Archives for February 2016

Feb
27

Commvault IntelliSnap & Metro Availability with Nutanix

I was asked if Commvault IntelliSnap works with Metro Availability on Nutanix and I wasn’t 100% certain due to the snapshots that Metro production domain would have to take. So after giving it a quick test, it turns out it works just fine.

Setting your retention policy

Setting your retention policy

I would just take into account that if you have separate jobs running that each time it will take a snapshot of the container and then your retention policy will come into affect for the production domain.

Below is quick video of the process in action.

Feb
24

Cluster Health & One-Click Help To Win Award

Nutanix received the Omega NorthFace Scoreboard Award for the third consecutive year. This industry-leading award demonstrates Nutanix’s on-going commitment to building sustainable, long-term customer loyalty. According to Omega Group, Nutanix’s Net Promoter Score improved to 92 from last year’s score of 88. The gold standard in customer experience management, NPS measures the willingness of customers to recommend a company. NPS scores can range from -100 to 100.

OK but what does that have to do with Cluster Health and One-Click Upgrades? Simply put when you call into Nutanix support you get someone right away regardless of your SLA’s most times. Nutanix support is not stuck doing mundane upgrades and trivial support. Cluster Health and One-Click free customers time but also the support staff so they can work on real problems. This also allows Nutanix to pay and retain the best support staff in the industry. It’s not odd getting a CCIE storage or networking support member on the phone.

Unsolicited Customer Feeback

With the release of 4.6 Nutanix can provide 1 click upgrades for:

Hypervisors
Our Acropolis software
BMC
BIOS
Disk firmware

With Cluster Health in 4.6 there are over 200 health checks that automatically run in combination with Nutanix Cluster Check! There was so many checks I had to copy them into a spreadsheet to count them all. There is also the added benefit of knowing the hardware so we can’t get very granular with the checks.

Cluster Health is warning about space usage.

Cluster Health is warning about space usage.

Congrats to the Nutanix Support Team for another great win.

Feb
22

Docker UCP and Cloud-init with Nutanix (Video)

In Acropolis 4.6 Nutanix added guest customization for the Acropolis Hypervisor.
Cloud-init + Docker

In an Acropolis cluster, you can use Cloud-init to customize Linux VMs and the System Preparation (Sysprep) tool to customize Windows VMs. I used Cloud-init to clone a Nutanix VM and then have it automatically join the Docker UCP swarm cluster.

About Cloud-Init

Cloud-init is a utility that is used to customize Linux VMs during first-boot initialization. The utility must be pre-installed in the operating system image used to create VMs. Cloud-init runs early in the boot process and configures the operating system on the basis of data that you provide (user data). You can use Cloud-init to automate tasks such as setting a host name and locale, creating users and groups, generating and adding SSH keys so that users can log in, installing packages, copying files, and bootstrapping other configuration management tools such as Chef, Puppet, and Salt. For more information about Cloud-init, see https://cloudinit.readthedocs.org/.

Customization Process

You can use Cloud-init or Sysprep both when creating and when cloning VMs in a Nutanix cluster. For unattended provisioning, you can specify a user data file for Cloud-init and an answer file for Sysprep. All Cloud-init user-data formats are supported. For example, you can use the Cloud Config format, which is written in YAML, or you can provide a multi-part archive. To enable Cloud-init or Sysprep to access the script, the Acropolis base software creates a temporary ISO image that includes the script and attaches the ISO image to the VM when you power on the VM.

You can also specify source paths to the files or directories that you want to copy to the VM, and you can specify the target directories for those files. This is particularly useful if you need to copy software that is needed at start time, such as software libraries and device drivers. For Linux VMs, the Acropolis base software can copy files to the VM.

Docker UCP
Universal Control Plane comes with the capabilities an enterprise needs for Docker: from LDAP/AD integration, ability to deploy on-premises, to high availability and the ability to integrate to manage your networks and volumes – the controls that any enterprise IT operations team needs. I think UCP can bring developers and IT operations teams together, Universal Control Plane provides a quick and easy way to build, ship, and run distributed apps from a single Docker framework. Docker UCP can be a great place to land on Nutanix with Prism because they are both are scale out control planes and is also easy to use and automate.

Built in security, and integration with existing LDAP/AD for authentication and role based access control, as well as native integration with Docker Trusted registry. The integration with Docker Trusted Registry allows enterprises to leverage Docker Content Trust (Notary in the opensource world), a built in security tool for signing images. UCP is the only tool on the market that comes comes with Docker Content Trust directly out of the box. With these integrations Universal Control Plane gives enterprise IT security teams the necessary control over their environment and application content. When you combine UCP with the Nutanix security it makes for a compelling story.

Getting Cloud-init to Automatically Add VM’s to UCP
Outside of some firewall issues most of my time was spent getting my yaml commands to work since it was brand new to me. I have to thank Abhishek Arora and Steve Poitras for helping me out as well.

Here is my basic commands for getting the job done.

#cloud-config

runcmd:
- [ sh, -xc, "IP=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/')" ]
- [ sh, -xc, "docker run --rm -i --name ucp -e UCP_ADMIN_USER=admin -e UCP_ADMIN_PASSWORD=nutanix -v /var/run/docker.sock:/var/run/docker.sock docker/ucp join --url https://10.4.58.11:443 --san $IP --host-address $IP --fingerprint=7E:8F:EC:A2:F3:E5:9D:46:AC:8E:2B:22:8D:81:3A:C7:5B:1C:92:48 --fresh-install "]

The first line grabs the new IP of the VM and then uses it to join the Docker UCP cluster.

Docker UCP and Cloud-init in Action

Let me know if you any thoughts or questions.

@dlink7

Docker Container Best Practices on Nutanix

Feb
18

Nutanix 4.6 – Scheduling Security Configuration Management Automation

All of the advanced security settings are controlled with NCLI in Acropolis 4.6. The security related commands are under the cluster object. NCLI is very tab friendly so you really don’t need to memorize the commands. The schedule command refers Nutanix Security Configuration Management Automation that will run the systems checks to make sure your system is compliant. The default schedule is set to DAILY. It can be set to HOURLY, DAILY, WEEKLY or MONTHLY. All of the other settings can be set to TRUE or FALSE.

There are separate commands for Storage and the Acropolis Hypervisor.

Storage Commands

ncli> cluster edit-cvm-security-params schedule=hourly

Enable Aide : true
Enable Core : true
Enable High Strength P… : false
Enable Banner : true
Enable SNMPv3 Only : true
Schedule : HOURLY

Acropolis Hypervisor Commands

ncli> cluster edit-hypervisor-security-params schedule=HOURLY

Enable Aide : true
Enable Core : true
Enable High Strength P… : false
Enable Banner : false
Schedule : HOURLY

Feb
17

AHV – Most Secure Hypervisor by Default

Cybersecurity threats grow and change every day, demanding perpetual vigilance and adaptation to the shifting security landscape. However, upgrading security in a traditional three-tier architecture is so time consuming and expensive, often involving multiple separate vendors, that some enterprises put off innovation. In light of competing security concerns—the need to reclaim resources for innovation versus the need to keep costs down—corporate and government environments demand a simpler approach: one vendor, with technology secured by design, and automated security compliance and reporting.
Nutanix has created a security development life cycle (SecDL) that addresses security at every layer in the deployment cycle, rather than applying it at the end as an afterthought. The SecDL implements security culture from top to bottom, ensuring that it is a foundational part of the design. SecDL reduces the time it takes to update code, which mitigates the risk of zero-day exploits.

Security is usually the last thing to get love when your under pressure. You will lack security if you get your system to work. With SCMA you don't have to decide between security and a working system anymore.

Security is usually the last thing to get love when your under pressure. You will ease security if you get your system to work. With SCMA you don’t have to decide between security and a working system anymore.

Because traditional manual configuration and checks cannot keep up with the ever-growing list of security requirements, Nutanix provides Security Technical Implementation Guides (STIGs) that use machine-readable code to automate compliance against rigorous common standards. Today, Nutanix tracks over 1,700 security entities across storage and the Acropolis Hypervisor (AHV). With Nutanix Security Configuration Management Automation (SCMA) introduced in the Acropolis Operating system 4.6, you can quickly and continually assess and remediate your platform to ensure that it meets or exceeds all regulatory requirements.

As regulations become more cumbersome and threats continue to proliferate, a fully tested platform with security at the forefront is the best choice for meeting tomorrow’s challenges today. The Xtreme Computing Platform (XCP) shrinks the compliance auditing window from months to minutes, allowing you to focus instead on the applications that drive the business.

SCMA also covers frustrating maintenance scenarios in which you upgrade your storage or hypervisor software only to find that the new software has overwritten your careful configuration work, forcing you to go through all the settings again from scratch. Returning to the baseline manually is slow and error-prone, often causing significant problems, particularly when dealing with major release upgrades. Companies have had to delay upgrading their systems to preserve security compliance, even when an upgrade would offer new features required to support the business. Nutanix SCMA means that businesses don’t have to shoulder the burden of interoperability testing or go through cumbersome steps to manually inspect and revert the upgraded system to a known good state.

With SCMA, you can schedule Nutanix STIGs to run hourly, daily, weekly, or monthly. The automation checks have the lowest system priority within the virtual storage controller, ensuring that security checks do not interfere with platform performance.
Nutanix has embedded five STIGs covering Nutanix storage and AHV in the product. These STIGs are:

o Acropolis Virtual Storage Controller STIG
o Nutanix Prism Web Server STIG (for tomcat)
o Nutanix Prism Proxy Server STIG (for Apache)
o Nutanix JRE8 STIG
o Acropolis Hypervisor STIG

With both the storage and they hypervisor meeting the highest levels of security out of the box I think it’s safe to say from day 1 to the life of the cluster that you have the most secure platform for your workloads. You can’t simply do one without the other and be secure. It’s this end to end life cycle (SecDL) that makes Nutanix so different from other vendors on the market today.

The hamster wheel of keeping your environment secure just had it's last spin with AOS 4.6.

The hamster wheel of keeping your environment secure just had it’s last spin with AOS 4.6.

Feb
16

Nutanix Volume Groups become 1st Class Citizens with 4.6

The Nutanix story around replication and snapshots is great but when Volume Groups first was released to support MS Exchange on ESXi, volume groups didn’t make the cut for DR. Since the 1st release of Volume Groups they have taken a life on their own have been great at supporting older applications like Windows Failover Clustering

What is a Volume Group?

A volume group is a collection of logically related vDisks called volumes. Each volume group is identified by a UUID. Each disk of the volume group also has a UUID, and a name, and is supported by a file on DSF. Disks in a volume group are also provided with integer IDs to specify the ordering of disks. For external attachment through iSCSI, the iSCSI target name identifies the volume group, and the LUN number identifies the disk in the group.

Volume groups are managed independently of the VMs to which volumes must be explicitly attached or detached. A volume group may be configured for either exclusive or shared access.

With 4.6 Volume Groups are now inside of Prism. If your using volume groups with AHV the disks will automatically attached to the guest vm.

In side of Prism:
volumegroups-1

Setting up a Volume Group:

2016-02-15_14-46-16

XCP allows users to recover individual VMs and volume groups from snapshots. You can either replace the existing active VM with the snapshot copy or create a separate clone of a snapshot preserving the active VM. Depending on the snapshot settings in use, the recovered VM is either crash-consistent or application-consistent when it comes back online. Restored volume groups come up in a crash-consistent state. When you restore a volume group, it maintains its application-specific settings, so reattachment is easy. If you do clone a Volume group the UIDD will change.

Volume Groups and VM’s can be in the same protection domain for snapshots and replication.
vgdr

Another Nutanix feature made easy by Prism.

Feb
16

The Gem of 4.6: NGT with VSS Hardware Support

One of my favorite areas of the 4.6 release is data protection and the hidden gem has to be Nutanix Guest Tools (NGT). NGT really enables a lot of features, cross-hypervisor DR, Dial (change ESXi to AHV and back again), Nutanix VSS Hardware provider, and Self Service Restore.

Nutanix Guest Tools also includes the Nutanix Guest Agent (NGA) service that communicates with Nutanix Controller VM and Nutanix VM Mobility Drivers. The Drivers for facilitating VM migration between ESXi and AHV, in-place hypervisor conversion, and cross-hypervisor disaster recovery features.

ngt

NGT is enabled from within Prism. Simply select the Enable NGT and an ISO will be mounted to the virtual machine.

NGT2

After mounting NGT on a VM, you can configure your Windows machine to use NGT. Log into the Windows guest VM. Double-click the Nutanix icon labeled X and a way you go. After accepting the license agreement and follow the prompts to configure NGT on the virtual machine. After installation finishes, Nutanix guest agents are installed on the VM and you can use all the NGT features (self-service restore, cross-hypervisor disaster recovery, application consistent snapshot with VSS on AHV, or in-place hypervisor conversion from ESXi to AHV and AHV to ESXi).

While cross-hypervisor disaster recovery will get a lot of coverage I think Nutanix’s VSS hardware support is the best news. Now application-consistent snapshots can take advantage of the Nutanix framework and services such as Microsoft Volume Shadow Copy Service (VSS) to quiesce the VM and supported applications, rendering them into a known or consistent state. For systems using ESXi or the Acropolis Hypervisor (AHV) running Microsoft Windows guests, the Nutanix Guest Agent running in the guest OS provides VSS support. Using the native Nutanix VSS hardware provider, the Nutanix Guest Agent is called to quiesce the OS and supported applications such as Microsoft Exchange and SQL Server before XCP takes an application-consistent snapshot of the VM. Application quiescence times are lower than those previous hypervisor-based snapshot tools could deliver. Lower quiescence times help to keep application performance constant and reduce the I/O required when collapsing a hypervisor-based snapshot. To my knowledge this is first for HCI not relying on VMware Tools(VMware snapshots) so it’s big step for supporting the largest SQL databases.

Supported Operating Systems for NGT are:

Windows:

    Windows 2008 R2 or later versions
    Windows 7 or later versions

Linux:

    CentOS 6.5 and 7.0
    Red Had Enterprise Linux (RHEL) 6.5 and 7.0
    Oracle Linux 6.5 and 7.0
    SUSE Linux Enterprise Server (SLES) 11 SP4 and 12
    Ubuntu 14.04 or later releases
Feb
14

Powering Dell XC – Erasure Coding and VM Flash Mode

This is the short overview of the software powering the Dell XC hardware. I wanted to talk about some technical features since it was a Tech Field Day so I landed on Erasure Coding EC-X and VM Flash Mode. One thing I also like to stress around going into HCI is management. The fact that you are splitting up a traditional storage array into multiple individual parts should not be lost on people. Of all the things the Acropolis software delivers, it’s management is what will allow Nutanix to compete with the cloud providers of the world. In the land of high availability us as humans are the most dangerous thing to happen to hardware, not the components themselves.

Session from Tech Field Day 10:

Some great additional resources:

Nutanix XCP VM Flash Mode – Enable SSD performance in a Hybrid System

Nutanix – Erasure Coding (EC-X) Deep Dive

Feb
11

Dell on Why an OEM Agreement Matters with Hyper-Convergered Infrastructure

It was the first time as a presenter attending Tech Field Day. I had been an attendee twice and a long time follower of the event. I’ve always thought the independent(as much as one can be) guests that Tech Field provides is some of the best in the industry. This event was no different; Forbes, Storage Architects, virtualization experts, exchange gurus and the list goes on. There really isn’t much that gets passed this diverse crew.

Senior Lewie Newcomb, Executive Director, Storage Product Group of Dell, started the show for Dell. Lewie does a great job of telling why hardware matters and how an OEM relationship forges an appliance like Dell XC to bring over and above a software only play. Lewie goes onto comment it’s one of the most successful products he has dealt with at Dell.

Watch the below segment on Dell’s SDS strategy and how the journey started with Nutanix.

Feb
01

Commvault IntelliSnap and Nutanix Video

A quick how to video and it even shows how you could restore to Amazon if needed.