SUSTAINABILITY VIA DESKTOP VIRTUALIZATION Trials and Tribulations with VMWare, SunRay and the Sun 7000 Series Storage

INSPIRATION Virtual Computing Lab

Old Lab space now Offices Desktop Replacement

Graduate Students target audience Slow machines (4-5 years old)

Not for everyone Adequate for most ‘everyday’ tasks

LAYERS Storage Layer

Sun 7000 series SAN Network Layer

1 Gbit Switches (10 Gb uplinks) Virtualization Layer

VMware View 4.0 VMware View Manager 4.0

SunRay Layer SunRay 5 (well really 4.2)

SUSTAINABILITY Footprint

Electronic Waste 50 Desktops vs Servers

Power Footprint (sample size 50) 50x Sunray + 2x Server + SAN = (50x3.9w1) +

(2x380w2) + (1x500w3) ~ 1455w 50x Desktop = 50x(128w – 260w4) ~ 6400w – 13000w

LifeSpan Server LifeSpan vs Desktop SunRay LifeSpan (4x a regular computer *according to

Oracle) Management

Easier Upgrade Path handful of servers vs many desktops

Imaging physical machines vs virtualhttp://www.oracle.com/us/technologies/virtualization/061984.html 1

http://solutions.dell.com/DellStarOnline/DCCP.aspx 2

http://www.sun.com/calc/storage/disk_systems/unified_storage/7310/ 3

http://www.dell.com/downloads/global/corporate/environ/comply/precn_t3500.pdf4

SUSTAINABILITY Software Cost

VMware View 4.0 10 pack license: $1100 3 yr support (free upgrades) per 10 pack: $800 $190/desktop or $63/year

STORAGE LAYER Sun 7000 Series

ISCSI, NFS, CIFS, FC, IB Deduplication

Extraordinary capacity savings in this application Replication

Replicate Important VM’s to a 7110 Snapshots (instant) Flash acceleration Analytics All baked in (no additional licensing costs)

ISCSI vs FC vs IB… We opted for ISCSI because of the pricepoint

2x Dell 6248 with 10GB uplinks - $2000/each Comparable FC Switch: $4000/ea + HBAs Comparable IB Switch: $6000/ea + HBAs

STORAGE LAYER Concept of Clustering

2 Heads connected together via proprietary ‘heartbeat’ cards

Concept of an “owner” of a resource. Failover/Failback ½ the resources on each node in a passive state

30 Simultaneous VM’s in use (Matlab) ~35% Memory Usage 10-25% CPU Usage (spiking up and down) Peak burst of ~300 MB/sec on the SAN (12

spindles) Average IOP latency ~70ms 125GB Hard Disk Space used

STORAGE LAYER Analytics

STORAGE LAYER Analytics:

ARC cache hits – 90%+ Latency becomes an issue under heavy load –

99% of ops below 125ms

Scaling Single head, 1 shelf keeping up with 50 vms in

our environment. 2nd CPU, Ram (cache) additional disk shelves (up to 5.5 more) up to 6x ‘Read Zillas’ per head (100GB read cache

each Utilize 2nd head (active/active) on both trays

NETWORK LAYER

NETWORK LAYER 10 Gbit uplinks to SAN 1 Gbit connections to ESX servers

NIC Teaming http://www.vmware.com/files/pdf/virtual_networking_co

ncepts.pdf VM networks, Data network, Management

Network

NETWORK LAYER VMWare ISCSI vs QLogic

Minimal Resource savings with QLogic QLogic boot off ISCSI QLogic dual port card

Each head on a dedicated port Multiple VMKernels (possible?)

VIRTUALIZATION LAYER VMWare View 4.0

Uses VMware VSphere 4 for Virtualization ‘Enterprise’ license equivalent

VirtualCenter Central Management of all VM’s

Cloning, Migration, Resource Management

VIRTUALIZATION LAYER VMware View Server

Manage all View Components Desktop Pools, Entitlements, Sessions,

VIRTUALIZATION LAYER VMware Composer

Pools Automated

Persistent Dedicate VM’s to each user Statically assigned when a user logs in

Non-Persistent Typical “Lab” setup ‘Deep Freeze’ equiv. – machine deleted after logout Automated Provisioning

Individual/Manual Single VM

Terminal Server Connector

VIRTUALIZATION LAYER VMware View Login outside of sunray

Web Based - https ActiveX/Java Launcher

VIRTUALIZATION LAYER Resource Management cont’d

VM Settings Customized per pool/application

Resource Pools Reserve resources Set Limits

Linked Clone Copy Built in DeDuping (VMWare side not SAN side) 32 bit OS’s ONLY Point a Pool to a VM snapshot

Entitlements Permission to access a given VM or Pool Synchronized to AD

SUNRAY LAYER SunRay Server 5.0

Core Services access to Solaris Sessions Terminal Server Connector VMware View Connector

Recommended running on Solaris vs Linux Kiosk mode

Allows a session to be run without a user actually logging in Mode used for both VMware View connector and TS connector Session initiated -> connect to service -> process login

session SSL encryption both up and down Works flawlessly from home behind NAT

Nearly identical performance to on campus Solaris acquires the session to VMware/TS and proxies to

SunRay. Session exists on Solaris

SUNRAY LAYER Management is centralized

Key Card Logins 3rd party AD software required for “card only” logins Username/Password acquires Kerberos token – bound

to card Sunray Side “Hot Desking”

Login with Key Card Pulling Key card == Auto logoff Keycard can be used to resume session at any other Sunray

SUNRAY LAYER Setup walkthrough

Install Sun/Ray Package – configure Install View Connector Connect to web GUI – https://servername:1661 Enable Kiosk mode – set to Vmware View Manager Arguments: -s <server> -d <default_domain>

Bootup Sequence SunRay Powers on SunRay obtains DHCP address (optional) Secures a VPN connection Looks for Option 49 (x-display-manager) from dhcp Looks for sunray-servers.<dhcp assigned domain> GUI Pop-Up Menu manual configure

PROBLEMS/DIFFICULTIES DHCP

VMware View VM’s not releasing DHCP addresses Blow through 100 ip’s in an hour with a class Short (1 hour) lease time now GPO shutdown script to release? Registry setting? (98/NT only?) Untested

Initial POC VMware View 3 Poor performance with ESX 3.5 software initiator and

Sun 7000 series 2-5MB/sec Increased to ~20MB/sec when we enabled write

cache on 7000 series LUNs (not the default!) Upgrade to ESX4 ISCSI initiator maxes out 1 Gbit

connection

PROBLEMS/DIFFICULTIES SunRay Incompatibilities

View connector only officially supports View 3.0 View 4 coming ‘soon’ No MMR support No Flash Acceleration No Windows 7 support (no USB or sound in win7) Demonstrate performance?

Still ‘adequate’ for most users 1-Way Audio Stream

No Skype or Teleconferencing VMware View and 64 bit Servers

Even though View 4 came out in Nov. 2009 they do not support any 64 bit version of windows Server.

Mostly works – until you create replicas

PROBLEMS/DIFFICULTIES VMware Management tools

Windows only Unix/Linux Perl Toolkit (automation?)

NETID authentication NETID users can login to system Currently cannot entitle NETID users View browses/binds to LDAP via machine account Workaround/override with VMware? One way trust with NETID Delegated OU’s?

Script adding users Currently use python to batch add users to AD Can share if interested

PROBLEMS/DIFFICULTIES Upgrading the SAN

Clustering alleviates a lot of this Single 7000 series?

QUESTIONS? Chris Henry chenry3@uw.edu

import win32com,win32com.clientimport stringfrom random import choicepassword_size = 6def add_acct(location,user): ad_obj=win32com.client.GetObject(location)

ad_user=ad_obj.Create('user','cn='+user['login']) ad_user.Put('sAMAccountName',user['login']) ad_user.Put('userPrincipalName',user['login']+'@mydomain.com') ad_user.Put('DisplayName',user['first']+' '+user['last']) #fullname ad_user.Put('givenName',user['first']) ad_user.Put('sn',user['last']) ad_user.Put('description','Description of Employee') ad_user.Put('HomeDirectory',r'\\server1\homes\ '[:-1]+user['login']) #user \\server1\homes\<user> for

homedirectory ad_user.Put('HomeDrive','H:') ad_user.SetInfo();ad_user.GetInfo() ad_user.AccountDisabled=0 password = ''.join([choice(string.letters + string.digits) for i in range(password_size)]) password = password +'1aB' # append '1aB' to end of password so we're positive it meets complexity

requirements print 'user:' + user['login'] + ',password: ' + password ad_user.setpassword(password) ad_user.Put('pwdLastSet',0) #-- force reset of password ad_user.SetInfo()

def main(): user_list = open('C:\Users\username\Desktop\my_user_list.csv') for line in user_list: if line == None: break else: user_info = line.split(',') user={'first':user_info[1].strip(),'last':user_info[0].strip(),'login':user_info[2].strip()} location='LDAP://DC1.example.com/OU=myOU,DC=example,DC=com' add_acct(location,user)

if __name__ == '__main__': main()