Datacenter virtualization with VMware, Cisco, EMC

I had the opportunity  to attend a seminar organized by VMware, Cisco and EMC. It was about virtualization in the datacenter and a presentation of VMware’s last product: vSphere4.

The idea is basically to take the cloud in the enterprise and not out – that is, opposed to the proprietary clouds (like AWS for instance). This echoes what I said in my last article “Second thoughts on Cloud Computing“.  It goes even further by giving the opportunity to companies to build “private clouds”, that is, an internal cloud in their very own DC, eventually connected to some rented cloud from a provider.

VMware’s vSphere provides several interesting features. vApp provides a software-defined SLA (scalability, availability, …) for one or a group of Virtual Machines. Fault tolerance is implemented by letting two instances of a VM run: the real one and copy (shadow) on different machines. If the first fails, the second becomes active seamlessly. Power management is also covered by letting unused hardware power down (ie by night), but taking in account the HA/FT. VMsafe is one last new feature that act as a global security agent, replacing the scanner you had to install previously on each individual VM.

One of the problems with virtualization is shared networking. When a packet goes from a VM to another VM on the same machine, via the ethernet interface, the switch to which the interface is connected will drop the packet. This is because the ethernet specifications say that an incoming packet cannot be forwarded to the same port. And this is why a virtual switch is needed in virtualized systems. VMware implement such a virtual switch and provide an API to access it.

Cisco presented their Nexus 1000v virtual switch. It actually use VMware’s virtual switch’s API to give a Cisco-like CLI and to interconnect easily with other physical Cisco switches. The hypervisor is software and can be run on a applicance or on VM. Linecards are actually the machines’ NICs. Configuration is not done at the traditional physical interface level but is done by defining “port profiles”. This feature should probably be added soon in physical switches (and I wonder why they didn’t implemented that before).

There is multiple advantages of using the Nexus 1000v in place of the VMware’s virtual switch. Its separates clearly the roles of the network and the system administrators, giving to the firsts the tools they are used to (Cisco CLI). Every aspect of configuration in the port profile (ACL, SPAN, Port security) follow the VMs seamlessly during vMotion and ease the work of the administrator by ensuring automaticaly that the configuration is consistent across the cloud. It also bundles automaticaly redundant links between the Nexus 1000v and a physical switch with help of CDP.

Second thoughts on cloud computing

There is apparently a lot of criticism those days against Cloud Computing. CC was named by some people as the the silver bullet for datacenters, providing more flexible service, lower costs, easier and faster setup. But it seems that it finally reached its highest point of hype. With experience, people start to see CC’s limits and to realize that it isn’t simply going to replace all DCs.

We first got a report from McKinsey: “Clearing the air on cloud computing” (relayed on Techcrunch and the NY times).

While CC is great for SME (startups for instance, like commentag), it compete hardly with big companies’ owned-datacenters. Using the cloud implies also adaption to specific application and security architecture, as well as organisational changes to leverage its flexibility. It is said that CC is only really economicaly viable for pre-paid linux systems.

The report makes also a comparison for moving a whole DC to AWS. I personnaly think that the authors got it wrong in their comparison here. As I said before, I think that Cloud Computing is good for on-demand computing units, but nobody is going to use it in place of a usual DC. Another point is that the report examine cost of migration to the cloud but what about getting out of the cloud?

A good point in the report is mentioning low SLA available (if any). That was also one of my concerns when I investigated AWS for commentag.

Finally, McKinsey’s report advises big companies to do virtualization in their own DC in place than CC and insists on standardization of services through whole company.

Here is also a white paper on cloud computing from Maya design. They believe in a P2P-based cloud and not in the vendors’ (AWS, Google, Microsoft) solutions. The white paper points out that clouds today are proprietary and not compatible between them, and warns about the risk of vendor lock-in.

Finally,  I can also mention a discussion I had with a strategic business from Sun microsystems some time ago. As pointed by Maya Design, there is indeed the vendor lock-in and the difficulty of getting out of the cloud or migrating from one cloud to another. This can lead to many issues and, because of the migration, eventually higher costs in the end.

As a conclusion and based on my experience, I think that Cloud Computing is a great tool to answer specific needs; to help during traffic spikes for instance, or for a startup as the time to market is very short. But Cloud Computing is probably not going to replace the traditionnal Datacenter (at least not a external cloud). For big companies, I believe more in virtualization in the datacenter.

LPIC-1 passed, now linux certified

Got my results today for the LPI-101 and LPI-102 exams I took last week at the FOSDEM!

Some questions weren’t easy, as they are related to tools I never use (and probably nobody does).

Actually, I think that LPIC-1 need a little update. Some of the questions covers topics or tools that are not relevant anymore or changed during the last years. While it’s not that difficult for someone using Linux for years (I use Linux daily for more than 8 years now), it can be very challenging for newcomers and even disappointing to have to learn not-up-to-date stuff .

Studying for LPIC-1

Ok I’ll put my CCNP study on hold again. There is the opportunity to take the Linux Professional Institute (LPI) exams with approx. 50€ rebate during the FOSDEM (Free and Open source Software Developers European Meeting). It will take place in Brussels, February 7 & 8th.

I will try both LPI-101 and LPI-102 exams to get the LPIC-1 certification. I know there is lot to know to pass the exam but since I am using Linux daily for more than 8 years (good old Redhat 5.2), I think I have a chance to pass. BTW, I also learned a lot this year by administrating Commentag’s servers; including apache, squid (proxy), pond (loadbalancer) and more.

On the other hand, I have been more on network than on Linux lately. I’m not sure that I’m really up to date with recent changes in the Linux world. Hope two weeks will suffice to get updated.

Juniper Enterprise Routing book delivered

I mentioned some time ago that you could get a book from J-central if you register on their web site. Just received my copy of Juniper enterprise routing today.

The state of switching

Got a meeting with integrators lately. Very interesting discussion about the switching world.

Cisco’s new Nexus platform seems promising. It tries to merge network and storage worlds, in a completely virtualized system. While its core is based on a UNIX/linux system, the NexusOS keeps full compatibility with Cisco’s syntax as the CLI as been ported to the new platform. But since Nexus is new, we can put its maturity in question. Besides this, there is not much blades available yet.

Cisco’s Nexus is presented as 6500′s successor but in practice it won’t probably replace it so quickly. First, because the 6500 is a very performant platform which as proven over year its robustness. Second, it is very versatile, counting dozen of service modules. And on the other hand, the Nexus has to prove itself.

With Nortel planning to stop their metropolitan ethernet products line (and thus, its switches), it doesn’t leave much actors in Europe to compete with Cisco.

Of course, you’ve got Juniper, who recently released a switches product line. But as for the Nexus, those switches are relatively new. Anyway, it isn’t that complicated to find Juniper switching engineers

The discussion also was about the strategy of functionalities. The first is to use services modules like 6500′s FWSM or ACE. Pros are: ease of use, lower consumption and no compatibility issues. The problem with this strategy is vendor lock-in. Second strategy is to connect external pizza-boxes to your switch with a one-armed topology. Pros: flexibility, no vendor lock-in. But of course you have no central management and maybe compatibility issues.

One final point is support. A lot of switches vendors actually exist but most of them are based in the US and offer few or no support in Europe. Support is a concern for big companies and can influence their choice when selecting a vendor.

J-central, everything about Juniper

Niels pointed out a new web site about Juniper called J-Central. The site is going to propose information, live sessions, training and documentation regarding JUNOS. If you register now, you will receive a copy of the O’reilly book “JUNOS Enterprise Routing“. Great to deepen your JUNOS knowledge.

BSCI course

I followed a Cisco training at Telindus these week. Course is entitled “Building Scalable Cisco Internetworks”. It covers everything about routing at a CCNP level: EIGRP, OSPF, IS-IS (arg), BGP, multicast and some IPV6.

The books are well-written. They explain all the concepts and then goes into the details of the configuration. We also had lab exercises with 6 x 1840 routers.

Our instructor was clear and explained everything well. The only downside is that, since he is as young as I am (26), his knowledge comes out of the book and he doesn’t have much real-life experience. When I learn something new, I like to play with the concepts, to be sure that I understand everything. As a consequence, he couldn’t answer some of my (tricky) questions.

JNCIA-EX, JNCIA-ER passed

I passed the JNCIA routing + switching exams! Both exams together are equivalent to Cisco’s CCNA but for Juniper.

Here a quick shots of the diplomas:

What’s next? First rest somewhat, then resume my CCNP study.

Used Cisco 2621XM 1841 on ebay

Ok. The 2621XM was in fact a 2620 with only one ethernet interface. After many discussions with the seller, looking for a compensation (like a HWIC-4ESW or NM-xxxESW module), he agreed to exchange the 2620 with a 1841.

The cisco 1841 is of a lower category (SME) than 2621XM/2620 (Enterprise) but is of the new generation routers. So in the end, after discussing my CCIE friend (thanks Gustavo!), I come to the conclusion that I made a bargain on this.