Saturday, March 14, 2015

VMware vSphere 6

Ø  As part of vSphere announcement VMware products announced:
·         vSphere with Operations Management 6.0 = vSphere 6.0 + vRealize Operations Manager Standard 6.0 (available since last December);
·         Virtual SAN 6.0, this is actually the second version of the VSAN solution;
·         vCenter Site Recovery Manager 6.0 – no new features, but just for compatibility with vSphere 6.0;
·         vCloud Suite 6.0 -  with support for vSphere 6 in the different components, vRealize Business Standard is now included;
·         VMware Integrated Openstack 1.0 – something to really look at!

Ø  vSphere Maximums
·         64 hosts per cluster;
·         8000 VMs per cluster;
·         480 CPUs;
·         12 TB RAM;
·         1000 VMs per host.
VMs now support a maximum of 128 vCPUs, 4 TB of RAM, vNUMA aware hot-add ram and USB3.

Ø  Improved: Fault Tolerance
With Fault Tolerance you can protect a virtual machine by running a second 100% identical virtual machine on another host. One of the short comings of Fault Tolerance was that it only supports VMs with 1 vCPU. Fault Tolerance in vSphere 6 now finally supports multi-CPU VMs, with up to 4 vCPUs per virtual machine. 10 Gbit network is very much recommended when you plan to use FT on virtual machines with more than 1 vCPU.
FT protected VMs now support VADP enabled backups, including the required snapshot technology. Note that normal snapshots on FT enabled VMs are not supported.
Fault Tolerance protected VMs now always use Fault Tolerance protected storage, secondary storage is required here. It’s now possible to “hot-configure” (enable) FT on a virtual machine.
Ø  Virtual Machine Component Protection
Virtual Machine Component Protection (VMCP) is a new feature in vSphere 6 and an automated response for All Paths Down (APD) or a Permanent Device Loss (PDL) situation. VMCP protects VMs against storage connectivity failures and misconfigurations.
If a APD or PDL condition occurs, VMs are automatically restarted on a healthy host. This is something which is beneficial for stretched cluster architectures, but is of course useful for any environment using some kind of SAN storage. VMCP is currently only available for storage architectures and not yet supporting  network problems.
Ø  vCenter Server 6.0 Platform Services Controller
The Platform Service Controller (PSC) groups Single Sign On (SSO), Licensing and a Certificate Authority (CA). The PSC replaces these separate components and combines these functionality in one solution.
The PSC comes as an embedded option, or in a centralized/stand-alone option when two or more SSO integrated solutions are available. With the PSC linked mode is completely integrated in vSphere: Microsoft ADAM is not required anymore. You can now also add a VCSA to a linked mode, you can even mix appliance- and Windows-based vCenter Servers.
Ø  vCenter Server 6.0 Certificate Lifecycle Management & Clustering Support
You can now use vCenter Server 6 for complete certificate lifecycle management. The VMware Certificate Authority can act as a root CA or issuer CA.
Ø  Improved: vMotion
Some interesting improvements on vMotion are available:
·         Cross vSwitch vMotion – You can now vMotion from a standard switch to a standard switch, a standard switch to a distributed switch and from a distributed switch to a distributed switch and vice versa;
·         Cross vCenter vMotion – You can now vMotion cross vCenter Server which will change compute, storage, network and of course the vCenter Server.
·         Long distance vMotion – Up to 100ms RTT, no VVOLs required, use cases: permanent migration, disaster avoidance, multi-side load balancing, follow the sun.
·         vMotion can now cross layer three boundaries, so a stretched layer two network is not required anymore.
Ø  vCenter Server 6 Content Library           

With the content library you can store and manage content: you have one central location to manage all content. The content is automatically distributed over different vCenter instances. The maximum size of a content library is 64 TB, you can store a maximum of 256 items and you can have a maximum of 10 simultaneous copies. The synchronization of the content library occurs once every 24 hours.

Multi-factor Authentication

Authentication is the process of proving your identity, or, more simply put, proving you are who you say you are. 

There are three ways for a user to prove they are who they say they when it comes to authentication: 
  1. Something you know -- Usually this will be a password or possibly a PIN
  2. Something you have -- A physical token, mobile phone, key-fob, smart-card, etc.
  3. Something about you -- A unique identifier such as a fingerprint or retinal scan 

Some Jargon Surrounding MFA
  • 2-factor – The use of any two factors available from the multifactor list is specifically called 2 Factor Authentication 
  • Strong Authentication – Simply another way of describing 2-factor and multi-factor authentication.
  • Token – A token is something that you have such as an ATM card, a key fob, a smartcard, a cell phone, piece of software, etc.
    • Synchronous tokens have a clock or event trigger, which, the authenticating system keeps in sync with by having the same clock or event counter.  A user has the ability to generate a code by looking at their token at the time of authentication or by pressing a button on the token to generate a code to use. 
    • Asynchronous tokens, or, Challenge/Response tokens do not require an internal clock or event counter. Instead the authenticating system issues a challenge, often a short set of numbers/letters or both that must be entered into the token in order to generate a response. Given any challenge, only one token could issue the expected response. 
    • Token Code is the value or number generated by most token types to be used during the authentication.  The token code is generated using a token seed, a unique attribute or number specific to the token, and, an algorithm.   
    • One Time Password (OTP) is a type of token code that gets generated by a token.  There is nothing particularly special about an OTP over a Token Code other than once received and used by the authenticating system, it cannot be re-used.   OTP’s are more secure just than a regular token code, however it can cause issues if the user needs to perform multiple authentications within a short period of time.

Authenticating systems maintain an association of tokens with each individual user. The authenticating system, knowing the unique seed installed on the token, ensures the token code generated could have only come from that particular token.
Smartcard is another form of token. Similar to a bank card or ATM card, a smartcard contains a special computer chip which stores additional information to that store on the magnetic strip. Smartcards are used pervasively in Europe as credit cards and they are making their way into the U.S.   
Bio-Metrics are devices such as fingerprint readers, retinal scanners, facial recognition solutions, voice recognition, and so on. 
Radio-frequency identification (RFID) is another token-type technology which allows the detection of a token. This works when in close proximity to the device which you are authenticating against. 
Out of band authentication is when authentication is being performed via a different channel to the one which you are accessing.  A common example of out of band authentication is a telephone or text-based verification system that sends a one-time access code to gain access to an application. Your phone essentially becomes the token in order to validate your identity. The point is that the authentication process could start on a computer network and require a code delivered over a mobile network to complete the process. 


CloudStack & OpenStack

Cloud services are fighting for market share and are developing the next generation of cloud management systems. Arguably the four biggest players in the market currently are OpenStack, CloudStack, Eucalyptus and OpenNebula.

CloudStack : Running on hypervisors like KVN, vSphere, XenServer, and now Hyper-V, CloudStack is an open-source cloud management platform designed for creating, controlling, and deploying various cloud services. With its growing API-supported stack, CloudStack already fully supports the Amazon AWS API model.
  • What’s good: It really does keep getting better. The latest release of CloudStack is actually pretty nice. The deployment is really smooth consisting of only one VM running the CloudStack Management Server and another to act as the actual cloud infrastructure. In reality, you could deploy the whole thing on one physical host.
  • The challenges: The first stable release of CloudStack is less than 2 years old, and some still question the rate of CloudStack adoption. Even with some big advancements, some complain that the architecture and installation process – although simplified – still requires quite a bit of knowledge and time to deploy.
  • What’s new:4.1 (with 4.4.2 just released) sees improved security, hypervisor agnosticism, and advanced network-layer management. Also big updates revolve around:
    • Improved Storage Management
    • Virtual Private Cloud tiers can now span guest networks across availability zones
    • Support for VMware Distributed Resource Scheduler
    • Improved Support for Hyper-V Zones, VPC and Storage Migration
  • Who’s using itDataPipe currently deploys its global cloud infrastructure on CloudStack. According to DataPipe, their reasons for moving to the platform include:
    • Paused VMs maintain machine state without compute charges
    • Scale storage independent of compute
    • Single security zone across all regions
    • Access to Hong Kong Economic Zone, and Shanghai (Mainland China)
    • Additional cost savings as a result of high performance VM’s that require fewer computing resources
Outside of Datapipe – CloudStack’s largest current user – there have been other smaller but important adopters as well. This includes Shopzilla, SunGard Availability Services, CloudOps, Citrix, WebMD Health, and several others.
The general consensus is that CloudStack, although strongly gaining popularity, is that it is still in the shadows of OpenStack.

OpenStack: Managed by the OpenStack foundation, the actual platform consists of multiple interrelated stack-based projects. These all then tie into one management interface to provide a cloud computing management platform.
  • What’s good: It’s definitely a more mature product. Furthermore, there are more than 150 companies (AMD, Brocade, Dell, HP, IBM, VMware, and Yahoo) who are all contributing to development. It’s seen as the leader in cloud platform management and momentum around growth continues.
  • The challenges: Even with so much adoption and development around the platform, OpenStack is still challenging to deploy and, in many cases, needs to be managed from various CLI consoles. The fragmented architecture consists of a number of different modular components including– Compute, Open Storage, Block Storage, Networking, Dashboard, Identity Service, Image server, Telemetry, Multiple Tenant Cloud Messaging, Elastic Map Reduce, and others. The good news is that there are a lot of configuration and installation scripts out there to use as a template.
  • What’s new: Yes, there are still some technical and deployment challenges. Has this stopped adoption momentum? Not at all. The latest release of Juno touts 342 new features. The Juno release adds enterprise features such as storage policies, a new data processing service that provisions Hadoop and Spark, and lays the foundation for OpenStack to be the platform for Network Functions Virtualization (NFV), a major transformation driving improved agility and efficiency in telco and service provider data centers.
  • Who’s using it: Oh yeah, this list is impressive and yes, it’s growing. Jointly launched by NASA and Rackspace Hosting, OpenStack had some serious backers from the onset. Now, OpenStack is utilized by such organizations as AT&T, CERN, Yahoo!, HP Public Cloud, Red Hat OpenShift and several others.

Let’s face facts: OpenStack is a more mature and more widely adopted platform. But that doesn’t mean it’s not facing the heat of other players in the market. There is a lot of money being pumped into platforms like CloudStack and even Eucalyptus. Right now, OpenStack is enjoying a mature product set with some very high profile users.