Virtualization Adapted Adapting Business Processes for Virtual Infrastrcuture (and vice-versa)

2011/08/11

Virtualization Security Round Table Podcast

Filed under: cloud,it,security,virtualization — iben @ 12:08

Virtualization Security Podcast | The Virtualization Practice.

Virtualization Security Podcast

The Virtualization Security Round Table Podcast provides an open forum to discuss all things related to Virtualization, Virtual Environment, and Cloud Computing Security. The podcast is hosted by Talkshoe, with the after podcast write-ups and notes are hosted here. The podcast can also be found on iTunes. https://itunes.apple.com/us/podcast/virtualization-security-roundtable/id302845147

Use Talkshoe to join us in our discussions every other week on Thursday at 2:30 PM EST.Call in with this info:

  • Phone Number:
    (724) 444-7444
  • Call ID:
    34217

To receive email notifications when new episodes are scheduled use Talkshoe’s Follow This feature. However to use this feature you most likely need a Talkshoe account.

You can also subscribe to the Podcast RSS Feed.

This podcast addresses many Virtualization Security items and is always looking for more ideas. Please contact one of the panelists or contact myself via Twitter, the VMware Communities Forum, or by submitting a comment below.

Expand to View all Virtualization Security Podcast Episodes

Our past guest panelists have included people from Altor Networks, Catbird Security, Cisco, Citrix, EMC, HyTrust, NetApp, PCI DSS, Reflex Systems, RSA, TrendMicro, VMware as well as other industry virtualization security groups, consultants, and auditors.

The static panelists of the podcast are:

Our podcasts are equalized by Tim Pierson of DataSentry Inc, who is a contributing author to VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment and virtualization security trainer.

Recent Posts

 

ESX vSwitch L2 Security

Filed under: it,security,virtualization — Tags: , , , , , , — iben @ 11:58

VMware vSphere ESX Host Virtual Switch Layer 2 Security Features

The virtual switch has the ability to enforce security policies to prevent virtual machines from impersonating other nodes on the network. There are three components to this feature. These should all be set to “REJECT” to enable the security feature.

•Promiscuous mode is disabled by default for all virtual machines. This prevents them from seeing unicast traffic to other nodes on the network.

•MAC address change lockdown prevents virtual machines from changing their own unicast addresses. This also prevents them from seeing unicast traffic to other nodes on the network, blocking a potential security vulnerability that is similar to but narrower than promiscuous mode.

•Forged transmit blocking, when you enable it, prevents virtual machines from sending traffic that appears to come from nodes on the network other than themselves.

Cisco Nexus 1000v Switch Layer 2 Security

MAC ACLs

MAC ACLs are ACLs that filter traffic using information in the Layer 2 header of each packet.

http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0/security/configuration/guide/security_9mac_acls.html

Port Security

Port security lets you configure Layer 2 interfaces permitting inbound traffic from a restricted set of MAC addresses called secure MAC addresses. In addition, traffic from these MAC addresses is not allowed on another interface within the same VLAN. The number of MAC addresses that can be secured is configurable per interface.

http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0/security/configuration/guide/security_10port.html#wp1210839

DHCP Snooping

DHCP snooping acts like a firewall between untrusted hosts and trusted DHCP servers by doing the following:

•Validates DHCP messages received from untrusted sources and filters out invalid response messages from DHCP servers.

•Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses.

•Uses the DHCP snooping binding database to validate subsequent requests from untrusted hosts.

Dynamic ARP inspection (DAI) and IP Source Guard also use information stored in the DHCP snooping binding database.

http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_2/security/configuration/guide/n1000v_security_12dhcpsnoop.html#wp1272686

Dynamic Address Resolution Protocol (ARP) Inspection (DAI)

DAI is used to validate ARP requests and responses as follows:

•Intercepts all ARP requests and responses on untrusted ports.

•Verifies that a packet has a valid IP-to-MAC address binding before updating the ARP cache or forwarding the packet.

•Drops invalid ARP packets.

DAI can determine the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a Dynamic Host Configuration Protocol (DHCP) snooping binding database. This database is built by DHCP snooping when it is enabled on the VLANs and on the device. It may also contain static entries that you have created.

If an ARP packet is received on a trusted interface, the device forwards the packet without any checks. On untrusted interfaces, the device forwards the packet only if it is valid.

http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_2/security/configuration/guide/n1000v_security_13arpinspect.html#wp1329252

IP Source Guard

IP Source Guard is a per-interface traffic filter that permits IP traffic only when the IP address and MAC address of each packet matches the IP and MAC address bindings of dynamic or static IP source entries in the Dynamic Host Configuration Protocol (DHCP) snooping binding table.

You can enable IP Source Guard on Layer 2 interfaces that are not trusted by DHCP snooping. IP Source Guard supports interfaces that are configured to operate in access mode and trunk mode. When you initially enable IP Source Guard, all inbound IP traffic on the interface is blocked except for the following:

•DHCP packets, which DHCP snooping inspects and then forwards or drops, depending upon the results of inspecting the packet.

•IP traffic from static IP source entries that you have configured in the Cisco Nexus 1000V.

The device permits the IP traffic when DHCP snooping adds a binding table entry for the IP address and MAC address of an IP packet or when you have configured a static IP source entry.

The device drops IP packets when the IP address and MAC address of the packet do not have a binding table entry or a static IP source entry.

http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_2/security/configuration/guide/n1000v_security_14sourceguard.html#wp1096775

Reference Links

http://www.vmware.com/files/pdf/dmz-vsphere-nexus-wp.pdf

http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/vmware/VMware.html#wp696333

Labels:


2011/05/22

Step Right Up and Get Your Wildcard SSL Certificates Here

Filed under: virtualization — iben @ 18:33

Step Right Up and Get Your SSL Certificates Here

Wildcard RapidSSL Certificate

http://www.rapidssl.com/buy-ssl/wildcard-ssl-certificate/

  • Fast issuance and easy install
  • 99% browser support
  • Chained Cert works with most newer handheld devices and mobile browsers
  • Up to 256-bit SSL encryption

Price

  • 1 Year: $131.00
  • 2 Years: $232.00 ($116 per year)
  • 3 Years: $333.00 ($111 per year)
  • 4 Years: $432.00 ($108 per year)

RapidSSL (non-wildcard) Certificate Price

  • 1 Year: $38.00
  • 2 Years: $62.00 ($31 per year)
  • 3 Years: $81.00 ($27 per year)
  • 4 Years: $104.00 ($26 per year)

Trustwave Wildcard 256-Bit SSL Certificate Details

https://ssl.trustwave.com/ssl-premium-wildcard.php

  • Organization Vetted
  • $100,000 Warranty
  • Free Technical Support
  • Free Trusted Commerce Site Seal
  • Free lifetime reissuance
  • Your organization’s name appears in the certificate
  • 100% Trusted Root Guarantee
  • Good for multiple server names
  • Not a low assurance instant issued certificate

  • 1 Year: $340.00
  • 2 Years: $640.00
  • 3 Years: $940.00


https://www.thawte.com/ssl/wildcard-ssl-certificates/index.html

  • Organization Vetted
  • Save time and money with fewer SSL certificates to manage and purchase.
  • Create a secure, private connection between a web browser and web server, including gateways, web forms, mail and FTP servers, and VPNs with up to 256-bit SSL encryption.
  • Secure your competitive advantage with SSL from Thawte, a globally recognized certificate authority with root certificates included in over 99% of browsers.

Price

  • 1 Year: $540.00
  • 2 Years: $1040.00

Comodo PremiumSSL Wildcard Details

http://www.comodo.com/business-security/digital-certificates/wildcard-ssl.php

  • Organization Vetted
  • Domain Vetted
  • Secure multiple sub-domains on a single domain name with one Certificate
  • Full business-validated certificate
  • 2048 bit industry standard SSL Certificate
  • Trusted by all popular browsers
  • 99.3% browser compatibility
  • Unlimited Re-issuance Policy
  • 128/256 bit encryption

Price

  • 1 Year: $390.00
  • 2 Years: $740.00
  • 3 Years: $1090.00
  • 4 Years: $1440.00
  • 5 Years: $1790.00

Request Process

Fill out the form below and email it to me with your CSR at: sslcerts@ibenit.com

I will email you an invoice from paypal along with your new certificate.

Here’s what you’ll get: http://www.freessl.com/buy-ssl/wildcard-ssl-certificate/index.html

CSR Instructions

https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=so13985

NOTE: The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&

Type the following command to generate a private key that is file encrypted. You will be prompted for the password to access the file and also when starting your web server. Warning: If you lose or forget the pass phrase, you must purchase another certificate.

openssl genrsa -des3 -out domainname.key 2048

You could also create a private key without file encryption if you do not want to enter the pass phrase when starting your web server:

openssl genrsa -out domainname.key 2048

Type the following command to create a CSR with the RSA private key (output will be PEM format):

openssl req -new -key domainname.key -out domainname.csr

NOTE: You will be prompted for your PEM pass phrase if you included the “-des3” switch.  This is optional. Don’t include the -des3 if you want your webserver to be able to restart without human intervention.

Fill Out This Form

Wildcard Certificates will be issued for *.domain-name.com

  • Domain Name:
  • Certificate Duration:  1  2  3  4  5  Years
  • Domain Contact Email:
    (Needs to match whois info)
  • First Name:
  • Last Name:
  • Address:
  • City:
  • Country:
  • State:
  • Zip/Postal Code:
  • Phone:

Example Issued Certificate Information

Common name: *.domain-name
SANs: *.domain-name
Organization: *.domain-name
Location: US
Valid from February 29, 2010 to February 29, 2015
Signature Algorithm: sha1WithRSAEncryption
Issuer: RapidSSL CA

Common name: RapidSSL CA
Organization: GeoTrust, Inc.
Location: US
Valid from February 19, 2010 to February 18, 2020
Serial Number: 145105 (0x236d1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: GeoTrust Global CA

How to read a CSR

openssl req -text -noout -in host.csr

 

2011/05/06

Performance Recommendations for Virtualizing AnyThing with VMware vSphere 4

Filed under: virtualization — iben @ 09:10

Performance Recommendations for Virtualizing AnyThing with VMware vSphere 4

( Derived from: Performance Recommendations for Virtualizing Zimbra with VMware vSphere 4 http://wiki.zimbra.com/wiki/Performance_Recommendations_for_Virtualizing_Zimbra_with_VMware_vSphere_4)

Introduction

VMware vSphere’s virtualization capability to deliver computing and I/O resources far exceeds the resource requirements of most x86 applications. This is what allows multiple application workloads to be consolidated onto the vSphere platform and benefit from reduced server cost, improved availability, and simplified operations.

However, there are some common misconfiguration or design issues that many experience when virtualizing applications, especially Enterprise workloads with higher resource demands than smaller departmental workloads.

We have compiled a short list of the essential best practices and recommendations to ensure a highly performant deployment on the vSphere platform. We have also provided a list of highly recommended reference material to both build and deploy a vSphere platform with performance in mind, as well as troubleshooting steps to resolve performance related issues.

CPU Resources

  • Confirm hardware assisted virtualization is enabled in the BIOS on your hardware platform.
  • Confirm CPU/MMU virtualization is configured correctly for your hardware platform.
    • To configure CPU/MMU virtualization:‘myVM’ -> Summary Tab -> Edit Settings -> Options -> CPU/MMU virtualization

NUMA

Non-Uniform Memory Access (NUMA) is a memory architecture used in multi-processor systems. A NUMA node is comprised of the processor and bank of memory local to that processor. In NUMA architecture, a processor can access its own local memory faster than non-local memory or memory local to another processor. A phenomenon known as NUMA “crosstalk” occurs when a processor accesses memory local to another processor causing a performance penalty.

VMware ESX™ is NUMA aware and will schedule all of a virtual machine’s (VM) vCPUs on a ‘home’ NUMA node. However, if the VM container size (vCPU and RAM) is larger than the size of a NUMA node on the physical host, NUMA crosstalk will occur. It is recommended, but not required, to configure your maximum VM container size to fit on a single NUMA node.

For example:

  • ESX host with 4 sockets, 4 cores per socket, and 64GB of RAM.
  • NUMA nodes are 4 cores with 16GB of RAM (1 socket and local memory).
  • Recommended maximum VM container is 4 vCPU with 16GB of RAM.

CPU Resources

It is okay to over commit CPU resources, it is not okay to over utilize. Meaning you can allocate more virtual CPUs (vCPUs) than there are physical cores (pCores) in an ESX host as long as the aggregate workload does not exceed the physical processor capabilities. Over utilizing the physical host can cause excessive wait states for VMs and corresponding applications while the ESX scheduler is busy scheduling processor time for other VMs.

Most apps are not CPU bound when disk and memory resources are sized correctly. It is perfectly fine to over commit vCPUs to pCores on ESX hosts where the workloads will be running. However, in any over committed deployment it is recommended to monitor host CPU utilization, VM Ready Time, and utilize the Dynamic Resource Scheduler (DRS) to load balance VMs across hosts in a vSphere Cluster.

VM Ready Time, host CPU utilization, and other important resource statistics can be monitored using ESXtop or from the Performance tab in the vSphere Client. You can also configure Alarms and Triggers to email administrators and perform other automated actions when performance counters reach critical thresholds that would affect the end user experience.

See the Performance Troubleshooting for VMware vSphere 4 guide for detailed information on performance troubleshooting.

vCPU Resources

Reduce the number of vCPUs allocated to your VM to the fewest number required to sustain your workload. Over allocating vCPUs causes excessive and unnecessary CPU overhead and idle time on the physical host. When memory and disk resources are sized appropriately, most apps are not a CPU bound. If your VM experiences less than 60% sustained utilization during peak workloads, we recommend reducing the allocated vCPUs to half the number of currently allocated vCPUs.

VM Memory Allocation

If you see periods of high, sustained CPU utilization on your VM, this may actually be caused by memory backpressure or a poorly performing disk subsystem. It is recommended to first increase the memory allocated to the VM (make sure you match the VM memory reservation to the total allocated memory for as a JAVA workload best practice). Then, monitor VM CPU utilization, VM disk I/O, and in-guest swapping (can cause excessive disk I/O); for signs of improvement and other issues before increasing the number of vCPUs allocated to your VM.

Memory Resources

  • It is recommended to size the VM memory not to exceed the amount of memory local to a single NUMA node. For example:
    • ESX host with 4 sockets, 4 cores per socket, and 64 GB of RAM.
    • NUMA nodes are 4 cores with 16 GB of RAM (1 socket and local memory).
    • Recommended maximum VM container is 4 vCPU with 16GB of RAM.
  • Set the memory reservation for your VMs to the total amount of memory allocated to the VM. For example:
    • If you allocated 8192MB of memory to the VM, then the memory reservation should be set to 8192MB.

To configure memory reservations:‘myVM’ -> Summary Tab -> Edit Settings -> Resources – > Memory -> Reservation

Network Resources

  • Use the VMXNET3 paravirtualized network adapter if supported by your guest Operating System. Note: This does not apply to the some pre-built appliances so check with your vendor.
  • Use separate physical NIC ports, NIC teams, and VLANs for VM network traffic, vMotion, and IP based storage traffic (i.e. iSCSI storage or NFS datastores). This will avoid contention between client/server I/O, storage I/O, and vMotion traffic.

Storage Resources

VMFS Datastores

Do not oversubscribe VMFS datastores. Disk I/O and latency is a physics issue and storage design has the same impact on performance virtual as it does physical. Design your VM’s storage with the appropriate number of spindles to satisfy I/O requirements for DBs, indexes, redologs, blob stores, etc.

See the Performance Troubleshooting for VMware vSphere 4 guide for detailed information on performance troubleshooting. Remember that insufficient memory allocation can cause excessive memory swapping and disk I/O. See the memory resource section for information on tuning VM memory resources.

PVSCSI Paravirtualized SCSI Adapter

  • Use the PVSCSI paravirtualized SCSI adapter if supported by your guest Operating System.
  • Use the PVSCSI paravirtualized SCSI adapter if supported by your guest Operating System.  Note: This does not apply to the some pre-built appliances so check with your vendor.

RDM devices versus VMFS Datastores

There is no performance benefit to using RDM devices versus VMFS datastores. It is recommended to use VMFS datastores unless you have specific storage vendor requirements to support hardware snapshots or replications in a virtual environment.

VMDK Disk Devices

Configure your VMs, VMDK disk device as thick-eagerzeroed to zero out each block when the VMDK is created. By default, new thick VMDK disk devices are created lazyzeroed. This causes duplicate I/O the first time each block is written to the disk device by first zeroing the block, then writing your application data. This can cause significant performance overhead for disk I/O intensive applications.

To configure thick-eagerzero VMDK disk devices either:

  • Check the box to ‘Support clustering features such as Fault Tolerance’ when creating the VM. This does not enable FT, but does eagerzero the disks.

Or

  • From the ESX CLI:
vmkfstools -k /vmfs/volumes/path/to/vmdk

To configure thick-eagerzero VMDK disk devices from the ESX CLI: vmkfstools -k /vmfs/volumes/path/to/vmdk

For more information about the ESX CLI, see the vSphere Command-Line Interface Documentation at http://www.vmware.com/support/developer/vcli/

Fiber Channel Storage

If using Fiber Channel storage, configure the maximum queue depth on the FC HBA card.

IP-Based Storage

  • Do not oversubscribe network interfaces or switches when using IP based storage (i.e. iSCSI or NFS). Use EtherChannel with ESX NIC teams and IP storage targets or 10GE if storage I/O requirements exceed a single 1Gb network interface.
  • Use dedicated physical NIC ports, teams, and VLANs for IP based storage traffic (i.e. iSCSI storage or NFS datastores). This will avoid contention between client/server I/O, storage I/O, and vMotion traffic.
  • Use Jumbo frames to increase storage I/O throughput and performance when using IP based storage (i.e. iSCSI or NFS).

vSphere Cluster Recommendations

VMware vMotion

Use dedicated physical NIC ports, teams, and VLANs for vMotion traffic to avoid contention between client/server I/O, storage I/O, and vMotion traffic.

VMware HA

Confirm VMware HA is enabled for the vSphere Cluster to automatically recover your VMs in the vSphere Cluster in case of unplanned hardware downtime.

VMware DRS

  • Confirm DRS is enabled to load balance VMs across ESX hosts in a vSphere Cluster.
  • With DRS, you can configure affinity rules to keep virtual machines together or apart on the ESX hosts in a vSphere Cluster. We recommend using affinity rules to separate multi-server deployments performing the same function onto different ESX hosts in a vSphere Cluster. This will minimize the impact to users caused by a hardware failure affecting a single ESX host. VMware HA (if enabled) will automatically recover the ZCS multi-server deployment VMs from the failed ESX host onto another ESX host in the vSphere Cluster.
  • To create a DRS rule: ‘myvSphereCluster’ -> Edit settings -> VMware DRS -> Rules – > Add
  • Create the following rules:
    • Name: Mailbox Servers – > Type: Separate Virtual Machines -> Add: ‘myMailboxServers’
    • Name: Proxy Servers – > Type: Separate Virtual Machines -> Add: ‘myProxyServers’
    • Name: MTA Servers – > Type: Separate Virtual Machines -> Add: ‘myMTAServers’

Reference Materials

Zimbra vSphere Best Practices

http://files2.zimbra.com/zca/zca-6.0.7_GA_341/doc/Zimbra_on_vSphere_Performance_Best_Practices.pdf

Performance Best Practices for VMware vSphere 4.0

http://www.vmware.com/pdf/Perf_Best_Practices_vSphere4.0.pdf

VMware vSphere 4 Performance with Extreme I/O Workloads

http://www.vmware.com/pdf/vsp_4_extreme_io.pdf

Performance Troubleshooting for VMware vSphere 4

http://communities.vmware.com/servlet/JiveServlet/download/10352-1-28235/vsphere4-performance-troubleshooting.pdf

Understanding Memory Resource Management in VMware ESX Server

http://www.vmware.com/files/pdf/perf-vsphere-memory_management.pdf

Comparison of Storage Protocol Performance in VMware vSphere 4

http://www.vmware.com/files/pdf/perf_vsphere_storage_protocols.pdf

Best Practices for Running vSphere on NFS Storage

http://vmware.com/files/pdf/VMware_NFS_BestPractices_WP_EN.pdf

Configuration Maximums for VMware vSphere 4.0

http://www.vmware.com/pdf/vsphere4/r40/vsp_40_config_max.pdf

What’s New in VMware vSphere 4: Performance Enhancements

http://www.vmware.com/files/pdf/vsphere_performance_wp.pdf

2011/02/12

Service Management Assessment for the Cloud

Filed under: virtualization — iben @ 19:36

Service Management Assessment for the Cloud

Change Management

• What information is required for changes to virtual machines and how is this recorded?
• What constitutes a virtual infrastructure change, and what categories of changes are there (for example, VM virtual hardware memory)?
• Are processes documented?
• Are different procedures followed for the assessment and approval of normal or complex changes as opposed to simple changes?

Configuration Management

• What are the purpose, scope, and objectives of configuration management the cloud?
• What are the SLAs for the machines in cloud?
• Are permissions used to limit changes in the cloud?
• How are cloud based machines tracked in the Configuration Management Database (CMDB)?
• How are patch levels tracked in the cloud?

Incident Management

• How are cloud based incidents handled?
• How are cloud related issues captured in a knowledge base?
• How are cloud components monitored?

Problem Management

• Are there separate procedures to isolate problems related to the cloud?
• How does the way that cloud related problems are addressed compare to other platforms?
• How are known errors logged?

Release Management

• Are standard build blueprints used?
• Are releases tested prior to implementation?
• Is a back-out plan developed for each release?
• Are the master copies of all software in use within standard builds stored in a single repository (Definitive Software Library)?

Service Desk

• What tools are used to record cloud related issues and how are they classified?
• How are escalations of cloud related issues escalated?

Reference

http://download3.vmware.com/elq/pdf/wp_roadmaptovirtualinfrastructure.pdf

http://www.vmware.com/files/pdf/services/consserv-esp-roadmap-workshop-sb-en.pdf

2011/01/05

Review of VMware View Optimization Guide Windows 7 pdf

Filed under: virtualization — Tags: , , , , , — iben @ 11:44

Just reviewed this guide and wanted to share.

Very helpful scripts are included with the adobe acrobat pdf which allow rapid customization and optimization of windows 7 desktops for VMware view.

A few tips:

  • open the pdf with the adobe acrobat reader app
  • you will find included 2 embedded files: commands.txt and ts.xml – save them to a shared folder
  • access the shared folder from the windows 7 template machine being configured
  • tweak your current user environment as you wish – it will be copied and set for use as the default user profile
  • change the folder options view to Disable “Hide extensions for Known file types” and click “Apply to Folders”
  • rename the commands.txt file to commands.bat (see notes below)
  • run the included commands.bat script from an “admin” command prompt or it won’t work right
  • take advantage of the new registry keys to denote current image version and author info
  • run ipconfig /release then shutdown the windows 7 template machine being configured
  • take a snapshot of the windows 7 template machine being configured

Customizing Linked-Clone Desktops with QuickPrep

Link to doc

http://www.vmware.com/files/pdf/VMware-View-OptimizationGuideWindows7-EN.pdf

Command.Bat listing

The contents of the commands.bat (aka commands.txt) file are listed here for your review. Review them and edit as needed for your environment.

rem  Setting Default HKCU values by loading and modifying the default user registry hive
reg load "hku\temp" "%USERPROFILE%\..\Default User\NTUSER.DAT"
reg ADD "hku\temp\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /d "%windir%\system32\scrnsave.scr" /f
reg ADD "hku\temp\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v ScreenSaveTimeOut /d "600" /f
reg ADD "hku\temp\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v ScreenSaverIsSecure /d "1" /f
reg ADD "hku\temp\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v Wallpaper /d " " /f
reg ADD "hku\temp\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache" /v Persistent /t REG_DWORD /d 0x0 /f
reg ADD "hku\temp\Software\Microsoft\Feeds" /v SyncStatus /t REG_DWORD /d 0x0 /f
reg ADD "hku\temp\Software\Microsoft\WIndows\CurrentVersion\Policies\Explorer" /v HideSCAHealth /t REG_DWORD /d 0x1 /f
reg unload "hku\temp"
rem Making modifications to the HKLM hive
reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main" /v DisableFirstRunCustomize /t REG_DWORD /d 0x1 /f
reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters" /v EnableSuperfetch /t REG_DWORD /d 0x0 /f
reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate /t REG_DWORD /d 0x1 /f
reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /v DisableSR /t REG_DWORD /d 0x1 /f
reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Disk" /v TimeOutValue /t REG_DWORD /d 200 /f
reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Image" /v Revision /t REG_SZ /d 1.0 /f
reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Image" /v Virtual /t REG_SZ /d Yes /f
reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application" /v MaxSize /t REG_DWORD /d 0x100000 /f
reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application" /v Retention /t REG_DWORD /d 0x0 /f
reg ADD "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f
reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System" /v MaxSize /t REG_DWORD /d 0x100000 /f
reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System" /v Retention /t REG_DWORD /d 0x0 /f
reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security" /v MaxSize /t REG_DWORD /d 0x100000 /f
reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security" /v Retention /t REG_DWORD /d 0x0 /f
reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v CrashDumpEnabled /t REG_DWORD /d 0x0 /f
reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoRecycleFiles /t REG_DWORD /d 0x1 /f
reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0x0 /f
reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0x0 /f
reg ADD "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system" /v EnableLUA /t REG_DWORD /d 0x0 /f
reg Add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Sideshow" /v Disabled /t REG_DWORD /d 0x1 /f
rem Using Powershell to perform Windows Services modifications
Powershell Set-Service 'BDESVC' -startuptype "disabled"
Powershell Set-Service 'wbengine' -startuptype "disabled"
Powershell Set-Service 'DPS' -startuptype "disabled"
Powershell Set-Service 'UxSms' -startuptype "disabled"
Powershell Set-Service 'Defragsvc' -startuptype "disabled"
Powershell Set-Service 'HomeGroupListener' -startuptype "disabled"
Powershell Set-Service 'HomeGroupProvider' -startuptype "disabled"
Powershell Set-Service 'iphlpsvc' -startuptype "disabled"
Powershell Set-Service 'MSiSCSI' -startuptype "disabled"
Powershell Set-Service 'swprv' -startuptype "disabled"
Powershell Set-Service 'CscService' -startuptype "disabled"
Powershell Set-Service 'SstpSvc' -startuptype "disabled"
Powershell Set-Service 'wscsvc' -startuptype "disabled"
Powershell Set-Service 'SSDPSRV' -startuptype "disabled"
Powershell Set-Service 'SysMain' -startuptype "disabled"
Powershell Set-Service 'TabletInputService' -startuptype "disabled"
Powershell Set-Service 'Themes' -startuptype "disabled"
Powershell Set-Service 'upnphost' -startuptype "disabled"
Powershell Set-Service 'VSS' -startuptype "disabled"
Powershell Set-Service 'SDRSVC' -startuptype "disabled"
Powershell Set-Service 'WinDefend' -startuptype "disabled"
Powershell Set-Service 'WerSvc' -startuptype "disabled"
Powershell Set-Service 'MpsSvc' -startuptype "disabled"
Powershell Set-Service 'ehRecvr' -startuptype "disabled"
Powershell Set-Service 'ehSched' -startuptype "disabled"
Powershell Set-Service 'WSearch' -startuptype "disabled"
Powershell Set-Service 'wuauserv' -startuptype "disabled"
Powershell Set-Service 'Wlansvc' -startuptype "disabled"
Powershell Set-Service 'WwanSvc' -startuptype "disabled"
rem Making miscellaneous modifications
bcdedit /set BOOTUX disabled
vssadmin delete shadows /All /Quiet
Powershell disable-computerrestore -drive c:\
netsh advfirewall set allprofiles state off
powercfg -H OFF
net stop "sysmain"
fsutil behavior set DisableLastAccess 1
rem Making modifications to Scheduled Tasks
schtasks /change /TN "\Microsoft\Windows\Defrag\ScheduledDefrag" /Disable
schtasks /change /TN "\Microsoft\Windows\SystemRestore\SR" /Disable
schtasks /change /TN "\Microsoft\Windows\Registry\RegIdleBackup" /Disable
schtasks /change /TN "\Microsoft\Windows Defender\MPIdleTask" /Disable
schtasks /change /TN "\Microsoft\Windows Defender\MP Scheduled Scan" /Disable
schtasks /change /TN "\Microsoft\Windows\Maintenance\WinSAT" /Disable
rem  Setting Default HKCU values by loading and modifying the default user registry hivereg load "hku\temp" "%USERPROFILE%\..\Default User\NTUSER.DAT"reg ADD "hku\temp\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /d "%windir%\system32\scrnsave.scr" /freg ADD "hku\temp\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v ScreenSaveTimeOut /d "600" /freg ADD "hku\temp\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v ScreenSaverIsSecure /d "1" /freg ADD "hku\temp\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v Wallpaper /d " " /freg ADD "hku\temp\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache" /v Persistent /t REG_DWORD /d 0x0 /freg ADD "hku\temp\Software\Microsoft\Feeds" /v SyncStatus /t REG_DWORD /d 0x0 /freg ADD "hku\temp\Software\Microsoft\WIndows\CurrentVersion\Policies\Explorer" /v HideSCAHealth /t REG_DWORD /d 0x1 /freg unload "hku\temp" rem Making modifications to the HKLM hive reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main" /v DisableFirstRunCustomize /t REG_DWORD /d 0x1 /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters" /v EnableSuperfetch /t REG_DWORD /d 0x0 /freg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate /t REG_DWORD /d 0x1 /freg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /v DisableSR /t REG_DWORD /d 0x1 /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Disk" /v TimeOutValue /t REG_DWORD /d 200 /freg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Image" /v Revision /t REG_SZ /d 1.0 /f reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Image" /v Virtual /t REG_SZ /d Yes /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application" /v MaxSize /t REG_DWORD /d 0x100000 /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application" /v Retention /t REG_DWORD /d 0x0 /freg ADD "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Network\NewNetworkWindowOff" /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System" /v MaxSize /t REG_DWORD /d 0x100000 /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System" /v Retention /t REG_DWORD /d 0x0 /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security" /v MaxSize /t REG_DWORD /d 0x100000 /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security" /v Retention /t REG_DWORD /d 0x0 /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v CrashDumpEnabled /t REG_DWORD /d 0x0 /freg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoRecycleFiles /t REG_DWORD /d 0x1 /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0x0 /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0x0 /freg ADD "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system" /v EnableLUA /t REG_DWORD /d 0x0 /freg Add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Sideshow" /v Disabled /t REG_DWORD /d 0x1 /f rem Using Powershell to perform Windows Services modificationsPowershell Set-Service 'BDESVC' -startuptype "disabled"Powershell Set-Service 'wbengine' -startuptype "disabled"Powershell Set-Service 'DPS' -startuptype "disabled"Powershell Set-Service 'UxSms' -startuptype "disabled"Powershell Set-Service 'Defragsvc' -startuptype "disabled"Powershell Set-Service 'HomeGroupListener' -startuptype "disabled"Powershell Set-Service 'HomeGroupProvider' -startuptype "disabled"Powershell Set-Service 'iphlpsvc' -startuptype "disabled"Powershell Set-Service 'MSiSCSI' -startuptype "disabled"Powershell Set-Service 'swprv' -startuptype "disabled"Powershell Set-Service 'CscService' -startuptype "disabled"Powershell Set-Service 'SstpSvc' -startuptype "disabled"Powershell Set-Service 'wscsvc' -startuptype "disabled"Powershell Set-Service 'SSDPSRV' -startuptype "disabled"Powershell Set-Service 'SysMain' -startuptype "disabled"Powershell Set-Service 'TabletInputService' -startuptype "disabled"Powershell Set-Service 'Themes' -startuptype "disabled"Powershell Set-Service 'upnphost' -startuptype "disabled"Powershell Set-Service 'VSS' -startuptype "disabled"Powershell Set-Service 'SDRSVC' -startuptype "disabled"Powershell Set-Service 'WinDefend' -startuptype "disabled"Powershell Set-Service 'WerSvc' -startuptype "disabled"Powershell Set-Service 'MpsSvc' -startuptype "disabled"Powershell Set-Service 'ehRecvr' -startuptype "disabled"Powershell Set-Service 'ehSched' -startuptype "disabled"Powershell Set-Service 'WSearch' -startuptype "disabled"Powershell Set-Service 'wuauserv' -startuptype "disabled"Powershell Set-Service 'Wlansvc' -startuptype "disabled"Powershell Set-Service 'WwanSvc' -startuptype "disabled" rem Making miscellaneous modificationsbcdedit /set BOOTUX disabledvssadmin delete shadows /All /QuietPowershell disable-computerrestore -drive c:\netsh advfirewall set allprofiles state offpowercfg -H OFFnet stop "sysmain"fsutil behavior set DisableLastAccess 1 rem Making modifications to Scheduled Tasksschtasks /change /TN "\Microsoft\Windows\Defrag\ScheduledDefrag" /Disableschtasks /change /TN "\Microsoft\Windows\SystemRestore\SR" /Disableschtasks /change /TN "\Microsoft\Windows\Registry\RegIdleBackup" /Disableschtasks /change /TN "\Microsoft\Windows Defender\MPIdleTask" /Disableschtasks /change /TN "\Microsoft\Windows Defender\MP Scheduled Scan" /Disableschtasks /change /TN "\Microsoft\Windows\Maintenance\WinSAT" /Disable

2010/11/18

RISO SISO Expert

Filed under: virtualization — Tags: , — iben @ 07:32

RISO SISO Expert

To provide optimal delivery of solutions, services are provided in three main forms:

Rapid Implementation Solution Offerings

The intent of Rapid Implementation Solution Offerings (RISOs) is to install and configure a technology solution in a controlled fashion, in a tightly scoped environment, with a focus on a pre-designated Best Practices approach.

RISOs are available for major technology solutions. RISOs typically form the first phase of a Solution Implementation.

Solution Implementation Solution Offerings

The intent of Solution Implementation Solution Offerings (SISOs) is to provide additional customization, configuration and integration of technology solutions, with a focus on a more tailored approach than the RISOs.

Expert packs

Beyond the initial installation, configuration, customization and integration, Expert packs provide for smaller, incremental pieces or work, providing specialists to enhance the installed solutions to address new functions and to ensure optimal operation of the technology.

2010/11/13

VMware VAAI Certification Test Summary

Filed under: virtualization — Tags: , , , , , , , — iben @ 17:47

VMware VAAI Certification Test Summary

Based on the VMware VAAI Certification Guide Revision date: 20101011

This guide is intended for VMware partners who want to certify VAAI storage with ESX to claim compatibility in the VMware HCLs.

The vStorage API calls off load certain storage operations to the storage array and optimize the storage operation. They are the new application programming interfaces in the VMKernel. Using a small set of primitives or fundamental operations that can be issued to an array supporting these interfaces, ESX can improve the performance on certain storage operations such as cloning, snapshotting, mirroring, zeroing blocks, and replication.

You certify these offload operations with your storage arrays and use this certification to obtain a listing in the VMware compatibility guide:

  • Atomic Test and Set (ATS) also known as Hardware Assisted Locking: a mechanism to modify a disk sector to improve the performance of ESX updating metadata.
  • Full Copy: given a source range of LBAs, copies them into the given destination range of LBAs.
  • Block Zeroing or Write Same: zeroes out the given range of LBAs.

VAAI Certification Test Process List

  1. BlockZeroDiskTest
    1. This test verifies that when ESX uses the VAAI BlockZero primitive, an eager‐zeroed‐thick vmdk volume is created faster.
    2. The operation compares execution time with and without enabling the VAAI BlockZero primitive. The test passes only if the execution time with VAAI enabled is less than with VAAI disabled.
    3. The test is conducted with continuous I/O to the array under test from four virtual machines running on the ESX host.
    4. IMPORTANT Do not run any extraneous workloads on the storage array under test during the first 30 minutes of this test to avoid the possibility of non‐constant workloads skewing the test times and causing a test failure.
    5. Estimated test time: 30 minutes
  2. BlockZeroRDMTests
    1. This test verifies that zeroing a vmdk volume on an RDM disk is performed correctly when ESX uses the VAAI BlockZero primitive. The test is run on both a non‐pass‐through RDM as well as a pass‐through RDM disk.
    2. The operation is conducted with and without enabling the VAAI BlockZero primitive. The test logs note the execution times with and without the VAAI BlockZero primitive, but the time does not determine test passing or failing.
    3. The test is conducted with continuous I/O to the array under test from four virtual machines running on the ESX host.
    4. Estimated test time: 5 minutes to 3 hours
  3. BlockZeroMultiOffloadTests
    1. This test verifies that simultaneous creation of virtual disks on a shared datastore from two ESX hosts with VAAI BlockZero primitive enabled functions properly.
    2. The operation is conducted with and without enabling the VAAI BlockZero primitive. The test logs note the execution times with and without the VAAI BlockZero primitive, but the time does not determine test passing or failing.
    3. This test is conducted with no I/O to the array under test.
    4. Estimated test time: 10‐20 minutes
  4. FullCopyDiskTest
    1. This test verifies that when ESX uses the VAAI FullCopy primitive, a vmdk volume clones faster.
    2. The operation is conducted with and without enabling the VAAI FullCopy primitive. The test logs note the execution times with and without the VAAI FullCopy primitive, but the time does not determine test passing or failing.
    3. The test is conducted with continuous I/O to the array under test from four virtual machines running on the ESX host.
    4. Estimated test time: 36 hours, with a majority of the time spent verifying cloned volume contents.
  5. FullCopyRDMTests
    1. This test verifies that cloning a vmdk volume to an RDM disk is done correctly when ESX host uses the VAAI FullCopy primitive. The test is run with both a non‐pass‐through RDM as well as a pass‐through RDM disk as the destination disk.
    2. The operation is conducted with and without enabling the VAAI FullCopy primitive. The test logs note the execution times with and without the VAAI FullCopy primitive, but the time does not determine test passing or failing.
    3. The test is conducted with continuous I/O to the array under test from four virtual machines running on the ESX host.
    4. Estimated test time: 18 hours, with a majority of the time spent verifying cloned volume contents.
  6. FullCopyCloneVMTests
    1. This test verifies that virtual machine cloning operations function properly with the VAAI FullCopy primitive enabled.
    2. The test clones a virtual machine to both the same datastore as the source virtual machine as well as to a different datastore.
    3. The operation compares execution time with and without enabling the VAAI FullCopy primitive. The test passes only if the execution time with VAAI enabled is less than with VAAI disabled.
    4. The test is conducted with continuous I/O to the array under test from four virtual machines running on the ESX host.
    5. IMPORTANT Do not run any extraneous workloads on the storage array under test during the first 30 minutes of this test to avoid the possibility of non‐constant workloads skewing the test times and causing a test failure.
    6. Estimated test time: 1 hour
  7. FullCopyCloneVMRDMTests
    1. This test verifies that virtual machine cloning operation from a non‐pass‐through RDM LUN to a pass‐through RDM LUN functions properly with the VAAI FullCopy primitive enabled.
    2. The operation is conducted with and without enabling the VAAI FullCopy primitive. The test logs note the execution times with and without the VAAI FullCopy primitive, but the time does not determine test passing or failing.
    3. The test is conducted with continuous I/O to the array under test from four virtual machines running on the ESX host.
    4. Estimated test time: 32 minutes
  8. FullCopyMultiOffloadTests
    1. This test verifies that the VAAI feature improves concurrent Full Copy from two ESX hosts.
    2. The operation is conducted with and without enabling the VAAI FullCopy primitive. The test logs note the execution times, but the time does not determine test passing or failing.
    3. This test is conducted with no I/O to the array under test.
    4. Estimated test time: 20 minutes
  9. ATSFileOpTests
    1. This test verifies that when ESX enables the VAAI ATS primitive, the file create, delete, read and write operations perform faster with simultaneous access to the LUN from two ESX hosts.
    2. The operation compares execution time with and without enabling the VAAI ATS primitive. The test passes only if the execution time with VAAI enabled is less than with VAAI disabled.
    3. This test is conducted with no I/O to the array under test.
    4. IMPORTANT Do not run any extraneous workloads on the storage array under test during the first 30 minutes of this test to avoid the possibility of non‐constant workloads skewing the test times and causing a test failure.
    5. Estimated test time: 12‐20 minutes
  10. ATSMultiLengthFileTests
    1. This test verifies that when ESX hosts use the VAAI ATS primitive, simultaneous file modifications from two ESX hosts function properly.
    2. The operation compares execution time with and without enabling the VAAI ATS primitive. The operation is conducted with and without enabling the VAAI ATS primitive. The test logs note the execution times, but the time does not determine test passing or failing.
    3. This test is conducted with no I/O to the array under test.
    4. Estimated test time: 3‐10 minutes
  11. ATSReserveTests
    1. This test verifies that when ESX hosts use the VAAI ATS primitive, file locking and unlocking modifications from two ESX hosts function properly.
    2. This test is conducted with no I/O to the array under test.
    3. Estimated test time: 3‐5 minutes

2010/11/04

Storage IOPS per VM

Filed under: virtualization — iben @ 12:34

The number of VMs is directly limited by the storage capacity and performance requirements measured in GB (Gigabytes) and IOPS (Input Output Operations Per Second). For starters you need fast disks.

http://en.wikipedia.org/wiki/IOPS#Examples

  • 7200RPM SATA drives – ~90 IOPS
  • 15kRPM Serial Attached SCSI drives – ~180 IOPS
  • Simple SSD – ~400 IOPS
  • ioDrive, a PCI-Express card with Flash – >80,000 IOPS

How to “see” IOPS usage on ESX or vCenter…

http://communities.vmware.com/thread/273268

As an example, Windows XP 32 bit VM would need 10 to 20 IOPS and 10 to 20 GB Capacity.

Windows 7 – 64 bit would pretty much double that. A high performance server VM could easily need 2000 IOPS.

http://blogs.vmware.com/performance/2010/05/exchange-2010-disk-io-on-vsphere.html

And – make sure your product roadmap shows how many IOPS just ONE ESX host can drive…

VMware: VROOM!: 100,000 I/O Operations Per Second, One ESX Host

To demonstrate the scalability of the ESX I/O stack, we decided to see if ESX could sustain 100,000 IOPS.

http://blogs.vmware.com/performance/2008/05/100000-io-opera.html

2010/10/28

VAAI – Hitachi

Filed under: virtualization — iben @ 15:31

When VMware released VMware vStorage APIs for Array Integration (VAAI) on July 13, 2010, Hitachi jointly released support for these APIs on our AMS 2000 storage arrays.

The testing that has been done with Hitachi Dynamic Provisioning volumes on an AMS 2300 with VAAI has shown the following results:

  • Full copy – 18% performance improvement (speed to copy VM’s)
  • Write same – 85% performance improvement (speed to clone VM’s)
  • Hardware Assisted Locking – 25% to 35% performance improvement including the removal of SCSI reserves (powering on 1400 VM’s on 4 x Servers simultaneously)

http://blogs.hds.com/hu/2010/08/hds-at-vmworld-2010.html

Hitachi storage integration with VAAI includes:

  • Hardware-assisted Locking: Provides an alternative means to protecting the VMFS cluster file system’s meta data
  • Full Copy: Enables the storage arrays to make full copies of data within the array without the VMware vSphere host reading and writing the data
  • Block Zeroing: Enables storage arrays to zero out a large number of blocks to enhance the deployment of large-scale VMs.

Hitachi Dynamic Provisioning allows organizations to create a storage pool from which capacity can be used as-needed to improve performance and utilization. Additionally, Hitachi Load Balancing active-active symmetric controllers distribute VMware workloads across all paths to ensure optimal performance by eliminating I/O path thrashing, which leads to performance degradation. This integration significantly enhances the customer experience through:

  • Improved scalability: More VMs per data store; better storage utilization
  • Improved performance: VMware vSphere offloads storage specific tasks to the arrays, freeing up cycles on the host for other workloads
  • Improved ROI: Faster time to deployment means less coordination between VMware and storage administrators
  • Reduced OPEX and CAPEX costs

http://www.hds.com/corporate/press-analyst-center/press-releases/2010/gl100713.html

See Also: http://storagenerve.com/2010/09/30/vaai-and-automated-storagetiering-with-storage-virtualization/

« Newer PostsOlder Posts »

Powered by WordPress