I normally keep this blog separate from my work at Fujitsu; however I’ve recently been involved in the production of an article about virtualisation and now that it’s been published, I’d like to highlight its existence on the Fujitsu UK website:
Make sure that virtualisation pays – and keeps on paying
Once a niche technology for test and development environments, virtualisation has moved into the mainstream as organisations embrace the benefits in efficiency and flexibility that it offers. It’s our opinion that virtualisation in itself is neither a quick fix for complex IT environments nor a guaranteed source of bottom-line benefits. It all depends on how you manage the technology – and how you adapt the processes and culture of your organisation to new ways of working.
Of course, although I’m attributed as the author, there were a team of people involved in the production of this document and I’d be interested to hear other people’s views – either by leaving a comment here, or (preferably), by leaving a comment on the Fujitsu website.
I’ve commented before about the licensing implications for Windows Server in a virtual infrastructure but yesterday, I was at a Microsoft partner event during which Microsoft UK’s Clive Watson gave an extremely clear explanation of Microsoft’s position and I thought that it was worth repeating here:
- The current version of Windows Server (Windows Server 2003 R2) is licensed by association (not installation). This means is that, regardless of whether the operating system is actually installed or not, a purchased operating system license can be associated with a device. In practice I can run any operating system I like on a server and, if I associate a legally purchased copy of Windows Server 2003 R2 with it, then I’m licensed to run Windows Server 2003 R2 on it.
- Each Windows Server 2003 R2 Enterprise Edition license also allows up to four virtual copies of Windows Server 2003 R2 – so if I associate a Windows Server 2003 R2 Enterprise Edition license with a server, I can run any virtualisation product on the server and I am licensed for 4 virtual machines (VMs) running Windows Server 2003 R2.
- Multiple licenses can be associated with a device, so if I associate two Windows Server 2003 R2 Enterprise Edition licenses with a server then I can run 8 Windows Server 2003 R2 virtual machines, 3 licenses allows 12 VMs, etc.
- There is a point after which it becomes more cost-effective to use Windows Server 2003 R2 Datacenter Edition, which is licensed per physical CPU. This allows unlimited virtual instances of Windows Server 2003 R2 to be run. Datacenter Edition used to be available exclusively from OEMs but that is no longer the case.
- There are also grandfathering rights, so the Windows Server 2003 R2 licenses can be used for previous versions of Windows Server, as long as they are still supported (i.e. back to Windows 2000, which is currently in its extended support phase). For client operating systems (i.e. Windows 2000 Professional, XP and Vista) and operating system versions that are out of support (e.g. Windows NT), a separate non-OEM license must be owned in order for a virtual machine to be legally licensed. For volume license customers, there are arrangements to allow upgrade from an OEM copy of Windows and there is also the Vista Enterprise Centralised Desktop (VECD) programme for customers who are looking at running a virtual desktop infrastructure.
- Only active VMs need to be licensed – so an unlimited number of virtual machines can be held in a library for activation on a host server (subject to the limits on the number of running VMs at any one time.
The long and short of it is that I can run VMware ESX Server, Citrix XenSource or any other virtualisation product and by associating one or more Windows Server 2003 R2 Enterprise/Datacenter Edition licenses with the physical server(s), I am licensed for a number of active (and unlimited inactive) Windows Server 2003 R2/Server 2003/2000 Server virtual machines. A licensing calculator is also available.
With regards to support, the situation is less clear. Microsoft’s common engineering criteria ensures that all products since 2005 have shipped with support for Microsoft Virtual Server 2005 and this has now been updated to include Hyper-V. There are a few exceptions to this (products that are in the process of being retired and products with hardware requirements that cannot be met through virtualisation). Microsoft knowledge base article 897615 discusses the support policy for Microsoft software running in non-Microsoft hardware virtualisation environment and, crucially says that:
Microsoft does not test or support Microsoft software running in conjunction with non-Microsoft hardware virtualization software
Effectively, Microsoft will use commercially reasonable endeavours where a customer has a Microsoft support agreement but may require an issue to be replicated on physical hardware (or using Microsoft virtualisation).
One more point that’s worth mentioning – Microsoft doesn’t just support its own operating systems in a virtual environment – Microsoft knowledge base article 867572 lists the supported guest and host OSs including Red Hat Enterprise Linux and Novell SUSE Linux Enterprise Server – and Microsoft are keen to stress that support is end-to-end (i.e. Microsoft applications, any supported operating system and the Microsoft virtualisation product) with agreements in place to back off Linux operating system support to XenSource/Novell where required with Microsoft remaining the primary point of contact.
Even though Windows Vista will run on lower-specification PCs (it’s fine on my ThinkPad T40 with 512MB RAM), once you add a few applications (like Office 2007), it really starts to bog down and I was struggling recently with 1GB RAM on my work notebook (it’s been fine since I added another gig). If you also run virtual machines (e.g. for product testing or demonstrations), then its not long before the requirements for physical RAM run up against the limits of a 32-bit address space.
Last week, my colleague Alistair (soon to be an ex-colleague as he’s off to Conchango – where I used to work, proving that the UK IT industry is a very small world!) was raving about the Corsair Flash Voyager USB drives. Not only are they shock and water-resistant, but the GT model is ReadyBoost compatible, meaning that if you need a bit of extra RAM in your PC you can plug in your USB key. USB will be slower than on-board memory, and other ReadyBoost compatible drives are available, but the Flash Voyager GT is heralded as one of the fastest such devices available today. Even better, the ReadyBoost memory is a separate address space, so you can exceed the 4GB limit for a 32-bit architecture.
There’s a useful ReadyBoost FAQ at Tom Archer’s blog.
Whilst many organisations will have strict policies regarding patching, others will not and I’ve lost count of the number of times I’ve found myself troubleshooting strange errors in a virtual machine, only to find that the underlying host operating system has automatically updated itself and is waiting for a restart. Consequently, it’s worth mentioning that automatic updates and hosted virtualisation server products (e.g. Microsoft Virtual Server or VMware Server) do not mix well. Of course, those running a non-hosted virtualisation solution (like VMware ESX server) won’t have this issue; although even ESX needs patching from time to time.
I’m troubleshooting some problems with my Exchange server at the moment and the ExBPA led me to a knowledge base article about running Exchange Server in a virtualised environment. Whilst reading that, I can across Microsoft knowledge base article 897615, which discusses the support policy for Microsoft software running in non-Microsoft hardware virtualisation software.
I’ll paraphrase it as “If you have Premier support and you use our virtualisation software, we’ll try and work out what the issue is (we use Virtual Server 2005 R2 to do that anyway). If you don’t have Premier support, then you should, and you need to proove that it’s nothing to do with virtualisation (i.e. can you replicate the issue on physical hardware). If you have a Premier agreement but you use another vendor’s virtualisation software then we’ll try our best, but you’ll probably have to proove the problem is not caused by the virtualisation software”. The crux of this is the statement that:
“Microsoft does not test or support Microsoft software running in conjunction with non-Microsoft hardware virtualization software.”
This might be worth considering whilst selecting which (if any) virtualisation platform is right for an organisation.
I spent this evening at Microsoft UK, attending the inaugural Windows Server UK user group meeting. There weren’t many of us there but there was a lot of information passed around as Scotty McLeod from Perot Systems and Austin Osuide from EDS gave presentations on Windows Server 2008, Read Only Domain Controllers and Terminal Services Gateway Servers.
Based on his ability to retain technical information, it strikes me that Scotty has a brain the size of a planet and Austin quite simply oozes enthusiam (he knows his stuff too!). I intend to blog some more about the topics that were covered; however I did want to mention Austin’s technique for ensuring that his demo could complete, regardless of anything going wrong (although there wasn’t much he could do about the Microsoft Campus security closedown at 10pm). When preparing his demo, with a number of virtual machines running on VMware Workstation, Austin had also taken snapshots at key points so that he could revert to a basic system and walk through the process, or jump to any point in the demo with a partially or fully completed configuration.
Some people pray to the demo gods but it seems to me that this technical approach may be more reliable!
I’ve commented before that I wasn’t sure what the future held for Microsoft Virtual PC as much of the marketing and visible product development for the last couple of years has related to Virtual Server. Well, despite killing off Virtual PC for Mac, the Windows version appears to be alive and well as Virtual PC 2007 has been released.
I haven’t had time to check it out yet (I’m using Virtual Server 2005 R2 at home and until recently was using various VMware products at work) but I’m sure more details will become available in time at John Howard‘s blog.
When thinking of IT security, there are a few names which immediately come to mind. One of these is Bruce Schneier, another is Rafal Lukawiecki and another is Steve Gibson. I recently began to listen to Steve Gibson’s Security Now podcast with Leo Laporte and originally I thought a security podcast would be dull – although it does seem to me that this one is as often about new hardware and software technologies as it is about security – but I was pleased to discover that it’s enjoyable listening as Steve does a very good job of describing security issues in basic terms (he can be very outspoken though and does sometimes let himself down on his broader knowledge of the non-security elements).
I’ve written a lot on this blog about virtualisation technologies but never really covered the basics of what virtualisation is. I had thought of writing a blog post on the topic but, as there are a number of Security Now podcasts that do a better job, I recommend listening to (or reading the transcript for):
Security Now episode 50: Introduction to virtualisation (transcript).
I found this particularly interesting, describing the history of virtualisation technology, from 1960s IBM mainframes right up to the present day. If that whetted your appetite then the following episodes may also be interesting:
Security Now episode 53: Virtualisation part 2 (transcript).
Security Now episode 54: Blue pill (transcript).
Security Now episode 55: Application sandboxes (transcript).
Security Now episode 57: Virtual PC (transcript).
Security Now episode 59: Parallels (transcript).
I should point out though that I did notice a few errors:
It’s a shame that these errors crept in as it would have a huge effect on the overall positioning of Microsoft’s virtualisation products in the Virtual PC podcast (episode 57). Having said that, Virtual Server does has a number of issues when it comes to managing it in a cross-platform environment – it may have a web interface but it relies on ActiveX (so, requires Internet Explorer on Windows) and the Virtual Machine Remote Control (VMRC) client is not available for non-Windows platforms (despite using port 5900, suggesting it may be related to VNC, I can’t seem to get it working using a VNC client).
VMware may well have a more advanced product set (with Workstation, Virtual Infrastructure 3 and VirtualCenter 2) but from my experiences of dealing with the company it seems that they are going through some growing pains and I am sure that Microsoft will catch up over time. What seems to be certain, is that virtualisation is more than just the buzzword of 2006.
As a Windows Vista beta tester who filed at least one bug report, I was recently given a complementary copy of Windows Vista Ultimate Edition (thanks Microsoft); however as I’ve been rationalising my PC infrastructure of late I only have a couple of PCs that could make full use of the visual effects in Vista – my Mac (which runs Mac OS X most of the time) and a 2.4GHz Pentium 4-based PC (which runs Windows Server 2003 and Virtual Server 2005 R2). Consequently I’ve been wondering if the best way to make use of my new Vista license (bearing in mind the restrictions of product activation should I later try to move it between PCs) would be in a virtual machine.
It seems not, as I checked with John Howard, who is a Microsoft Program Manager for Windows virtualisation (and was formerly an IT Pro Evangelist here in the UK) as to the likelihood of ever receiving suitable VM Additions or 3D device drivers within a Windows virtualisation product.
John kindly replied, pointing out that the S3Trio video adapter which is emulated within the Microsoft virtualisation products is nowhere near the level required to support Vista’s 3D graphics. He went on to add that there are no plans to change this within Virtual PC 2007 or Virtual Server 2005 R2 SP1, nor in Windows Server Virtualization (which is seen as a server solution and therefore unlikely to require client-focused features such as 3D graphics).
John’s reply doesn’t fill me with hope and despite VMware’s current push into enterprise desktop virtualisation I’m not sure that their position would be any different. In the meantime, it looks as though 2D graphics will be the limit to those of us who are heavy users of virtualisation on the desktop.
Ever since Microsoft announced its new licensing policy for virtualisation, I’ve been trying to get an answer on whether the “4 free guests with every copy of Windows Server 2003 R2 Enterprise Edition (or unlimited guests with DataCenter Edition)” applies when non-Microsoft virtualisation products are in use.
Various Microsoft representatives have indicated to me that to restrict it to Microsoft virtualisation products would not be possible but no-one seemed 100% certain on the answer and I didn’t want to place myself in the situation where I advised a client that they had sufficient Windows licenses when in fact they were under-licensed. Earlier today I found the VMware pricing and licensing FAQ: Microsoft licensing for virtualised environments which answers my question, although it is also heavily caveated:
“This document is provided solely as a convenience for VMware employees, partners, customers and prospects and does not constitute legal advice. Your review of this FAQ should not substitute for review of applicable Microsoft licensing agreements and documentation”
Basically, it looks as if the Microsoft licensing arrangements apply regardless of the virtualisation product in use – in fact you don’t even need to have Windows installed on the host server – as long as an appropriate Windows license is owned (so ESX Server users can run 4 Windows instances free of charge, provided that they also own a “spare” copy of Windows Server 2003 R2 Enterprise Edition).
Another licensing issue that’s been concerning me is VMware’s model of licensing server products such as Virtual Infrastructure 3 by pairs of physical processors (2 sockets). For example, a 4-way HP ProLiant DL585G2 with 4 dual-core AMD Opteron CPUs would need 2 licenses (2 x 2 sockets) even though there would be 8 logical CPUs. With the imminent arrival of quad-core CPUs and predictions of many more cores on future processors, I had to wonder how long this model could be sustained and VMware has provided a clue to the answer in the VMware multi-core pricing and licensing policy. Basically, it seems that 4 cores is the breakpoint:
“[VMware’s] policy defines a processor for licensing purposes as up to four cores per processor.”
So, any future 8-core CPU could be expected to use up 2-processor’s worth of VMware licenses. Confused? Well, even VMware are reserving judgement:
“This policy applies only to dual- and quad-core processors. VMware will revisit its licensing policies as x86 processors with a greater number of cores become available.”
There’s more information about multicore processors on the Intel and AMD websites.