|
FISHMANPET posted:So as I read through Masterping vSphere 5 and VMware vSphere Design, I'm mentally planning my departments virtualization build out (and my boss is listening to me on this, so I can't gently caress it up) and I decided to look for 10 Gb Switches. If you haven't bought these yet, Dell steered us toward the 8024F for our VM project. The switch is way cheaper than the 10GBase-T switch and Twinax SFP+ Direct connect has lower transceiver latency than cat6/7. If you are just doing a top-of-rack install that is within the 10m distance of twinax I can't think of a good reason to use cat6/7. Nukelear v.2 fucked around with this message at 15:41 on Apr 13, 2012 |
# ¿ Apr 13, 2012 14:55 |
|
|
# ¿ Apr 25, 2024 05:21 |
|
FISHMANPET posted:Wow, the 8024F is $3400 cheaper than the 8024. I assumed we'd need to buy SFP+ modules for each of those ports, I didn't realize there existed a cable with an SFP+ end. I assume that I can then plug those into an Intel SFP+ NIC. That's not really an issue unless you need the slots for something else. My setup is 12G, R620's with a Broadcom 57810 dual port SFP+ for iscsi and the daughter card is a quad port 1Gig for general network. Also not an issue because in two years everything will be different. Edit: Actually look like they do have a daughter card, that actually looks pretty sweet, Broadcom 57800 2x10Gb DA/SFP+ + 2x1Gb BT Network Daughter Card Nukelear v.2 fucked around with this message at 16:48 on Apr 13, 2012 |
# ¿ Apr 13, 2012 16:22 |
|
skipdogg posted:
I know next to nothing about HyperV but doesn't it use Windows clustering, which requires AD? That would require an annoying bootstrap process to get working and then of course should the cluster ever fail.. Vmware wins again.
|
# ¿ Jun 14, 2012 16:27 |
|
Digital_Jesus posted:Hyper-V just installs a barebones version of Server 2k8 R2 to run the hypervisor, it doesn't require AD at all. If you've got multiple Hyper-V hosts though this becomes a problem since multi-host management is handled by Server Center. I only tested out Hyper-V with one physical host before deciding to go with VMware, so I didn't have to worry about managing multiple Hyper-V Hosts. Yea didn't mean Hyper-V itself required it, just if you wanted to run it in a cluster mode, which any rational person should. To sate my own curiosity I dug up the docs on setting up Hyper-V clustering from MS and here it is: • Domain role: All servers in the cluster must be in the same Active Directory domain. As a best practice, all clustered servers should have the same domain role (either member server or domain controller). The recommended role is member server. • Domain controller: We recommend that your clustered servers be member servers. If they are, you need an additional server that acts as the domain controller in the domain that contains your failover cluster.
|
# ¿ Jun 15, 2012 14:18 |
|
LmaoTheKid posted:I'm in the pre-pre-pre stages of analyzing our current setup for virtualization. Windows has Performance Monitor built-in. You can run the whole show from a single machine and record to disk for later analysis. http://blogs.technet.com/b/cotw/archive/2009/03/18/analyzing-storage-performance.aspx
|
# ¿ Jun 25, 2012 15:41 |
|
stubblyhead posted:I have a 2008 VM that runs a java-based application, and a while ago the jvm poo poo itself. It restarted itself, but I opened a support case with the vendor to figure out what happened. They say that based on the logs an dump info I sent them, it appears to be a memory problem and would like me to do a memory test on the server. Am I correct in thinking that there won't really be any value in doing this on a VM? Since it's just being allocated some chunk of memory on the esx host, couldn't a potentially bad memory area be allocated to some other server right now? Did it poo poo itself weekend before last? I'm going to assume it's a leap second issue.
|
# ¿ Jul 9, 2012 18:34 |
|
CSParsons posted:I'm having a hard time finding what I would guess would be a product that exists. http://www.layeredtech.com/ Those guys can offer pretty much the full gamut; run your VM's on their fully managed cloud infrastructure, stick your VM hardware in a rack and they will manage everything, stick your VM hardware in a rack and do everything yourself. The middle option is the one that's fairly unique and it's what we use. Don't have to share metal with anyone nor keep SAN/VM admins staffed 24/7.
|
# ¿ Jul 25, 2012 19:59 |
|
DevNull posted:11 acronyms and 18 words. Welcome to VMware. Yes but none of those had a lower case 'v' in front of them, progress!
|
# ¿ Aug 30, 2012 17:19 |
|
Corvettefisher posted:http://www.supermicro.com/products/nfo/FatTwin.cfm Off the top of my head Etsy runs almost entirely on Supermicro. We've used them and I have no complaints. Edit: Not for virtualization though. http://codeascraft.etsy.com/2012/08/31/what-hardware-powers-etsy-com/ Nukelear v.2 fucked around with this message at 18:02 on Sep 12, 2012 |
# ¿ Sep 12, 2012 17:59 |
|
Has anyone ever seen a Windows CIFS copy knock down a host NIC before? One of our developers did a big copy (26k files 1.5Gb) from one vm web server to another across hosts. Within a few seconds the copy failed and nearly every VM on the destination VM's host lost network for 5 minutes. The host has an entry 'Uplink vmnic0 has recovered from a transient failure due to a watchdog timeout' The funny thing is that if I change targets around wherever I send the copy to the target VM's host interface dies, so it wouldn't just be a single failing nic. As one other datapoint, we have mirrored hardware at our DR site but I can perform the copy just fine. The only difference I can see is that problem site uses vmxnet3 and our DR site uses E1000. Edit: Using ESX5. Both hosts use teamed active nics with the default source port balancing policy. These are also not our iscsi nics, so the increased iscsi load shouldn't be affecting it. If the copy occurs from two vm's on the same host, it completes just fine. Nukelear v.2 fucked around with this message at 20:14 on Oct 18, 2012 |
# ¿ Oct 18, 2012 20:05 |
|
Mierdaan posted:Check your switch for output drops? sh int count err I'll loop in the network guys to take a look. I would have expected to see drop errors in the vmware host performance graphs, but there was nothing.
|
# ¿ Oct 18, 2012 21:03 |
|
Corvettefisher posted:I am a bit confused here what is your setup look like? If it is 26k files that is a ton of I/O requests, you may be maxing out your IOPS. Basically DOS'ing the storage, causing the VM's to lose access to disk and funky stuff happens when datastores are DOS'd. Each host runs 6 nics total: 2xiscsi(10G), 2xproduction traffic(1G), 2xmanagement(1G). 4 hosts with an EQL PS4110 backend. Storage backend is dual 10G nics on separate 10Gig switches, different nic/switch than the one that dies. I do get warnings on storage latency when this copy happens but I think it's because esx5 got really sensitive about throwing them, it's complaining that latency went from under 1k to 81k MICROseconds. The NIC that dies isn't an iscsi nic, it's a production network traffic nic. If I do this copy from VM's that are on the same host (thus no actual network traffic across the production links) then it completes just fine with the same latency warnings. I'll double check, but everything seems as up to date as I can without going to 5.1 Nukelear v.2 fucked around with this message at 23:20 on Oct 18, 2012 |
# ¿ Oct 18, 2012 21:33 |
|
Corvettefisher posted:I won't say this is the issue right here, but I have been burned on performance a few times with Equallogic and the PS4100 isn't their top tier SP. I would be interested what that says with the switches. Turns out it was semi-storage related. The guys who set this up didn't install the equallogic multipath extension, it seems to have been the source of several bouts of strangeness in that site. Wasn't expecting a ton from the ps4110e, but our vm environment doesn't really pull that much io typically. Like most places the real io is in the database tier which is being served fantastically by ps6110xs's
|
# ¿ Oct 24, 2012 14:07 |
|
Goon Matchmaker posted:Does anyone else have a never ending stream of issues with Deep Security? We're on 8.0 SP1 using hotfixed DSVAs. Every day I come in to interface out of sync errors, VAs with / full, etc. TrendMicro doesn't seem to know their rear end from a hole in the ground support wise and tell me to just reboot the DSVA or reboot the guest. Neither of which are particularly acceptable. I've been running it in two production sites for a bit over a month, nothing horrible to report so far. Only issue I have is their retarded notification system, every night when the relay updates I get a series of emails telling me my appliances are not the latest, followed by a series of resolved emails as the appliances pull down the update.
|
# ¿ Nov 5, 2012 18:53 |
|
bull3964 posted:So, what IS a decent virtualization aware backup solution? I see people complain about Veeam quite a bit, but it seems like that's all that everyone uses. I'm pretty happy with the built-in VDP, it de-dupes, it's fast as hell, free and so far it just works. Which is more than I can say for a lot products. But we aren't huge, ~50 VMs per site, so maybe it falls down at huge scale. Edit: Crap, didn't notice you were on HyperV now. VDP is Vmware of course.
|
# ¿ Jan 24, 2013 18:18 |
|
bull3964 posted:Yeah, we are just caught right at the cusp between smaller and larger and that causes some issues. It's tricky finding solutions that we can afford while at the same time offer scalability. We are constantly fighting this battle of either butting up against the limits of SMB hardware/software while the next level of stuff remains tantalizingly out of reach. What is your plan for virtualization then? Sounds like your current platform is not great so you can't shift your physical env into that. So your real budget item is going to be building out something for that. We're pretty similar, we run a mix of .Net/Win and Linux/Java with an MSSQL backend. We've moved everything onto vmware except the sql servers. Dell servers, 10G EQL storage. Really surprisingly cheap, much cheaper than the datacenter it replaced. We use Opsview for monitoring, which is basically a nice gui wrapper around nagios, the windows agent is fairly nice. Totally free with commercial options available. Can write plugins in perl/python/whatever to monitor anything you want. And as mentioned previously, VDP for backup, free with vmware.
|
# ¿ Jan 24, 2013 18:50 |
|
bull3964 posted:My gut right now is telling me VMWare essentials Plus with two R620s to handle the current and legacy linux and 3 R620s with Hyper-v for our windows boxes that don't quite need all the HA options that VMware provides, but I freely admit that stems from me both being comfortable with Hyper-V on 2008 R2 and wanting to play with the new Hyper-V 2012 features. Your gut should be telling you to dump hyperv as well, running two virtual platforms sounds awful. HV's only real compelling feature is cheaper windows licensing, use the best tool for the job, not the cheapest. With 2 platforms both need excess compute capacity to handle failure, they won't share disk space on your san, personnel need to know both, two backup platforms, etc etc. Headaches. Hardware wise that's pretty much what we run, disk-less R620's using PS4110 storage with PowerConnect 8100's (I know this might eventually bite me in the rear end, but god drat Cisco is expensive.) Also, go 10gig for your storage network, don't get the 4100. Yes switches cost more, and yes you don't think your webservers use enough IO to need it, but it will save your rear end. SAN negotiating 101: Before they present you with their EQL solution tell them you are planning on using a Netapp\vnxe but you'll entertain their quote. Eql can get very very cheap. Nukelear v.2 fucked around with this message at 21:33 on Jan 24, 2013 |
# ¿ Jan 24, 2013 20:52 |
|
bull3964 posted:I agree that having everything the same is the way to go and in a vacuum I would jump at it. There are just other considerations. We have ZERO staff expertise with VMware. None. A significant amount of our Windows infrastructure is already on hyper-v. I know there are routes for conversion of Hyper-V VMs to VMWare, but I want to be sure I understand all the caveats of that before I even consider it. Keep in mind that we don't strictly need HA on the vast majority of our windows machines. Our platform is fairly distributed and we can easily survive the temporary loss of groups of machines. I'm really more concerned about how easy it is to get them up and running again after the hardware is recovered. On the cost front: Essentials kits can be upgraded very cheaply and individual processor licenses purchased, it's how we did ours with a 4 node site. No need for 2 kits and 2 vcenter installs. A dual proc R620 doing Vmware enterprise is ~$5k, if you spend $4k for WinDC, not a huge differential. Windows licenses can be pricey, but if you are using Web Edition for most of your installs then that isn't bad at all. Vmware brings more to the table than just better HA, the whole platform is leagues ahead of HV. In terms of VH's, right now you are looking at 2+4. Assuming you have 1 node spare capacity in each platform, consolidating platforms bring you down to 5 hosts and the associated VM savings, (4k win or 5k vm) + 6k hardware. 10 grand right off the bat in addition to all the other software you now won't have to duplicate. Your finance guy won't have the same leverage that you will. Name a competing product and they will dip into special pricing just for loving over certain competitors. Netapp/EMC are your best bets. 100k is entirely doable. I bought way more for not that much more. What you have now: This is probably your most compelling argument for sticking with HyperV, but if you need vmware to run linux then you're going to learn it anyway. As you said growing into is probably a good option, get a 2/3 node kit + san, migrate your legacy apps and once you feel comfortable then expand and migrate the HyperV nodes.
|
# ¿ Jan 24, 2013 22:40 |
|
bull3964 posted:Windows 2012 DC is going to be purchased regardless. DC license grants unlimited virtualization rights per physical host (up to 2 procs) so it's way more economical than buying licenses piecemeal. Wow, didn't notice they got rid of Web. That's an interesting move. So yea using DC to license your VMs make sense. Not saying VMware is itself the cheaper option, even with Web it was always going to be more. The savings come when you offset the costs of having to run two different platforms.
|
# ¿ Jan 25, 2013 00:22 |
|
Misogynist posted:Maybe I'm being an obnoxious pedant, but what exactly does devops have to do with vSphere? My guess would be they want someone who can automate the creation/destruction of the VMs from across all their dc's, and then do the usual devops bits with with puppet/chef/salt. quote:Nimble CS460
|
# ¿ Mar 5, 2013 23:34 |
|
It seems I've tracked the mysterious crashes of my Win08R2 guests to Trend Micro Deep Security. Their filter driver appears to slowly fill up it's heap space and when that occurs all hell breaks loose. Apparently pre-SP1 it purple screened esx, now it just seems to kill my guests. Their initial response of "have vmware prove it's us" and having now done that, all I get is a way to increase heap size so it takes longer before the issue recurs. Any suggestions for a stable AV solution, kaspersky/mcafee/etc... Staying vshield based would be nice, but this kind of sours me.
|
# ¿ Mar 7, 2013 16:24 |
|
Goon Matchmaker posted:What version of DS are you on? I just upgraded to 8.0SP2 and it seems to have resolved quite a few issues. We're running ESXi5.0U2 here. Though it's still a buggy piece of poo poo... 8.0 SP1, none of the filter driver changes for SP2 seem to be related and support didn't think it would help. 9.0 quadruples the default heap size, so that's a bit telling. Issue appears to be related to the network portion of DS, even though we aren't licensed or using it, every connection get entries in that heap. At their suggestion I'm going to change the firewall over to tap mode, might help, I didn't even look at it since we don't use it. Really their solution seems like a band-aid and when it was just a buggy appliance or agent, I could deal with it, but glitchy kernel level code in ESX is pretty untenable to me.
|
# ¿ Mar 7, 2013 18:27 |
|
GreenNight posted:Do any of you use vShield with View, or do you have AV on each VM? We use vshield, not with view, and Trend Deepsecurity. It's terrible and I hate it, if I could go back I'd use a traditional agent. If your environment is doing large amounts of network traffic their filter driver eventually leaks to death and crashes every VM being protected. I know of at least one other goon who had the same issue. Additionally it's a pain to administer and alerts for no reason.
|
# ¿ Jun 11, 2013 18:11 |
|
Moey posted:Have not had any problems with leaks and crashing VMs. It took our actual production volume to cause it, it wasn't something we saw during stress testing, but after a month in prod one by one all the servers would fall over. A view environment may not suffer the same problem. Trend could theoretically fix it easily, if you don't license the network features then don't run them through the filter. Smart Protection errors. Every day when the central server got it's update it would alert that all servers were out of date then over the 10 minutes it would spam 'Resolved' as each server updated, had to disable all out of date alerts for this. VM's will stop being protected when vmotioned randomly with Interface out sync alerts, this is a major pita. Rule Not Applied alerts, immediately followed by Resolved. In terms of memory usage, I have to allocate a 4 Gig appliance on every machine (comes default at 1/2G, they had us increase it), that's a lot of AV agent instances. Also Trend needs a thin agent activated on the VM itself anyway. So I kind of see that as a wash. Edit: Again, these are all just against Trend itself, vshield is fine and vmware support was excellent. Just look at one of the other competing products. Nukelear v.2 fucked around with this message at 19:00 on Jun 11, 2013 |
# ¿ Jun 11, 2013 18:56 |
|
Dilbert As gently caress posted:So does anyone here do a large amount of VDI-in-a-box? As a Dell shop, I'd look at the PowerEdge VRTX that should be available next month. Single chassis, four blade slots, 12/25 disks, no exotic power requirements, tower/rack form. VDI reference arch: http://www.dell.com/learn/us/en/555/business~solutions~engineering-docs~en/documents~dvs-windows-server-2012.pdf
|
# ¿ Jul 18, 2013 14:22 |
|
KennyG posted:I'm looking for a remote VDI solution that is secure but highly accessible... I.e. works over HTTPS, through proxies, hard to block. We use a Juniper SA SSL VPN for secure RDP access for our guys. We use a hardware model, but it's available as virtual image now. The thing is just a never ending font of useful features. Supports a ton of authentication methods, use some form of two factor. Can provide policy based host checking on login, AV installed and current, firewall on, etc etc. Then provides a web interface to predefined resources, internal websites, RDP, SMB Shares, etc. Can also provide gotomeeting style functionality to let me remote people view/control your employees desktops.
|
# ¿ Sep 18, 2013 14:07 |
|
McGlockenshire posted:Does the thread have any recommendations for 10GbE switches that aren't stupidly expensive? We've used the Powerconnect 8100 series for a year doing iscsi for our production environment and so far, knock on wood, no issues with it. Is it as cheap as a Netgear, no, but no, you don't want none of that. Super Secret Saver Pro tip, get the F model and buy the twinax cables as you need capacity, you'll save money and gain more flexibility.
|
# ¿ Nov 4, 2013 18:34 |
|
McGlockenshire posted:I'm going to have a really hard time getting approval to buy anything Dell here. Don't ask. 8100 I couldn't say for certain, usually it's Brocade. There's plenty of other vendors out there, that's just one of the cheaper ones that I trust enough to recommend. I wouldn't let vendor animosity steer you toward a 'prosumer' grade switch like a netgear. A cheap switch will likely cause your major headaches.
|
# ¿ Nov 5, 2013 17:38 |
|
Wicaeed posted:
VM Escape exploits occasionally show up. For the more paranoid you group your VM's in like security zones and don't share hosts/storage between them, i.e. DMZ, Trusted. I used to do this, but have since stopped. How do they keep breaking in? 'New hardware' won't really do much for security unless it's say buying a firewall cause this whole network is in public address space.
|
# ¿ Nov 20, 2013 15:47 |
|
skipdogg posted:Interesting post. I haven't followed up with my co-worker on it. We do have weekly vuln scanning in place though. He's working on upgrading to the latest 5.1 release anyway You don't happen to be using TrendMicro DeepSecurity or some other host level av? Your issue sounds almost exactly like what we had and ended up root causing it to that.
|
# ¿ Feb 4, 2014 18:52 |
|
Mausi posted:Thanks, maybe I should've phrased it as 'who uses Puppet/Salt/etc for managing their VM environment and what are your coding recommendations around it' to make it more relevant to the thread. We use Salt because I'm a python guy so the syntax of everything just made sense to me. Chef/Puppet seemed very complex, way more than I needed. Whereas Salt is moderately straightforward to start using, in an afternoon was able to get a full autoscaling aws system with salt + salt cloud with multiple state configs for my apps. Another even lighter weight option is Ansible.
|
# ¿ May 8, 2014 13:54 |
|
Do anyone have any recommendations/horror stories for a DaaS provider? I like Amazon WorkSpaces because it's Amazon but my client choices seem pretty limited. We use Vmware and horizon sounds cool and there's a slew of partners doing this. Don't know the space very well so trying to get a feel for who the best companies are.
|
# ¿ Aug 19, 2014 23:10 |
|
Richard Noggin posted:I can tell you that if you're looking for a true Windows desktop (Windows 7/8/8.1) from a provider, you won't find it. Microsoft does not allow hosting providers to deliver desktop operating systems. The best you'll get is a Windows Server instance with terminal services and the "desktop experience". Interesting, didn't know licensing was the reason behind that. I've seen it but haven't been too concerned by it, are there any major gotchas because of this? We use terminal services here to handle ~10 remote users and afaik there haven't been many issues with it.
|
# ¿ Aug 20, 2014 14:31 |
|
Richard Noggin posted:The gotchas are apps that are not supported on either a server OS or in a TS session. Other than that, not really. Well hell given that nobody is replying to DaaS, I'm guessing most people do it themselves. I can see the pros to this, so thoughts on Horizon vs Citrix VIB vs HyperV for ~100 users? We're primarily a vmware shop, but I hear citrix is better for this.
|
# ¿ Aug 21, 2014 21:05 |
|
Thanks Ants posted:Do people have an opinion one way or the other on the Windows cluster-in-a-box products like the Fujitsu CX420? One SKU gets you the chassis, two nodes, shared storage, and 2x Windows Server Datacenter licenses. I've been eyeing the Dell VRTX for awhile now to virtualize our low priority office support machines. Same concept except 4 nodes, which to me is the minimum number you'd want for something like this. The lack of expansion and a single point of failure are your obvious downsides. Then I went to a dell lunch for nutanix and now I really want one those instead, but those are serious cash. Wish they would just sell the software decoupled from the hardware, or have vmware buy them and make it be the new vsan.
|
# ¿ Sep 29, 2014 19:01 |
|
Erwin posted:How does EVO Rails compare to Dell VRTX? I have no use case for either, so I haven't looked into either. Different beasts. VRTX shares storage amongst it's blades through a single raid controller. EVO as I understand is hyper convergence and would be comparable to the new Dell XC series which is their Nutanix platform. Each blade has it own's storage and tries to keep it's running VM's on that local storage for vastly improved IO because of data locality. Basically a not lovely version of vsan. TLDR; VRTX is a way to make baby branch office semi-highly available vm platform. Hyperconverged platforms like Simplivity/Nutanix are probably going to be the future of enterprise so you probably want to watch it. Nukelear v.2 fucked around with this message at 17:30 on Nov 7, 2014 |
# ¿ Nov 7, 2014 17:21 |
|
bull3964 posted:You can actually configure VRTX with redundant RAID controllers now which makes it a bit more robust. I was going to post that this options disables the controller cache, but it seems that as of two days ago they put out firmware that fixes that. It's actually a viable option now.
|
# ¿ Nov 7, 2014 19:11 |
|
NippleFloss posted:EVO just uses vanilla VSAN, which does not enforce node locality for data. Nutanix does attempt to keep data local to the node that owns the VM, but I'm not really sure that's necessary as the latency penalties for cross node acces are pretty low. It basically takes you back to SAN level performance, which isn't terrible, but obviously local is better and that's a large selling point. Would say it's also critical to being able to build converged platforms at large scale, something everyone is working to get better at. I have no doubt that vsan will eventually get all the features nutanix has, they just aren't there yet. @Vaporware That would be some pretty impressive firmware. No, don't think so. @Skippdogg It depends what all you shove into it, but yea it'd likely be cheaper than that. The real benefit as you mentioned is the AIO nature, makes the barrier to entry for branches or small shops really low.
|
# ¿ Nov 7, 2014 22:17 |
|
|
# ¿ Apr 25, 2024 05:21 |
|
Internet Explorer posted:Running on what? Two Raspberry Pis? Intel compute sticks, just don't unplug the TV over there, it runs our entire business.
|
# ¿ Mar 26, 2015 14:29 |