The Gurleyman Posts

Through the years, I have been blessed and cursed by technology communities. Some foster cooperative atmospheres, pour in valuable content, and stoke ingenuity. Others are deserts and catacombs of enigmatic data with often similarly convoluted support structures.

I recently put together some feedback points for a burgeoning community and wanted to share it with the wider realm. Hopefully other organizations can read and improve their user groups and the domains they provide for collaboration.

Special thanks and credit to SolarWinds and their awesome investment in the Thwack community for many years. You’re one of the benchmarks for the thoughts below.


blacklist_secint_eventsLast week I had a situation where an external client was reporting a complete inability to access any of our internet-accessible resources. If they changed IPs, though, they were fine. Considering it was over the Labor Day weekend, that we hadn’t changed *anything*, and that only this one client was having the problem, it seemed clear that the cause wasn’t on my side. They were small with outsourced IT, though, so pointing the finger back didn’t help much.

The fly in the ointment even for pointing at a cause was also that I didn’t have any logs of their traffic getting dropped. Normally I can search for initiating IPs or zoom into a small time window and find connections. Not this time. That left me with my own mental loophole of doubt about whether I actually did have an issue on my end.

So I opened a case with Cisco TAC, gave them the troubleshoot file dumps and asked for analysis. They stumbled some because I wasn’t able to attempt a reproduction on demand, since I didn’t have access to the client’s network to try things. TAC tried disabling some completely unrelated Snort rules, which did nothing (as expected). Eventually, I added a temporary explicit trust rule on their traffic so that they could regain access while we dug deeper. Once allowed, the connections were visible in FireSight Management Center (Defense Center) > Analysis > Connections > Events.

A couple days later, TAC returned with the root cause. The Sourcefire Security Intelligence Feed for Malware was blocking the client’s IP. That would have been really great to know on day 1, so I could have asked the client’s IT to address it. Of course, when I did give that root cause back to their IT, they responded that they knew about being blacklisted two days before reporting access issues to our network. Did they mention that at all? Nope. Where’s the love, people?

Networking Security Technology

Dilpreet & Mohan did a great job laying out the install and upgrade paths to reach vCenter 6.0, whether in Appliance or Windows mode. As I mentioned yesterday, the VMware team is encouraging customers to choose the Appliance (VCSA) moving forward due to increased performance, decreased complexity, and overall conformity. You gain much and lose nothing…except:

vSphere Update Manager (VUM), which will be integrated into VCSA in a 2016 release (Yay!). Presumably this will be vSphere 6.1 as that would put vSphere 6.0 a year old and this landmark milestone is too big (in my opinion) for a mere “Update 2”.

Dilpreet was kind to explain that the update which brings VUM integration will pull the VUM configuration & data from existing VUM (Windows) servers and into the VCSA component. This is great to hear as I was unclear about this walking away from the “Part 2” session yesterday.

Please check out the notes below and remember to pay attention to the order of your upgrades. Reference the KBs mentioned so you’re on a supported model & path.

Technology Virtualization

This session is/was true to its title and definitely dove deep into Virtual SAN (VSAN). Due to the extreme nature of details, requirements, parameters, etc, I decided to conclude the live notes about 40 minutes into the presentation. With much respect for court reporters and typists, finishing out the slide notes would have been of no more value that practicing my typing skills.

VSAN looks promising and maturing as a solution. While the concept of metro stretched clusters sounds very intriguing, I believe it is only practical in the right use cases. My own environment, for example, involves significant writing with extended operations, which would not be feasible to replicate live. Local performance would suffer greatly while database crunching generated large amounts of data requiring acknowledgement from the remote site before proceeding.

On the other hand, if your environment is web-scale or low-write intensity, then VSAN stretched clusters may offer great value to you. As always, it depends.

The closing consideration is sheer cost of a VSAN solution. The “HY-4” recommended starting point retails around $10-15K per node (read: $40-60K for the HY-4). That is hardware only, so vSphere and VSAN licensing costs pile on top of that.

The beta preview with dedupe and erasure coding for space efficiency may take VSAN to the next level and make even its premium cost more palatable. IMO: external storage is still the path until this possibility brings down the cost (assuming capacity, not compute, is the limitation).

Storage Technology Virtualization

Excellent presentation by Brian and Salil! They did a great job laying out the upgrade paths, caveats, as well as legacy references for folks coming from ESXi 4.x and early 5.x.

The biggest takeaways were 1) the encouragement to choose the upgrade path for ESXi host upgrades and 2) the announcement of vCSA including VUM in the next version. VMware now fully recommends vCSA for deployments moving forward–with Windows VUM out the way, this is something I can get behind!

A VMware fling exists to upgrade from vCenter Server to vCenter Server Appliance (vCSA) in certain scenarios. Flings aren’t production/supported tools, but may be helpful in the right use case(s).

Highly recommend this session/videos and the notes below!

Technology Virtualization

This was my first experience with Howard Marks, and I would say his reputation accurately precedes him. He’s an eccentric and unabashedly arrogant technologist who calls it as he sees it. While I might not commend most of those attributes, I can respect a guy who acknowledges who he is.

The session as a whole was a good breakdown of vVols (or VVOLS or vvols or vVOLs) as they are today in 1.0. vVols are an exciting evolution, ripe with potential, but are likely not quite enterprise-ready due to feature limitations.

For those with all-flash arrays, the talk periodically bordered on irrelevancy due to the inherent natures of built-in metadata and lacking tiering hinderances of being all-flash. Even so, the parts speaking to validating storage vendors on the quality of their implementations was very relevant and worth reviewing. Checking the box just isn’t enough.

Howard did bring up several rumor-based questions around vendors like EMC having problems with current arrays like VNX supporting vVols. That question begs another around even existing AFA products and their metadata capacity limits. This has been a factor in both XtremIO’s and Pure’s histories and their block size considerations. It’s worth asking AFA vendors, “do your AFAs have enough metadata and compute margin to embrace and support the exponential growth of vVol metadata in production?” Maybe Howard will find the answers for us.

Storage Technology Virtualization

This was by far my longest session as Naveen let the clock fly by–I guess that’s the benefit of being the last session of the day! He definitely made the mode of it, though, and crammed a ton of great information on DRS and HA, both present and future, into the session.

I feel like the notes below actually capture a substantial amount of the practical information, so please enjoy. DRS has always been the magic sauce in vSphere and it’s only getting better.

Biggest joy of DRS in vSphere 6.0: vMotion performance increase by 60%!

Technology Virtualization

Cody & Ravi from Pure Storage brought a good deep-dive of all-flash storage in a virtual (VMware) world. Major emphasis on “deep-dive” as they went into the nitty-gritty of VAAI primitives and especially SCSI UNMAP across the versions.

The only weak spot was the age-old issue of having to cram too much content into too little time. They hit the mark, just a bit rushed. Check out Cody’s blog for an opportunity to ingest it at a pace more appropriate for consumption with coffee or tea.

If you are making the transition from spinning or hybrid storage to all-flash, find the audio for this session and retrain your thinking. Offload old fears to VM-to-datastore limits and RAID considerations. Get simple. Be pure.

Storage Technology Virtualization

The VMware Validated Designs (V2D) session was much like a preface to a book, the book being VMware’s new compilations of proven designs. It lacked a specific design-implementation example (i.e. with HP hardware + Cisco networking + Foundation design), which would have helped, but I’d say that Simran and Mike were still successful.

I should have anticipated it, but all of the designs assume VSAN as the primary storage. They leave the obvious potential for external storage, but that appears to fall outside the scope of any V2Ds. I understand the complication that would come from trying to incorporate non-VMware components, but I also hope that the V2D program grows to encompass partner-assisted V2Ds, particularly on storage, but also on physical networking.

If VSAN is in your potential wheelhouse, check out the customer-facing VMware Validated Designs.

Technology Virtualization

IMG_4424I am so excited to launch this post and give two enthusiastic thumbs up to VMware on the second general session! They brought the fire with the speakers, the concrete concepts & tech, and the Pat Gelsinger finale. Way to go, VMware!

Truly, from the depths, thank you to Sanjay, Martin, and Pat for bringing the message back to the center. The core of VMware’s passion and strategy shined brightly this morning. While Horizon has come short of inspiring me in past VMworld events, the expanding device and OS support makes it finally something I can see becoming a realistic value-add in my organization. Add to that AppVolumes and NSX underpinning it all, and you have a winning presentation.

CEO Pat Gelsinger to the session and overall event out to the 30,000 foot view–or rather, the stratosphere–without becoming vague, salesy, or irrelevant. Pat laid out our history and foundation of IT and the internet, beginning in 1995, and then cast vision forward to today and beyond. His five imperatives hit the heart of business with technical excellence as only a visionary can do.

Hit up the notes below and catch the video when you can. This is what VMworld is all about.

Technology Virtualization