VM management tools from Microsoft, VMware, XenSource leave room for improvement

VMware console serves up the tools to beat

It's time to reign in the virtual machine revolution taking over your network. In the first part of a series of testing-based articles looking at the various virtual machine management tools available to IT professionals today, Network World Lab Alliance member Tom Henderson assesses the administrative tools built into virtual machine platforms from Microsoft, VMWare and XenSource and the optional management consoles the ride on top of them. His overall conclusion is that while these tools can get virtual machines up and running across the network, ongoing management tasks may still require third-party tools.

ProductVMware ESX Server 3 with VirtualCenterMicrosoft Virtual Server 2005 SP1 with Service Center Virtual Machine Manager 2007XenEnterprise 4, including XenCenter


MicrosoftXenSource (Citrix)
Price as testedVMware Infrastructure starts at $1,000 for 2 processors. VMware offers free VMware Server, which does not include VirtualCenter.MVS 2005 is a free download; SC-VMM 2007 is part of the System Center Server Management Suite Enterprise, which costs $860 per server.Ranges from $1,600 to $2,500 per server.
ProsStrongest set of virtual-machine management tools.Egalitarian guest operating-system hosting; good host compatibility; SC-VMM overall has rich features.Strong guest operating-system compatibility.
ConsMost tools come as an option; image-management security needs some work.Decidedly Windows focused; requires other optional System Center components for optimal manageability.Poor backward compatibility; immature docs; confined guest operating-system compatibility.

We've identified five areas that need to be addressed to make virtual-machine management a workable venture in a large deployment:

* How are versions of virtual-machine snapshots tracked?

* How are the moves, adds and changes to virtual-machine hosts, their guests, and the applications used on them administered?

* How is virtual-machine and application availability monitored?

* How are user and administrative roles managed across virtual machines?

* What forensics are available to help determine why a virtual machine was drastically altered in any way?

We'll use these questions as anchors for our testing across all of our virtual-management products (see "5 key virtual-machine management questions").

All three vendors offer free basic forms of virtual-machine hosting to tease clientele. Enterprise-capable versions of these basic hosting platforms with suitable hosting management and control comes at an additional price. The upside is that the baseline enterprise virtual-machine packages are likely to have an integral management console and API set. These consoles are critical toward large production use of the virtual-machine platforms we tested.

Each of the base virtual-machine platforms evaluated -- VMware ESX 3, Microsoft Virtual Server (MVS) 2005 SP1 and XenSource's XenEnterprise 4 -- offer at minimum, administrative tools that help with necessary, routine virtualized-platform management: starting and stopping virtual machines, getting a shell onto guest operating systems, and, with the aid of some common tools, looking at SNMP values or tracking via Windows Management Instrumentation. All have a command-line interface (CLI) with utilities that allow performance tuning (allocating memory at minimum) and parsing out network and storage resources to guest instances.

The maturation of these virtual-machine platforms since we last tested them shows and plays into the manageability equation. In our most recent testing, we found VMware's hardware virtualization scheme is strong, offering stability and requiring no fussy implementation on our mainstream test platforms.

MVS 2005 also is a known quantity because it's been shipping for more than two years. However, its advancement has been a bit stalled in the wake of Microsoft's Windows Server Virtualization (WSV) -- a redesigned, integral part of Microsoft's Windows Server 2008 (Longhorn) editions. WSV will represent a hefty change in how Microsoft will virtualize hardware, and this 800-pound gorilla is still perhaps a year away.

We saw Xen in its origin as an open source project, and frankly didn't think it was quite ready for tough production environments. The core project has matured rapidly, and Citrix/XenSource hopes to take its commercial components straight to Linux and Windows server administrators and network designers alike.

Each virtual-machine platform tested offers interguest-operating-system isolation, which prevents the misbehavior of one guest operating system from affecting another guest. In our tests, we found that session isolation isn't foolproof, but it is very good in all three products. Session/host reliability has to be that way to motivate virtual-machine use in production environments.

Basic administration and stability aside, none of these platforms offer management wares in their base packaging (that is, the free packages) that address other important components: image archiving, image revision, synchronization of guest operating-system components, image validation and user role-management. Additionally, forensics is accomplished only by piecing together logs and using crash-dump filters to find the state conditions that brought down a virtual-machine host.

To accomplish even some of the enterprise management tasks we define as critical, users have to turn to the the vendors' mostly modular management applications, which all come at a price.

VMware's VirtualCenter is a great management application. Of the three we tested this round, VMware's management console was the most comprehensive and flexible. Third-party alternatives to it represent a rapidly growing business segment. XenEnterprise 4, with its XenCenter management console, does provide some stiff competition for VMware. XenEnterprise uses the free/open source software Xen components as its roots and adds a commercial layer on top. The downside to going with any open source option is that commercial third-party management add-ons aren't quite as strong or in great variety -- yet.

Microsoft recently released its Systems Center Virtual Machine Manager (SC-VMM), which controls the present MVS 2005 SP1 platform and will manage future editions of WSV. SC-VMM is a much-needed addition to the Microsoft virtual-machine story, because the tools available to manage VMware made the steps needed to get MVS 2005 SP1 to work properly in a large deployment look like plain drudgery in comparison.

What follows is a virtual-machine platform-by-platform breakdown of how the advancements in the core stability and these add-on wares boosted overall manageability in our lab environment (see "How we did it").

VMware ESX Server 3

The strength of VMware ESX lies in its ability to host Intel and AMD x86 guest operating systems directly, without the need for modifications. The 64-bit VMware ESX Server 3 (as well as previous versions) manages operating-system instructions on its own kernel after VMware ESX has booted a Linux kernel and overwrites it so that the hypervisor runs the guest operating-system instances.

VMware ESX can host a variety of guest operating systems. That is partly a function of its maturity. Microsoft Windows, Sun's x86 Solaris and many Linux distributions are in use as guest operating systems under VMware ESX and thrive with multicore CPUs from Intel and AMD. VMware ESX does the basic job of getting guest operating systems hosted with little fuss and few compatibility issues that need to be addressed by an administrator.

Any shop using ESX needs VMware's VirtualCenter (or an equivalent third-party product) if the IT folks are serious about deploying more than a handful of guest hosts. VirtualCenter -- the price of which varies considerably based on which components are deployed -- is not a panacea when its deployed in a base configuration; rather, it does a yeoman's share of the basics needed to manage multiple ESX servers running multiple instances on an operating system.

VirtualCenter relies on a database (Oracle works; we used Microsoft SQL Server) to store items -- such as where guest operating systems are residing, what resources are allocated to them, what their up-time statistics are and what object groups they're members of -- on a VirtualCenter Management Server. This management application runs on a Windows 2000/2003/XP license as a server process (we used Windows 2003 Enterprise Server). This database needs to be protected strongly because rebuilding it after a failure isn't easy.

VirtualCenter's image-management capabilities focus more on image building and library management, and don't touch on such issues as patch/fix coherency among guest operating-system instances or stored instances. Like Microsoft's SC-VMM, it doesn't deal with backups and archiving in a big way in its basic package (that's an optional module for both).

VirtualCenter clones guest-operating-system images and uses a wizard to deploy them. These images aren't easily mass-patched or validated for their contents, however. Furthermore, VMware needs to add authentication to make sure a built image hasn't been tampered with and contains the patches needed and security bits/settings desired for production use.

A key VirtualCenter strength is rapid mobility-management for images and guest operating systems, no matter how heterogeneous the host hardware is (for example, moving it from a Dell to an HP server). Tracking these movements depends on its database for subsequent configuration metrics for servers and individual guest operating-system instances. When a virtual hardware host running VMware ESX is added to the database, that host automatically receives an agent application, called VirtualCenter Client, which runs with the host's hypervisor to communicate information about its performance/state and configuration data to VirtualCenter.

The agent also serves as an API conduit for task management between the VirtualCenter server and host and guest operating-system instances. Third-party applications can use this API to connect to a virtual machine's private data-communication highway to garner and set information. VirtualCenter is also the prerequisite for other VMware offerings, including those for high availability and clustering.

The process of tracking moves, adds and changes for guest virtual machines has been changed in the most recently available edition of VirtualCenter and now makes use of object pools of resources for aggregating images for group manipulation, reporting performance conditions and performing other object-focused tasks. This is an improvement over previous methods used to deploy or change versions, which required that you make these changes one virtual-machine instance at a time.

In terms of application monitoring, this process is still a function of operating-system and application-monitoring services associated with each guest operating system. There is not much available for application-specific management by ESX.

Neither ESX nor VirtualCenter allows for multiple-tier management roles; instead, it relegates these to guest operating-system characteristics, such as Linux administration or Microsoft's Active Directory components.

Forensics is confined to viewing logs and using forensic-analysis tools specific to a guest operating system -- usually crash-dump decoders, syslog files or other management API analysis.

Still, VMware is the one to beat, and many are trying.

Microsoft's Virtual Management World

Much of Microsoft's virtual-machine future surrounds changes in Windows 2008 Server editions, where virtual-machine infrastructure will become integral to the operating system. Microsoft's current virtual-machine architecture will switch to a hosted-hypervisor infrastructure that's a "core underpinning" to Windows 2008 Server editions. A bare-bones Windows 2008 system then becomes a hypervisor, the platform on which guest operating-system instances ride. Compatibility with XenSource's methods is a stated goal of Microsoft's reworked server-virtualization scheme -- and both will require 64-bit hosts to serve as virtual-machine platforms.

That is the future; this is now. Microsoft's present approach to server-side virtual machines uses MVS 2005 SP1 as the basis for hardware platform virtualization. Microsoft's Connectix acquisition in 2003 provided many of the ingredients now used for its offering of both client and server virtual machines.

Microsoft's System Center-Virtual Machine Manager

Microsoft's MVS 2005 is somewhat painful to use. The ability to manage images easily has been largely missing, as are ways to manage a fleet of virtual-machine hosts. Forensics weren't easily accomplished, and primitive image building could really only be aided only after installing the guest operating system by Microsoft's Systems Management Server.

Microsoft's SC-VMM was rolled out earlier this month to manage existing MVS deployments, as well as WSV components when they arrive eventually. We tested a late beta version of SC-VMM. The business end of this application is a large, console GUI that lists hosts, virtual machines, libraries of images and resources, and monitoring jobs. Hosts and virtual machines can be aggregated for viewing and such actions as moving images and checking settings and process characteristics. In SC-VMM, there are both CLIs and drag-and-drop interfaces that help control moves, adds and changes for individual and groups of virtual machines.

1 2 Page 1
Must read: 10 new UI features coming to Windows 10