Make Life Easier by Using Key VMware vSphere Integration PointsBy Matt Vandenbeld
I’ve been given the opportunity to present at the vForum in Vancouver, Canada on December 5. The topic they gave me was “Integration points to take you farther today and tomorrow”. This is not something I would have picked for myself, but in retrospect, I’m glad it happened the way it did.
I was aware of VMware’s integration with components we use every day, but when you take a deeper look, it really is quite an impressive list of features. It’s perplexing to me that among my travels relatively few people are using all the integration pieces they can. They are missing out on some really cool features that make a lot of pain points go away.
Why don’t people use them? I think a lot of it is not knowing what’s out there and how it works with what they have. I now take it upon myself to try to educate everyone I have a chance to talk with on these integration points. There are way too many to list in any easy manner, but I like to highlight some major ones to get the mind going. I encourage everyone to see how their current storage, network, compute, security, and data protection products integrate with vSphere. If it doesn’t have the features right now, keep it in mind when upgrade time comes along and ask your vendors how the new product will integrate. It might solve some issues for you or just make your life easier, which is never bad!
I’m going to highlight some common integration points so you can get a sense of how effective they are.
So what is an integration point? In simplest terms, it’s a vSphere feature that a third-party component can leverage to improve the environment as a whole. Some of the most common vSphere features are listed here:
- vCloud Networking and Security
This is only a subset of what’s out there, and each point includes multiple integration options. I promise this will all become clearer shortly.
We all backup up data. I’m going to go with that assumption, because if you are not—you should. Backup is one of those big headaches most of us have. It’s a necessary evil. Backups can kill networks, topple storage devices, and bring vSphere hosts to a crawl. It doesn’t have to be this way!
VADP to the rescue! So what is VADP? Well it’s the vStorage APIs for Data Protection. Clear as mud, right? Well, in a nutshell VADP allows all sorts of backup offload options. VADP allows for backup software to communicate with the ESXi hosts and can take the backup agent out of the guest OS. It will also snapshot your guests for you, so you have a nice clean full backup. I’m going to include a couple common uses of VADP to illustrate this concept.
First is EMC’s Networker, which installs storage proxies into clusters which communicate with the master server to perform backups. These proxies, when initiated, perform a snapshot on multiple VMs and then stream the data to a designated backup device. The main advantage of this is that now you have one VM doing the backup on a designated network. How does that help? Well, you are saving the CPU cycles of your application servers, and you can also monitor the bandwidth on the specific backup network, again to prevent you from affecting your applications. The process is depicted below.
Second is “Backup and Recovery” provided via the NetApp Virtual Storage Console. This handy application plugs in to vCenter and allows you to do storage offloaded backups for all your VMs. When a backup is run, vCenter initiates a snapshot on the designated VMs. Once the snapshots are complete, the storage device performs a snapshot. You can then replicate this snapshot to another device. The beauty of this is that all the work is done on the backend. Let the storage device do the storage work!
There are many other vendors that provide these options. Chances are the one you use right now can do this. I also want to point out that this works for file level restores as well, not just full VM.
How many out there have tipped over a storage device thanks to a virus scan? I’ve seen this more times than I care to. Thankfully, there are some integration points to help! vShield Endpoint, which is bundled in the vCloud Networking and Security Suite (VCNS), allows for approved vendors to plug in to the hypervisor to offload much of the anti-virus workload. This used to be called VMsafe for those catching up. Trend was the first contender in this space and has the Deep Security suite that greatly eases your virus-fighting woes. Actually it does a great deal more than just anti-virus; it includes many features which are detailed below.
I highly recommend looking in to vShield Endpoint options with your security vendors. There is nothing worse than someone changing your scan schedule on you when you are hosting 500 virtual desktops with the agent in the OS. Trust me.
Compute integration isn’t as fancy as the other pieces, yet is still very useful. Products like HP SIM can view a lot of the information about an ESX host and its hardware components. This helps a lot when trying to get a holistic view of your environment.
Perhaps the most obvious network integration product is the Cisco 1000v virtual switch. This has been out for quite some time. It’s also free now in certain packages (no support though) so I am seeing more uptake in it. What’s it add? Well, it allows your network guys to manage the network – end to end. No more “black hole” when traffic hits the virtual switch. It’s a switch just like all the other switches the network team manages, all the bells and whistles included. Don’t believe me? Check it out!
Looks like a standard Nexus switch, does it not? Port profiles are created on the 1000v by the administrator. These port profiles function the same as a portgroup to the vSphere admins. We simply assign a port profile to a VM and bam: It’s on the network according to the policy dictated in the profile.
Another new and exciting addition for integration is vCloud Networking and Security. This is very new but already boasts a great deal of third-party integration. Yes, your cloud can integrate with your firewall services amongst others!
You are going to see a lot of this in the near future as third-party services are part of the core design.
This is the area with perhaps the most integration pieces, and some of the most important. At the core is VAAI, vStorage APIs for Array Integration (try saying that five times fast). VAAI allows for the offloading of common storage tasks to the storage device, stuff like clones, svMotion, deletes and offers the Atomic Test and Set (ATS), which allows granular locking on LUNs. Tis allows for more VMs per LUN and bigger datastores. This is one of those integration points that you might be running and don’t know it. Run “esxcli storage core device vaai status get –d <datastore>” on your host as shown below.
If you are unsupported, find out why. Most likely, you need a firmware update on your storage device. Storage admins might complain, but it is worth it to your environment.
Another very cool yet under-utilized integration point is VASA, vStorage APIs for Storage Awareness. (I know. Who names this stuff?) I really wish more people used this. This feature allows your storage array to tell vSphere what it’s made of. Couple this with storage profiles and you have an easy way of ensuring your applications are on the right kind of disk. Again, your array probably has this, but you just don’t know it.
These are just a few of the many, many integration points vSphere offers. Every day it seems more are added to the list, and that trend will continue. I cannot emphasize enough to check what you have and to check with your vendors. Make use of these features! Make your life easier!
About the Author
Matt Vandenbeld is VCDX-DCV #107 and a vExpert, currently employed at Long View Systems in Calgary, Alberta, Canada as a Technical Architect specializing in virtual infrastructures. He holds numerous industry certs, RHCSA, MCSE, VCP, VTSP, VCAP-DCA/DCD, and many others. He's been in the IT industry for over 10 years, specializing in virtualization for the last six. Cloud and virtualization is my passion. I know, Im a geek. Or is it a vGeek? I love to learn and talk about any topic, especially virtualization!
Author's Website: http://www.cloudmatt.com/
- What’s New in VMware vSphere 5
- New Training Release: VMware vSphere 5 Training
- vSphere Advanced Networking Training
- Advance Your Career With Our VMware vSphere 4 VCAP Training Package
- Coming Soon: VMware vSphere 5 Training
- Master vSphere and Transform Your IT Infrastructure with VMware vSphere Training
- vSphere Security: A Tour of the vSphere vShield Suite
- VMware vSphere Security for Unfrozen Caveman Security Architects
- VMware VCAP-DCA Exam Section 6: vSphere Troubleshooting
- Rogue Access Points: Still Here and Still a Threat