Tier-What!Ladies and gentlemen, here it is…… the moment has finally arrived. Today I’m proud to make publicly available the VMware Virtual SAN 6.0 All Flash Configuration Utility 1.0.

This community utility is designed for the to simplify the configuration process of the Virtual SAN All-Flash configuration. As some of you may or may not know, Virtual SAN 6.0 introduces a two-tier architecture model with the all flash configuration (caching tier and a capacity tier). For which two different types of flash devices, with different endurance qualifications, are used for different purposes. Since both, tiers are composed of flash based devices, the devices that will be utilized in the capacity tier need to be marked and identified by ESXi as such.

Today, the procedure for making the capacity devices is performed from one of the two command line interface utilities which are ESXCLI and RVC. While marking the device from either of the command line utilities is a simple procedure doing that manually from the command line can become a tedious task. I arrived at the realization of this while working on my 64 node all flash cluster that I normally refer to in demos as “The BigDaddy.”

Once you start dealing with a lot of flash devices, maybe even hundreds of them, a simple utility with an extremely easy to use interface can very handy. I got together with Brian Graf and Alan Renouf (the masters of the PowerCLI automation universe and VSANChampions) and put this utility together. For the funny details on how I came up with this utility read Brian’s Post. Thanks Brian for all your handwork debugging the tool for us. Read Full Article →

VMware-SDSAutomation technologies are a fundamental dependency to all aspects of the Software-Defined Data center. The use of automation technologies not only increases the overall productivity of the software-defined data center, but it can also accelerate the adoption of today’s modern operating models.

In recent years, a subset of the core pillars of the software-defined data center has experienced a great deal of improvements with the help of automation. The same can’t be said about storage. The lack management flexibility and capable automation frameworks have kept the storage infrastructures from delivering operational value and efficiencies similar to the ones available with the compute and network pillars.

VMware’s software-defined storage technologies and its storage policy-based management framework (SPBM) deliver the missing piece of the puzzle for storage infrastructure in the software-defined data center.

Challenges – Old School

Traditional data centers are operated, managed, and consumed in models that are mapped to silos and statically defined infrastructure resources. However, businesses lean heavily on their technology investments to be agile and responsive in order to gain a competitive edge or reduce their overhead expenses. As such, there is a fundamental shift taking place within the IT industry, a shift that aims to change the way in which data centers are operated, managed, and consumed.

In today’s hardware-defined data centers, external storage arrays drive the de-facto standards for how storage is consumed. The limits of the data center are tied to the limits of the infrastructure. The consumers of storage resources face a number of issues since traditional storage systems are primarily deployed in silos: each with unique features and unique management model. They each have their own constructs for delivering storage (LUNs, Volumes), regularly handled through separate workflows and even different teams. Which means that the delivery of new resources and services requires significantly longer periods of time.

Critical data services are often tied to specific arrays, obstructing standardized and aligned approaches across multiple storage types. Overall, creating a consistent operational model across multiple storage systems remains a challenge. Because storage capabilities are tied to static definitions, no guarantees for performance, risks of multi-tenant impacts, all disks treated same, and OPEX tied to the highest common denominator.

storage challenges-silos

Read Full Article →

VVols-HDSOn Wednesday April 15 Hitachi is hosting a one hour technical webinar event to discuss how Hitachi Storage for VMware Virtual Volumes can bring customers on a reliable enterprise journey to a software-defined, policy-controlled data center.

The webinar covers more than just the technical aspects of Virtual Volumes but also the operational value and efficiency Hitachi delivers with their unique implementation.

The technical and implementation details about Hitachi’s multi-protocol support and storage capabilities offered to virtual machines and their individual objects.

Webinar attendees will learn about:

  • The simplification of storage related operations for vSphere administrators
  • The increase in manageability for the vSphere infrastructure and greater levels of agility and efficiency driven by a policy-based management and operating model.

The event will be lead by Paul Morrissey – Director, Product Management, Storage, Virtualization & Application, Hitachi Data Systems and myself.

To register for the event by using the link below and don’t miss it:

Delivering Simplified IT with VMware vSphere Virtual Volumes and Hitachi

– Enjoy

For future updates on Virtual SAN (VSAN), vSphere Virtual Volumes (VVols) and other Software-defined Storage technologies, as well as vSphere + OpenStack be sure to follow me on Twitter: @PunchingClouds

VVols-GA

Since the official release of vSphere 6.0, Virtual Volumes (VVols) has generated a great deal of interest with customers, field consultants, and the VMware community. Now that VVols is available customers can begin testing functionality and capabilities. There have been many questions about what VMware products and vSphere features are compatible and currently interoperate with VVols.

Because VMware’s product portfolio continues to expand exponentially, identifying all of the new products and features that interoperate with VVols can be a tedious and potentially time-consuming task. In the interest of time and efficiency, the need for a centralized Virtual Volumes interoperability guide is eminent, so here is one.

Below is a list of VMware products and vSphere 6.0 features that as of today March 30th, 2015 are supported and interoperate with VVols. Please keep in mind that the interoperability and supportability of any of these products and features can change with a future patch or product release. It is highly recommended to check the VMware compatibility matrix guide for the official and up to date list of products and features that are interoperable with VVols.

Read Full Article →

VSAN-Hytrust

Customers from different industries and institutions are very interested in Virtual SAN as a storage solution not just because of the technological value it delivers today, but because of the product’s undeniable value around operational efficiency, ease of management, and flexibility.

Some of these customers are from financial, healthcare and government institutions, and conduct their business in areas that are governed by regulatory compliance laws such as HIPPA, PCI-DSS, FedRAMP, Sarbanes-Oxley, etc. These laws demand compliance with numerous security measures, one of them being the ability to guarantee data integrity by securing data with some form of encryption.

Today Virtual SAN does not include encryption as one of its data services as this feature is currently under development for a future release. Now, when considering Virtual SAN as a potential solution wherever data encryption is a requirement based on regulatory compliance laws, it’s important to know what options are currently available.

In Virtual SAN the encryption data service capabilities are offloaded to hardware-based offerings available through Virtual SAN Ready Nodes. Data encryption data services are exclusively supported on Virtual SAN Ready Node appliances that are comprised with all of the certified and compatible hardware devices that provide encryption capabilities such as self-encrypting drives, and/or storage controllers. The Virtual SAN Ready Node appliances are offered by just about all the OEM hardware vendors that are part of VMware’s ecosystem.

An alternative option to the Virtual SAN Ready Nodes is a software based solution developed and offered by a company called Hytrust. Hytrust is one of the members of VMware’s partner ecosystem whose business is focused around the delivery of data security services for private and public cloud infrastructures. The solution I want to highlight in particular is called Hytrust DataControl.

Hytrust DataControl is a software-based solution that is designed with the capability of protecting virtual machines and their data throughout their entire lifecycle (from creating to decommission). Hytrust DataControl delivers both encryption and key management services.

This solution is built specifically to address the unique requirements of private, hybrid and public clouds, combining robust security, easy deployment, exceptional performance, infrastructure independence, and operational transparency. Hytrust DataControl ease of deployment and management capabilities complies with one of the main principles of Virtual SAN which is simplicity and ease of management.

Hytrust DataControl virtual machine edition is based on a software agent that encrypts data from within the Windows or Linux operating system of a virtual machine, ensuring protection and multi-tenancy of data in any infrastructure. DataControl also allows you to transfer files between VMs, so you can securely migrate stored data from your private to the public cloud.

The deployment of the Hytrust DataControl solution and installation and configuration of the software is done in a couple of easy steps which take just a few minutes. Once the software is resident, any data written to storage by an application will be encrypted both in motion, as it travels securely through the hypervisor and network, and also at rest on the Virtual SAN datastore.

HT-deployment

Note: The agent download and configuration steps can be mitigated with the use of virtual machine templates. Also the entire configuration can be automated via the Hytrust Command Line Interface (hlc).

The demonstration below showcases the procedure to enable the Hytrust DataControl encryption services on a single virtual machine. The application that is being protected is Tier 1 a database server (SQL Server 2014) that is currently residing on Virtual SAN datastore with an availability requirement of FTT=1. The virtual machine is levering the performance and availability capabilities delivered by Virtual SAN. The demonstration also highlights the ease of management and configuration of the solution from the key manager registration to the actual encrypting of the drives. The demonstration also displays the centralized and control management capability for managing the addition and removal of encrypted resources.

Hytrust DataControl Supported Operating Systems

  • Windows 2012 Server R2 with Service Pack 1
  • Windows 2008 Server
  • Windows 7 64-Bit with Service Pack 1
  • Centos 5.8, 6.2, and 6.3
  • Ubuntu 10.04 server and desktop
  • Ubuntu 12.04 server
  • Ubuntu 12.10 server
  • Red Hat Enterprise Linux Server 6
  • Debian 6.0.7 (requires cryptsetup)
  • Savvis Linux – Red Hat Enterprise Linux Server 5.3 and 6.1

Some of Hytrust’s DataControl capabilities and benefits include:

Strong FIPS-Approved Encryption – Hytrust DataControl encrypts data using AES-128/256, ensuring VMs are secure from the time they are created until they are securely decommissioned.

Key Management – Hytrust KeyControl provides a highly-available security- hardened key management system that is simple to deploy and easy to use. KeyControl is a locked-down virtual appliance (though it can also be installed on physical hardware). KeyControl is fully multi-tenant and supports active-active clustering for availability. The appliance can be installed on your premise or at your service provider (vCloud Air). Administrators define policies for key retention or zero-downtime rekeying in accordance with compliance or other requirements.

Hardware-Accelerated Performance – Hytrust DataControl automatically detects and leverages AES-NI hardware acceleration built into most modern Intel and AMD chipsets, ensuring minimal latency.

Transparency – Hytrust DataControl is deployed into the operating system of the virtual machine and is completely transparent to applications and users. Administrators can manage their infrastructure with the same tools they always have, with no change to process.

As organizations seek to build multi-tenant and private cloud infrastructures, as well as adopt hybrid and public clouds, Hytrust DataControl can be utilized to mitigate the risk of data exposure, by locking down data in a way that is optimized to work with the highly dynamic nature of virtual infrastructure.

Hytrust DataControl solution is comprised of the following major components:

HyTrust KeyControl Nodes and clusters – supporting an active-active cluster, the KeyControl cluster stores keys, policies and configuration data related to the cluster, or any number of virtual machines where HyTrust DataControl Policy Agent is installed. Administration of the system is through a web-browser-based GUI or through a set of REST-based APIs. Communications between the browser and the KeyControl cluster is over HTTPS. Since this is a full active-active cluster, the browser can point at any KeyControl node in the cluster. Any changes made are immediately reflected on all cluster nodes.

HyTrust DataControl Policy Agent – the HyTrust DataControl Policy Agent (the DataControl agent) is a software module that runs inside Windows and Linux virtual machines, either local or in a private, public or hybrid cloud, providing encryption of virtual disks and individual files. The DataControl agent is typically used to provide encryption of virtual machines (or physical servers) in the data center. All VMs that have the DataControl agent installed can also securely share encrypted files. Encryption keys (keyIDs) can be used by selected VMs to encrypt and decrypt files. Encrypted files can also be sent to cloud storage such as vCloud Air and only accessed by the selected VMs where the DataControl agent is installed.

Hytrust DataControl solution features:

  • Hytrust appliances based on Hytrust hardened FreeBSD OS
  • Hytrust KeyControl Nodes and Clusters
  • Web based administrative Interface
  • REST based API
  • Flexible administrative framework suitable for small and large organizations
  • Key Management capability services
  • Secured authentication of new nodes
  • Secure protocol support between nodes
  • Support for VM in-guest encryption using the Hytrust DataControl Policy Agent
  • Secure data migration

Hytrust KeyControl virtual appliance characteristics:

  • Hytrust SecureOS
  • Single vCPU
  • 1 GB of RAM
  • 1 Virtual Disk
  • 1 Network Adapter

Overall, the data encryption features and capabilities provided by the Hytrust DataControl solution can very easily be utilized for virtual machines and their applications stored on VMware Virtual SAN in a private datacenter and expanded for hybrid cloud services such as vCloud Air. For more detailed information about Hytrust DataControl please visit the Hytrust product page.

Hytrust DataControl Product Page

– Enjoy

For future updates on Virtual SAN (VSAN), vSphere Virtual Volumes (VVols) and other Software-defined Storage technologies as well as vSphere + OpenStack be sure to follow me on Twitter: @PunchingClouds.

.