Benefits of Cisco ACI (SDN) architecture

Cisco ACI, Cisco’s software-defined networking (SDN) architecture, enhances business agility, reduces TCO, automates IT tasks, and accelerates data center application deployments.

Why Today’s Solutions Are Insufficient:

Today’s solutions lack an application-centric approach. The use of virtual overlays on top of physical layers has increased complexity by adding policies, services, and devices.

Traditional SDN solutions are network centric and based on constructs that replicate networking functions that already exist.

ACI Key Benefits:

Centralized Policy-Defined Automation Management

  • Holistic application-based solution that delivers flexibility and automation for agile IT
  • Automatic fabric deployment and configuration with single point of management
  • Automation of repetitive tasks, reducing configuration errors

Real-Time Visibility and Application Health Score

  • Centralized real-time health monitoring of physical and virtual networks
  • Instant visibility into application performance combined with intelligent placement decisions
  • Faster troubleshooting for day-2 operation

Open and Comprehensive End-to-End Security

  • Open APIs, open standards, and open source elements that enable software flexibility for DevOps teams, and firewall and application delivery controller (ADC) ecosystem partner integration
  • Automatic capture of all configuration changes integrated with existing audit and compliance tracking solutions
  • Detailed role-based access control (RBAC) with fine-grained fabric segmentation

Application Agility

  •  Management of application lifecycle from development, to deployment, to decommissioning—in minutes
  • Automatic application deployment and faster provisioning based on predefined profiles
  • Continuous and rapid delivery of virtualized and distributed applications

ACI Technology Benefits

The main purpose of a datacenter fabric is to move traffic from physical and virtualized servers, bring it in the best possible way to its destination and while doing so apply meaningful services such as:

  • Traffic optimization that improves application performance
  • Telemetry services that go beyond classic port counters
  • Overall health monitoring for what constitutes an application
  • Applying security rules embedded with forwarding

The main benefits of using a Cisco ACI fabric are the following:

  •  Single point of provisioning either via GUI or via REST API
  • Connectivity for physical and virtual workloads with complete visibility on virtual machine traffic
  • Hypervisors compatibility and integration without the need to add software to the hypervisor
  • Ease (and speed) of deployment
  • Simplicity of automation
  • Multitenancy (network slicing)
  • Capability to create portable configuration templates
  • Hardware-based security
  • Elimination of flooding from the fabric
  • Ease of mapping application architectures into the networking configuration
  • Capability to insert and automate firewall, load balancers and other L4-7 services
  • Intuitive and easy configuration process

More information can be found at www.cisco.com/go/aci

Why is a smaller number of virtual CPUs better?

Note: This article is designed to serve as a high level introduction to the topic and as such uses a very basic explanation. Papers for those that wish to dive into more technical details of the topic are available elsewhere.

In a virtual environment such as VMware or Hyper-V, multiple virtual machines (VMs) operate on the same physical hardware. In order to make this function, a small piece of software, called a hypervisor operates to schedule the virtual resources with the physical hardware. As a virtual machine enters a state where CPU resources are required the VM is placed into a CPU ready state until enough physical CPUs are available to match the number of virtual CPUs.

The hypervisor will schedule VMs to available physical resources until all resources that can be scheduled are used.

Each VM will run on the physical CPUs until either it needs to wait for an I/O operation or the VM uses up its time slice. At that point the VM will either be placed into the I/O wait state until the I/O completes or be placed back in the ready queue, waiting for available physical resources.

As physical resources become available, they hypervisor will schedule VMs to run on those resources. In some cases, not all physical resources will be in use, due to the number of virtual CPUs required by the VMs in the ready state.

The process continues as VMs either wait for I/O or use their time slice on the physical CPUs.

In some cases there are no VMs in the ready state, at which point the scheduled VM will not time out until another VM requires the resources

Often a VM with fewer virtual CPUs will be able to be scheduled before one with more virtual CPUs due to resource availability.

In some cases a VM will complete an I/O operation and immediately be scheduled on available physical resources.

Algorithms are in place to ensure that no VM completely starves for CPU resources but the VMs with more virtual CPUs will be scheduled less frequently and will also impact the amount of time the smaller VMs can utilize the physical resources.

A VM with high CPU utilization and little I/O will move between the ready queue and running on the CPUs more frequently. In this case, the operating system will report high CPU utilization, even though the VM may not be running for a majority of the real time involved.

In these situations, operating system tools that run within the VM may indicate that more CPUs are required when, in reality, the opposite is actually the case. A combination of metrics at the hypervisor and at the operating system level is usually required to truly understand the underlying issues.

Lewan Achieves Cisco Master Collaboration and Master Cloud & Managed Service Designations

In addition to successfully passing the requirements and audit to re-certify as a Cisco Gold Partner, Lewan Technology is honored to announce achievement of two Master Specializations: Collaboration and Cloud & Managed Services.

Channel_Gold_87px_72_RGBChannel_MstrSrvcProvider_87px_72_RGBMasterCollaboration_290-px_RGB

“These Master level certifications are the absolute highest achievement that a Cisco partner can attain in any technology area. There are only 43 partners in the United States that hold these two certifications,” explained Ray Dean, Lewan’s Director of Networking and Communications. “This honor recognizes the great engineering teams and processes we have in place, as well as our commitment to ongoing customer satisfaction and solution integration.”

Cisco Gold Partner Certification

Gold Certification offers the broadest range of expertise across high growth market opportunities known as architecture plays – Enterprise Networking, Security, Collaboration, Data Center Virtualization and SP Technology. Gold Certified Partners have also integrated the deepest level of Cisco Lifecycle Services expertise into their offerings and demonstrate a measurably high level of customer satisfaction.

Lewan has been a Cisco Gold Certified Partner since 2005.

Cisco Master Collaboration Specialization

The Master Collaboration Specialization demonstrates the highest level of expertise attainable with Cisco collaboration solutions.

Master Collaboration Specialized Partners represent an elite partner community that has met the most rigorous certification requirements and are therefore the best for complex deliveries. Lewan demonstrated the ability to design and deploy solutions that conform to Cisco validated designs. In addition, Lewan showed current examples of successful projects in which we integrated multiple solutions and technologies to support client needs. No other Cisco specialization or certification demands such extensive proof of the partner’s design and implementation capabilities.

Cisco Cloud & Managed Services Master Service Provider

The Cloud and Managed Services Program (CMSP) helps partners respond to their customers’ business needs with innovative and validated Cisco Powered services. The exclusive Master Cloud and Managed Services designation recognizes partners at the highest level of achievement, competency and capabilities.

Lewan is recognized as a partner uniquely positioned to offer best-in-class Cisco Powered services and Cloud Managed services which are validated to insure security, reliability, and performance.

Lewan Awarded for Customer Satisfaction Excellence from Cisco

Channel_Gold_360px_72_RGBLewan is honored to announce achievement of Cisco’s Customer Satisfaction Excellence award. Customer Satisfaction Excellence is the highest distinction a partner can achieve within the Cisco Channel Partner Program.

“Congratulations to the entire Lewan team on this recognition of your great work over the past year and continued delivery of a world class customer experience to our customers,” said Fred Cannataro, Lewan’s CEO and President.

And from Cisco, “Customer Satisfaction Excellence is a core value we both share and a key driver of our current and future success. Thank you for your commitment to the success of your customers.”

Lewan will be recognized for Customer Satisfaction Excellence in the Cisco Partner Locator (www.cisco.com/go/partnerlocator) with a special star indicator representing our achievement. Customers, Cisco personnel and partners will be able to identify you as having achieved outstanding customer satisfaction as part of Cisco’s worldwide assessment process.

Channel Customer Satisfaction Excellence assessment is based upon the customer satisfaction results captured in the Cisco Partner Access Online tool.

About our Partnership with Cisco

Lewan has been a Cisco Gold Certified Partner since 2005. Gold status is Cisco’s highest partner designation.

Our team of engineers holds 46 individual Cisco certifications including CCIE certifications in Routing & Switching, Voice and Security. The Cisco Certified Internetwork Expert (CCIE) certification is accepted worldwide as the most prestigious networking certification in the industry. Combined with our sister companies, we offer the breadth and expertise of over 132 individual Cisco certifications nationally.

Our Cisco Certified engineers are able to offer assessments, performance evaluations, design workshops, and full installation and training around each of the areas that we hold Cisco certifications. Lewan’s certified areas of expertise are unified communications and business video, traditional route & switch environments, wireless, data center (including servers, storage, & virtualization), security & mobile device management.

Unable to get vCenter server certification chain error during vcOPs 5.8.1 install

During the deployment of the vcOPs vApp for a customer I ran into a new error – well, new for me. While the vApp (v5.8.1) deployed and booted fine, as I was registering it with the vCenter (v 5.1) as part of the initial configuration I got the following error: Unable to get vCenter server certification chain. Off we go to Google… Here’s a quick summary of things to check:

  • Confirm name resolution is working, username/passwords are right, etc.
    • Assuming Windows, RDP to vCenter with the user you’re attempting to use or try access via your favorite vSphere management tool
    • Hop on the console of the UI VM and ping the vCenter by IP and DNS name (username: root initial password: vmware)
  • Check that your vCenter certificate hasn’t expired. It’s the rui.crt file in c:\ProgramData\VMware\VMware VirtualCenter\SSL. This article has good info on locating and renewing your certificate, should that be your problem.
  • In the end, my fix came by importing the certificate file to the UI VM manually as outlined in this VMware KB article.
    • Full disclosure, the symptoms in the above article didn’t match my problem exactly and I don’t like just trying random fixes. However, when I found this Blog Post, in Spanish, with my exact error recommending a similar .cert import process I threw caution to the wind. The exact steps from the Spanish blog didn’t quite work, which could be a result of my inability to read Spanish and/or Google Translate not being perfect, but the VMware KB article was spot on.

After importing the certificate manually and restarting services, all was well and I was able to complete the configuration of vcOPs. By the way, did you know that since vSphere 5.1, all licensed versions of vSphere now include the Foundation edition of vcOPs? More than 5 hosts in your environment and you’ve got enough scale to warrant leveraging this tool. For a limited time, VMware is letting Lewan perform a free vSphere Optimization Check including a 60 day trial of the Standard Edition, complete with the capacity management features, dynamic thresholds, and root cause analysis. Give us a call today to test drive Operations Management!

Thinking about a VDI initiative? Watch this.

Lewan Solutions Architect, Kenneth Fingerlos, wowed the crowd last month at the GPU Technology Conference (GTC) 2014 with his presentation on VDI, “Virtual is Better than Physical Delivering a Delightful User Experience from a Virtual Desktop“.

GTC is the world’s biggest and most important GPU developer conference. Taking place in Silicon Valley, GTC offers unmatched opportunities to learn how to harness the latest GPU technology, along with face-to-face interaction with industry luminaries and NVIDIA experts.

Leveraging his industry leading expertise, Kenneth “delivered in spades,” as described in a review of his presentation for The Register:

The VDI talk was the kind of GTC session I love. It’s where a real-world expert talks about how a difficult task is actually accomplished. Not the theory, not how it should work on paper, but what it takes to actually move a project from Point “A” to Point “We’re done with this”.
Ken Fingerlos from Lewan Technology delivered in spades with his “Virtual is Better than Physical: Delivering a Delightful User Experience from a Virtual Desktop” GTC14 session. Delightful? Hmm…In my past lives, I’ve had to use some virtual PCs and my experience ranged from “absolutely unusable” to “omg I hate this”.
It’s easy to see that Fingerlos has been around the block when it comes to VDI. He has all the right credentials, ranging from VMware to Citrix to Microsoft. But more importantly, he’s been there and done it.

Read the complete review from theregister.co.uk

Kenneth’s GTC Presenter’s Bio

View the complete session and slide deck:
Untitled-1

 

Windows Server 2012 Licensing – a quick reminder

This came up recently for a customer and while it’s not new news, I thought a quick reminder would be useful. There are a few key points to remember about licensing of Windows Server 2012 in server virtualization projects, these rules apply to XenServer, VMware, Hyper-V, Oracle VM, etc.:

  • Licenses are applied to physical servers, never to virtual machines. If you are thinking about how you need a license for the VM you are about to build, you’re probably doing something wrong
  • There is feature parity between Standard and Datacenter editions, Enterprise Ed has been dropped
    • The only difference between these 2 major editions is in the number of virtual OSE’s (operating system environments, aka a virtual machine) granted with the license
    • A license covers 2 processor sockets within 1 server, 1 license cannot be purchased to cover 2 servers each containing 1 populated processor
    • The license allows for one bare-metal install of the operating system, but doesn’t require it – as would be the case if your hypervisor is anything other than Hyper-V
    • Virtual OSE grants by edition:
      • Standard: 2 virtual OSE’s per license
      • Datacenter: unlimited OSE’s per license
  • More than 1 license of the same edition may be applied to a given physical server to cover additional CPU sockets or additional virtual machines
    • 2 Standard Edition licenses would cover 4 processor sockets and/or up to 4 VM’s
    • 2 Datacenter Edition licenses would cover 4 processor sockets and two * unlimited for the number of VM’s ..that’s like beyond infinity, but 4 CPU sockets.
  • The license cannot be transferred more than once every 90 days – yeah, you read that right. This rule is to prevent a license from jumping from one host to another to follow live migration activities
    • This is where most people pause and say “oh..”. That tells me they were purchasing 1 license per VM and just thinking the license moves around with the VM
    • You need to cover the high water mark of virtual OSE’s for a given host
  • Licensing math:
    • Standard Ed. list pricing is $882
    • Datacenter Ed. list pricing is $4809
    • The break-even point for Datacenter is at 5.45 Standard licenses; in effect, for a density of more than 10 VM’s (5 std licenses each granting 2 OSE’s), you should use a Datacenter Edition license
  • A real world example: New virtualization customer deploying 3 VMware hosts
    • We generally size the environment for N+1, meaning we’re planning that 1 of the servers is a “spare” from the perspective of workload sizing – so all the workload can run on just 2 servers; we’re planning for this and so should you in your licensing.
    • If you plan to run more than 20 total VM’s in this environment, you need 3 Datacenter Edition licenses
      • 20 VM’s running on 2 servers = 10 VM’s/server
      • 10 VM’s requires 5 Standard Edition licenses to have enough OSE grants
      • More than 10 per server, and it’s now cheaper to have just bought a single Datacenter Edition license
        • 6 * $882 = $5292, which is greater than $4809 for datacenter
      • Since you don’t know which host (think of a rolling patching cycle) is going to carry the increase load, all the hosts in the environment should be licensed uniformly to this high water mark
    • Depending on the licensing model, an upgrade from 5 * Standard Edition licenses to a single Datacenter Edition license may not be possible – plan ahead!
    • If you have OEM licenses that came with your old physical server environment, these are likely not transferrable – they don’t follow the P2V action
  • With this understanding, while you might have some work to do upfront (or scrambling to get back into compliance now) the long term savings are very real for dense virtualization projects that can leverage the Datacenter Edition license. On a modern 2 socket server with 16 cores/32 threads, 10 VM or greater density is easily achievable

General licensing FAQ:
http://download.microsoft.com/download/4/D/B/4DB352D1-C610-466A-9AAF-EEF4F4CFFF27/WS2012_Licensing-Pricing_FAQ.pdf

Licensing brief for virtualized environments:

http://download.microsoft.com/download/3/D/4/3D42BDC2-6725-4B29-B75A-A5B04179958B/WindowsServer2012VirtualTech_VLBrief.pdf

BIOS Settings for Hyper-V Role in Windows 8 on Lenovo W-Series

Image

Recently I upgraded to Windows 8 on my Lenovo W510 in order to setup a virtual lab in Hyper-V. Hoping to save others the frustration I experienced during BIOS configuration, I thought I’d share the Intel hardware virtualization settings necessary for the role. The order that settings are made and complete power downs after certain settings changes are significant. Don’t save time with warm boots!

Step 1. Boot the machine, press F1 to enter setup, and you’ll be presented with this menu.  Make sure that the BIOS is the most recent version (1.45 as of this post).  Press enter on Config.

BIOS top level menu

BIOS top level menu

Step 2. In Config menu, arrow down to CPU and press enter.

Config Menu on Lenovo W510 BIOS

Config Menu on Lenovo W510 BIOS

Step 3. In the CPU menu, make sure the settings are:
• Intel Hyper-Threading = Enabled
• Intel Virtualization Technology = Enabled
• Intel VT-d Feature = Enabled

Core Multi-Processing Enabled, Intel Hyper-Threading Technology Enabled, Intel Virtualization Technology Enabled, Intel VT-d Feature Enabled

Hardware Virtualization BIOS Settings on Lenovo W510

If any settings in Step 3 had to be changed, hit F10 to save the settings and then power the machine off. Re-enter the BIOS by pressing F1 on the next startup.

Step 4. Return to the Main Menu in Step 1, and select Security. This menu will appear.
Arrow down to Memory Protection and press enter.

Security Menu on Lenovo W510

Security Menu on Lenovo W510

Step 5. In Memory Protection, make sure Execution Prevention is set to Enabled
Press ESC to return to the Security menu from Step 4

Execution Prevention Enabled

Memory Protection BIOS Settings on Lenovo W510

Step 6. Confirm the following settings:
• Security Chip = Active
• Intel TXT Feature = Disabled

Security Chip Active, Intel TXT Feature ***Disabled***

Security Chip BIOS Settings on Lenovo W510

Press F10 to save settings, and power down the machine. After restart, the Hyper-V role can be installed.

Citrix is all new in June

If you’ve been paying attention to Twitter lately, you’ve probably noticed that there have been a lot of new announcements and releases from Citrix over the past 7 days.   So many in fact it can be difficult to keep straight exactly what is going on.  I’m going to try to clear up some of the murk and hopefully help you understand how these announcements are going to impact your plans for the near future. I’ll try to detail each of the announcements and product updates and what’s new with them.

XenDesktop 7: This is Citrix’s flagship VDI product, which competes head to head with VMware’s Horizon View.   Hopefully most Citrix customers are also aware that most of the license editions for XenDesktop also include rights to Citrix XenApp (also knows as Presentation Server or MetaFrame).  Despite the bundling, XenApp and XenDesktop have always been two distict products with separate infrastructures and management frameworks.  XenDesktop 7 changes all that.  With the v7 release XenDesktop now fully encompasses all the functionality for application and desktop publishing from both server OS (XenApp/RDS – aka Hosted Shared) as well as desktop OS (XenDestkop/VDI – aka Hosted).  This means that from a single console you can configure desktops and apps published from Windows XP, 7, 8, Server 2008R2 and Server 2012.  Yes, I said desktops and apps!  Actually XenDesktop has had the ability to do “VM Hosted Apps” for a while but it was infrequently used; that capability is now core functionality and delivers the “seamless” published apps from both destkop and server environments.

Did I mention this is all in a single console?  Well, actually there are two consoles – the management/configuration interface which is now named “Studio” and a helpdesk and monitoring interface named “Director”.  XenDesktop admins will be familiar with both of these.  By the way, Director now has the ability to mine Edgesight data to provide historical information about users, apps, sessions, and hosts.

With the merger there is now a 4th edition of XenDesktop – now giving us Platinum, Enterprise, VDI, and Apps.  The Apps edition will map to the functionality which was previously provided by XenApp.

XenDesktop 7 also brings a host of new features and functionality including the H.264 supercodec, reverse seamless applications, and App DNA integration.  RemotePC is now configured from within the Studio console.   One of the more interesting capabilities is that you can now use MCS to manage your published app server farms which will greatly simplify single image management for smaller environments. Check out this blog for more details and a link to the Citrix TV session detailing the new features.

XenDesktop 7 brings with it a host of other updates:

  • StoreFront 1.2 -> StoreFront 2.0
  • Web Interface 5.4 -> StoreFront 2.0 (StoreFront is now required)
  • Provisioning Services 6.1 -> Provisioning Services 7.0
  • XenServer 6.1 -> XenServer 6.2
  • Receiver 3.4 -> 4.0  (and new receivers for iOS, Android, and OSX too)

It’s a pretty safe bet that if you use XenDesktop or XenApp you’ve got some new code in your future.

XenApp 6.5 Feature Pack 2: Much less hubbub about 6.5 FP2, but very noteworthy that in this same timeframe Citirx has chosen to issue an update to the existing XenApp product which offers many of the end-user benefits associated with XenDesktop 7.  This appears to be a recognition on Citrix’s part that customers probably will not migrate off of XenApp 6.5 in any great hurry, and this update removes much of the need.  XenApp 6.5 was originally released in August of 2011 and is widely deployed.  Details of the new features can be found here.

Cloudgateway is now XenMobile Apps: So if you’re looking for an updated App Controller, you need to look in a new place.  This heralds future integration between the XenMobile MDM solution and Citrix’s Web/SaaS/Mobile Application management.  We also saw a new release of XenMobile MDM 8.5 on June 28.

ShareFile Storage Center and Connectors are now Storage Controller 2.0: This brings the integration of the on-prem storage options for ShareFile all into one product, reducing the number of servers needed to connect to local storage zones, CIFS shares, and SharePoint.  It also provides read/write access to SharePoint sites!

XenServer 6.2: The latest release of Citrix’s XenServer hypervisor is more incremetnal and has not received much fanfare, with the largest announcement being that the product is now fully open source.  More details on the future strategy and new features can be found here.

NetScaler 10.1: It seems like this release has been kept fairly quiet, however the new HDX Insight reporting feature will offer great value to shops using NetScaler for its Access Gateway Enterprise Edition features.  Want to know how much data user sessions are moving?  Look no further!

VDI in a Box: Even VDI in a Box got an update, now at version 5.3. ViaB gets updates to support better 3D graphics. newer hypervisors, the H.264 supercodec, Windows 8 and Personal vDisk.  More info can be found here.

So June has been a huge month for Citirx with updates across nearly the entire product portfolio.  If you have or use Citrix products these changes will affect you.  If you need help or just want more information reach out to your Lewan Account Executive.  We’re here to help.

Cisco AnyConnect vs. Internet Connection Sharing in Windows 8

Having recently installed Windows 8 on my laptop to take advantage of the Client Hyper-V, I’m working through the kinks that come with a new OS on my daily driver. Hyper-V leverages the built-in Internet Connection Sharing (ICS) to provide NAT and DHCP for internet access for VM’s running on the hypervisor. This isn’t quite as intuitive as the network implementations in VMware Workstation or Oracle’s VirtualBox, but that’s a different discussion.

I recently had some trouble establishing the VPN connection, and set about re-installing Cisco AnyConnect as a result. During the install, a notification box popped up numerous times to warn me: “The VPN client agent was unable to create the interprocess communication depot.”

Cisco AnyConnect Install Error

The VPN client agent was unable to create the interprocess communication depot.

The install completed after clicking OK on the notifications, but would not establish a VPN connection, with a not so informative message “Unable to establish VPN”.  A bit of searching later, I found that AnyConnect is not compatible with Internet Connection Sharing, which Cisco states in the AnyConnect VPN Client FAQ.

The solution is to disable the ICS service before installing AnyConnect.  Subsequently, when trying to connect, I encountered connection failures:

AnyConnect Unable to Establish Connection

AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.

The solution is again to disable the ICS service, establish the AnyConnect VPN connection, and then enable ICS.  Oddly, it seems that after the first failed connection attempt followed by stop / connect / restart cycle of the ICS service, AnyConnect can be reconnected without any trouble.  Tedious, but it works.  Ping me back if you know a better way!