Datadobi Announces StorageMAP

Datadobi recently announced StorageMAP – a “solution that provides a single pane of glass for organizations to manage unstructured data across their complete data storage estate”. I recently had the opportunity to speak with Carl D’Halluin about the announcement, and thought I’d share some thoughts here.

 

The Problem

So what’s the problem enterprises are trying to solve? They have data all over the place, and it’s no longer a simple activity to work out what’s useful and what isn’t. Consider the data on a typical file / object server inside BigCompanyX.

[image courtesy of Datadobi]

As you can see, there’re all kinds of data lurking about the place, including data you don’t want to have on your server (e.g. Barry’s slightly shonky home videos), and data you don’t need any more (the stuff you can move down to a cheaper tier, or even archive for good).

What’s The Fix?

So how do you fix this problem? Traditionally, you’ll try and scan the data to understand things like capacity, categories of data, age, and so forth. You’ll then make some decisions about the data based on that information and take actions such as relocating, deleting, or migrating it. Sounds great, but it’s frequently a tough thing to make decisions about business data without understanding the business drivers behind the data.

[image courtesy of Datadobi]

What’s The Real Fix?

The real fix, according to Datadobi, is to add a bit more automation and smarts to the process, and this relies heavily on accurate tagging of the data you’re storing. D’Halluin pointed out to me that they don’t suggest you create complex tags for individual files, as you could be there for years trying to sort that out. Rather, you add tags to shares or directories, and let the StorageMAP engine make recommendations and move stuff around for you.

[image courtesy of Datadobi]

Tags can represent business ownership, the role of the data, any action to be taken, or other designations, and they’re user definable.
[image courtesy of Datadobi]

How Does This Fix It?

You’ll notice that the process above looks awfully similar to the one before – so how does this fix anything? The key, in my opinion at least, is that StorageMAP takes away the requirement for intervention from the end user. Instead of going through some process every quarter to “clean up the server”, you’ve got a process in place to do the work for you. As a result, you’ll hopefully see improved cost control, better storage efficiency across your estate, and (hopefully) you’ll be getting a little bit more value from your data.

 

Thoughts

Tools that take care of everything for you have always had massive appeal in the market, particularly as organisations continue to struggle with data storage at any kind of scale. Gone are the days when your admins had an idea where everything on a 9GB volume was stored, or why it was stored there. We now have data stored all over the place (both officially and unofficially), and it’s becoming impossible to keep track of it all.

The key things to consider with these kinds of solutions is that you need to put in the work with tagging your data correctly in the first place. So there needs to be some thought put into what your data looks like in terms of business value. Remember that mp4 video files might not be warranted in the Accounting department, but your friends in Marketing will be underwhelmed if you create some kind of rule to automatically zap mp4s. The other thing to consider is that you need to put some faith in the system. This kind of solution will be useless if folks insist on not deleting anything, or not “believing” the output of the analytics and reporting. I used to work with customers who didn’t want to trust a vendor’s automated block storage tiering because “what does it know about my workloads?”. Indeed. The success of these kind of intelligence and automation tools relies to a certain extent on folks moving away from faith-based computing as an operating model.

But enough ranting from me. I’ve covered Datadobi a bit over the last few years, and it makes sense that all of these announcements have finally led to the StorageMAP product. These guys know data, and how to move it.

StorCentric Announces Nexsan Unity NV10000

Nexsan (a StorCentric company) recently announced the Nexsan Unity NV10000. I thought I’d share a few of my thoughts here.

What Is It? 
In the immortal words of Silicon Valley: “It’s a box“. But the Nexsan Unity NV10000 is a box with some fairly decent specifications packed in a small form-factor, including support for various 1DWPD NVMe SSDs and the latest Intel Xeon processors.
Protocol Support
Protocol support, as would be expected with the Unity, is broad, with support for File (NFS, SMB), Block (iSCSI, FC), and Object (S3) data storage protocols within the one unified platform.
Performance Enhancements
These were hinted at with the release of Unity 7.0, but the Nexsan Unity NV10000 boosts performance by increasing bandwidths of up to 25GB/s, enabling you to scale performance up as your application needs evolve.

Other Useful Features

As you’d expect from this kind of storage array, the Nexsan Unity NV10000 also delivers features such as:

  • High availability (HA);
  • Snapshots;
  • ESXi integration;
  • In-line compression;
  • FASTier™ caching;
  • Asynchronous replication;
  • Data at rest encryption; and
  • Storage pool scrubbing to protect against bit rot, avoiding silent data corruption.

Backup Target?

Unity supports a comprehensive Host OS matrix and is certified as a Veeam Ready Repository for backups. Interestingly, the Nexsan Unity NV10000 also provides data security, regulations compliance, and ransomware recoverability. The platform also supports immutable block and file and S3 object locking, for data backup that is unchangeable and cannot be encrypted, even by internal bad actors.

Thoughts

I’m not as much of a diskslinger as I used to be, but I’m always interested to hear about what StorCentric / Nexsan has been up to with its storage array releases. It strikes me that the company does well by focussing on those features that customers are looking for (fast storage, peace of mind, multiple protocols) and also by being able to put it in a form-factor that appeals in terms of storage density. While the ecosystem around StorCentric is extensive, it makes sense for the most part, with the various components coming together well to form a decent story. I like that the company has really focussed on ensuring that Unity isn’t just a cool product name, but also a key part of the operating environment that powers the solution.

Brisbane VMUG – April 2022

The April 2022 edition of the Brisbane VMUG meeting will be held on Thursday 28th April. It’s powered by VMware, Google Cloud, and Queensland University of Technology and promises to be a great event. It’s also an opportunity to welcome the new leaders to the Brisbane VMUG team: Claire O’Dwyer and Antony West.

Agenda

Google Cloud VMware Engine (GCVE) – Tech Overview and Key Use Cases

In this session we will cover the GCVE platform in depth, as well as GCVE’s technical advantages when compared to other “VMware on X” solutions. As well as diving into the GCVE solution, we will cover some key technical use cases for the platform (e.g. Backup/DR options from an on-premises DC to GCVE).

Delivered by Clay Quinn, Customer Engineer, Google Cloud.

This will be followed by:

Automating Deployments and Configuration Management with Salt

Salt is an open-source configuration management tool with some interesting and useful features. In this session we will cover some of the key capabilities and concepts of Salt and demonstrate how we can use Salt to deploy configure and manage environments.

Delivered by Mark Foley, Senior Solutions Engineer, VMware

PIZZA AND NETWORKING BREAK! (Exciting!)

And we will be finishing off with:

Migrating from NSX-V to NSX-T

Delivered by Tony Williamson, Senior Consultant, VMware PSO.

Soft drinks and vBeers will be available throughout the evening. We look forward to seeing you there! Doors open at 5pm.

You can find out more information and register for the event here. Note that the March 2022 meeting had to be rescheduled due to ‘Rona issues – I’ll update the blog when I have new dates for that one.

Random Short Take #70

Welcome to Random Short Take #70. Let’s get random.

VMware Cloud on AWS – TMCHAM – Part 2 – VCDR Notes

In this episode of “Things My Customers Have Asked Me” (or TMCHAM for short), I’m going to dive into a few questions around VMware Cloud Disaster Recovery (VCDR), a service we offer as an add-on to VMware Cloud on AWS. If you’re unfamiliar with VCDR, you can read a bit more about it here.

VCDR Roles and Permissions

Can RBAC roles be customised? Not really, as these are cascaded down from the Cloud Services hub. As I understand it, I don’t believe you have granular control over it, just the pre-defined, default roles as outlined here, so you need to be careful about what you hand out to folks in your organisation. To see what Service Roles have been assigned to your account, in the VMware Cloud Services, go to My Account, and then click on My Roles. Under Service Roles, you’ll see a list of services, such as VCDR, Skyline, and so on. You can then check what roles have been assigned. 

VCDR Protection Groups

VCDR Protection Groups are the way that we logically group together workloads to be protected with the same RPO, schedule, and retention. There are two types of protection group: standard-frequency and high-frequency. Standard-frequency snapshots can be run as often as every 4 hours, while high-frequency snapshots can go as often as every 30 minutes. You can read more on protection groups here. It’s important to note that there are some caveats to be aware of with high-frequency snapshots. These are outlined here.

30-minute RPOs were introduced in late 2021, but there are some caveats that you need to be aware of. Some of these are straightforward, such as the minimum software levels for on-premises protection. But you also need to be mindful that VMs with existing vSphere snapshots will not be included, and, more importantly, high-frequency snapshots can’t be quiesced.

Can you have a VM instance in both a standard- and high-frequency snapshot protection group?  Would this allow us to get the best of both worlds – e.g. RPO could be as low as 30 minutes, but with a guaranteed snapshot of 4 hours?  Once you do a high-frequency snap on a VM, it keeps using that mechanism thereafter, even if it sits in a protection group using standard protection. Note also that you set a schedule for a protection group, so you can have snapshots running ever 30 mins and kept for a particular period of time (customer selects this). You could also run snapshots at 4 hours and keep those for a period of time too. While you can technically have a VM in multiple groups, what you’re better off doing is configuring a variety of schedules for your protection groups to meet those different RPOs.

Quiesced Snapshots

What happens to a VM during a quiesced state – would we experience micro service outages? The best answer I can give is “it depends”. The process for the standard, quiesced snapshot is similar to the one described hereThe VM will be stunned by the process, so depending on what kind of activity is happening on the VM, there may be a micro outage to the service.

Other Considerations

The documentation talks about not changing anything when a scheduled snapshot is being run – how do we manage configuration of the SDDC if jobs are running 24/7?  Seems odd that nothing can be changed when a scheduled snapshot is being run? This refers more to the VM that is being snapped. i.e. Don’t change configs or make changes to the environment, as that would impact this VM. It’s not a blanket rule for the whole environment. 

Like most things, success with VCDR relies heavily on understanding the outcomes your organisation wants to achieve, and then working backwards from there. It’s also important to understand that this is a great way to do DR, but not necessarily a great way to do standard backup and recovery activities. Hopefully this article helps clarify some of the questions folks have around VCDR, and if it doesn’t, please don’t hesitate to get in contact.

VMware Cloud on AWS – TMCHAM – Part 1 – PCI DSS

I’m starting a new series on the blog. It’s called “Things My Customers Have Asked Me” (or TMCHAM for short). There are frequently occasions where the customer collateral I present on VMware Cloud on AWS doesn’t cover every single use case that my customers are interested in, or perhaps it doesn’t dive deeply enough into some of the material people would like to know more about. The idea behind these posts is that if I have one customer asking about this stuff, chances are another one might like to know about it too. I won’t be talking about internal-only stuff, or roadmap details in these posts (or anywhere publicly, for that matter), but hopefully these articles will be a useful point of information consolidation for folks who are into that sort of thing.

 

PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is the security standard adhered to by organisations handling credit card information from the major card vendors. You can find the official Attestation of Compliance (AoC) in the VMware Cloud Trust Center, and there’s also a comprehensive whitepaper here.

Getting Started on VMware Cloud on AWS

The capability was covered in March 2021, and you can see some of the details in the VMware Cloud on AWS Release Notes. You can also read my learned colleague Greg Vinton’s take on it here, and there’s a YouTube video for people who prefer that sort of thing. To enable PCI compliance on your Organization, you need to request the capability via your VMware account team. It’s not just something that’s configured by default, as some of the requirements around PCI DSS might be considered an unnecessary overhead by some folks. The account team will get it enabled on your Organization, and you can then deploy your SDDC. It’s important to note that your Organization needs to be empty – PCI DSS can’t be enabled on an Organization with SDDCs that are already deployed.

Configuration Changes

There are a number of configuration changes needed to ensure that your SDDC is PCI-compliant too. This includes disabling add-on services like HCX and Site Recovery. To do this, go to Inventory – Settings, and scroll down to Compliance Hardening.

Note that you’ll only see the “Compliance Hardening” section if your Organization has been configured for PCI DSS compliance. You’ll need to finish your HCX migrations before your Organization is compliant. You’ll also need to change your NSX configuration (Network & Security Tab Access). There is some more info on that here and there’s a blog post that also runs through it step by step that you can read here. Note that you’ll need to use the API to change the local NSX Manager user password every 90 days. Information on that can be found here.

Other Considerations

One final thing to note is that this process doesn’t automatically make your Virtual Machines PCI compliant. You’ll still need to ensure that you’ve done the work in that respect. And I can’t repeat this enough – your Organization will only pass a PCI audit if you’ve done these additional steps. Merely requesting that VMware enable this at an Organization level won’t be enough.

Random Short Take #69

Welcome to Random Short Take #69. Let’s get random.

Brisbane VMUG – March 2022

 

The first Brisbane VMUG meeting of 2022 will be a lunch and learn event and will be held on Wednesday 23rd March from 12pm – 1pm. It’s powered by VMware and Queensland University of Technology and promises to be a great event. It’s also an opportunity to welcome the new leaders to the Brisbane VMUG team: Claire O’Dwyer and Antony West.

 

Become a Cyber Warrior with VMware

Sean Scott is a Cybersecurity advocate, technologist and digital transformation specialist with over 25 years of IT experience. With an extensive history working with IT, Infrastructure, Cloud, and Cyber teams, he uses the past experience as a member of IT, internal and external consulting, representing system integrators and global IT vendors. Sean leverages different perspectives and experiences to drive a customer outcome-focused mindset. Please join us for our first Lunch and Learn where Sean will deliver the following:

Agenda:

  • The State of Cybersecurity
  • Everyone’s role in the ASD Essential 8 controls
  • The role of VMware in Security
  • Workload Security – Embedded security in vSphere
  • Demo
  • Q&A

Refreshments will be served and due to capacity limits numbers are restricted. Doors open at 12pm on March 23rd at The Cube, QUT – 2 George Street, Brisbane. The session will start at 12.15pm promptly, with a 40 minute presentation planned.

Primary Venue

The Cube – Science & Engineering Centre (P Block) QUT Gardens Point

George Street 2, 4000 Brisbane, QLD, AU

VMware has gone to great lengths to make sure this will be a fun and informative session and I’m really looking forward to hearing Sean talk all things security. You can find out more information and register for the event here. I hope to see you there. Also, if you’re interested in sponsoring one of these events, please get in touch with me and I can help make it happen.

Random Short Take #68

Welcome to Random Short Take #68. Let’s get random.

VMware Cloud on AWS – A Few Notes

If you’ve been following along at home, you may have noticed that the blog has been a little quiet recently. There were a few reasons for that, but the main one was that I joined VMware this year as a Cloud Solutions Architect focussed on VMware Cloud on AWS. It’s an interesting role, and an interesting place to work. I’ve been busy onboarding and thought I’d share some brief notes on VMware Cloud on AWS. I still intend to talk about other things on this blog too, but figured this has been front of mind for me recently, and it might be useful to someone looking to find out more. If you have any questions, or want to know more about something, I’m happy to help where I can. And it doesn’t need to be a sales call.

 

Overview

In short, VMware Cloud on AWS is “an integrated cloud offering jointly developed by Amazon Web Services (AWS) and VMware.” The idea is that you run VMware’s SDDC stack on AWS bare metal hosts and enjoy the best of both worlds – VMware’s software and access to a broad range of AWS services. I won’t be covering too much of the basics here, but you can read more about it on the product website. I do recommend checking out the product walkthroughs, as these are a great way to get familiar with how the product behaves. Once you’ve done that, you should also check out the solutions index – it’s a great collection of information about various things that run on VMware Cloud on AWS, including things like SQL performance, DNS configuration, and stuff like that. Once you’ve got a handle on the platform and some of the things it can do, it’s also worth running through the Evaluation Guide. This will give you the opportunity to perform a self-guided evaluation of the platform’s features and functionality. There’s also a pretty comprehensive FAQ that you can find here.

 

Hardware

Node Types

There are 2 types of nodes available at this time: i3.metal and i3en.metal. The storage for nodes is provided by VMware vSAN.

i3.metal i3en.metal
Intel Xeon Broadwell @ 2.3GHz, 36 Cores (Hyper-Threading Disabled) Intel Xeon Cascade Lake @ 2.5GHz, 48 Cores (Hyper-Threading enabled providing 96 Cores)
512 GiB RAM 768 GiB RAM
10 TiB NVMe (RAW) 45 TiB NVMe (RAW)
High IOPS High IOPS, High Bandwidth

Custom Core Counts

One of the neat things is support for custom core counts on a per-cluster basis. You still pay full price for the hosts, but the idea is that your core licensing for BigDBVendor, or whatever, is under control. Note that you can’t change this core count once your hosts are deployed.

Other Cool Features 

Elastic DRS lets you expand your SDDC as required, based on configured thresholds for CPU, RAM, and storage. You can read more about that here.

 

Configuration Backups

If you’re using HCX, you might want to back up your HCX Manager. You can read more on that here. There’s also a VMware Fling that provides a level of SDDC import / export capability. You can check that out here. (Hat tip to my colleague Michael for telling me about these).

 

Sizing It Up

If you’re curious about what your current on-premises estate might look like from a sizing perspective, you can run it through the online sizing tool. This has a variety of input options, including support for RVTools imports. It’s fairly easy to use,  but for complex scenarios I’d always recommend you get VMware or a partner involved. Pricing for the platform is also publicly available, and you can check that out here. There are a few different ways to consume the platform, including 1-year, 3-year, and on-demand options, and the discounting levels vary according to the commitment.

Note that there are a number of other capabilities sold separately, including:

  • VMware Site Recovery
  • VMware Cloud Disaster Recovery
  • VMware NSX Advanced Firewall
  • VMware vRealize Automation Cloud
  • VMware vRealize Operations Cloud
  • VMware vRealize Log Insight Cloud
  • VMware vRealize Network Insight Cloud
  • VMware Tanzu Standard

 

Lifecycle

One of the things I like about VMware Cloud on AWS is that the release notes for the platform are publicly available, and provide a great summary of new features as they get rolled out to customers.

 

What Now?

I’ve barely scratched the surface of what I’d like to talk about with VMware Cloud on AWS, and I hope in the future to post articles on some of the stuff that gets me excited, like migration options with HCX, and using VMware Cloud Disaster Recovery. In the meantime, the team (it’s mainly Greg doing the hard work, if I’m being honest) is running a series of webinars next week. If you’re interested in VMware Cloud on AWS and want to know more, you could do worse than checking these out. Details below, and registration is here.

Design and Deploy a VMware Cloud on AWS SDDC
28 February 2022, Monday
9:30am IST | 12:00pm SGT | 1:00pm KST | 3:00pm AEDT
Join us as we walk through the process of Architecting and Deploying a VMware Cloud on AWS SDDC. We will cover: SDDC sizing for an application, sizing of the management CIDR block, connectivity design, VPN vs direct connect, basic networking and dependencies
Application Migration to VMC on AWS

1 March 2022, Tuesday
9:30am IST | 12:00pm SGT | 1:00pm KST | 3:00pm AEDT
In this session we will demonstrate the process of migrating a live application. Topics include: walk through the HCX architecture, HCX deployment process, HCX configuration, extending an L2 network, mobility (location) aware networking, migration types – conversation
Disaster Recovery – Protecting VMC on AWS or On-Prem Based Applications

2 March 2022, Wednesday 
9:30am IST | 12:00pm SGT | 1:00pm KST | 3:00pm AEDT
Listen to experts demonstrate the process of Architecting and Deploying a VMware Cloud Disaster Recovery (VCDR), with VMC on AWS to protect an application. We will cover: walk through the VCDR architecture, VCDR deployment process, considerations around VCDR, building a protection group, building a DR plan, executing DR and discuss failback options