Feeds

Leave nothing behind when migrating virtual machines

Ensuring a smooth move

Intelligent flash storage arrays

We migrate virtual machines (VMs) for all sorts of reasons: to load balance our physical hosts, say, or to offload a server so it can be taken offline for maintenance, or because the original host has failed. But in every case we want no interruption to the VM's operation, or at least as little interruption as possible.

That means its network resources need to move with it so that when it lands on a target physical server it can immediately start processing data and moving it across the network.

Much of that is taken care of by the hypervisor and the migration tools, according to Jon Cairns, director of systems engineering for northern Europe at VMware.

“You do need the ESX hosts to be on the same subnet to ensure connections are maintained,” he says.

Double vision

He adds that to move a VM, you also need networked storage that both hosts can see, as it is only the image in memory, not the data, that moves. And it needs a fast interconnect – ideally a second network.

“VMotion starts with a pre-copy in the background. The VM is still accessible as normal but the software is doing a dynamic page copy. Then eventually it suspends the VM for a split-second, does a final copy and restarts it on the new host,” he says.

“VMotion manages the virtual MAC address, and when the memory copy is complete and the VM comes up, it pings the router to ensure the new host is recognised. Everything configured within the VM should go with it.”

Paul Martin, systems engineering manager EMEA for VM replication specialist Quest Software, says the same-subnet requirement can be a problem.

Play your cards

For example, if the reason for moving a VM is fail-over, it may not be an option to run both hosts on the same site or subnet. In this case one option is dual virtual network interface cards (NICs) within the VM, either using Powershell to automate NIC failover, or editing the VM by hand.

“Other customers use NAT [network address translation] to get round the problem of different subnets,” he says.

However, there are also network layer factors that are external to the VM. For example, the source and target hosts may also need to be on the same virtual LAN (VLAN), which can limit the reach of your migration capabilities.

A solution for some is bridged VLANs, says Martin. But he adds: “That doesn't work for everyone, as not every environment can cope with it.”

And as Ken Duda, vice-president of software engineering at switch developer Arista Networks, notes: “You don't want to carry every VLAN everywhere. So the 802.1Q trunk needs to be able to dynamically modify a VLAN in response to say a VM migration. But how do you do that?”

By hook or by crook

Arista's solution was provide the hooks in its Eos operating system so its software partners can use their management tools to tie VLANs to key places.

“The VMware tracer talks to the network management and automatically provides the VLAN connection rack to rack,” Duda says.

Other vendors use port profiles to achieve something similar. Port profiles allow you to configure an interface to a particular role on the network, for example by applying access control lists, attaching VLANs, setting up broadcast limits, and so on.

They can be used to push out the same configuration to multiple interfaces, and because they can be applied to physical or virtual interfaces they are also a useful way to set up ports on softswitches for VMs.

The challenge with VMs is that, since they are no longer tied to a physical interface, they are also not tied to a switch port. But when you move a VM, the softswitch in the new server must have the same policies, VLANs and security settings as the old one, otherwise the migration will fail. Port profiles let you edit the new switch to match the old one.

“You throw it into the cloud which then manages where it runs”

Yet however you manage your switch reconfiguration, it adds complexity and administration time and requires the server and network admins to co-ordinate their work. Network vendors and software developers are looking for ways to move port profiles automatically, so that they follow the VMs that need them.

Johan Ragmo, data business development manager for northern Europe at Alcatel-Lucent Enterprise, says this is one of the many jobs for the management layer within a data centre or private cloud that take care of VM migration, load balancing and so on.

“You need to build a virtual network profile, taking account of quality of service and so on, that's managed in software with the virtualisation manager,” he says.

Follow the leader

Cairns agrees. “The long-term concept is that each VM will carry with it a set of policies, such as security level, availability and so on, and you throw it into the cloud which then manages where it runs. Underneath that, a foundation layer ensures adherence,” he says.

Brocade's Simon Pamplin says this is why Brocade developed automatic migration of port profiles (AMPP). It is part of Brocade's Virtual Cluster Switching technology, which enables a migrating VM’s network profile to follow it automatically.

“If you want to move a virtual image, setting up its port profile is a headache,” Pamplin says. “AMPP presets the destination port with the correct settings.”

The message is that, for the moment at least, a VM migration should be seamless – within certain boundaries. The area within those boundaries is constantly growing, but as a server admin it is always wise to know where the VM boundaries currently lie. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
NASA launches new climate model at SC14
75 days of supercomputing later ...
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS
Trio of XSS turns attackers into admins
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.