S
D
V
Trials and Tribulations with VMWare, SunRay and the Sun 7000 Series Storage

I NSPIRATION


Old Lab space now Offices




Graduate Students target audience

Slow machines (4-5 years old)
Not for everyone
Adequate for most ‘everyday’ tasks

L AYERS


Sun 7000 series SAN


1 Gbit Switches (10 Gb uplinks)


VMware View 4.0

VMware View Manager 4.0


SunRay 5 (well really 4.2)

S USTAINABILITY





Electronic Waste

50 Desktops vs Servers
Power Footprint (sample size 50)


50x Sunray + 2x Server + SAN = (50x3.9w
1 ) + (2x380w 2 ) +
(1x500w 3 ) ~ 1455w
50x Desktop = 50x(128w – 260w 4 ) ~ 6400w – 13000w
LifeSpan


Server LifeSpan vs Desktop
SunRay LifeSpan (4x a regular computer *according to
Oracle)
Management


Easier Upgrade Path
 handful of servers vs many desktops
Imaging physical machines vs virtual http://www.oracle.com/us/technologies/virtualization/061984.html
http://solutions.dell.com/DellStarOnline/DCCP.aspx
2
1 http://www.sun.com/calc/storage/disk_systems/unified_storage/7310/ 3 http://www.dell.com/downloads/global/corporate/environ/comply/precn_t3500.pdf
4

S USTAINABILITY


VMware View 4.0



10 pack license: $1100
3 yr support (free upgrades) per 10 pack: $800
$190/desktop or $63/year

S TORAGE L AYER


Sun 7000 Series







ISCSI, NFS, CIFS, FC, IB
Deduplication

Extraordinary capacity savings in this application
Replication

Replicate Important VM’s to a 7110
Snapshots (instant)
Flash acceleration
Analytics
All baked in (no additional licensing costs)
ISCSI vs FC vs IB…

We opted for ISCSI because of the pricepoint

2x Dell 6248 with 10GB uplinks - $2000/each


Comparable FC Switch: $4000/ea + HBAs
Comparable IB Switch: $6000/ea + HBAs

S TORAGE L AYER



2 Heads connected together via proprietary
‘heartbeat’ cards
Concept of an “owner” of a resource.


Failover/Failback
½ the resources on each node in a passive state




~35% Memory Usage
10-25% CPU Usage (spiking up and down)
Peak burst of ~300 MB/sec on the SAN (12 spindles)


Average IOP latency ~70ms
125GB Hard Disk Space used

S TORAGE L AYER


S TORAGE L AYER



ARC cache hits – 90%+
Latency becomes an issue under heavy load – 99% of ops below 125ms


Single head, 1 shelf keeping up with 50 vms in our environment.



2 nd CPU, Ram (cache) additional disk shelves (up to 5.5 more) up to 6x ‘Read Zillas’ per head (100GB read cache each

Utilize 2 nd head (active/active) on both trays

N ETWORK L AYER

N ETWORK L AYER



NIC Teaming

 http://www.vmware.com/files/pdf/virtual_networking_conce pts.pdf
VM networks, Data network, Management Network

N ETWORK L AYER



Minimal Resource savings with QLogic
QLogic boot off ISCSI

QLogic dual port card


Each head on a dedicated port
Multiple VMKernels (possible?)

V IRTUALIZATION L AYER



Uses VMware VSphere 4 for Virtualization
‘Enterprise’ license equivalent


Central Management of all VM’s

Cloning, Migration, Resource Management

V IRTUALIZATION L AYER


Manage all View Components

Desktop Pools, Entitlements, Sessions,

V IRTUALIZATION L AYER


Pools



Automated

Persistent

Dedicate VM’s to each user


Statically assigned when a user logs in
Non-Persistent



Typical “Lab” setup
‘Deep Freeze’ equiv. – machine deleted after logout
Automated Provisioning
Individual/Manual

Single VM
Terminal Server Connector

V IRTUALIZATION L AYER



Web Based - https
ActiveX/Java Launcher

V IRTUALIZATION L AYER





VM Settings

Customized per pool/application
Resource Pools


Reserve resources
Set Limits

Built in DeDuping (VMWare side not SAN side)


32 bit OS’s ONLY
Point a Pool to a VM snapshot


Permission to access a given VM or Pool
Synchronized to AD

S UN R AY L AYER






SunRay Server 5.0

Core Services access to Solaris Sessions


Terminal Server Connector
VMware View Connector
Recommended running on Solaris vs Linux
Kiosk mode

Allows a session to be run without a user actually logging in


Mode used for both VMware View connector and TS connector
Session initiated -> connect to service -> process login session
SSL encryption both up and down
Works flawlessly from home behind NAT

Nearly identical performance to on campus
Solaris acquires the session to VMware/TS and proxies to
SunRay. Session exists on Solaris

S UN R AY L AYER



3 rd party AD software required for “card only” logins


Username/Password acquires Kerberos token – bound to card Sunray Side
“Hot Desking”



Login with Key Card
Pulling Key card == Auto logoff
Keycard can be used to resume session at any other Sunray

S UN R AY L AYER



Install Sun/Ray Package – configure




Install View Connector
Connect to web GUI – https://servername:1661
Enable Kiosk mode – set to Vmware View Manager
Arguments: -s <server> -d <default_domain>


SunRay Powers on
SunRay obtains DHCP address




(optional) Secures a VPN connection
Looks for Option 49 (x-display-manager) from dhcp
Looks for sunray-servers.<dhcp assigned domain>
GUI Pop-Up Menu manual configure

P ROBLEMS /D IFFICULTIES



VMware View VM’s not releasing DHCP addresses




Blow through 100 ip’s in an hour with a class
Short (1 hour) lease time now
GPO shutdown script to release?
Registry setting? (98/NT only?) Untested


Poor performance with ESX 3.5 software initiator and Sun 7000 series
2-5MB/sec


Increased to ~20MB/sec when we enabled write cache on 7000 series LUNs (not the default!)
Upgrade to ESX4 ISCSI initiator maxes out 1 Gbit connection

P ROBLEMS /D IFFICULTIES




View connector only officially supports View 3.0





View 4 coming ‘soon’
No MMR support
No Flash Acceleration
No Windows 7 support (no USB or sound in win7)
Demonstrate performance?

Still ‘adequate’ for most users
1-Way Audio Stream

No Skype or Teleconferencing


Even though View 4 came out in Nov. 2009 they do not support any 64 bit version of windows Server.
Mostly works – until you create replicas

P ROBLEMS /D IFFICULTIES




Windows only

Unix/Linux Perl Toolkit (automation?)

NETID users can login to system





Currently cannot entitle NETID users
View browses/binds to LDAP via machine account
Workaround/override with VMware?
One way trust with NETID
Delegated OU’s?

Currently use python to batch add users to AD

Can share if interested

P ROBLEMS /D IFFICULTIES



Clustering alleviates a lot of this
Single 7000 series?

Q UESTIONS ?

 chenry3@uw.edu

import win32com,win32com.client
import string from random import choice password_size = 6 def add_acct(location,user): ad_obj=win32com.client.GetObject(location) ad_user=ad_obj.Create('user','cn='+user['login']) ad_user.Put('sAMAccountName',user['login']) ad_user.Put('userPrincipalName',user['login']+'@mydomain.com') ad_user.Put('DisplayName',user['first']+' '+user['last']) #fullname ad_user.Put('givenName',user['first']) ad_user.Put('sn',user['last']) ad_user.Put('description','Description of Employee') ad_user.Put('HomeDirectory',r'\\server1\homes\ '[:-1]+user['login']) #user \\server1\homes\<user> for homedirectory ad_user.Put('HomeDrive','H:') ad_user.SetInfo();ad_user.GetInfo() ad_user.AccountDisabled=0 password = ''.join([choice(string.letters + string.digits) for i in range(password_size)]) password = password +'1aB' # append '1aB' to end of password so we're positive it meets complexity requirements print 'user:' + user['login'] + ',password: ' + password ad_user.setpassword(password) ad_user.Put('pwdLastSet',0) #-- force reset of password ad_user.SetInfo()

def main(): user_list = open('C:\Users\username\Desktop\my_user_list.csv') for line in user_list: if line == None: break else: user_info = line.split(',') user={'first':user_info[1].strip(),'last':user_info[0].strip(),'login':user_info[2].strip()} location='LDAP://DC1.example.com/OU=myOU,DC=example,DC=com' add_acct(location,user) if __name__ == '__main__': main()