2014-07-28

VMCI – revisited (a.k.a. Project Marvin)

You all know what VMCI stands for – don’t you? Well if you ever looked at VMware solutions – then you would recognize it - VMCI Overview.

The Virtual Machine Communication Interface (VMCI) is an infrastructure that provides fast and efficient communication between a virtual machine and the host operating system and between two or more virtual machines on the same host. The VMCI SDK facilitates development of applications that use the VMCI infrastructure. Without VMCI, virtual machines communicate with the host using the network layer. Using the network layer adds overhead to the communication. With VMCI communication overhead is minimal and different tasks that require that communication can be optimized. An internal network can transmit an average of slightly over 2Gbit/s using vmxnet3, VMCI can go up to nearly 10Gbit/s with 128k sized Queue pairs.

In my 10 years (I think it has been 10) of using VMware products – I personally have never seen any public implementation of VMCI, even though it is in theory an interesting concept.

It seems though that VMware are looking to re-brand the acronym into something else, which is connected with something that a number of rumors have been flying around about a converged infrastructure offering to be announced by VMware.

The rumors started a while back and the whole story became apparent in these articles.

Project Mystic's Potential Competitors To VMware: Bring It On

So, Mystic Joe Tucci: Is a hyper-converged tool in EMC's future?

VMware Teaser Gets Tweeted: 'Marvin' Hyper-Converged Infrastructure Appliance

VMware to offer converged compute and storage hardware

What is VMware’s Mystic Marvin Project?

Pure Speculation Post: Some more Marvin Speculation

I was going over the Content catalog for VMworld and noticed something.
*(by the way if you ever want to find out what is going to happen at VMworld – then I can assure you that you will find it in the content catalog)

I am talking about the following VMworld session.

SDDC1767 - Simplify / Automate IaaS Workload Deployment with VMware-Powered Converged Infrastructure (VMCI)

  • Thirumalesh Reddy - Sr Director, SDDC R&D, VMware Inc
  • Raj Yavatkar - Chief Achitect, Converged Infrastructure, Vmware

    As data center operators struggle to make many pieces of the infrastructure (storage, computing, and networking) work together to offer cost-effective and agile service, Converged Infrastructure (CI) solutions promise to eliminate the challenges by offering customers a set of products that work together easily with minimal installation and operations overhead.
    The CI products include a pre-integrated and optimized bundle of hardware and software across networking, compute servers, and storage typically combined with virtualization, management, and other software (DR, load balancing, etc). However, integration of different components from different vendors (across compute, storage, and networking) leads a complex environment consisting of disparate tools for management, provisioning, and deployment.
    The session will outline the VMware view of the CI requirements and an architecture inspired by the SDDC suite augmented by software components.

    One way to simplify the CI environments is via a VMware-powered Converged Infrastructure solution (VMCI) that ties together hardware and software components under a single virtualization umbrella to offer a single point of-entry for a Software Define Data Center (SDDC). We will tie together VMware (and partner) assets spanning virtualization (compute/storage/networking), management (vCenter, VCAC), and operations/analytics (vCOPS, vCAC, etc) with hardware management, to offer a single point of SDDC entry with a tightly integrated automation for SDDC.
    (The highlighting was added by me)

    We will offer benefits of reduced cost, faster time-to-value, and operational ease when it comes to SDDC instantiation, workload provisioning, deployment, and operations. This session focuses on Infrastructure-as-a-Service (IaaS) and provides an in-depth description of a simplified, automated approach to IaaS workload provisioning and deployment using VMCI.

    Attached below id the screenshot of the session.

    VMCI

    So ladies and gents – there you have it - VMCI – VMware-Powered Converged Infrastructure. This will open up a whole new market for VMware – and of course a number of new co-opetition relationships with VMware’s current partners as well.

    I expect that this will be one of the major announcements at VMworld.

    Stay tuned.

    Disclaimer:

    This is based on public information that is currently available on the links above – and has not yet been confirmed by VMware (I doubt it ever will be).

  • 2014-07-22

    OpenStack Summit - It’s all about the Developers

    This one has been sitting in the drafts for a while.

    What pushed me to publish and finish this post was an article posted by Brian Gracely,
    Will Paris be the last OpenStack Summit?

    The Openstack Summit is actually two separate tracks – one for users, and a second for developers. It is just by “chance” (not really) that they are held at the same location – at the same time – because they are catered for two very different audiences.

    This is very apparent – even in the logo for the summits.

    openstack-cloud-summit

    It is even confusing sometimes in regards to what the name of the summit is? Will this be the Juno summit (if you ask an Operator/User – yes it will) or is it the Kilo summit (Developers with give you a thumbs up here).

    How the event works?

    5 days. the first 3 are the Main conference, and the last 4 is the Design Summit.

    schedule

    And of course from the mouth of babes..

    The Design Summit sessions are collaborative working sessions where the community of OpenStack developers come together twice annually to discuss the requirements for the next software release and connect with other community members. It is not a classic track with speakers and presentations. (The Design Summit is not the right place to get started or learn the basics of OpenStack.)

    Steve Ballmer – you remember him? He loved his developers….

    Developers, Developers, Developers

    The OpenStack Foundation treats the OpenStack Developers – differently. They are the people who create the product. Therefore they receive special treatment.

    And by special treatment I mean:

    • The Design Summit is called a Summit, the rest of it is called the Main Conference
      (see above)
    • A completely different part of the conference only for developers – this includes:
      • Separate rooms
      • Separate schedule
      • Separate website for schedule
      • Separate submission process and voting for Design sessions
    • Constant refreshments and treats (M&M’s and Snicker bars galore, drinks, fruit)
    • Brainstorming area outside the discussion rooms
    • Multiple power outlets in every single room and everywhere
    • Every single ATC (Active Technical Contributor) receives a free pass to the summit.

      Individual Members who committed a change to a repository under any of the official OpenStack programs (as defined above) over the last two 6-month release cycles are automatically considered ATC.

    Is this unfair – perhaps – but then again – these are the people who are creating the product – so it is in the Foundation’s best interest to keep them engaged, comfortable, happy and available to continue to contribute to the community and the products.

    Back to Brian Gracely’s post. Because of the developers there will always be a OpenStack summit. Will it be the same as the past and upcoming summit – I do not know. But it is in the best interest of the Foundation to have the people developing the products, developing the projects to come together, talk, schmooze and also get the details hacked out of what will happen in the upcoming 6 months and the future directions of the product.

    So in response to Brian – I still think that the Foundation will hold a summit – and it will always be its central event. The same way that all the major vendors have their own big Conference (Cisco Live, Redhat Summit, VMworld, etc.) every single year, but on the other hand they will make sure they have booths at all the other conferences as well (as a sponsor) it will be the same for OpenStack.

    I think that the summit will continue to be here next year in 2015 and beyond.

    2014-07-21

    Recording of my Presentation at OpenStack Israel 2014

    Embedded below you can find the recording of my session
    "OpenStack in the Enterprise - Are you Ready?"

    You are welcome to go over the blog post I wrote about the event.

    The full playlist of all the sessions can be viewed here

    I have already submitted a few sessions for the upcoming summit in Paris.

    2014-07-17

    The Return of the Container

    This is an excerpt of a post published elsewhere. A link to the original is at the bottom of this excerpt

    Containers are not a new concept – there are several implementations that have been around for quite a number of years, be it Solaris Containers, Linux-V-Server, OpenVZ, or LXC.

    So why has this become a hot topic, something that has many people turning their head and looking at it once more. Well that is quite simple. This is due to a huge amount of interest in Docker.

    [Read full article … ]

    2014-07-07

    M&M's, Snickers and Security in the Cloud

    I cannot take credit for this one - I heard it last week at a very interesting talk by Adrian Cockroft at the Speed and Scale Meetup last week in Herzeliya.

    The analogy was a very simple one, but very much to the point, and I feel that it was a great way on how we should be looking at security in the cloud.

    M&M's - A lot of themM&M's are the one thing that me kids always ask me to bring back for them when I go to the States, especially the ones without the peanuts.

    What is great about M&M's? They have a hard shell, that protects the great soft chocolate inside. The shell is not unbreakable, but hard enough to protect the the great stuff on the inside.
    But once the shell is broken, you have nothing but chocolate.

    snickersA Snickers bar on the other hand, has a nice soft chocolate on the outside, but inside there are many crunchy nuts, each of them are hard and do not need the chocolate to protect them, because they are hard enough to look after themselves.

    OK, enough about chocolate, what the heck does this have with cloud and security?

    Traditionally, we are used to having a perimeter devices that protect everything behind them, and within the perimeter we are good to go, there is an elevated level of trust, just like the hard shell of an M&M and the soft chocolate inside.

    I do not think this will suffice in a cloud environment. I don’t think you should either. Each of the above methodologies have their advantages but they have disadvantages as well.

    In the cloud, you do have the option using a perimeter devices, creating VPC's with most of the providers today.

    I think that we should treat our cloud environment like a Snickers bar. The outside is always soft, vulnerable, untrustworthy. You will not know what instances/vm’s are running on the same host as you are. Do they have access to the network subnet you are using? So what protects us? Only ourselves, the hard nuts.

    Each and every cloud instance should assume that the environment it lives in is hostile. It will be constantly under attack from the dark side of the force.

    That is why it should be locked down and its own security as tight as possible. This can be done in a number of ways which could include:

    • Minimal operating system with no bloated software or unnecessary packages
    • Minimal privileges to users running applications, everything should be access controllers sudo for example, SELinux also
    • iptables on the instance – allowing only certain services to be open to external traffic
    • SSH Key authentication to the instances – no passwords
    • Security group access – defining what traffic will be allowed within your cloud – between the instances.

    I am always looking for simple ways to explain sometimes complex terminology or concepts to people – and I found this one to be highly useful.