rules
• DRS will follow a soft rule if possible
• Will allow actions
User-initiated
DRS-mandatory
HA actions
• Rules are applied as long as their application does not impact satisfying
current VM cpu or memory demand
• DRS will report a warning if the rule isn’t followed
• DRS does not produce a move recommendation to follow the rule
• Soft VM/host affinity rules are treated by DRS as "reasonable effort"
90 Confidential
Grouping Hosts with different capabilities
DRS Groups
Manager
• Defines Groups
• VM groups
• Host groups
91 Confidential
Managing ISV Licensing
Example
• Customer has 4-node cluster
• Oracle DB and Oracle BEA are charged for every hosts that can run it.
vSphere 4.1 introduces “hard partitioning”
• Both DRS and HA will honour this boundary.
DMZ LAN
Production LAN
92 Confidential
Managing ISV Licensing
Hard partitioning
• If a host is in a VM-host must affinity rule, they are considered compatible
hosts, all the others are tagged as incompatible hosts. DRS, DPM and HA are
unable to place the VMs on incompatible hosts.
Due to the incompatible host designation, the mandatory VM-Host is a
feature what can be (undeniably) described as hard partioning. You cannot
place and run a VM on incompatible host
• Oracle has not acknowledged this as hard partitioning.
Sources
• http://frankdenneman.nl/2010/07/vm-to-hosts-affinity-rule/
• http://www.latogalabs.com/2010/07/vsphere-41-hidden-gem-host-affinity-
rules/
93 Confidential
Example of setting-up: Step 1
94 Confidential
Example of setting-up: Step 2
95 Confidential
Example of setting-up: Step 3
We have grouped
the VMs in the
cluster into 2
We have grouped
the ESX in the
cluster into 2
96 Confidential
Example of setting-up: Step 4
97 Confidential
Example of setting-up: Step 5
Mapping is done.
The Cluster Settings
dialog box now
display the new
rules type.
98 Confidential
HA/ DRS
Rule details
• Rule policy
• Involved Groups
99 Confidential
100 Confidential
Enhancement for Anti-affinity rules
Now more than 2 VMs in a rule
Each rule can have a
couple of VMs
• Keep them all
together
• Separate them
through cluster
For each VM
at least
1 host is needed
101
101 Confidential
DPM Enhancements
Scheduling DPM
• Turning on/off DPM is now a
scheduled task
• DPM can be turned off prior to
business hours in anticipation for
higher resource demands
Disabling DPM
• It brings hosts out of standby
• Eliminates risk of ESX hosts
being stuck in standby mode
while DPM is disabled.
• Ensures that when DPM is
disabled, all hosts are
powered on and ready to
accommodate load increases.
102 Confidential
DPM Enhancements
103 Confidential
vMotion
104 Confidential
vMotion Enhancements
• Significantly decreased the overall migration time (time will vary depending
on workload)
• Increased number of concurrent vMotions:
ESX host: 4 on a 1 Gbps network and 8 on a 10 Gbps network
Datastore: 128 (both VMFS and NFS)
106 Confidential
vMotion
Aggressive Resume
• Destination VM resumes earlier
Only workload memory pages have been received
Remaining pages transferred in background
Disk-Backed Operation
• Source host creates a circular buffer file on shared storage
• Destination opens this file and reads out of it
• Works only on VMFS storage
• In case of network failure during transfer vMotion falls back to disk based
transfer
Works together with aggressive resume feature above
107 Confidential
Enhanced vMotion Compatibility Improvements
• Preparation for AMD Next Generation without 3DNow!
• Future AMD CPUs may not support 3DNow!
• To prevent vMotion incompatibilities, a new EVC mode is introduced.
108 Confidential
EVC Improvements
109 Confidential
Enhanced vMotion Compatibility Improvements
Usability Improvements
• VM's EVC capability: The VMs tab for hosts and clusters now displays the
EVC mode corresponding to the features used by VMs.
110 Confidential
EVC (3/3)
111 Confidential
Licencing
Host-Affinity, Multi-core VM, Licence Reporting Manager
112 Confidential
Multi-core CPU inside a VM
Click this
113 Confidential
Multi-core CPU inside a VM
114 Confidential
Multi-core CPU inside a VM
115 Confidential
Multi-core CPU inside a VM
116 Confidential
Customers Can Self-Enforce Per VM License Compliance
117 Confidential
Thank You
I’m sure you are tired too
Confidential
© 2009 VMware Inc. All rights reserved
Useful references
• http://vsphere-land.com/news/tidbits-on-the-new-vsphere-41-release.html
• http://www.petri.co.il/virtualization.htm
• http://www.petri.co.il/vmware-esxi4-console-secret-commands.htm
• http://www.petri.co.il/vmware-data-recovery-backup-and-restore.htm
• http://www.delltechcenter.com/page/VMware+Tech
• http://www.kendrickcoleman.com/index.php?/Tech-Blog/vm-advanced-iso-free-tools-for-advanced-tasks.html
• http://www.ntpro.nl/blog/archives/1461-Storage-Protocol-Choices-Storage-Best-Practices-for-vSphere.html
• http://www.virtuallyghetto.com/2010/07/script-automate-vaai-configurations-in.html
• http://searchvmware.techtarget.com/tip/0,289483,sid179_gci1516821,00.html
• http://vmware-land.com/esxcfg-help.html
• http://virtualizationreview.com/blogs/everyday-virtualization/2010/07/esxi-hosts-ad-integrated-security-gotcha.aspx
• http://www.MS.com/licensing/about-licensing/client-access-license.aspx#tab=2
• http://www.MSvolumelicensing.com/userights/ProductPage.aspx?pid=348
• http://www.virtuallyghetto.com/2010/07/vsphere-41-is-gift-that-keeps-on-giving.html
119 Confidential
vSphere Guest API
It provides functions that management agents and other software can use to collect data about the state and
performance of a VM.
• The API provides fast access to resource management information, without the need for authentication.
The Guest API provides read‐only access.
• You can read data using the API, but you cannot send control commands. To issue control commands, use the
vSphere Web Services SDK.
Some information that you can retrieve through the API:
• Amount of memory reserved for the VM.
• Amount of memory being used by the VM.
• Upper limit of memory available to the VM.
• Number of memory shares assigned to the VM.
• Maximum speed to which the VM’s CPU is limited.
• Reserved rate at which the VM is allowed to execute. An idling VM might consume CPU cycles at a much lower
rate.
• Number of CPU shares assigned to the VM.
• Elapsed time since the VM was last powered on or reset.
• CPU time consumed by a particular VM. When combined with other measurements, you can estimate how fast
the VM’s CPUs are running compared to the host CPUs
120 Confidential