Random Short Take #90

Welcome to Random Short Take #90. I remain somewhat preoccupied with the day job and acquisitions. It’s definitely Summer here now. Let’s get random.

  • You do something for long enough, and invariably you assume that everyone else knows how to do that thing too. That’s why this article from Danny on data protection basics is so useful.
  • Speaking of data protection, Preston has a book on recovery for busy people coming soon. Read more about it here.
  • Still using a PDP-11 at home? Here’s a simple stack buffer overflow attack you can try.
  • I hate it when the machines shout at me, and so do a lot of other people it seems. JB has a nice write-up on the failure of self-service in the modern retail environment. The sooner we throw those things in the sea, the better.
  • In press release news, Hammerspace picked up an award at SC2023. One to keep an eye on.
  • In news from the day job, VMware Cloud on AWS SDDC Version 1.24 was just made generally available. You can read more about some of the new features (like Express Storage Architecture support – yay!) here. I hope to cover off some of that in more detail soon.
  • You like newsletters? Sign up for Justin’s weekly newsletter here. He does thinky stuff, and funny stuff too. It’s Justin, why would you not?
  • Speaking of newsletters, Anthony’s looking to get more subscribers to his daily newsletter, The Sizzle. To that end, he’s running a “Sizzlethon”. I know, it’s a pretty cool name. If you sign up using this link you also get a 90-day free trial. And the price of an annual subscription is very reasonable. There’s only a few days left, so get amongst it and let’s help content creators to keep creating content.

Random Short Take #89

Welcome to Random Short Take #89. I’ve been somewhat preoccupied with the day job and acquisitions. And the start of the NBA season. But Summer is almost here in the Antipodes. Let’s get random.

  • Jon Waite put out this article on how to deploy an automated Cassandra metrics cluster for VCD.
  • Chris Wahl wrote a great article on his thoughts on platform engineering as product design at scale. I’ve always found Chris to be a switched on chap, and his recent articles diving deeper into this topic have done nothing to change my mind.
  • Curtis and I have spoken about this previously, and he talks some more about the truth behind SaaS data recovery over at Gestalt IT. The only criticism I have for Curtis is that he’s just as much Mr Recovery as he is Mr Backup and he should have trademarked that too.
  • Would it be a Random Short Take without something from Chin-Fah? Probably not one worth reading. In this article he’s renovated his lab and documented the process of attaching TrueNAS iSCSI volumes to his Proxmox environment. I’m fortunate enough to not have had to do Linux iSCSI in some time, but it looks mildly easier than it used to be.
  • Press releases? Here’s one for you: Zerto research report finds companies lack a comprehensive ransomware strategy. Unlike the threat of World War 3 via nuclear strike in the eighties, ransomware is not a case of if, but when.
  • Hungry for more press releases? Datadobi is accelerating its channel momentum with StorageMAP.
  • In other PR news, Nyriad has unveiled its storage-as-a-service offering. I had a chance to speak to them recently, and they are doing some very cool stuff – worth checking out.
  • I hate all kinds of gambling, and I really hate sports gambling, and ads about it. And it drives me nuts when I see sports gambling ads in apps like NBA League Pass. So this news over at El Reg about the SBS offering consumers the chance to opt out of those kinds of ads is fantastic news. It doesn’t fix the problem, but it’s a step in the right direction.

StorPool Announces Version 21

StorPool recently announced version 21 of its storage platform, offering improvements across data protection, efficiency, availability, and compatibility. I had the opportunity to speak to Boyan Krosnov and Alex Ivanov and wanted to share some thoughts.

 

“Magic” Scale-out Erasure Coding

One of the main features announced with Version 21 was “magic” scale-out erasure coding. Previously, StorPool offered triple replication protection of data across nodes. Now, with at least five all-NVMe storage servers, you can take advantage of this new erasure coding. Key capabilities include:

  • Near-zero performance impact even for Tier 0/Tier 1 workloads;
  • Data redundancy across nodes, as information is protected across servers with two parity objects so that any two servers can fail and data remains safe and accessible;
  • Great flexibility and operational efficiency. With per-volume policy management, volumes can be protected with triple replication or Erasure Coding, with per-volume live conversion between data protection schemes;
  • Always-on, non-disruptive operations – up to two storage nodes can be rebooted or brought down for maintenance while the entire storage system remains running with all data remaining available; and
  • Incremental mesh encoding and recovery.

 

Other New Features

But that’s not all. There’s also been work done in the following areas:

  • Improved iSCSI scalability – with support for exporting up to 1000 iSCSI targets per server
  • CloudStack plug-in improvements – introduces support for CloudStack’s volume encryption and partial zone-wide storage that enables easy live migration between compute hosts.
  • OpenNebula add-on improvements – now supports multi-cluster deployments where multiple StorPool sub-clusters behave as a single large-scale primary storage system with a unified global namespace
  • OpenStack Cinder driver improvements – Easy deployment with Canonical Charmed OpenStack and OpenStack instances managed with kolla-ansible
  • Deep integration with Proxmox Virtual Environment – introduces end-to-end automation of all storage operations in Proxmox VE deployments
  • Additional hardware and software compatibility – increased the number of validated hardware and operating systems resulting in easier deployment of StorPool Storage in customers’ preferred environments

 

Thoughts and Further Reading

It’s been a little while since I’ve written about StorPool, and the team continues to add features to the platform and grow in terms of customer adoption and maturity in the market. Every time I speak to Alex and Boyan, I get a strong sense that they’re relentlessly focussed on making the platform more stable, more performance-oriented, and easier to operate. I’m a fan of many of the design principles the company has adopted for its platform, including the use of standard server hardware, fitting in with customer workflows, and addressing the needs of demanding applications. It’s great that it scales linearly, but it’s as equally exciting, at least to me, that it “fades into the background”. Good infrastructure doesn’t want to be mentioned every day, it just needs to work (and work well). The folks at StorPool understand this, and seem to working hard to ensure that the platform, and the service that supports it, meets this requirement to fade into the background. It’s not necessarily “magic”, but it can be done with good code. StorPool has been around since 2012, is self-funded, profitable, and growing. I’ve enjoyed watching the evolution of the product since I was first introduced to it, and am looking forward to seeing what’s next in future releases. For another perspective on the announcement, check out this article over at Gestalt IT.

VMware Cloud on AWS – Check TRIM/UNMAP

This a really quick follow up to one of my TMCHAM articles on TRIM/UNMAP on VMware Cloud on AWS. In short, a customer wanted to know whether TRIM/UNMAP had been enabled on one of their clusters, as they’d requested. The good news is it’s easy enough to find out. On your cluster, go to Configure. Under vSAN, you’ll see Services. Expand the Advanced Options section and you’ll see whether TRIM/UNMAP has been enabled for the cluster or not.

VMware Cloud Disaster Recovery – Ransomware Recovery Activation

One of the cool features of VMware Cloud Disaster Recovery (VCDR) is the Enhanced Ransomware Recovery capability. This is a quick post to talk through how to turn it on in your VCDR environment, and things you need to consider.

 

Organization Settings

The first step is to enable the ransomware services integration in your VCDR dashboard. You’ll need to be an Organisation owner to do this. Go to Settings, and click on Ransomware Recovery Services.

You’ll then have the option to select where the data analysis is performed.

You’ll also need to tick some boxes to ensure that you understand that an appliance will be deployed in each of your Recovery SDDCs, Windows VMs will get a sensor installed, and some preinstalled sensors may clash with Carbon Black.

Click on Activate and it will take a few moments. If it takes much longer than that, you’ll need to talk to someone in support.

Once the analysis integration is activated, you can then activate NSX Advanced Firewall. Page 245 of the PDF documentation covers this better than I can, but note that NSX Advanced Firewall is a chargeable service (if you don’t already have a subscription attached to your Recovery SDDC). There’s some great documentation here on what you do and don’t have access to if you allow the activation of NSX Advanced Firewall.

Like your favourite TV chef would say, here’s one I’ve prepared earlier.

Recovery Plan Configuration

Once the services integration is done, you can configure Ransomware Recovery on a per Recovery Plan basis.

Start by selecting Activate ransomware recovery. You’ll then need to acknowledge that this is a chargeable feature.

You can also choose whether you want to use integrated analysis (i.e. Carbon Black Cloud), and if you want to manually remove other security sensors when you recover. You can, also, choose to use your own tools if you need to.

And that’s it from a configuration perspective. The actual recovery bit? A story for another time.

VMware Cloud Disaster Recovery – Firewall Ports

I published an article a while ago on getting started with VMware Cloud Disaster Recovery (VCDR). One thing I didn’t cover in any real depth was the connectivity requirements between on-premises and the VCDR service. VMware has worked pretty hard to ensure this is streamlined for users, but it’s still something you need to pay attention to. I was helping a client work through this process for a proof of concept recently and thought I’d cover it off more clearly here. The diagram below highlights the main components you need to look at, being:

  • The Cloud File System (frequently referred to as the SCFS)
  • The VMware Cloud DR SaaS Orchestrator (the Orchestrator); and
  • VMware Cloud DR Auto-support.

It’s important to note that the first two services are assigned IP addresses when you enable the service in the Cloud Service Console, and the Auto-support service has three public IP addresses that you need to be able to communicate with. All of this happens outbound over TCP 443. The Auto-support service is not required, but it is strongly recommended, as it makes troubleshooting issues with the service much easier, and provides VMware with an opportunity to proactively resolve cases. Network connectivity requirements are documented here.

[image courtesy of VMware]

So how do I know my firewall rules are working? The first sign that there might be a problem is that the DRaaS Connector deployment will fail to communicate with the Orchestrator at some point (usually towards the end), and you’ll see a message similar to the following. “ERROR! VMware Cloud DR authentication is not configured. Contact support.”

How can you troubleshoot the issue? Fortunately, we have a tool called the DRaaS Connector Connectivity Check CLI that you can run to check what’s not working. In this instance, we suspected an issue with outbound communication, and ran the following command on the console of the DRaaS Connector to check:

drc network test --scope cloud

This returned a status of “reachable” for the Orchestrator and Auto-support services, but the SCFS was unreachable. Some negotiations with the firewall team, and we were up and running.

Note, also, that VMware supports the use of proxy servers for communicating with Auto-support services, but I don’t believe we support the use of a proxy for Orchestrator and SCFS communications. If you’re worried about VCDR using up all your bandwidth, you can throttle it. Details on how to do that can be found here. We recommend a minimum of 100Mbps, but you can go as low as 20Mbps if required.

Brisbane VMUG – October 2023

 

Event Overview

This month I’ll be presenting a recap of VMware Explore for all those that could not make it overseas, exploring what’s new and innovations. The agenda covers:

  • Cloud & Edge infrastructure
  • Modernize infrastructure, operating models and applications
  • Networking & Security
  • Automating app experiences with a comprehensive and secure network
  • Modern Applications & Cloud Management
  • Develop, operate and optimize apps at scale on any cloud
  • Hybrid Workforce
  • Enable work anywhere with secure and frictionless experiences

An introduction to VyOS by Shah Anupam covering how VyOS networking can be leveraged within the VMware ecosystem.

 

Primary Venue

Brisbane VMware Office

Queen St 8/324, 4000 Brisbane, QLD, AU

Brisbane VMware Office – Goondiwindi Room

Register here. Hope to see you there. [Edit] I should mention it’s happening on Wednesday October 18th, 2023 from 12:00 – 1:30pm.

Random Short Take #88

Welcome to Random Short Take #88. This one’s been sitting in my drafts folder for a while. Let’s get random.

Brisbane VMUG – Lunch And Learn – September 2023

The Brisbane VMUG team are running a lunch and learn with the local VMware team on September 6th, 2023. You can find out more about it below, and register for the event here.

 

Event Overview

In this Lunch & Learn session, attendees will embark on a journey through VMware Aria Operations, exploring its capabilities and innovations. The agenda is designed to provide an understanding of Aria Operations, covering:

  • General Overview: An introduction to the platform, highlighting its evolution.
  • Deployment and Enhancements: A look into new feature enhancements. SaaS and on-prem deployment options.
  • Integration with Clouds: Insight into seamless integration with VMware Cloud and native cloud platforms.
  • Core Capabilities: Exploration of essential features like troubleshooting, automation, and cost.
  • Compliance Engine: discover the compliance management ensuring adherence to standards.
  • Extended Capabilities: A focus on extended monitoring capabilities for applications and operating systems.
  • Live Demo & Q&A: An interactive segment with a live demonstration of selected features, followed by an open Q&A session.

The session aims to unlock the potential of VMware Aria Operations, guiding attendees through its multifaceted functionalities and demonstrating how they can leverage these features in their own environments. Whether new to Aria Operations or looking to explore its latest updates, this session offers valuable insights and practical knowledge.

 

Noil Oomman, Senior Solutions Architect VMware.

Noil Oomman is a Senior Solutions Architect in the Multi-Cloud Management team, based in Melbourne. Noil is experienced in working with customers and 3 X VMware Certified Professional – Cloud Operations and Automation. Noil enjoys helping customers understand the benefits of VMware’s Cloud Operation Model and how the application of our associated multi-cloud management portfolio can support them with their unique Digital Transformations.

 

Primary Venue

Brisbane VMware Office

Queen St 8/324, 4000 Brisbane, QLD, AU

Brisbane VMware Office – Goondiwindi Room

VMware Cloud on AWS – Melbourne Region Added

VMware recently announced that VMware Cloud on AWS is now available in the AWS Asia-Pacific (Melbourne) Region. I thought I’d share some brief thoughts here along with a video I did with my colleague Satya.

 

What?

VMware Cloud on AWS is now available to consume in three Availability Zones (apse4-az1, apse4-az2, apse4-az3) in the Melbourne Region. From a host type – you have the option to deploy either I3en.metal or I4i.metal hosts. There is also support for stretched clusters and PCI-DSS compliance if required. The full list of VMware Cloud on AWS Regions and Availability Zones is here.

 

Why Is This Interesting?

Since the launch of VMware Cloud on AWS, customers have only had one choice when it comes to a Region – Sydney. This announcement gives organisations the ability to deploy architectures that can benefit from both increased availability and resiliency by leveraging multi-regional capabilities.

Availability

VMware Cloud on AWS already offers platform availability at a number of levels, including a choice of Availability Zones, Partition Placement groups, and support for stretched clusters across two Availability Zones. There’s also support for VMware High Availability, as well as support for automatically remediating failed hosts.

Resilience

In addition to the availability options customers can take advantage of, VMware Cloud on AWS also provides support for a number of resilience solutions, including VMware Cloud Disaster Recovery (VCDR) and VMware Site Recovery. Previously, customers in Australia and New Zealand were able to leverage these VMware (or third-party) solutions and deploy them across multiple Availability Zones. Invariably, it would look like the below diagram, with workloads hosted in one Availability Zone, and a second Availability Zone being used as the recovery location for those production workloads.

With the introduction of a second Region in A/NZ, customers can now look to deploy resilience solutions that are more like this diagram:

In this example, they can choose to run production workloads in the Melbourne Region and recover workloads into the Sydney Region if something goes pear-shaped. Note that VCDR is not currently available to deploy in the Melbourne Region, although it’s expected to be made available before the end of 2023.

 

Why Else Should I Care?

Data Sovereignty 

There are a variety of legal, regulatory, and administrative obligations governing the access, use, security and preservation of information within various government and commercial organisations in Victoria. These regulations are both national and state-based, and in the case of the Melbourne Region, provide organisations in Victoria the opportunity to store data in VMware Cloud on AWS that may not otherwise have been possible.

Data Locality

Not all applications and data reside in the same location. Many organisations have a mix of workloads residing on-premises and in the cloud. Some of these applications are latency-sensitive, and the launch of the Melbourne Region provides organisations with the ability to host applications closer to that data, as well as accessing native AWS services with improved responsiveness over applications hosted in the Sydney Region.

 

How?

If you’re an existing VMware Cloud on AWS customer, head over to https://cloud.vmware.com. Login to the Cloud Services Console. Click on the VMware Cloud on AWS tile. Click on Inventory. Then click on Create SDDC.

 

Thoughts

Some of the folks in the US and Europe are probably wondering why on earth this is such a big deal for the Australian and New Zealand market. And plenty of folks in this part of the world are probably not that interested either. Not every organisation is going to benefit from or look to take advantage of the Melbourne Region. Many of them will continue to deploy workloads into one or two of the Sydney-based Availability Zones, with DR in another Availability Zone, and not need to do any more. But for those organisations looking for resiliency across geographical regions, this is a great opportunity to really do some interesting stuff from a disaster recovery perspective. And while it seems delightfully antiquated to think that, in this global world we live in, some information can’t cross state lines, there are plenty of organisations in Victoria facing just that issue, and looking at ways to store that data in a sensible fashion close to home. Finally, we talk a lot about data having gravity, and this provides many organisations in Victoria with the ability to run workloads closer to that centre of data gravity.

If you’d like to hear me talking about this with my learned colleague Satya, you can check out the video here. Thanks to Satya for prompting me to do the recording, and for putting it all together. We’re aiming to do this more regularly on a variety of VMware-related topics, so keep an eye out.