Skip navigation
1 2 3 Previous Next

VMware

71 posts

Hitachi Vantara has launched the new converged infrastructure Hitachi Unified Computing Platform CI (UCP CI). Today, I would like to introduce the performance analysis solution with UCP CI.

 

Hitachi Infrastructure Analytics Advisor (HIAA) delivers visualization, intelligence and automation to optimize infrastructure health while quickly identifying and troubleshooting performance issues. UCP CI is an optimized and scalable converged infrastructure platform. In this series of posts, we will cover use cases of what can be done with HIAA and UCP CI together.

 

Fig1 shows an example of an end-to-end (E2E) map, which is showing topology of specific running VM to connected switch to used storage LUN.

 

Picture1.jpg

Fig1: HIAA E2E View

 

In this series of posts, we will cover:

  • Introducing the combined solution of HIAA & UCP CI
  • Installation & Configuration
  • Introducing use cases

 

Hitachi Infrastructure Analytics Advisor (HIAA)

Hitachi Infrastructure Analytics Advisor (HIAA) includes the tools to properly monitor and analyze performance statistics from the application through its entire data path to the shared storage resources. Generally, Converged Infrastructure, like UCP CI, provides easy management to customers. Meanwhile Converged Infrastructure conceals detailed of infrastructure. This makes troubleshooting difficult.

 

The features of HIAA provide solutions against these pain-points.

 

Some of the key features include:

  • Monitoring Switch, OS, Hypervisor
  • E2E Topology mapping
  • Performance comparison and related changes
  • Identify the bottleneck and root cause analysis

 

More information:

https://www.hitachivantara.com/en-us/pdf/solution-profile/hitachi-solution-profile-it-analytics.pdf

 

Also, the HIAA team has posted great videos on YouTube. Check them out!

 

Detecting Performance Bottlenecks using E2E view in Hitachi Infrastructure Analytics Advisor

https://youtu.be/LkDoO3MA1x4

 

Dynamic Threshold Storage Resource Monitoring With Performance Analytics, Using HIAA

https://youtu.be/9WlpUx8inNA

 

Using HIAA to Analyze a Performance Bottleneck in Shared Infrastructure

https://youtu.be/fGFj7lLiYX4

 

Detecting Performance Bottlenecks Using Sparkline View

https://youtu.be/VTezCGUniR8

 

Analyze Configuration Changes in Your Infrastructure to Solve Performance Problems

https://youtu.be/NzMhSeLdOQ8

 

(Updated on 10/19) HIAA v3.2 is now available. HIAA v3.2 supports integration with Hitachi Storage Management Pack for VMware vRealize Operations(vROPS) v1.7. Thanks to this integration, vROPS retrieves storage performance, capacity and related health metrics from HIAA. Note, Hitachi Tuning Manager is no longer supported and management pack is available from VMware marketplace.

 

 

Hitachi Unified Computing Platform CI Series (UCP CI)

Hitachi Vantara has launched UCP CI in September 2017.  This is a new series of the Converged infrastructure of Hitachi. The UCP CI architecture consists of Intel-based rackmount servers, Hitachi Storage and Switches.

 

UCP CI Components Overview:

  • Hitachi Advanced Server DS120
  • Brocade G620 SAN Switch,
  • Hitachi Virtual Storage Platform(VSP) Hybrid and all-flash arrays. (G/F1500, G/Fx00)

 

More information:

https://www.hitachivantara.com/en-us/pdf/datasheet/hitachi-datasheet-unified-compute-platform-ci.pdf

 

Combination of HIAA & UCP CI

The combination of HIAA with UCP CI provides many benefits to customers running UCP CI virtualized environment.

UCP Advisor is the management software sold with UCP CI that simplifies configuration and management of the UCP CI converged infrastructure.

 

HIAA provides an additional value for customers with the ability to monitor, analyze and troubleshoot system performance issues by showing an end-to-end topology and system-wide relationship of hardware and software components.

 

In addition, HIAA can show detailed performance statistic information of the entire UCP CI stack ranging from storage, SAN and hypervisor (VMware).

 

The dashboards and charts are extremely helpful for absorbing large amounts of performance related information in an organized and simplified manner.

Picture2.jpg

Configuration

This is an overview of the configuration built in our Solution Lab.

 

UCP CI

  • Hitachi Advanced Server DS120
  • Brocade G620 (via Brocade Network Advisor(BNA))
  • Hitachi VSP G600 (SVOS 83-04-23-40/01)
  • VMware vSphere 6.x, vCenter 6.x

 

Extra Software

  • Hitachi Performance Analytics 3.0 (HIAA 3.1 and HDCA 8.1)
  • Brocade Network Advisor (BNA) 14.0.1 (To observe SAN Switch performance, BNA is required.)

 

Picture4.jpg

Fig2: Configuration Overview

 

Free Trial License available

We can provide a free version of HIAA for customer trial. There is not functional limitation but it expires 90 days of installation. If you are interested in the trial license, please contact HIAA PM D-List or the author (Koji Watanabe).

 

Also, you can obtain the 120 days trial version of BNA from Brocade Website.

 

What's coming up next...

Today, I have introduced the value of combination of HIAA and UCP CI. These two products provide Low-touch infrastructure and easy analysis of performance management.

 

I will show you "Installation & configuration HIAA" in the second post of this series. Stay tuned!

Last week I was out in Las Vegas at VMworld 2017 - An incredible event for both VMware and for us at Hitachi! At a high level VMware clearly demonstrated that not only is Private Cloud is accelerating but Hybrid Cloud is now a reality and the future rests on cross-cloud services tied to network and security virtualization.

 

Beyond the hype (after all this is Las Vegas...) its clear that both the Private and Public Cloud are maturing quite quickly and that enterprise clients are looking to accelerate from Strategy to Execution.  While some initial thoughts around the cloud centered around cost savings its clear today that the real gains come from the Agility associated with Private/Hybrid Cloud. Being able to "Run any application, in any cloud on any device" provides enterprises the opportunity to build and run their applications across a wide variety of infrastructure, platform and consumption models driving increased flexibility and more rapid innovation. Most importantly it gives enterprises the flexibility to develop applications on a variable cost basis with the flexibility to bring them back in-house should business requirements change.

 

For more thoughts on the VMworld show and my personal reflections on the future please visit "The Clouds are Clearing...VMworld 2017 Reflections and Predictions"

 

I'd also encourage you to read my colleague Bob Madaio's thoughts "A (mostly) Grown-up Take on VMworld"

 

So what does it mean to Hitachi? Well, the maturation of Private and Hybrid Cloud is exciting because it enables us, at Hitachi, to enhance the depth of the relationships with our clients. Specifically, as it relates to VMware and cloud adoption we leveraged the show to demonstrate 3 key offerings:

 

  1. To Accelerate Private Cloud - Hitachi's NEW Unified Compute Platform (UCP) offerings powered by VMware Cloud Foundation and allowing customers to simply deploy their private clouds on VMware Cloud Foundation in either a Hyperconverged or Rack-Scale footprint
  2. To Accelerate Hybrid Cloud Adoption - Hitachi's Data Services vision powered by Hitachi Content Intelligence and Pentaho Analytics offering centralized governance, analytics and compliance across multiple clouds -  If you are interested in better understanding our perspective on Compliance and Governance of Data today, tomorrow and into the future Ild encourage you to read our CTO; Hu Yoshida's blog "New Data Sources and Usage requires New Data Governance"
  3. To Drive a Lower Cost and Lower Risk to End-User Computing - Hitachi's Content Platform allowing for "Smart Home Directories for VDI" lowering the operational cost and risk of virtual desktop infrastructure

 

The vision of cloud agility is finally coming to life and Hitachi is excited to be at the forefront of solutions that accelerate deployment.

With the recent announcement of our VMware Cloud Foundation (VCF) powered UCP RS system to deliver a hybrid cloud reality (check Dinesh's blog here for details), one of the interesting questions from early prospects is advice or guidance on how others are managing a hybrid private environment which consists of a traditional VMFS environment (and lately VVol) as they bring VMware vSAN based architectures into their environments. The basis for this question or the outcome they want to meet is to provide a pool of resources accessible to the various line of business or application teams which should provide different characteristics while providing those consumers with some level of intuitive control on where their assets will run to ensure they can meet their intended SLAs.

 

Giving the topic of Hitachi UCP RS and its VCF foundation, Amazon services come to mind.ucp rs and vcf.png

Here are some Amazon EBS Storage options to give a perspective on why this will be important in your VMware powered private hybrid cloud designs.. Each separate EBS volume can be configured as EBS General Purpose (SSD), Provisioned IOPS (SSD), Throughput Optimized. (HDD), or Cold (HDD) as needed. They have stated that some of the best price/performance balanced workloads on EC2 do take advantage of different volume types on a single EC2 instance. For example, they mention they see Cassandra using General Purpose (SSD) volumes for data but Throughput Optimized (HDD) volumes for logs, or Hadoop using General Purpose (SSD) volumes for both data and logs. This level of differentiation is first step in providing tiers of service to consumer of cloud resources.

               Source: AWS Storage Options

 

But again, performance is just one layer. There are many characteristics when it comes to SLAs. Take the "availability" characteristic. As you may know, because an EBS volume is created in a particular availability zone, the volume will be unavailable in other availability zones if original availability zone itself became unavailable. Resources aren't replicated across regions unless you do so specifically. Again, that might be an important characteristic to an app service being rolled out (To be fair to AWS, they recommend creating snapshots as snapshot of volume(s) are available across all of the availability zones within a region)

 

This is an area that I've put some cycles into with the team when we defined the requirements around the latest release of our Hitachi VASA Provider (VP) version 3.4 to operationally enhance the right consumption of resources for vSAN, VMFS and/or VVol. Based on the VVol/SPBM program, we took advantage of some of the storage container concepts and latest tagging capabilities in vSphere 6.x to provide a better experience. With the latest Hitachi VP software, VMFS datastores (that may be adding additional datastore resources to an existing VCF based vSAN deployment or separate traditional VMFS environment), will be automatically tagged in vCenter with their specific SLA including cost characteristics. Click to enlarge GIF below to get a perspective of how the new VP WebUI (and API) provides the facility to assign capabilities to infrastructure resources, including automated vCenter tagging of VMFS datastores while allowing vSAN datastore(s) to be similar tagged with appropriate category capabilities. The end result is much more intuitive description of the resource capabilities available across vSAN, VMFS and VVol.

 

WebUI and tags.gif

With this automated tagging of capabilities to existing and new datastores, vSphere policies can now be much richer and descriptive to consumers. Click to enlarge animated GIF below as it rolls through a typical vSphere policy, in this case a policy describing  "Tier 1 Performance and DR Availability" with rulesets for VMFS, VVol and vSAN within the same policy. In my lab environment, this policy with its Tier 1 performance, Tier 2 availability and lowest cost capability found matching storage on all three entities allowing consumer to pick one of choices

 

Policies with tags.gif

 

The VMFS datastore highlighted below was configured to provide the highest level of availability and performance (GAD multi-datacenter active-active replicated enabled LDEV using accelerated flash on F1500 with data at rest encryption) and the VP software automatically tagged the corresponding datastore with the following capabilities; Tier 1 availability and performance, encryption and cost between 750 and 1000 units. This datastore would be a match when app owners or admins selected the "Tier 1 Performance, Encrypted and Active-Active availability" policy which in my lab environment ruled out vSAN or VVol as potential targets.

 

 

Taking the Apache Cassandra application example from Amazon, which I wanted to deploy on the VCF powered UCP RS system. During provisioning, I assigned the appropriate application owner understandable policy for each of the disks:-  the high performance data disks for Cassandra VM with lower capacity landed on the vSAN datastore, while the log disk, 10x the size, landed on the iSCSI VMFS datastore. I didn't consume unnecessary storage from my all-flash vSAN as the VMFS datastore (and VVol datastore) was a suitable match for the characteristics for the log data in this example. There is so much more that can be exploited when you think of these capabilities can easily be extended and expressed for other infrastructure resources.

 

 

In summary, when it comes to provisioning resources, whether its from vSphere Client or vRealize Automation with its SPBM awareness, these richer policies are select-able to ensure appropriate resources are selected at VM level or indeed VMDK level. Taking a leaf out of Amazon's trees in EC2, this is the type of resource variability and ease of consumption needed to run a sustainable cloud environment meeting diverse needs across many application services as you update and modernize your infrastructure.

 

Check out the live demonstration of VCF powered UCP RS and Hitachi VASA (VP) Software at #VMworld 2017

Traditional-vs-Contemporary-Banking-Image-HighRes-a5.jpeg

I've recently moved from Horizontal Platforms to Vertical Solutions and I feel it might be a good time to revisit one of my old posts (Can we please stop telling Digital Enterprises to “act like a startup”?) and look at how this applies to one of my core customer segments: Retail banking.  Specifically, let's look at how their business differs from the Fintech startups and how to apply the three Digital Innovation practices (Infrastructure Modernization, Digital Workplace and Business Insight):

 

Practice 1: Infrastructure Modernization - "How can I run my apps more efficiently and deliver innovation faster?"

Retail banking needs to provide a full portfolio of services to its customers and not all of these are profitable.  By comparison, Fintech startups can choose to offer just the profitable services (e.g. Payments).  In order to stay in business these banks are forced to think about their applications in two categories:

  • Run the Bank (Core Banking systems and Mode 1) - These systems are important to the bank's reputation and their customer's experience but the services that run on them are not highly differentiated or very profitable.  These apps are often scale-up, fragile and changes are tightly controlled.  Core IT looks for opportunities to reduce costs by improving efficiency while still ensuring service levels are maintained.
  • Change the Bank (Digital Banking and Mode 2) - This is where LOBs focus their incremental investments.  These systems are focused on delivering new digital experiences to customers that will help the bank compete with the Fintech startups.  The focus here is on innovation and speed of time to market and the apps that run here are designed using modern scale-out web-ready methodologies.  These systems are resilient, auto-scaling and secure by design as they need to be able to face off to an unpredictable set of end user devices, third party providers and external threats.

There are good reasons to ensure strong isolation between these two parts of the bank.  The legacy systems are just not designed for the unpredictable workloads and volume of read/query activity associated with digital banking.  Mode One workloads are typically protected by perimeter security whereas Mode 2 workloads face off to a variety of end user devices, third party systems and external threats - the digital systems will therefore implement micro-segmentation and a variety of techniques to guard against DDOS, for example.

 

But there is another element that is often missed when rethinking the platform to support Bimodal Banking: the Data Integration layer.  Both of these sides of the bank still need to fit into a joined up multi-channel strategy and provide a seamless experience to the customer.  Both sides of the bank will form part of the customer 360 / KYC picture that the bank needs to implement.  Furthermore, the data in Mode 1 systems is often fragmented and these systems need to be insulated from unpredictable workloads and threats and so Mode 2 systems will typically implement a separate caching layer or operational data store.  The Data Bridge between Mode 1 and Mode 2 systems is therefore a key success criteria that will determine how rapidly the bank can deliver new experiences to their customer base.  We therefore see this as a key part of the Digital Innovation Platform.

 

...In the next part of this blog I will look at the next two practices: Digital Workplace and Business Insight

Ok, time for part 2. I'm back on and connected after a few days zip-lining and mountain biking through redwood trees and train tracks in northern California. As I was contemplating part 2, the biking time reminded me that infrastructure automation software end game is not too different. You want to spend the best quality bike time on the downhill adrenaline inducing sweeping single track through the trees versus the mundane paved path to the mountain..i.e. Let infrastructure work for you with automation rather than you tediously working the infrastructure to get better ROI from your quality time.

IMG_20170630_103003958.jpg

 

In Part 1 of this series, I started to peel back some of the well known UCP Advisor features that our customers are using when deploying our infrastructure automation software while sharing some of the updates we made in the most recent UCP Advisor v1.2 release. In this blog, I want to touch on aspects of networking mgmt, day 0 + day 90 administration and cool integrated data protection features.

 

So on to networking. I covered automating all the aspects around deploying storage datastores and compute ESXi hosts in the previous post and I wanted to complete the 3rd leg, the important networking management aspect. From a IP networking aspect, two key aspects I believe are VLAN management and topology views. When you update the VLANs on your distributed virtual switches, UCP Advisor provides an automated facility to synchronize VLANs to the top of rack and/or spine switches that make up your networking fabric. It also provides connectivity information so you can quickly determine the physical infrastructure connectivity topology between ESXi hosts and IP infrastructure. You can visualize some of this clicking on animated GIF below. Of course, firmware upgrade management which I'll chat about in part 3 is included for the networking switches.

 

network2.gif

 

Circling back to day 0 type operations from an administration perspective, most environments do/will end up with multiple appliances, whether its 30 satellite offices each with local needs or a datacenter with multiple UCP appliance pods for application, security and/or multi-tenancy requirements. UCP Advisor has a distributed model to manage multiple appliances from single vCenter including enhanced linked mode configurations. (vSphere 6.5 newly supported in 1.2 release). Each appliance or logical configuration has a dedicated control VM appliance (small Win2k16 based CVM) which allows the scalability to be only limited by vCenter max # of ESXi hosts which it can manage,  1000 at last check. Each appliance or logical system can be quickly on-boarded using CSV configuration to describe the appliance or new infrastructure elements (e.g adding a new chassis of compute on day 89) can be on-boarded using UI. The administration tab also covers aspects lack setting the schedule for automated backup of infrastructure config components, specifically the IP network and FC device configurations.

 

admin.gif

 

Speaking of data protection, UCP Advisor always provides integrated VM and datastore level operational backup and recovery capabilities when HDID software and its V2I component is recognized as being deployed. This is accessible through the data management services tab. With data protection moving to a snap and replicate model vs traditional backup to meet both scalability and fast self service recovery, I think this is an important inclusion. The ability to have every VM newly deployed to be automatically protected and ability to do full or granular recovery of VM data at the drop of a hat is key when you users need it, especially if its a multi-TB VM and time is money...The GIF visual shows you some aspects of this and more details on the VMware protection options from a previous blog I wrote a while back. For vSAN based UCP HC, HDID offers VADP based backup as well.

 

v2i.gif

In part 3, I'll free wheel home and close out to cover automated firmware management, physical workflows capabilities for bare metal support or custom infrastructure needs and some of the vRO and Powershell integrations that are available to further automate your cloud deployment with HDS UCP and UCP Advisor..  Feel free to drop a comment/questions on any aspect or what you would like to me to cover in more detail

We recently rolled out the latest release of UCP Advisor, v1.2, our flag ship infrastructure automation software for converged, hyper-converged and standalone storage.  In a previous blog, I included a longish voice over video which rolled through the various features but I thought I would take the opportunity to peel back the features in a shorter bites while also referencing the latest value features introduced in version 1.2

 

An essential element in converged automation is simplifying the operations and deployment of ESXi hosts, datastores and virtual to physical VLAN synchronization actions. These entities are what UCP Advisor calls virtual/logical resources. <Click animated GIF for visual>

vw.gif

Taking the all important datastore management which traditionally involve multiple admin groups and many days for completion of service tickets. UCP Advisor provides an intuitive interface and workflows for VMFS/NFS datastore creation and hides all the creation complexities and validation of FC zoning across multiple SAN switches, checking that WWPN of ESXi host(s) are in active zone and storage host groups, performing storage LUN creation/masking and finally attachment to ESXi cluster into single click operation. Provisioning times are now at least sub 1 minute. With v1.2 release, we now provide full end to end workflow support for iSCSI and NFS datastores as well.

 

But we have taken this a step further and also generate unique vCenter tagging of the storage capabilities of the just created VMFS datastore(s) using associated HDS VASA Provider software (v3.4). Now the characteristics of that datastore (performance, availability, cost, encryption etc. etc.) are tagged and available to vSphere administrators to exploit in vCenter policy based management framework for provisioning operations whether from vCenter or higher level cloud automation. The vCenter tags also enable admins to quickly find all related objects, for example all datastores that match Tier 1 IOPS Performance + provide data at rest encryption. Pretty cool SPBM for VMFS. <Click animated GIF for full visual>

ds-prov.gif

As referenced earlier, UCP Advisor supports vSAN based hyperconverged like UCP HC (updated support in v1.2 for vSAN 6.6), converged infrastructure like UCP 2000 that uses compute and external storage and a mode called Logical UCP which can manage flexible configurations including standalone storage. For vSAN based UCP HC, UCP Advisor provides visibility to health and capacity of the vSAN compute nodes respective SSD/HDD(s)  that form the cache and capacity tiers of vSAN datastores and also visibility to non allocated devices. It also provides access to compute inventory, topology and operations such as boot order, power and LID operations and most importantly firmware management which I'll cover in subsequent blog in this series <Click on animated GIF for full visual>

 

vsan.gif

 

Speaking of ESXi compute nodes, UCP Advisor can also deploy new node(s) or non-allocated ESXi compute nodes into ESXi clusters running on UCP 2000. It will surface up un-allocated compute nodes on UCP 2000 config (which are SAN Boot ESXi nodes), it will check/update the firmware of node(s) match the cluster, verify WWPNs on new host are correctly configured in active SAN zones and after deployment, it will ensure all existing VMFS and NFS datastores in the cluster are now available and presented to the new node(s). Again, this dramatically increases the time to use for new compute resources added into environment and providing the turnaround times now expected in the age of public computing expectations.

<Click on animated GIF for full visual>

 

deploy server.gif

 

In the next part 2 of this series, I will cover aspects of networking mgmt, on-boarding administration, topology views and integrated data protection and more in part 3

I recently published a short video blog Let's hear it - Introduction to UCP Advisor which introduced a new converged and hyper-converged infrastructure automation and delivery software from HDS. Some great feedback but as expected folks asking for more technical details and an opportunity to see the product in action. With that, here is a 20+ min video I put together which walks through the product including compute, storage, network,data protection and advanced infrastructure management capabilities. As mentioned in the previous blog, the intent is to put infrastructure tasks within the reach of the efficient fingertips of administrators to enable them to accelerate and manage the delivery of VM based application services on that dynamic infrastructure.

 

 

Reminder: You can view video on YouTube by selecting icon on the bottom but ensure the quality settings are set to 720P to view it if it starts looking blurry.

 

<updated Video based on version 1.2 released in June 2017, here is link to 1.2 related blog>

Traditional agent-based backup and recovery solutions can dramatically impact the security, performance and total cost of ownership of virtualized environments. As organizations expand their use of virtualization, hyper-converged infrastructure like VMware vSAN, they need to closely examine whether their data protection strategy supports efficient, fast, secure backups that won’t tax storage, network, budget, or computing resources. As data grows, the need for more frequent data protection and a variety of other challenges have forced administrators to look for alternatives to traditional backups.

 

Backup Challenges

Initially, most backup administrators chose to back up virtual machines by deploying backup agents to each individual virtual machine. Ultimately, however, this approach proved to be inefficient at best. As virtual machines proliferated, managing large numbers of backup agents became challenging. Never mind the fact that, at the time, many backup products were licensed on a per-agent basis. Resource contention also became a huge issue since running multiple, parallel virtual machine backups can exert a significant load on a host server and the underlying storage. Traditional backup and recovery strategies are not adequate to deliver the kind of granular recovery demanded by today’s businesses. Point solutions only further complicate matters, by not safeguarding against local or site failures, while increasing licensing, training and management costs.

 

Business benefit and Solution Value Propositions

Hitachi Data Instance Director (HDID) is the solution to protect Hitachi Unified Compute Platform HC V240 (UCP HC V240) in a hyper converged infrastructure. The solution focuses on the VMware vStorage API for Data Protection (VMware VADP) backup option for software-defined storage . Data Instance Director protects a VMware vSphere environment as a 4-node chassis data solution with options for replicating data to outside the chassis.

Hitachi Data Instance Director provides business-defined data protection so you can modernize, simplify and unify your operational recovery, disaster recovery, and long-tern retention operations. HDID provides storage-based protection of the VMware vSphere environment.

 

Data Instance Director with VMware vStorage API for Data Protection provides the following:

 

  • Agentless backup using the VMware native API
  • Incremental backup that provides backup window reduction
  • Easy to implement and maintain for a virtualization environment
  • Easy to replicate backup data to other destinations or outside of chassis

 

Logical Design

Figure shows the high-level infrastructure for this solution

 

Below are the Use cases and results

 

Use Case

Objective

Test Result

Use Case 1 — Measure the backup-window and storage usage for the VMware VADP backup using Hitachi Data Instance Director on a VMware vSAN datastore.

Deploy the eight virtual machine's DB VMDK evenly on two VMware ESXi hosts with VMware vSAN datastores. The workload runs for 36 hours during the backup test. Take the measurement with both quiesce options enabled/disabled. This backup is a full backup, with initial backup and a later incremental backup.

Initial Full backup

Backup time : 52 Min

Storage used : 1920 GB

 

Incremental Backup with Quiesce ON

Backup time : 4 Min 15 Sec

Storage used : 35.02 GB

 

Incremental Backup with Quiesce OFF

Backup time : 2 Min 25 Sec

Storage used : 34.9 GB

Use Case 2 — Create a cloned virtual machine from the Hitachi Data Instance Director backup

Restore a virtual machine after taking a Hitachi Data Instance Director backup. Measure the timestamp of the restore operation.

Restore backup with HDID

Restore time : 22 Min 15 Sec

Storage used : 213 GB

 

Conclusion

With Hitachi Data Instance Director, you can achieve broader data protection options on the VMware virtualized environment. With VMware VADP CBT, the backup window for the incremental backup was relatively short and optimized.

 

  • Eliminate multi-hour backups without affecting performance
  • Simplifies complex workflows by reducing operational and capital costs with automated copy data management
  • Consolidate your data protection and storage tasks
  • One-stop data protection and management

 

Sincere thanks to  Jose Perez , Jeff Chen, Hossein Heidarian, Michael Nakamura for their vital contribution and making this tech note possible.

 

Please Click Here to get tech note Protect Hitachi Unified Compute Platform HC with VMware vSphere and Hitachi Data Instance Director

Army-duck-dontvolunteer-with-stamp2.2.jpg

You’ll recall from my last blog I volunteered for to give a presentation to an organisation in London and I found myself having signed up to deliver an evening lecture to the Institute of Engineering and Technology on the subject of cloud. I had managed to pull some material together and coerce a colleague into sharing some of the load by applying an equal degree of vagueness in the description!

 

The Event….

So we had a story, I had a willing partner to help share the challenge, we had overcome the anticipation and were as ready as we could be! The Presentation was polished during the day in between client meetings and we headed to the venue for the evening event.

 

The building where the lecture was to be given wasn’t intimidating at all, nor was all the signage hanging in the entrance hall in anticipation.

 

Picture1.pngPicture2.png

 

 

As if the pressure couldn’t have been any greater the venue we were to be using to give our talk was none other than the Alan Turing Lecture Theatre, named after arguably the founding father of modern computing. The registered attendees numbered 100-150, there was to be tea and coffee on arrival followed by a drinks and nibbles reception afterwards with the night concluding around 9PM.

 

Picture3.png

 

We quickly set up, dumped our bags and then headed to the nearest watering hole for a sherbet and lemonade as a steadier in preparation for the event! On our return we kicked off and we introduced on stage by the event organiser. Surprisingly (for me) the audience seemed to be very aware of Cloud technologies and the Cloud field in general, I was therefore sincerely hoping they would be able to get something out of the event.

 

Sylvain and I delivered our presentation which was well received. The audience listened intently and made notes. We covered the HEC value proposition, the key differences in Public and Private Cloud and the fact that our HEC solution offers the public cloud consumption experience of self service and pay per use with the security / latency benefits of retaining IT on premise in a clients data centre. We covered our SLA driven approach to selling, our pricing being more competitive than a Public Cloud alternative and having a holistic solution to address a changing market.

 

Following the presentation, we took some fantastic questions from the audience which were very balanced and somewhat different to what we had heard before due to the diversity of the audience, people were very keen to understand our IoT story as well as our approach to things like machine learning algorithms. The questions would have continued beyond the allowed time however was stopped by the organisers to allow us to retire to the drinks reception.

 

Picture5.png Picture6.png

 

 

The aftermath……

Picture8.png

Now the event was over we could relax and managed to meet many of the members and people from the audience. The feedback was good and they enjoyed the lively debate, some areas of particular interest were what our views were on edge based data analytics and machine learning integration with Cloud IT. I found these discussions to be very enlightening hearing opinions on the industry from outsiders who have a different (and often very well informed) perspective on what we are doing.

 

I managed to team up with a small group including a Dutchman involved in 3D printing of industrial wind turbine blades (who kindly liberated a bottle of wine for us from the main table) and a retired gentleman who was very well read on the subjects of cloud computing following a 60 year career in IT. I avoided the fact that I was born half way through his career but I think I got away with it.

 

In conclusion…..

Although I started this as a “never volunteer for anything” that’s not how I look back on the experience, often we choose to do things squarely inside our comfort zone however its very fulfilling to step outside this now and again. We also tend to stick to the circles socially and professionally of our peers or customers looking to buy what we have to offer. I found it particularly enlightening to hear the opinions of people with a really diverse set of backgrounds which I would never come into contact with ordinarily. So I’d say in conclusion take the time to do things you wouldn’t ordinarily do and hear from people you wouldn’t expect to ordinarily speak to – you’ll be pleased you did.

 

 

Material…

IET Blog of the event

Presentation Slides

 

Neil Lewis

With memories of Sapper Featherstone, British Army - Royal Engineers circa 1946

Allright, this is the technical part, describing how to built the blueprint and what to configure in NSX to make it work like described in the overview. Let's get started, shall we?

 

Getting started

First things first. I have to create a list of requirements in order to master all the challenges such a micro DMZ concept brings. Lets see what we need:

  • NSX installed and ready to be used
    • Integrated with HEC
    • Security groups for Web and DB
    • Virtual wire for DB
    • Edge configured and ready for external traffic
    • DLR (Distributed Logical Router) configured and ready (OSPF, etc...)
    • Security Tags for DB and WEB server
  • Hitachi Enterprise Cloud
    • Linux blueprint / image to use for WEB and DB server
    • Software components to install such as Apache, MySQL, PHP5, etc...
    • Network reservation for on-demand DMZ (routed-on-demand-network) and the DB network (static)

OK - that should be it. I will focus in this part on the NSX config in the blueprint and the designer. Assuming everything else is just fine and had been pre-configured installed by our fine consulting folks. Just like a customer, I am eager to use it - not to install it

Set up the NSX Tags and security policies

OK, I decided to start with the very important and yet super complex NSX integration...

Alright, you got me there, it is actually not that complex to integrate

 

First I created some NSX Security Tags. These can be used to identify VMs and run actions based on the found tags. Also it might be a smart way of dynamically add VMs to security groups in NSX. In order to use them in the HEC blueprint canvas, the Tags need to be pre-existant in NSX.

OK got it, but were do you create these Tags in the first place?

 

Well, this is done in the NSX management in vCenter. To create custom security tags, follow these steps:

  1. Got to the home screen in vCenter and click on Network and Security
  2. In the left hand side menu click on NSX Managers
  3. In the left hand side select your NSX Manager by clicking on it
  4. Click on the Manage tab
  5. Select the Security Tags button in the headline of the Manage tab
  6. 6. Click on the New Security Tag symbol on top left of the table to add a tag.

 

OK, I created the tags "HEC_DB" and "HEC_Web" and am ready for action. These tags are now useable on VMs for advanced processing.

Also, I created two security groups:

  • DbServer
  • WebServer

To create those, go to Networking and Security and click on Service Composer in the left hand side menu.
These security groups are later used to apply the firewall rules onto. The Tags will be used to assign the VMs to their respective security group (DB VM to DbServer, WEB VM to WebServer),  after the VM deployment.

 

Screen Shot 2017-04-04 at 15.55.20.png

This means you are now able to enforce firewall rules to VMs where you might not even know the IP address nor their subnet mask just by putting the VMs in NSX security groups.

Welcome, to the power of the Service Composer in NSX!

 

After the creation of Tags and Groups in NSX

After the security groups have been created we have to set up the rules of engagement, ahem I mean, the rules for communication between the WEB server and the DB server. Since the WEB server is exposed to the internet, we do not want to have him chatty chatting to the DB server as he whishes. Therefore the communication between these two servers (WEB to DB) has to be limited as much as possible in order to keep the security high! These sophisticated firewall rules are set in so called Security Policies.
We can create a new Security Policy by just clicking on the Security Policies tab and selecting the Create Security Policy icon.
Now you can specify rules for interaction between Security Groups on NSX or even from external sources (like the internet) to Security Groups.
In our case, we want the following rules to apply for a secure configuration:

  • WEB Server can access DB sever only to issue MySQL queries using specific MySQL ports
  • The Internet can access the Web Server only by HTTP or HTTPS
  • All other actions from DB to WEB server are blocked
  • All other actions from WEB to DB sever are blocked

Screen Shot 2017-04-04 at 16.07.15.png

 

Voilá: That should be it, now VMs in the DB security group will only allow VMs in the WEB security group access via the MySQL port. All other access is blocked. For the WEB servers, we are even stricter, from the perimeter firewall (aka: the internet), only HTTP and HTTPs will be let through to the WEB server. The only other server outside of the DMZ  the WEB server can reach is the DB server. The communication is only possible via the MySQL ports to initiate DB queries.

 

You might wonder how to enforce all of this without specifying a single subnet or IP address? Well that is solved by the Security Tags. As soon as the VMs are assigned to the right policies in the Service Composer, the rules will be enforced on them, automagically!

 

Create the blueprint

Assuming everything else is just fine and had been configured correctly, we can now start building the actual application. So lets get started with the design, given that I already have created some installable components, so called Application Blueprints, I can start drag and dropping my way to a versatile multi-tier web application.

 

Screen Shot 2017-04-04 at 15.12.59.png

 

I decided to have a DB sever and a WEB server (shocking - isn't it?). In the design canvas I dragged the DB components such as MySQL installation as well as the FST_Industries_DB component on the DB server.

To do this, simply drag and drop the packages onto the VMs. The FST_Industries_DB component is a customising the DB to set up a table space and does make some other minor edits to prepare the DB server for the use of the WEB Server.
After doing that, I dragged Apache, PHP and the FST_Industries_Web component onto the WEB server.

Besides installing all the software assets, the FST_Industries_Web is then creating an on-demand web site which is accessing the DB sever via its full qualified domain name (FQDN). HEC will now install these packages on the specified VMs, it is important to know that all this data is passed on as dynamic variables during the install (IP addresses, domain names, DB names, etc...) Otherwise it would be fairly complex to install anything on demand

 

After the actual service design is done, we need to ensure that the VMs are tagged to auto assign them into the respective security groups in NSX. Therefore you can drag the Tags directly into the canvas.

The Tags are shown in the picture right above each VM, a thin line represents their assignment to each of the VMs

Just drop it somewhere, for the sake of a clean graphic I put it on top of each of the VMs. By clicking on the dragged in security tag, the actual tag value can be assigned. You will see a list of possible NSX security tags, pick HEC_DB for one and WEB_DB for the other - done

 

If you just finished created the Security Tags in NSX, give HEC a moment to pick them up. If they are not showing up after 15 minutes, it might be necessary to re-run the network and security inventory data collection task. You can find it under "Infrastructure -> Compute Resources -> Mouse over vSphere resources -> Data Collection. The Network and Security inventory is the second last entry in the list. Select "Request Now" after creating the tags and wait for its completion. After this they will show up in the design canvas.

Now, the tags need to be formally assigned to each of the VMs. This is done by clicking on the VM in the canvas and selecting the Security tab. In there you will see both tags available, just tick the one which applies:

  • HEC_DB if you selected the DB Server
  • HEC_Web if you selected the WEB server
  • Done!

 

You might wonder why both tags are always displayed in this security settings for the VM. This is because a VM can have multiple security tags - all tags dragged in the canvas will be shown. In our case it is important to make sure to prevent a double select of a tag with a VM, this mite shake up our well thought through security concept (however, it is easy to spot and fix).

Last but not least both VMs need to be placed in a NSX network. For the DB VM, this network ("virtual wire" in NSX slang) needs to be set as an internal and protected network, since possibly other DB servers might run in there as well.

 

Defining the networks to use

For the WEB server, we want to create the DMZ on demand. That means this network is not pre-existent at the time of deployment.

To accomplish this, we need to define two different types of networks in HEC:

 

Do not get over excited by the term "External" in this case, that refers to all networks that are pre-existing before the time of deploying a service. The "Routed" network is different, this one is a pure logical construct which only comes to life at the time of deployment. This will be configured to form smaller networks to than place the newly created VMs into them.

Therefore its configuration might be a bit confusing in the first place. To configure the network profiles in HEC, go to Infrastructure -> Reservations -> Network Profiles and click on New to select either External or Routed.

The External one has to be pre-existing, which means it has to be defined in NSX before it can be added to HEC.

 

This means you have to create a new virtual wire in NSX prior to the selection in HEC.

The Routed one is more difficult, this is why I think it might be worth going over its options quickly. In the form you will see the following fields:

 

Provide a valid name: DMZ_OnDemand

Description: DMZ network, created on demand each time for every deployment

External Network profile: Transport*

Subnet mask: 255.255.192.0**

Range subnet mask: 255.255.255.240***

Base IP: 172.30.50.1

 

OK, here we are in the networking nirvana. What does all this mean. Just let me explain the "*" real quick:

*: The transport network for your DLR. This is configured during NSX setup for external network access. To describe how to do this would be to much detail for this blog post. In our case, it is named "Transport", but you can name it also Bob, Jon, or Fritzifratzi if that works better for your use case

 

 

**: This is the subnet mask, defining how much devices we want to put into the micro DMZs. In this case it is a /18 subnet mask, which gives us "only" 16,382 addresses. You could also go for a /16 which would give you 65,534 or a /14 for a whopping 262,142 addresses. But be careful, all these addresses are pre-calculated by HEC, which can be quite CPU intense if you chose big ranges.

 

***: The subnet mask for the different small network areas. Basically it creates the "micro" networks, based on the given subnet mask (255.255.255.192.0) and uses the /28 subnet mask (255.255.255.240) to create a net with 14 useable addresses.

This means HEC will now go ahead and create as many small subnets as possible using the provided big /18 (255.255.192.0) subnet mask. In my case it will create network chunks looking like this:

  • 172.30.50.1 - 172.30.50.14 (useable addresses)
  • 172.30.50.17 - 172.30.50.30
  • ...
  • 172.30.63.225 - 172.30.63.238
  • 172.30.63.241 - 172.30.63.254

 

Now you might wonder why there are small gaps between these address spaces. That is because only the useable 14 addresses are shown. For example, the first address is 172.30.50.1, the network address would be 172.30.50.0 and the broadcast address would be 172.30.50.15. So the entire network is actually 172.30.50.0 - 172.30.50.15. But given how networks work the network address and the broadcast address can't be used for servers, leaving a total of 14 addresses useable. It is important to understand that principle in order to make the networks chunks big enough for the amount of servers to be in them.

 

If all this network calculations, slicing and subletting is creating the father of all headaches don't give up! There are quite nice websites which do all the calculations mentioned here for you. One of these sites can be found here:

IP Calculator / IP Subnetting

 

What have we achieved so far

Good, after all this hard work of clicking and brain twisting network mask calculations the setup is finally done.

We configured security tags, automatically assigned them to the right VMs. Firewall rules will assure only allowed protocol communication from one security group to another.

The VMs and its software get installed by HEC, once the tags are assigned and the VMs are installed one is placed in a static and the other one is placed in a routed network. The routed network will be sliced by a subnet algorithm to only allow 14 devices, each WEB server will have its own DMZ.
After all that has been configured by HEC, the NSX security kicks in and our freshly deployed application will work like intended and only let MySQL queries reach the DB server. Also, HTTP / HTTPs queries from the internet can only reach our WEB server running in its very own "private" DMZ. All of this is created for each and every new application being deployed.

 

To Summarize

Wow, after all this clicking and configuring and calculating we do have a quite comprehensive blueprint, not only setting up a full service with a single mouse click, but also providing enterprise grade IT security for each and every deployment.

Not only through the firewall and security capabilities of NSX, but also through the flexible and purpose ready design of a micro DMZ per WEB server per service. This is an achievement which would be fairly difficult to reach without the capable technologies introduced by HEC.

 

If you want to see all this running, stay tuned for the next article in this series showing all of this working in our HEC Solution Centre environment which is located in the Netherlands in a wonderful small town called Zaltbommel...

Right, if Francois Zimmermann is in no mood for sharing his Heinz baked beans with the imminent threat of Doomsday, then fine, I will get my own tin of beans and get on with my survival strategy. This, you may recall from my previous blog, is about creating a multi-tier application blueprint using NSX with Hitachi Enterprise Cloud (HEC) which plays an important role in securing your data from potential everyday hackers let alone those in a Doomsday threat. This is where I get into the technical detail especially around micro-segmentation? More of that later.

 

Technical Alert!! If you are interested in a detailed explanation go to the “techies” part of this blog. If not, read on for the high level summary...

The “Micro” in Micro Segmentation

To create a more secure environment than a traditional DMZ we would have to change the DMZ from being traditional, monolithic and predefined structure into one that is more flexible, agile and dynamic.

Micro segmentation is a well used term when it comes to network virtualization, but what does it actually mean? It stands for a way to permit traffic from one instance to the other, even if they are on the same network with the same IP address.

 

You can think of micro-segmentation as isolation of workloads on the same network. As an example, typical networks are like trains, you can move from one carriage to another carriage within the same train easily. Micro-segmentation is more like cars on a highway. All are driving on the same highway in the same direction (more or less), but changing from one car to another while moving is almost impossible.

 

If you think of this network with a given IP subnet as a segment, typically every server within that segment can talk to each other. So traditionally, you had to separate an entire segment in order to prevent one server in segment A talking to another server in segment B.

MicroSegmentation_Off.png

While servers in the same segment, like Server A1 and Server A2 can directly “talk” to each other.

 

Now, in the software defined world this is all “snow from yesterday” (sorry – famous Austrian saying which means – Old News). With the new capabilities of dynamic firewalling and policy based VM security profiles, we could achieve a similar outcome without putting the servers in two different networks.

In this case, the firewall would be acting as if it might sit right in between the two servers, allowing only specific protocols to connect to the peer server. In some cases, communication can be terminated entirely to any peer server, which is often used in desktop environments.

A micro segmented network might look like this:

MicroSegmentation_On.png

Now in this case, Server A is only allowed to talk to Server B through a firewall, using specific ports to communicate. All other direct communication is prohibited. This makes the management easier since you can add a security layer even if servers are running in the same network. The big benefit is, that this security layer can be managed centrally and applied on demand to any group of servers.

 

So what does all of this mean for our “Micro DMZ” project? Everything!

 

The first step is to setup up one DMZ per service. A service might be any WEB server and DB server pair or similar. In a traditional datacentre you might use a static DMZ and place the WebServer there and then place the DB server in an internal network. But as described in part 1 of my blog series, there might be a more secure way of doing that.

And this is where “micro” comes into play. Instead of creating a big DMZ housing everything exposed to the internet, we are creating many small DMZs. One for each service. The service itself does not need to know anything about that, since the software defined infrastructure takes care of setting all the rules and routes in order to work properly.

Tip: If you want to see all the techy details and want to get a crash course in subnet calculations (what was /24 again?) visit this technical part of this blog

Now, when a new service is rolled out, it gets its very own DMZ and firewall rules. With the use of micro segmentation within the DMZ – web servers cannot talk to each other but they can talk to their DB server peers. This makes the DMZ itself more secure. Also, since each service has its own DMZ, a security breach will never affect other services, indeed it might very well only affect the very Webserver experiencing the security flaw.

 

With this technology, you can limit the impact of a security breach from being catastrophic to just being slightly annoying at best.

 

So are we now in Lock Down?

In a Doomsday scenario, instead of the rebels rushing into my shelter and stealing and breaking my stuff, they just get a glimpse of my security fence. If they manage to break through that, they see…

 

…wait for it…

 

Another security fence

 

The use of multiple DMZs and micro segmentation within those DMZs is enhancing the security layer significnatly. Everything is managed from a central instance so no micro management (pun intended) for the micro segmentation is needed. If we run through the technical part of this configuration and finish all of the step by step configuration items we are nearly done reaching the final solution. If the configuration of the blueprint is completed successfully, everything should automatically unfold in our Hitachi Enterprise Cloud solution, again, saving us a ton of time and effort for every new deployment of a service. Also, with every additional new service deployment the security is enhanced, not diminished!

 

Meanwhile, I’ve worked up an appetite so I need to crack into my stock of baked beans whilst the tests run. I’ll be back later with the results and take you through some seriously deep dive technical actions which makes the magic unfold and finally get us into secure lock down.

 

I wonder how my buddy, ole Mr"Get your own beans" is getting on with his NSX shelter? Is it secure enough to protect his services from the latest ransomware madness?

Which leaves me to ask, "What are you doing to enhance your security for your new or existing services?"

The-Future-Of-Big-Iron-V3 copy.jpg

Not a week goes by without an article that compares "web native applications" with "legacy applications".  The implication is that all innovation and competitive edge will come from well-behaved scale-out containerized apps.  But how true is this?

 

In the next 1-2 years companies will invest in the following scale-up, big-iron, 'fragile', non-cloud-ready technologies for specific use cases where they believe they can get a substantial business advantage:

  • Storage Class Memory to support in-memory computing - We already have customers who deploy technologies like SAP HANA to reduce the time it takes to roll up their forecasts and stock positions from days to minutes.  With the introduction of Storage Class Memory in the Skylake timeframe ever-larger data sets will be able to take advantage of the extreme flexibility if in-memory computing and businesses will leverage this to be able to interrogate and model market data and improve business instrumentation.
  • Specialized hardware for Artificial Intelligence - Many companies will start to look at deep learning technologies as a way of optimizing complex business problems and automating processes to drive competitive advantage. Machine learning algorithms can run on general purpose infrastructure but the learning speed for large data sets is typically constrained by the bandwidth between processing nodes.  Rather than trying to overcome these by changing the algorithms it will be faster to just deploy specialist hardware that is optimized for running Neural Networks (e.g. Intel Lake Crest).
  • NVMe and alternatives to Ethernet for low latency apps - Algorithmic trading and low latency transactional workloads will look to alternatives to commodity interconnects to provide the sort of marginal gains that they need to maintain advantage.
  • FPGA acceleration - When Intel bought Altera we started to talk about ways to move 'beyond Moore's law' for certain types of workload that needed to crunch a large amount of parallel data streams at wire speed.  For example, we believe this will be particularly relevant when looking at use cases like Stream Analytics - How do I efficiently aggregate and sort data from a bunch of continuous data streams from IoT, market or web sources?  How can I sort through all that data in-flight so that I can only retain what is useful and quickly identify items of interest in all the noise?  How can I raise events and actions against these in real time?

 

In my last post I spoke about the need to integrate the management of Mode One and Mode Two environments - this is required in order to be able to run existing core workloads AND also enable the delivery organization to make the  transition to DevOps practices.  Now we have another dimension: I can deliver innovation to my business by enabling rapid software development AND by enabling rapid adoption of specific "hardware assist" technologies that deliver a compelling competitive edge.

 

In order to solve both of these problem sets we have started to speak about the need to move beyond the Software Defined Data Center to a Programmable Data Center. This new paradigm aims to solve the problem of how you can consume both specialized hardware acceleration (for cutting-edge or scale-up workloads) and commodity infrastructure services (for well-behaved scale-out cloud-native apps).  When physical infrastructure services can be programmed as easily as virtual services then you are able to provide a real innovation platform – one that enables you to rapidly adopt these difficult, cutting edge technologies ahead of your competitors and get a real market advantage.

If like most of us, you are time poor then get the "skinny" from this Infographic on how HDS has delivered tangible outcomes to SPAR via a Private Cloud Solution based on Hitachi Unified Compute Platform and VMware technology.

 

Short and to the point....

 

Enjoy!

Well here’s your chance to get  a quick view of our offering which comes directly from HDS’ Centre of Excellence based in the Netherlands. Dylan Lange takes 5 mins to show us around the V240F VMware environment touching on data reduction, erasure coding, storage and space efficiency policies.

 

Simple and so easy.  Plus "No More SAN".

 

Take a look -  then share with those who should be in the know! ;-)

 

NoMoreSAN-emblem-highres.jpg

Many businesses are constrained by legacy IT infrastructure that is not well suited for VDI initiatives. Soiled data centers,composed of independent compute, storage, and networks with distinct administrative interfaces are inherently inefficient, cumbersome, and costly. Each platform requires support, maintenance, licensing, power, and cooling — not to mention a set of dedicated resources capable of administrating and maintaining these elements. Rolling out a new application like VDI becomes a manually intensive, time-consuming proposition involving a number of different technology platforms, management interfaces, and operations teams. Expanding system capacity can take days or even weeks, and requires complex provisioning and administration.Troubleshooting problems and performing routine data backup, replication, and recovery tasks can be just as inefficient.While grappling with this complexity, organizations also need to address challenges that are unique to VDI.

VDI Challenges

1.  Difficulty in sizing VDI workloads upfront, due to the randomness and unpredictability of user behavior.

2.  Periodic spikes in demand, such as “login storms” and “boot storms”, that may significantly

     degrade performance if not properly handled.

3.  High cost of downtime in the event of an outage.

Business benefit and Solution Value Propositions

Hitachi UCP HC addresses each of these challenges by providing a scalable, building block-style approach to deploying an infrastructure for VDI, offering the enterprise predictable costs, and delivering a high-performing desktop experience to end users. VDI Load Generation for this Solution, VDI Performance has been captured for Task, Knowledge and Power Users.

 

The reference architecture guide "VMware Horizon View 7 with UCP HC" is used to design a hyper-converged solution for VMware Horizon View 7 with Instant Clone on Hitachi Unified Compute Platform HC (UCP HC) for VDI environment. This describes the performance of Microsoft® Windows 10® Virtual Desktops and Microsoft RDSH remote sessions on a 4-node UCP HC compute vSAN cluster with a mixture of Power workers, Knowledge workers and Task workers using Instant Cloning features. This environment uses integrated servers, storage systems, and network with storage software in a unified compute converged solution for VDI environment. The 4-node UCP HC provides better performance and throughput with low latency.

 

The dedicated UCP HC nodes run ESXi 6.0 U2 with VMware vSAN 6.0 clusters using VMware Horizon View 7. This VDI environment solution uses Microsoft Windows 10 virtual desktops and Microsoft® Windows Server® 2012 R2 RDSH remote sessions.

 

This document is for the following audiences:

  • Corporate Desktop administrators
  • Storage administrators
  • IT help desk
  • IT professionals such as a Pre-sale solution team
  • Customer CIO

 

Logical Design

Figure shows the high-level infrastructure for this solution

 

 

There are two scenarios taken into consideration to capture the performance results separately. First, a Windows 10 VDI pool of 250 VMs was deployed and the results were captured. Later this pool was erased and the UCP HC  vSAN cluster was recreated to deploy a new RDS pool of 250 VMs to capture performance results separately.

 

Use Case
ObjectiveResults
Duplication and Compression of UCP HC vSAN DatastoreDedup and Compressed vSAN datastore used for creating 250 Virtual Desktops

Dedup and Compressation ratio for 250 VMs is 4.19 times and saved space is 2.46 TB

Before : 3.23 TB, After : 789.16 GB

Boot Storm

Scenario 1 : Boot storm for 250 Windows 10 virtual desktop

Scenario 2: Boot storm for 250 Windows RDS machines

Scenario 1 result : Took 5 minutes to boot up

Boot IOPS peak    :  10,000

Boot IOPS Avg      :  6000

Avg read latency    :  35ms

Avg write latency    :  30ms

 

Scenario 2 result : Took 6 minutes to boot up

Boot IOPS peak    :  13,000

Boot IOPS Avg      :  5678

Avg read latency    :  35ms

Avg write latency    :  30ms

Login StormLogin to 250 virtual dektops using LoginVSI tool during logon period of 1-48 minLoginstorm duration was from 1-48 min and percent utilization peaks at approximately 72% and 66% for both scenarios respectively
Steady StateGenerated workload using LoginVSI for workload profile - Power, Knowledge, Task for both the scenarios with various microsoft applicationsSteady storm duration was from 48-50 min and percent utilization peaks at approximately 63% and 75% for both scenarios respectively
LoginVSI WorkloadLoginVSI workload profile is used to verify whether VSImax is reached for Power,Knowledge and Task UsersVSImax is not reached for Power, Knowledge and Task users in both the scenarios

 

Conclusion

Architecture provides guidance to organizations implementing VMware Horizon 7 on UCP HC infrastructure, and

describes tests performed by Hitachi Data Systems to validate and measure the operation and performance of the recommended solution, including third-party validated performance testing from Login VSI, the industry standard benchmarking tool for virtualized workloads.Organizations are looking to VDI solutions like VMware Horizon to reduce software licensing, distribution and administration expenses, and to improve security and compliance. The market-leading hyper-converged infrastructure platform from Hitachi Data Systems helps to deliver the promised benefits of VDI, while overcoming many common challenges.

 

Hitachi UCP HC for VDI provides:

  • Simplified deployment for a hyper-converged Infrastructure.
  • Ability to start small and scale out in affordable increments—from pilot to production.
  • Highest density of desktops per node in the hyper-converged infrastructure category.
  • Independently validated, unmatched VDI performance for a superb end user experience.
  • Deployment of full-clone desktops with the same data efficiency as linked clones.
  • Enterprise-class data protection and resiliency

 

Sincere thanks to  Jose Perez , Jeff Chen, Hossein Heidarian, Michael Nakamura for their vital contribution and making this paper possible.

 

Please Click Here to get reference architecture guide to VMware Horizon View 7 with UCP HC