vSphere 5 What’s New – Storage DRS

This feature delivers the DRS benefits of resource aggregation, automated initial placement, and bottleneck avoidance to storage. You can group and manage similar datastores as a single load-balanced storage resource called a datastore cluster. Storage DRS makes VMDK placement and migration recommendations to avoid I/O and space utilization bottlenecks on the datastores in the cluster. Storage DRS takes care of the initial placement of virtual machines and VMDK files. This placement is based on Space and I/O capacity. Storage DRS will select the best datastore to place this virtual machine or virtual disk in the selected Datastore Cluster. When Storage DRS is set to fully automatic, it will do automated load balancing actions. Of course this can be configured as manual as well and that is actually the default today. Load balancing again is based on space and I/O capacity. If and when required Storage DRS will make recommendations based space and I/O capacity. It will however only do this when a specific threshold is reached.

vSphere 5 What's New - Storage DRS

View more presentations from Eric Sloof

A datastore cluster is a collection of datastores aggregated into a single unit of consumption for an administrators. When a datastore cluster is created, Storage DRS can manage the storage resources comparable to how DRS manages compute resources in a cluster. As with a cluster of hosts, a datastore clusters is used to aggregate storage resources, enabling smart and rapid placement of new virtual machines and virtual disk drives and load balancing of existing workloads. When you create a VM you will be able to select a Datastore Cluster as opposed to individual datastores. Storage DRS provides initial placement recommendations to datastores in a Storage DRS-enabled datastore cluster based on I/O and space capacity.

During the provisioning of a virtual machine, a datastore cluster can be selected as the target destination for this virtual machine or virtual machine disk after which a recommendation for initial placement is done based on I/O and space capacity. Initial Placement in a manual provisioning process has proven to be very complex in most environments and as such important provisioning factors like current I/O load or space utilization are often ignored. Storage DRS ensures initial placement recommendations are made in accordance with space constraints and with respect to the goals of space and I/O load balancing. Although people are really excited about automated load balancing, it is Initial Placement where most people will start off with and where most people will benefit from the most as it will reduce operational overhead associated with the provisioning of virtual machines.

Ongoing balancing recommendations are made when one or more datastores in a datastore cluster exceeds the user-configurable space utilization or I/O latency thresholds. These thresholds are typically defined during the configuration of the datastore cluster. Storage DRS utilizes vCenter Server’s datastore utilization reporting mechanism to make recommendations whenever the configured utilized space threshold is exceeded. I/O load is evaluated by default every 8 hours currently with a default latency threshold of 15ms. Only when this I/O latency threshold is exceeded Storage DRS will calculate all possible moves to balance the load accordingly while considering the cost and the benefit of the migration. If the benefit doesn’t last for at least 24 hours, Storage DRS will not make the recommendation.

New Book – VMware vSphere 5.0 Clustering Technical Deepdive (video)

I’ve recorded a short interview with Duncan Epping and Frank Denneman. They have released their new book “VMware vSphere 5.0 Clustering Technical Deepdive”. This book is available at Amazon in full colour and e-reader format. Frank and Duncan have written “vSphere 5.0 Clustering Technical Deepdive” to give you a better understanding of all the new clustering features vSphere 5.0 offers and how these integrate with each other.

VMware vSphere 5.0 Clustering Technical Deepdive zooms in on three key components of every VMware based infrastructure and is by no means a "how to" guide. It covers the basic steps needed to create a vSphere HA and vSphere DRS cluster and to implement vSphere Storage DRS. Even more important, it explains the concepts and mechanisms behind HA, DRS and Storage DRS which will enable you to make well educated decisions. This book will take you in to the trenches of HA, DRS and Storage DRS and will give you the tools to understand and implement e.g. HA admission control policies, DRS resource pools, Datastore Clusters and resource allocation settings. On top of that each section contains basic design principles that can be used for designing, implementing or improving VMware infrastructures and fundamental supporting features like (Storage) vMotion, Storage I/O Control and much more are described in detail for the very first time.

This book is also the ultimate guide to be prepared for any HA, DRS or Storage DRS related question or case study that might be presented during VMware VCDX, VCP and or VCAP exams.

Coverage includes

HA node types
HA isolation detection and response
HA admission control
VM Monitoring
HA and DRS integration
DRS imbalance algorithm
Resource Pools
Impact of reservations and limits
CPU Resource Scheduling
Memory Scheduler
Datastore Clusters
Storage DRS algorithm
Influencing SDRS recommendations

Be prepared to dive deep!

For the EMEA folks comcol.nl offered to distribute it again, paper black & white can be found here, and full color here.

What’s New in VMware vShield 5

For vSphere-based environments, vShield solutions provide capabilities to secure the edge of the vDC, protect virtual applications from network-based threats, and streamline antivirus protection for VMware View deployments by offloading AV processing to dedicated security VMs. These new product offerings can start securing infrastructure almost immediately since all the underlying compute resources are already present in the vsphere environment.

These same solutions in the traditional security model would have taken months to authorize and provision in the physical data center. vShield Edge provides network-edge security and gateway services to isolate the virtual machines in a port group. Common deployments of vShield Edge include protecting access to a company’s Extranet. vShield Edge can also be used in a multi-tenant cloud environment where the vShield Edge provides perimeter security for each tenant’s virtual datacenters (or VDC).

vShield Edge secures the edge of a virtual datacenter with firewalling, VPN, NAT, DHCP, and Web load-balancing capabilities that enable rapid, secure scaling of cloud infrastructures. Along with network isolation, these edge services create logical security perimeters around virtual datacenters and enable secure multi-tenancy. New features in vShield Edge include the ability to set up static routing, instead of requiring NAT for connections to the outside, as well as certificate-based VPN. vShield Edge provides network-edge security and gateway services to isolate the virtual machines in a port group. Common deployments of vShield Edge include protecting access to a company’s Extranet. vShield Edge can also be used in a multi-tenant cloud environment where the vShield Edge provides perimeter security for each tenant’s virtual datacenters (or VDC).

vShield App helps you overcome the challenges of securing the interior of your virtual datacenter. vShield App is software-based, it is deployed as a virtual appliance. As a result, vShield App is better than physically securing the virtual datacenter because it is a lot less expensive than buying a number of physical firewalls and segmenting them into different security zones. Also, with vShield App, you can create virtual firewalls with unlimited port density. vShield App provides complete visibility and control of inter-virtual machine traffic in logical security zones that you create. vShield App provides hypervisor-level introspection into the inter-VM traffic. vShield App enables multiple trust zones in the same ESX/ESXi cluster. vShield App also allows you to create intuitive, business language policies, using the vCenter Server inventory for convenience.

What’s new in vShield 5

View more presentations from Eric Sloof

Advanced Grouping capabilities in vShield App allow even more sophisticated policies to be managed with ease Layer 2 protection coupled with APIs enable automatic quarantining of compromised VMs.  vShield Data Security provides knowledge of protected data across cloud environments and lowers cost of compliance by helping define scope Enterprise roles in vShield Manager provides the separation of duties required by security and compliance standards.