vmware-sun-presentation-2010-04
Download
Report
Transcript vmware-sun-presentation-2010-04
SUSTAINABILITY VIA DESKTOP
VIRTUALIZATION
Trials and Tribulations with VMWare, SunRay
and the Sun 7000 Series Storage
INSPIRATION
Virtual Computing Lab
Old Lab space now Offices
Desktop Replacement
Graduate Students target audience
Slow machines (4-5 years old)
Not for everyone
Adequate for most ‘everyday’ tasks
LAYERS
Storage Layer
Network Layer
Sun 7000 series SAN
1 Gbit Switches (10 Gb uplinks)
Virtualization Layer
VMware View 4.0
VMware View Manager 4.0
SunRay Layer
SunRay 5 (well really 4.2)
SUSTAINABILITY
Footprint
Electronic Waste
50 Desktops vs Servers
Power Footprint (sample size 50)
50x Sunray + 2x Server + SAN = (50x3.9w1) + (2x380w2) +
(1x500w3) ~ 1455w
50x Desktop = 50x(128w – 260w4) ~ 6400w – 13000w
LifeSpan
Server LifeSpan vs Desktop
SunRay LifeSpan (4x a regular computer *according to
Oracle)
Management
Easier Upgrade Path
handful of servers vs many desktops
Imaging physical machines vs virtual
http://www.oracle.com/us/technologies/virtualization/061984.html 1
http://solutions.dell.com/DellStarOnline/DCCP.aspx 2
http://www.sun.com/calc/storage/disk_systems/unified_storage/7310/ 3
http://www.dell.com/downloads/global/corporate/environ/comply/precn_t3500.pdf4
SUSTAINABILITY
Software Cost
VMware View 4.0
10 pack license: $1100
3 yr support (free upgrades) per 10 pack: $800
$190/desktop or $63/year
STORAGE LAYER
Sun 7000 Series
ISCSI, NFS, CIFS, FC, IB
Deduplication
Extraordinary capacity savings in this application
Replication
Replicate Important VM’s to a 7110
Snapshots (instant)
Flash acceleration
Analytics
All baked in (no additional licensing costs)
ISCSI vs FC vs IB…
We opted for ISCSI because of the pricepoint
2x Dell 6248 with 10GB uplinks - $2000/each
Comparable FC Switch: $4000/ea + HBAs
Comparable IB Switch: $6000/ea + HBAs
STORAGE LAYER
Concept of Clustering
2 Heads connected together via proprietary
‘heartbeat’ cards
Concept of an “owner” of a resource.
Failover/Failback
½ the resources on each node in a passive state
30 Simultaneous VM’s in use (Matlab)
~35% Memory Usage
10-25% CPU Usage (spiking up and down)
Peak burst of ~300 MB/sec on the SAN (12 spindles)
Average IOP latency ~70ms
125GB Hard Disk Space used
STORAGE LAYER
Analytics
STORAGE LAYER
Analytics:
ARC cache hits – 90%+
Latency becomes an issue under heavy load – 99% of
ops below 125ms
Scaling
Single head, 1 shelf keeping up with 50 vms in our
environment.
2nd CPU, Ram (cache)
additional disk shelves (up to 5.5 more)
up to 6x ‘Read Zillas’ per head (100GB read cache each
Utilize 2nd head (active/active) on both trays
NETWORK LAYER
NETWORK LAYER
10 Gbit uplinks to SAN
1 Gbit connections to ESX servers
NIC Teaming
http://www.vmware.com/files/pdf/virtual_networking_conce
pts.pdf
VM networks, Data network, Management Network
NETWORK LAYER
VMWare ISCSI vs QLogic
Minimal Resource savings with QLogic
QLogic boot off ISCSI
QLogic dual port card
Each head on a dedicated port
Multiple VMKernels (possible?)
VIRTUALIZATION LAYER
VMWare View 4.0
Uses VMware VSphere 4 for Virtualization
‘Enterprise’ license equivalent
VirtualCenter
Central Management of all VM’s
Cloning, Migration, Resource Management
VIRTUALIZATION LAYER
VMware View Server
Manage all View Components
Desktop Pools, Entitlements, Sessions,
VIRTUALIZATION LAYER
VMware Composer
Pools
Automated
Persistent
Dedicate VM’s to each user
Statically assigned when a user logs in
Non-Persistent
Typical “Lab” setup
‘Deep Freeze’ equiv. – machine deleted after logout
Automated Provisioning
Individual/Manual
Single VM
Terminal Server Connector
VIRTUALIZATION LAYER
VMware View Login outside of sunray
Web Based - https
ActiveX/Java Launcher
VIRTUALIZATION LAYER
Resource Management cont’d
VM Settings
Customized per pool/application
Resource Pools
Reserve resources
Set Limits
Linked Clone Copy
Built in DeDuping (VMWare side not SAN side)
32 bit OS’s ONLY
Point a Pool to a VM snapshot
Entitlements
Permission to access a given VM or Pool
Synchronized to AD
SUNRAY LAYER
SunRay Server 5.0
Recommended running on Solaris vs Linux
Kiosk mode
Allows a session to be run without a user actually logging in
Mode used for both VMware View connector and TS connector
Session initiated -> connect to service -> process login session
SSL encryption both up and down
Works flawlessly from home behind NAT
Core Services access to Solaris Sessions
Terminal Server Connector
VMware View Connector
Nearly identical performance to on campus
Solaris acquires the session to VMware/TS and proxies to
SunRay. Session exists on Solaris
SUNRAY LAYER
Management is centralized
Key Card Logins
3rd party AD software required for “card only” logins
Username/Password acquires Kerberos token –
bound to card Sunray Side
“Hot Desking”
Login with Key Card
Pulling Key card == Auto logoff
Keycard can be used to resume session at any other Sunray
SUNRAY LAYER
Setup walkthrough
Install Sun/Ray Package – configure
Install View Connector
Connect to web GUI – https://servername:1661
Enable Kiosk mode – set to Vmware View Manager
Arguments: -s <server> -d <default_domain>
Bootup Sequence
SunRay Powers on
SunRay obtains DHCP address
(optional) Secures a VPN connection
Looks for Option 49 (x-display-manager) from dhcp
Looks for sunray-servers.<dhcp assigned domain>
GUI Pop-Up Menu manual configure
PROBLEMS/DIFFICULTIES
DHCP
VMware View VM’s not releasing DHCP addresses
Blow through 100 ip’s in an hour with a class
Short (1 hour) lease time now
GPO shutdown script to release?
Registry setting? (98/NT only?) Untested
Initial POC VMware View 3
Poor performance with ESX 3.5 software initiator
and Sun 7000 series
2-5MB/sec
Increased to ~20MB/sec when we enabled write cache
on 7000 series LUNs (not the default!)
Upgrade to ESX4 ISCSI initiator maxes out 1 Gbit
connection
PROBLEMS/DIFFICULTIES
SunRay Incompatibilities
View connector only officially supports View 3.0
View 4 coming ‘soon’
No MMR support
No Flash Acceleration
No Windows 7 support (no USB or sound in win7)
Demonstrate performance?
Still ‘adequate’ for most users
1-Way Audio Stream
No Skype or Teleconferencing
VMware View and 64 bit Servers
Even though View 4 came out in Nov. 2009 they do
not support any 64 bit version of windows Server.
Mostly works – until you create replicas
PROBLEMS/DIFFICULTIES
VMware Management tools
NETID authentication
Windows only
Unix/Linux Perl Toolkit (automation?)
NETID users can login to system
Currently cannot entitle NETID users
View browses/binds to LDAP via machine account
Workaround/override with VMware?
One way trust with NETID
Delegated OU’s?
Script adding users
Currently use python to batch add users to AD
Can share if interested
PROBLEMS/DIFFICULTIES
Upgrading the SAN
Clustering alleviates a lot of this
Single 7000 series?
QUESTIONS?
Chris Henry
[email protected]
import win32com,win32com.client
import string
from random import choice
password_size = 6
def add_acct(location,user):
ad_obj=win32com.client.GetObject(location)
ad_user=ad_obj.Create('user','cn='+user['login'])
ad_user.Put('sAMAccountName',user['login'])
ad_user.Put('userPrincipalName',user['login']+'@mydomain.com')
ad_user.Put('DisplayName',user['first']+' '+user['last']) #fullname
ad_user.Put('givenName',user['first'])
ad_user.Put('sn',user['last'])
ad_user.Put('description','Description of Employee')
ad_user.Put('HomeDirectory',r'\\server1\homes\ '[:-1]+user['login']) #user \\server1\homes\<user> for homedirectory
ad_user.Put('HomeDrive','H:')
ad_user.SetInfo();ad_user.GetInfo()
ad_user.AccountDisabled=0
password = ''.join([choice(string.letters + string.digits) for i in range(password_size)])
password = password +'1aB' # append '1aB' to end of password so we're positive it meets complexity requirements
print 'user:' + user['login'] + ',password: ' + password
ad_user.setpassword(password)
ad_user.Put('pwdLastSet',0) #-- force reset of password
ad_user.SetInfo()
def main():
user_list = open('C:\Users\username\Desktop\my_user_list.csv')
for line in user_list:
if line == None:
break
else:
user_info = line.split(',')
user={'first':user_info[1].strip(),'last':user_info[0].strip(),'login':user_info[2].strip()}
location='LDAP://DC1.example.com/OU=myOU,DC=example,DC=com'
add_acct(location,user)
if __name__ == '__main__':
main()