Feeds

Microsoft assembles a private cloud so you don't have to

Trevor's infrastructure drill-down

Combat fraud and increase customer satisfaction

The backbone of a cloud is infrastructure. At its core, it is an attempt to deliver compute power, networking and storage as efficiently and responsively as possible. Every serious public cloud player has its own industry-leading approach.

From cookie sheet computing to custom networking gear to open-sourced infrastructure, density, efficiency and manageability are the requirements of success.

The average business has neither the purchasing scale nor the motivation to innovate on that level. Although investment in a private cloud is likely to produce efficiencies and increased agility, the majority of IT departments will look for pre-canned solutions where possible.

Microsoft's upcoming System Center Virtual Machine Manager (SCVMM) 2012 and ancillary technologies provide an excellent example of what such a solution will look like.

In select company

A virtual machine is nothing without a network to talk on, and that makes network equipment selection important. SCVMM can talk to the right networking gear, automating away tedious management tasks such as adding a newly created virtual machine to the load balancer.

Like any good cloud management software, SCVMM speaks VLANs and abstracts away the physical network into logical networks.

Virtual machines can be assigned to IP and MAC pools. IP pools provide for IP addressing that allows related virtual machines to be grouped in a logical fashion, while MAC address pools prevent the MAC address overlap issues that occasionally happen with unmanaged virtualisation deployments.

Similarly, should the available storage support the appropriate standards (SMI-S), SCVMM can do neat things.

Compatible storage can be automatically discovered and storage pools can be assigned to individual hosts or to host groups. Currently these storage pools must be created using the native SAN software, but from there they can be managed by SCVMM.

SCVMM can also take advantage of the features and resources native to the storage area network (SAN). Snapshots can be triggered and managed within the interface, and virtual machines moved from one LUN to the other without having to move the data back and forth over the network.

The benefits are evident in template management. If the SAN supports cloning, then a single virtual machine can potentially be duplicated dozens or even hundred of times at the native speed of the SAN's disks. Connect the clones up to a host and your new virtual machines are ready to go.

SCVMM is aware that not all storage is created equal, and so offers storage classification. This is little more than another layer of abstraction but it becomes very useful at scale.

Larger private clouds may have multiple tiers of storage and multiple SANs providing storage to those tiers. Assign a given class of virtual machine to a given class of storage and you don't have to worry about which physical device contains which virtual machines.

Hardware decisions

Server hardware selection is important. Regardless of your virtualisation vendor, you will run up against hardware qualification lists.

While using hardware not officially logoed and listed as supported is often possible, it places you outside vendor support and consequently negates the value of using an off-the-shelf private cloud.

Proper logo-ed servers have advantages. As a general rule they tend to comply with one or more buzzword-bingo standards (DCMI, IPMI, Smash, and so on) that enable the all-important out-of-band (OOB) management.

The ability of the management software to talk to the OOB provider is a key enabler of efficiency. SCVMM uses this to do everything from turning off unneeded hardware to deploying hypervisors to new metal.

Within SCVMM, this functionality is called power optimisation. On its own it isn't much of a whizz-bang feature. OOB management of servers – and tools to make use of it – have been a common feature for some time.

It has even made its way into client computers. When combined with the other features in SCVMM we get dynamic optimisation and everything becomes much more interesting.

Dynamic optimisation is all about load management. SCVMM wants to make sure that the virtual machines in use have enough resources available to allow them to work unhindered.

To do this, it keeps an eye on various metrics and reacts to them. CPU, I/O and RAM utilisation are a given in this sort of feature, but SCVMM has many more strings to its bow.

Sensing trouble

Some load changes have a predictable schedule and SCVMM allows for scheduled rebalancing in advance of anticipated spikes in demand. It is also able (with some help) to sense hardware failures and move workloads proactively to prevent failure.

Here, integration with System Center Operations Manager (SCOM) is useful.

Using a feature called performance and resource optimisation (PRO), SCVMM can use anything monitored by SCOM as a trigger for dynamic optimisation. This opens up a world of possibilities.

Major server vendors write PRO packs for their equipment. Servers, networking equipment, even blade chassis can be monitored by SCOM. Hardware failures are monitored and SCVMM can be configured to respond in different ways.

A dead fan in a server requires maintenance, but depending on the fan it might be something that can wait for a while. A dead DIMM or bad CPU fan might be another story. SCVMM can be told to evacuate the host and turn it off pending maintenance.

SCOM can monitor more than just PRO pack-backed hardware. It can monitor guest operating systems and compatible applications directly. Well-known errors can be solved with the appropriate remedies: reboot the virtual machine, shut it down, spin up a diagnostic virtual machine, revert to backups and so on.

SCOM's monitoring capabilities are not limited to monitoring Windows guests. Unix and Linux operating systems are supported as well.

The ability to monitor the event logs of an operating system can provide a means of monitoring applications that do not have direct integration with SCOM. If the application in question leaves behind a useful entry in a log file somewhere, SCVMM can be configured to act on it.

Another feature of SCOM is the ability to monitor SNMP. While SCOM 2007 R2's SNMP support had a steep learning curve, the end result was ultimately worth the effort. SCOM 2012's implementation is smoother and incorporates its own SNMP stack, instead of relying on the one provided by the operating system.

A little creativity allows for all sorts of interesting things

SNMP monitoring has fairly obvious uses in allowing SCVMM to move virtual machines around in response to events such as power failures, thermal excursions or humidity issues.

Yet nearly anything can be an SNMP device. A little creativity allows for all sorts of interesting things.

Smart meters are all the rage, and they can certainly be monitored via SNMP. With a little tinkering and scripting, you could compare power usage to current electricity spot prices, with SCVMM suspending virtual machines and powering off non-critical nodes when electricity prices exceed the high watermark. Similarly, it could spin up high-load virtual machines when energy prices are low.

Legacy applications can sometimes have weird requirements. One example from my personal experience is a server that prints a sheet of paper every time an order comes in. It is so old it doesn't use the printer queue properly and blows up every time the printer is out of paper.

With SCOM and SCVMM I would be able to catch printer errors via SNMP and suspend the virtual machine until someone attends to the printer. When the state of the printer changes, the virtual machine could be resumed.

Security and unexpected event handling become automatable with these twinned management applications.

Unexpected load spike or potential denial-of-service attack? Spin up helper virtual machines to help balance the load. Intrusion detection system noticed something alarming? Spin up a few specialist systems to do more in-depth analysis.

Hypervisor happiness

Taking the security into the physical world, you could tie in your security system. Motion sensor detects something out of bounds? Spin up some specialist virtual machines to do voice or facial recognition. The possibilities are endless.

Every virtualisation provider has a different take on infrastructure management, and Microsoft's is as much focused on managing the operating systems in use as the physical hardware.

SCVMM can use VMware's ESX, Citrix's XenServer or Microsoft's own Hyper-V as the underlying hypervisor. Each offers an abstraction layer for third-party management tools, and Microsoft has wholeheartedly embraced the heterogeneous data centre environment.

Each hypervisor has its own constraints. VMware requires that you purchase the full ESX vSphere software license, even if it is to be ultimately managed by SCVMM.

The interoperability functionality is not present in VMware's ESXi offerings. Even with full licensing, SCVMM's interactions with ESX are mediated entirely by the vSphere software.

Free to roam

The functionality cross-over for VMware hypervisors under SCVMM is not exact but it is still generally acceptable for production use. It is useful for those transitioning away from VMware, or those who are looking to maintain a heterogeneous environment for other reasons, such as avoiding vendor lock-in.

SCVMM doesn't have the same constraints when dealing with Citrix's XenServer. It doesn't have to go through the Citrix tools to get work done. This has a few unique advantages, as SCVMM has features that Citrix's tools don't.

By using SCVMM to manage XenServer you bring these additional features to XenServer hosts. Citrix's advantages bleed through as well.

Using an SCVMM/XenServer combination gains you wider Linux support in your Microsoft-based private cloud than you would have if all your hosts were Hyper-V based.

Hyper-V as a host offers its own advantages. SCVMM can talk directly to Windows Deployment Services as well as to Windows Server Update Services (WSUS).

This allows SCVMM to deploy Hyper-V hypervisors directly to bare metal servers. It includes injecting drivers based on per-defined host profiles as well as joining the hypervisor to a domain.

Once part of the domain, GPOs can be used to further simplify management and the hypervisor comes under control of the WSUS server. This in turns allows for completely automated patching of the hypervisor under the control of SCVMM.

Another benefit to having Hyper-V as the host is that SCVMM has a cluster wizard. Creating a cluster or adding a host to a cluster is now push-button simple.

High availability is a big focus for Microsoft. Virtual machine migration for Hyper-V 3.0 hosts can occur without the requirement of shared storage.

Together but apart

SCVMM has worked hard to optimise XenMotion virtual machine migration for XenServer hosts and have enhanced cluster management for both the Citrix and Microsoft hypervisors.

Unfortunately, since vSphere acts as intermediary between SCVMM and ESX, SCVMM can get vSphere to perform high-availability-like actions, but cannot improve upon them nor truly integrate with them.

All of this cloudy wonderfulness, of course, would seem to offer a single point of failure: SCVMM itself.

Microsoft recognises this and has taken steps to address it. SCVMM is a fully cluster-aware application.

The server software itself can be clustered, as can the SQL 2012 database it backs onto. The client application is also cluster aware: if one node in the SCVMM cluster goes down the client automatically reconnects to another node in the cluster.

SCVMM can support 63 hosts per cluster with up to 4,000 virtual machines per cluster (Hyper-V 3.0 cluster).

It can support multiple clusters and offers multiple simultaneous live virtual machine migrations. (Additionally, Hyper-V 3.0 clusters support multiple live virtual machine migrations within a single cluster.)

It offers a self-service portal for end-users so that virtual machine creation doesn't have to be the sole province of IT operations.

There is hope for even more functionality in the future. Microsoft continues to work with vendors and industry standards bodies to ensure that everything it does in the private cloud space is as open as possible.

This stretches from the SMI-S storage integration through mandating that every aspect of every component of its private cloud offerings is controllable via PowerShell to ensuring that the virtual network switch built into Hyper-V is standards compliant and extensible.

When you put it all together, Microsoft offers a good example of what an off-the-shelf private cloud infrastructure solution could and should be.

Of course, infrastructure isn't all there is to Microsoft's private cloud play, but that is another article altogether. ®

This is the second article in a three-part series by Trevor Pott, a sysadmin based in Edmonton, Canada.

1. Microsoft private cloud: introduction
2. Microsoft private cloud: infrastructure drilldown
3. Start to finish: Building a cloudy service in two weeks

3 Big data security analytics techniques

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
AMD's 'Seattle' 64-bit ARM server chips now sampling, set to launch in late 2014
But they won't appear in SeaMicro Fabric Compute Systems anytime soon
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.