OCAU VMware Virtualisation Group!

Discussion in 'Business & Enterprise Computing' started by NIP007, Apr 16, 2008.

  1. Tony

    Tony New Member

    Joined:
    Jun 26, 2001
    Messages:
    9,987
    Location:
    Sydney, NSW, Australia
    http://forums.overclockers.com.au/member.php?u=11915

    he's pretty active on these forums

    at least you're in the same line of work in the same edu sector
     
  2. VR4hore

    VR4hore Member

    Joined:
    Sep 8, 2001
    Messages:
    260
    Location:
    Brisbane
    Excuse me?

    VMware Distributed Resource Scheduling
    VMware High Availability

    Unless I'm misunderstanding your interpretation of failover, then VMware certainly does offer failover. If you have your vmware/san HA set up correctly and someone blows up your primary datacentre, it'll bring up all your vms at your DR site... that sounds a lot like what old mate wants out of it.

    I would agree however that load balancing would be an application specific thing.
     
  3. ACA:Sleeper

    ACA:Sleeper Member

    Joined:
    May 15, 2006
    Messages:
    424
    Location:
    Melbourne's SE Suburbs
    That was my understanding, as for the load balance, I can just have one server operating half the VMs I guess, in case of fail, they will be picked up by the other. RAM might become an issue then though.
     
  4. tensop

    tensop Member

    Joined:
    Mar 26, 2002
    Messages:
    1,412
    i know what schools they are, im not getting involved lol


    (unless it involves contract work)

    PS dont use ISA, It's a steaming turd and you know it
     
    Last edited: Apr 17, 2008
  5. hapkido

    hapkido Member

    Joined:
    Sep 20, 2003
    Messages:
    291
    Location:
    Brisbane
    I agree its semantics - but an important one.

    So what is failover?
    In an enterprise SAN storage array, failover means that should any single component/or series of components fail - the device continues to operate WITHOUT interuption. NO unplanned downtime to the system and no requirement for someone to manually intervene for it to continue operating.

    Similar, but not to be confused with Load balancing.

    NO disruption to services - excepting maybe a monentary pause in the system while it manages itself during sudden interuptions. Failover also means/implies no loss of ANY data.

    Important Semantics. I would say marketing has made this very grey. What this does do however is allow for many different opinions on what 'Failover' really means and therefore offers different things to different people - like this very conversation. The MAJOR problem with this is unrealistic expectations and serious ramifications should the customer (management, CIO, CEO, IT Boss, whoever) not get what they paid for.


    And to VMWare:
    Glad you mentioned DRS - its got all to do with balancing resource across AVAILABLE resources. Its got nothing to do failing over or managing sudden/inplanned disruptions. However when combined with VMotion will proactively seek to minimise potential downtime - IF it can predict a likely serious issue. VMotion requires time to do its thing, it is NOT designed or capable of managing instant h/w failures.

    HA, is VMware's tool for managing sudden/inplanned disruptions - however there is no failover in that sense of the word. There is COMPLETE disruption to services managed by that host, it WILL interupt all other systems that heavily rely on those services no longer available and is likely to cause dataloss (whether 2 seconds, 2 minutes or 2 hours worth).


    Regards,
    Hapkido
     
    Last edited: Apr 17, 2008
  6. ACA:Sleeper

    ACA:Sleeper Member

    Joined:
    May 15, 2006
    Messages:
    424
    Location:
    Melbourne's SE Suburbs
    Yeah, ISA is new to me too, never seemed to have the need before, but it was setup here for remote access from the other campuses.

    You sure your not interested in lending a hand? We minimum wage sysadmins have to stick together. :)
     
  7. tensop

    tensop Member

    Joined:
    Mar 26, 2002
    Messages:
    1,412
    im not minimum wage :p

    actually, theres 2 sets of schools im thinking of that are doing the whole esx thing atm with those student number figures, one is private and one is public

    im guessing you're the private one
     
  8. VR4hore

    VR4hore Member

    Joined:
    Sep 8, 2001
    Messages:
    260
    Location:
    Brisbane
    You idea of failover sounds an awful lot like high-availability to me. No definition of failover that I've seen stipulates the requirement for no downtime/service interruption/data loss. Just that the service can be resumed on another host without manual intervention.
     
  9. tensop

    tensop Member

    Joined:
    Mar 26, 2002
    Messages:
    1,412
    ping $vmguest

    if ping %like% "some sort of error returned"
    then "call vmware image online"
    else if ping = "fine"
    then echo "all is good! \n"


    bam, instant failover protection
    ofcourse, you would have to convert that from pseudocode and insert some checks to make sure the same image isnt fired up on multiple nodes ;)
     
  10. hapkido

    hapkido Member

    Joined:
    Sep 20, 2003
    Messages:
    291
    Location:
    Brisbane
    Firstly, every site I checked from google response:

    http://en.wikipedia.org/wiki/Failover
    "....Systems designers usually provide failover capability in servers, systems or networks requiring continuous availability and a high degree of reliability...."

    http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci753437,00.html#
    "....Used to make systems more fault-tolerant, failover is typically an integral part of mission-critical systems that must be constantly available. The procedure involves automatically offloading tasks to a standby system component so that the procedure is as seamless as possible to the end user..."

    http://www.webopedia.com/TERM/f/failover.htm
    "...Failover is an important fault tolerance function of mission-critical systems that rely on constant accessibility..."

    http://www.learnthat.com/define/view.asp?id=201
    "...Failover happens without human intervention. This feature is usually built-in to expensive systems which must be available continuously..."

    So I appreciate your understanding and experience might be different.
    My experience is that of the above, from both IT people and Mgmt - Regularly. And this is the more important issue. It highlights my point though - everyone has a differerent opinion on what it means, right or wrong.

    Its possible that Failover, once available in the Enterprise, now filtering down to the common person, has changed its implied meaning...

    Is it not ironic that you suggest maybe this sounds more like High Availability -(I don't think I disagree with you).... Hmm, which version of High Availibility, this one I posted or VMwares version?



    Regards,
    Hapkido
     
  11. VR4hore

    VR4hore Member

    Joined:
    Sep 8, 2001
    Messages:
    260
    Location:
    Brisbane
    Yeah, you've got me on the failover front. High availability... the one you posted I think. VMware's 'HA' product I think isn't by itself an HA solution, as you've said when a host in the VI cluster goes down, there's an interruption, so in order to make it truly highly available, the application would need to have HA features that prevent service loss when a host goes down. active/active clustering with load balancing(another point of contention) and all that.

    I agree there's a lot of grey area and people's definitions of these terms may vary. I notice that according to wikipedia (fountain of truth that it is) considers the term "High Availability Cluster" and "Failover Cluster" synonymous. Whereas I would consider an HA cluster to be something like an active-active with load balancing etc, whereas a failover cluster would be more like an active-passive cluster where if the application/hardware fails, you will encounter some brief loss of service. And I guess depending on your business rules, a 5 min outage while the passive node loads up exchange or whatever could still be considered 'continuously available'. How do we define continuous? A continuous row of buildings can still have a gap of 5 metres between them. Maybe that analogy was a bit out there but eh.
     
  12. Doc-of-FC

    Doc-of-FC Member

    Joined:
    Aug 30, 2001
    Messages:
    3,309
    Location:
    Canberra
    vmwares HA tends to point more to things like vmotion+failover.

    its high availability not continuous availability.

    high availability leans towards, OMFG my vmware server died in the ass, oh its ok, look virtual centre is restarting it on another server for me.

    or

    high availability leans towards, OMFG my server just had a <insert critical redundant hardware here> die, to replace this, we must shutdown the server, vmotion allows high availability of the guest OS.


    continuous availability is depicted more so as (active / active) (active / standby) (active / passive) cluster aware environments.

    well that's my analogy, may differ from other peoples but *shrug*
     
  13. reichcat

    reichcat Member

    Joined:
    Apr 24, 2004
    Messages:
    23
    If you couple HA with citrix doing load balancing in a terminal server setup, with rules allowing ESX not to put certain host togther on the same host hardware then you be pretty covering yourself to allow for very minimal disruptions to your enviroment.

    We do this at work with our new terminal server setup for silo applications in citrix, it works a treat if you have a larger organisation across a number of locations.

    Though we are running a presentation layer that has office on physical hosts and then any specalist app in vm silos
     
  14. stalin

    stalin (Taking a Break)

    Joined:
    Jun 26, 2001
    Messages:
    4,581
    Location:
    On the move
    The way i see you if you have a few options.

    1) run now.
    Not a very good career move short term, but maybe better long term
    2) run after it dies
    Not a very good career move short or long
    3) hang around after it dies
    Not much fun to support, and you will look like the new guy fucked it
    4) Work your arse off and make it not fail
    Probably not what you want to do, but possibly what they want.. not a good thing in the short term. Maybe better in longer, but then maybe they will do it as a habbit and your gonna be screwed.
    5) Politely but firmly tell them that you need more time to discover the network and the business needs before the project occurs.
    Can't think of a bad point....
     
  15. stalin

    stalin (Taking a Break)

    Joined:
    Jun 26, 2001
    Messages:
    4,581
    Location:
    On the move
    One of the main issues with VM's is that people move, restore, suspend, copy, template etc VM's over time. Great functionality... bad for security.

    It makes your servers/dev systems jump back in time, it makes their passwords revert to older versions, they come onto the network without patches, they may then be in a non-hardened state etc.

    Also you need to really well protect your access to the VM Managment Console. seperate VLAN/Network/MPLS cloud, ACL's, strong passwords etc.

    You have now electronicafied your physical security, thats bad.. really bad. No longer do you have to enter a secured room, and a secured cabinet to reboot servers, mount CD's etc on them.

    In fact a good idea for you to keep your VM hosts behind a seperate firewall or good ACL's and ensure dual factor authentication (think of it as a key replacement)

    VMware etc also allows people freerain to make new servers when in reality they have no idea what they are doing... again not good for security.

    end result... vm = bad for security, especially as there are very few policies and practices currently in place to manage it.
     
    Last edited: Apr 17, 2008
  16. lavi

    lavi Member

    Joined:
    Dec 20, 2002
    Messages:
    4,004
    Location:
    Brisbane
    one thing i do is make every vm part of a domain, and i say "a domain" as you can have as many as you want, i have AD replicate to other states then (other states AD servers as well as a physical one), this way AD takes care of users/pass permissions etc. BUT i try and not give access to Vcenter to anyone unless written from management and even then i fight not to give them access. For some reason me and my boss (the cto) are called "cynical and anal about this" by upper management.
     
  17. ACA:Sleeper

    ACA:Sleeper Member

    Joined:
    May 15, 2006
    Messages:
    424
    Location:
    Melbourne's SE Suburbs
    At this stage I'm looking at #4, in the long run, once all the setup is done and everything calms down, it should be a very rewarding job.

    I tried #5, they originally had it slated for August, I managed to get the rest of the year, but since as an orginisation they are operating as one campus next year, that is the hard time limit.
     
  18. tensop

    tensop Member

    Joined:
    Mar 26, 2002
    Messages:
    1,412
    i assume at 2300 students you would have.... 4 full days contact time? 5?
     
  19. ACA:Sleeper

    ACA:Sleeper Member

    Joined:
    May 15, 2006
    Messages:
    424
    Location:
    Melbourne's SE Suburbs
    41.8 hours a week, but I'm working over that at the moment, and probably will continue to in the foreseeable future.

    It's a little more complicated than I have mentioned, striving for a little anonymity, but there are actually 3 campuses I look after, one is being decommissioned at the end of the year though, not merged into our network as such.
     
  20. lavi

    lavi Member

    Joined:
    Dec 20, 2002
    Messages:
    4,004
    Location:
    Brisbane
    I'll be in melbourne next week (end of week) if you want to catch up and get some pointers let me know via PM
     

Share This Page

Advertisement: