Umpteen tools to fight VM sprawl
There's a virtual machine born every minute
VMworld There were 12,500 attendees at the VMworld virtualization fest in San Francisco this week, and apparently half of them were peddling software to help companies cope with virtual machine sprawl or otherwise manage virtualization in the data center or on the desktops.
The other half were presumably being sold these tools. No word if anyone is buying.
This is by no means an exhaustive list of all of the virtualization wizardry shown at VMworld this week, but it gives you a taste for the kinds of gadgets that companies other than VMware are building to try to make a little dough from this virtualization wave.
VKernel, which started shipping its first set of virtualization management tools in April 2008 and which has raised $11.6m in two rounds of funding, now has over 200 customers using its Capacity Analyzer tool, which looks at all the physical resources available in a stack of servers sporting VMware's ESX Server hypervisors and helps system administrators figure out where to plunk VMs and their workloads. The tool also helps them figure out where future bottlenecks will be, based on trend data from the running VMs.
At VMworld, VKernel was showing off some new gadgets collectively called the Optimization Pack. Wastefinder sniffs around the servers and their hypervisors and identifies zombie VMs, templates, and snapshots that are using up disk, memory, and CPU capacity so this capacity can be reclaimed by sysadmins. (The problem, apparently, is that VMware's vCenter has tools to create VMs, but doesn't have garbage collection.) In beta tests, VKernal says that anywhere from 10 to 20 per cent of this capacity can be reclaimed by using Wastefinder.
A second feature of the pack is called Rightsizer, which uses historical data culled from the Capacity Analyzer to dynamically adjust CPU, memory, and disk capacity allocated to VMs. System administrators are used to overprovisioning in physical environments, and apparently they are carrying over these habits to cover their butts in a virtual environment. The net effect of this is that instead of getting 10 to 12 VMs per processor socket as their bosses expect, they are getting somewhere between 5 to 7, says VKernel. The third feature of the Optimization Pack is called Inventory, and is a dashboard that shows all the hypervisors and VMs running in an ESX Server environment.
Capacity Analyzer and the Optimization Pack currently only support ESX Server, but Kevin Conklin, vice president of product management and marketing at VKernel, says that in the fourth quarter the company will talk more about what it will do to support XenServer, Hyper-V, and other hypervisors. A bundle with Capacity Analyzer 4.1 (which has only been out for two weeks) and the Optimization Pack costs $399 per processor socket for each managed server node for a perpetual license, which includes a year of maintenance; a subscription license costs $179 annually per socket.
Embotics, which has been peddling its V-Commander virtualization management tool since September 2007, kicked out its 3.0 release at VMworld and also announced a partnership with Surgient, which makes a dynamic resource and capacity management tool of its own.
Embotics has a freebie product called V-Scout, which is used to inventory VMs in real time as they run out on the network, replacing the spreadsheets that sysadmins are using as they track VMs by hand. V-Commander is an agentless and driverless VM discovery, tracking, and costing system for ESX Server VMs.
With the 3.0 release, V-Commander is sold as three separate modules instead of one package, making it is cheaper for companies to get started. There is a federated inventory management module, which is a glorified version of V-Scout that includes the basic cost-accounting features. This module costs $85 per processor core on each server under management.
The resource and cost-management module adds a policy layer that helps manage the deployment of VMs not just based on the resources available and application service levels, but on the budgetary constraints for those applications. This module also identifies VMs that can be removed from the system so their resources can be reclaimed for other VMs; it costs $110 per core under management.
The operational and risk-management module locks down security on the VM repository and audits everything that happens with the VMs, making sure people don't launch unauthorized VMs or move VMs to parts of the network where they're not allowed. It costs $130 per core under management.
V-Commander 3.0 integrates with VMware's vCenter management tool, and according to David Lynch, vice president of marketing at Embotics, the tool can interrogate all of the VMs under its control to get historical data on all the VMs in a big network of machines in an hour or two. Right now, V-Commander only supports the ESX Server hypervisor, but with V-Commander 4.0 sometime in 2010, support for Microsoft's Hyper-V will be added. The XenServer hypervisor is slated for support after that, and a few customers (mostly hosting companies) are apparently asking for it now.
The partnership between Embotics and Surgient will see the two cross-sell their respective V-Commander 3.0 management and Virtual Application Platform 6.1 provisioning tools side-by-side. You can find out about Surgient's tools, which were updated in April, here .
Hyper-V bundle of joy
Now that Hyper-V Server 2008 R2 has been pushed out  this week to try to steal some thunder from VMware's vSphere and ESX Server 4.0 products, Microsoft needs to get its management-tools act together because now that Hyper-V has live migration and high-availability failover, companies are actually going to start using it.
And so Microsoft has announced a little something called System Center Essentials Management Suite, which combines its basic System Center Essentials 2007 tool with the System Center Virtual Machine Manager 2008 Workgroup Edition plug-in for managing Hyper-V.
The suite also includes a free upgrade through channel partners to System Center Essentials 2010 when it comes to market in the second quarter of next year. The promotion will be available starting on October 1, and Fujitsu and Lenovo are first up peddling the upgrade protection; others will no doubt follow.
According to Microsoft, the bundling of the tools when bought from Microsoft costs $2,868, with SCVMM retailing for $869; OEM suppliers are expected to sell it for less. Those getting the tools through Microsoft's volume licensing deals can expect can get SCVMM Workgroup Edition for $505, and the suite plus two years of Software Assurance would retail for about $3,500, with volume discounting prices as low as $2,000 a pop.
Whatever happened to a product with a price someone could understand?
Throwing Project Javelin over the wall
Many of the guys who created the Red Hat commercial Linux distribution are up the road from Red Hat at a company called rPath, which created this neat variant of Linux with its own repository for creating and patching applications. rPath has been selling the tool to ISVs who are constantly mucking around in their code, but who want some kind of release automation to control how this code is rolled out.
While this is a good-enough business, now rPath wants to position its rPath Builder repository as a means of performing software-release automation within enterprises that are managing their own application stacks.
"The idea is to fill in the gaps between apps and ops," says Jake Sorofman, vice president of marketing at rPath. "Change is the devil in the enterprise. Programmers create these works of art, and then they throw it over the wall to the operations people. There is no version control for both sides of the data center, and when things break, you can't troubleshoot or do rollback."
Which is why virtualization is so popular in the development and test environment, by the way.
The thing about using rPath as a release-automation tool is that because the repository controls all of the applications, it is akin to a version-control system for deployed applications, much as programmers have version control for the code they test on the apps side of the wall.
The trick is to take rBuilder, which was created to manage intra-system dependencies for the hypervisor, operating system, and application stacks that run on them (or that get pushed out to the cloud ) and expand it out to handle inter-system dependencies for multi-tier applications. This work is being done at rPath under a year-long effort known as Project Javelin.
The future rBuilder repository will manage applications at the service levels that business managers think of them in, not the system-level constructs that IT managers use as they think and talk about the same applications. That repository will also manage all of the configuration data for systems - IP addresses, storage arrays, and so forth - just like it manages software elements in an application stack today. So, if someone makes a mistake changing network or storage settings, it can be instantly rolled back.
Project Javelin will also include self-service provisioning of applications and the physical and virtual iron that supports those apps. The idea, says Sorofman, is to let lines of business and their application-development groups take control of the deployment, maintenance, and retiring of infrastructure to support those applications - all with the policies controlled centrally by the IT department so they can't do something stupid.
Sorofman says that rPath has 75 customers today, with 63 of them being ISVs. But 90 per cent of the company's current business pipeline is for customers trying to figure out how to use rPath as a version-control system for their own apps. Project Javelin, the company hopes, will give it a bigger foot to get into the doors of the data center and the boardroom.
High trust - well, no, actually
HyTrust, which peddles appliances that lock down access to virtual machines and provides an audit trail for the things system administrators do as they change around hypervisors and VMs, kicked off the 1.5 release of its appliance during VMworld.
With the HyTrust 1.5 release, VMware's ESX Server 4.0 and ESXi 4.0 hypervisors can be put under control of the appliance; the 1.0 release of the appliance that was announced in May only supported the ESX Server 3.5 hypervisor. The HyTrust 1.5 appliance also can support VMware's Distributed Switch, which is embedded into the ESX Server hypervisor and which virtualizes network connections; the 1.5 appliance also supports the Nexus 100V virtual switch created by Cisco for its "California" Unified Computing System.
The HyTrust 1.5 appliance also includes two-factor authentication for access to VMs, so administrators can be asked not only for a user name and password but also for a security token (like the kind that financial firms often use to restrict access to systems). It can also wrap metadata around virtual machines and their resources to better organize and manage those VMs. With this feature, you can ensure that a certain admin can only create VMs that run on specific servers and can be linked to specific networks and storage.
Eric Chiu, president and chief executive officer at HyTrust, says the appliance will be tweaked to support the XenServer hypervisor from Citrix Systems in the second quarter, and will eventually support Microsoft's Hyper-V hypervisor. The HyTrust 1.5 appliance can be acquired as a virtual appliance running inside an ESX Server VM for $3,500 (the appliance is coded in Java and is tuned for Linux), or on a literal hardware appliance for $7,500. You pay an additional $500 per socket per server under management on top of this to use the appliance. Chiu says that the appliance can support hundreds of ESX Server hypervisors per instance, and that the typical ESX Server instance has around ten VMs these days, so you are talking about being able to manage the access to thousands of VMs. ®