Sunday, October 30, 2011

How vMotion works

Hi All,

In VMware community there was query related to VMware vMotion. So I was going to through some documents on how vMotion works and felt its worth sharing it here.

Live or cold migration of a virtual machine from one physical server to another server is called as vMotion.

Now come's the question, how does this happens?. How is it possible? does really the user might not face an access disruption. this what the question come in the mind and here a explanation.

There are 3 underlying action happening in vMotion.

The entire state of a virtual machine is encapsulated by a set of files stored on shared storage such as Fibre Channel or iSCSI Storage Area Network (SAN) or Network Attached,Storage (NAS).

VMware vStorage VMFS allows multiple ESX® to access the same virtual machine files concurrently.

The active memory and precise execution state of the virtual machine is rapidly transferred over a high speed network, allowing the virtual machine to instantaneously switch from running on the source ESX host to the destination ESX host.

VMotion keeps the transfer period imperceptible to users by keeping track of on-going memory transactions in a bitmap.

Once the entire memory and system state has been copied over to the target ESX host, VMotion suspends the source virtual machine, copies the bitmap to the target ESX host, and resumes the virtual machine on the target ESX host.

This entire process takes less than two seconds on a Gigabit Ethernet network.

The networks being used by the virtual machine are also virtualized by the underlying ESX host, ensuring that even after the migration, the virtual machine network identity and network connections are preserved.

VMotion manages the virtual MAC address as part of the process. Once the destination machine is activated, VMotion pings the network router to ensure that it is aware of the new physical location of the virtual MAC address.

Since the migration of a virtual machine with VMotion preserves the precise execution state, the network identity, and the active network connections, the result is zero downtime and no disruption to users.

Reference are from the below:

VMware community:-

Thursday, October 27, 2011

Difference between vShield Edge and vShield App - Its important to know

I was going through the articles of vShield products and I want to share about vShield Edge and vSheild App, both are providing security services, both are providing firewall services. But how does it differ?. Here is difference between them and it’s interesting.

vShield Edge:-
1 The vShield Edge firewall provides protection for incoming and outgoing sessions at the perimeter of the virtual datacenter.

2 The vShield Edge firewall can only filter traffic that is flowing between different tenants. If virtual machines belonging to the same tenant communicate with each other, vShield Edge is not able to filter that traffic.

3. Basically at Port group or Vlan level.

vShield App:-
1.The vShield App firewall provides protection for communication between systems within the virtual datacenter.

2. To protect communications between virtual machines within the same tenant, you must use the vShield App firewall.

3. Basically at Virtual Machine Nic level.

I am installing the security product of VMware; next blog comes up with update on the experience on VMware vShield product.

Wednesday, October 26, 2011

HA admission controls clarification and basic idea

In one line - if we enable admission control in HA, it won’t allow us to put host in maintenance mode or standby, if its has VM in it, reason refer below.

If you want to put the host in maintenance mode for testing purpose or upgrade VMware recommends move the VMS manually to other host or disable available constraints for time being so that VMs will be automatically moved out to other VMs.

It’s recommended to use enable available constraints by VMware.

Implications of enabling VMware HA strict admission control

When VMware HA strict admission control is enabled, DRS and VMware DPM protect the availability of failover capacity at all times, and only take actions or make recommendations that are consistent with ensuring the availability of that capacity.

If we enable admission control below are advantage and disadvantage


Protect the availability of failover capacity at all times, and only take actions or make recommendations that are consistent with ensuring the availability of that capacity.


DRS does not evacuate virtual machines from a host for the purpose of placing it in maintenance mode or standby mode if placing the host in this state would violate failover requirements. You can still manually evacuate virtual machines in order to place hosts in maintenance mode or standby mode. If you violate failover requirements by doing this, however, the cluster turns red.

Tuesday, October 25, 2011

Basic Details VMware vSheild bundle ( Edge, App, Endpoint and DataSecurity)

Quick Introduction

vSheild Products version 5.0
• vShield App
• vShield Edge
• vShield Endpoint ( Hypervisor-Based Antivirus and Endpoint Security)

Note: - vCenter Server includes vShield Manager.

vShield Manager:- (Used for managing vShield products)
The vShield Manager is the centralized network management component of vShield, and is installed as a virtual appliance.

vShield App:- (Basically virtual Nic level protection)
vShield App is a hypervisor-based firewall that protects applications in the virtual datacenter from network based attacks. Organizations gain visibility and control over network Communications between virtual machines.

vShield Edge:- (Provides Security at Port Group Level and vSwitch level)
Provides network edge security and gateway services to isolate the virtual machines in a
port group, vDS port group, or Cisco Nexus 1000V.

vShield Endpoint:- (AV solution for Virtual Environment)
vShield Endpoint offloads antivirus and anti-malware agent processing to a dedicated secure virtual appliance delivered by VMware partners.

vShield Data Security:-
vShield Data Security provides visibility into sensitive data stored within your organization's virtualized and cloud environments.

Wait for the next update about vShield product, for pre-requisite, basic design idea and installations.