If all hypervisors were priced the same...
-
@storageninja said in If all hypervisors were priced the same...:
@scottalanmiller said in If all hypervisors were priced the same...:
@olivier said in If all hypervisors were priced the same...:
@scottalanmiller Citrix doesn't care anymore on server virt market, since a while now.
Did they ever? They bought Xen for the name so that they could confuse their customers into thinking that XenApp was somehow virtualization.
They bought it because Vmware bundled the hypervisor with their VDI product, so Citrix bought Xen and had its devs focus on VDI friendly features (APIs for provisioning, and GPU support). They briefly tried to take on ESXi in the enterprise but abandoned that a few years back.
Citrix also pushed cloudstack for a while to hosting providers (but seems to have given up on that too).
I doubt that that is why they bought it. That makes no sense since they could have done THAT without buying it. They bought it for the name alone.
-
I would split those depending on the infrastructure size like:
- Small business with only 2-3 hosts would be completely fine with Hyper-V
- For a larger one with up to 10 hosts I would prefer going with VMware
- For everything larger KVM or XEN. Probably KVM because of larger community and better self-supporting options...
-
@net-runner said in If all hypervisors were priced the same...:
I would split those depending on the infrastructure size like:
- Small business with only 2-3 hosts would be completely fine with Hyper-V
- For a larger one with up to 10 hosts I would prefer going with VMware
- For everything larger KVM or XEN. Probably KVM because of larger community and better self-supporting options...
My question here is... what makes Hyper-V or VMware better on those small systems? Hyper-V's main problems, mostly huge management overhead and complexity, are worst at the small scale. where KVM or Xen's ease of use is a really big deal.
VMware I see in that mid-range... but companies in that range are crippled by cost today. If it was free, I think it would make sense all the way down. Hyper-V really depends on "free" more than KVM and Xen do.
-
@scottalanmiller said in If all hypervisors were priced the same...:
Once Xen gets the PV driver features backported to core Xen PV, we will see a leap forward too, I think.
Didn't Amazon shift everything away from PV because of security? (There are a LOT fewer instance types of PV these days).
Other hypervisors moved away from PV for computing a long time ago as VT-x and newer hardware functionality (PCID etc) simply made the juice not worth the squeeze.
-
@scottalanmiller said in If all hypervisors were priced the same...:
My question here is... what makes Hyper-V or VMware better on those small systems? Hyper-V's main problems, mostly huge management overhead and complexity, are worst at the small scale. where KVM or Xen's ease of use is a really big deal.
VMware I see in that mid-range... but companies in that range are crippled by cost today. If it was free, I think it would make sense all the way down. Hyper-V really depends on "free" more than KVM and Xen do.There are quite a few points but one low hanging fruit is the DRS family of features (Compute/network DRS, Affinity rules, Storage DRS, SIOCv2 VAIO filters, Proactive - DRS). It's balancing logic is significantly more advanced. combined with better scheduler overheads, more advanced new workload placement logic means you can get by with a lot less hardware.
For someone with 10 tiny VM's this isn't going to matter, but for someone who's operating with a decent amount of scale having to throw money at hardware, and bodies instead of software become a trade-off that throws things into DRS being worth the premium for TCO.
Now if the hardware is free to you, and labor is $2 an hour then TCO will shift the other way vs paying for software.
Also, decisions are often more nuanced than simple TCO decisions. If you have compliance requirements this often shifts to commercial solutions that have validated FIPS 140-2 modules/solutions. If you need a DISA STIG at a given level paying some money and being able to deploy a single VIB to harden compliance vs. go through checklists and argue with auditors can be a big deal. How do you quantify the cost of applying with NIST for validation with a do it yourself setup vs. a turnkey solution?
The cost of management tools are generally looked at as a function of the cost of existing management labor (People), the cost of the solution stack, and the premium for availability.
If you have Oracle RAC or SQL Always ON clusters that cost 40K per host in licensing it's different math. Paying 2K for some hypervisor management tools that will let you run 1.5x to 2.5x denser on host usage (and drop associated licensing costs), or free up 15% time for a Sysadmin who's paid 100K so he can go get other projects finished, isn't a "Crippling cost" but a simple, logical conclusion.
Customers who need VM Fault Tolerance don't care what the cost is because the alternative is generally proprietary solutions that cost 250K per server, or death (US wrongful death is what 2.5 million each?) or re-writing their application and getting it revalidated by regulators(Millions in capex if even an option).
If you have Excel/Access Databases and 5 Windows XP VMs, and you have outsourced your sysadmin work to SouthEast Asia for 5K a year, and an outage is going to cost you nothing sure.
-
@storageninja said in If all hypervisors were priced the same...:
@scottalanmiller said in If all hypervisors were priced the same...:
My question here is... what makes Hyper-V or VMware better on those small systems? Hyper-V's main problems, mostly huge management overhead and complexity, are worst at the small scale. where KVM or Xen's ease of use is a really big deal.
VMware I see in that mid-range... but companies in that range are crippled by cost today. If it was free, I think it would make sense all the way down. Hyper-V really depends on "free" more than KVM and Xen do.There are quite a few points but one low hanging fruit is the DRS family of features (Compute/network DRS, Affinity rules, Storage DRS, SIOCv2 VAIO filters, Proactive - DRS). It's balancing logic is significantly more advanced. combined with better scheduler overheads, more advanced new workload placement logic means you can get by with a lot less hardware.
For someone with 10 tiny VM's this isn't going to matter, but for someone who's operating with a decent amount of scale having to throw money at hardware, and bodies instead of software become a trade-off that throws things into DRS being worth the premium for TCO.
That's what I meant. I totally get that stuff at scale, even a little scale. But the point there was on "tiny" systems that he was thinking VMware at one size and Hyper-V at another, but because things were really small.
-
@storageninja said in If all hypervisors were priced the same...:
Also, decisions are often more nuanced than simple TCO decisions. If you have compliance requirements this often shifts to commercial solutions that have validated FIPS 140-2 modules/solutions. If you need a DISA STIG at a given level paying some money and being able to deploy a single VIB to harden compliance vs. go through checklists and argue with auditors can be a big deal. How do you quantify the cost of applying with NIST for validation with a do it yourself setup vs. a turnkey solution?
RHEL/RHV have a good solution here. Auditors go through OpenSCAP scans with nice HTML reports and we justify any “failures.” It’s a pretty nice system. You can even scan live running VMs without the agent with KVM. It uses libguestfs tools and mounts the guest read only to scan the guest.
-
@stacksofplates said in If all hypervisors were priced the same...:
Also, decisions are often more nuanced than simple TCO decisions. If you have compliance requirements this often shifts to commercial solutions that have validated FIPS 140-2 modules/solutions. If you need a DISA STIG at a given level paying some money and being able to deploy a single VIB to harden compliance vs. go through checklists and argue with auditors can be a big deal. How do you quantify the cost of applying with NIST for validation with a do it yourself setup vs. a turnkey solution?
RHEL/RHV have a good solution here. Auditors go through OpenSCAP scans with nice HTML reports and we justify any “failures.” It’s a pretty nice system.
That just audits if it was set. What I'm talking about is a single package you deploy that goes ahead and sets the configuration settings up for you.
On ESXi you can use Update Manager to track compliance with the DISA VIB, and use that for tracking it. Just attach as a baseline to your clusters and let Update Manager keep it up to date. Ed Groggin I think has a tool that will do an auto-generation of a report on the hardening guidelines.
Looking online, I'm not seeing Server 2016 in STIG viewer yet. Has Microsoft not gotten a STIG out yet?
Also Redhat Virtulization licensing cost as much (or more) than vSphere Standard. At that point if you don't need/want Redhat support VMware looks a lot more attractive. Oddly the only STIG for Suse I'm seeing is for Z series.
-
@storageninja said in If all hypervisors were priced the same...:
@stacksofplates said in If all hypervisors were priced the same...:
Also, decisions are often more nuanced than simple TCO decisions. If you have compliance requirements this often shifts to commercial solutions that have validated FIPS 140-2 modules/solutions. If you need a DISA STIG at a given level paying some money and being able to deploy a single VIB to harden compliance vs. go through checklists and argue with auditors can be a big deal. How do you quantify the cost of applying with NIST for validation with a do it yourself setup vs. a turnkey solution?
RHEL/RHV have a good solution here. Auditors go through OpenSCAP scans with nice HTML reports and we justify any “failures.” It’s a pretty nice system.
That just audits if it was set. What I'm talking about is a single package you deploy that goes ahead and sets the configuration settings up for you.
On ESXi you can use Update Manager to track compliance with the DISA VIB, and use that for tracking it. Just attach as a baseline to your clusters and let Update Manager keep it up to date. Ed Groggin I think has a tool that will do an auto-generation of a report on the hardening guidelines.
Looking online, I'm not seeing Server 2016 in STIG viewer yet. Has Microsoft not gotten a STIG out yet?
Also Redhat Virtulization licensing cost as much (or more) than vSphere Standard. At that point if you don't need/want Redhat support VMware looks a lot more attractive. Oddly the only STIG for Suse I'm seeing is for Z series.
Well yes and no. They have built in remediations with OpenSCAP, so you can have it auto remediate your machine. We ran an auto remediate to get the correct settings and then pushed it all out with Ansible since we can apply specific rules or not based on the type of machine since they are all RHEL based (workstations, servers, hypervisors, etc). We don’t use RHV, but they have a subset of rules for RHV which is why I mentioned it. We use bare KVM for systems and it works out pretty well. Ya I’m not sure about 2016 but I wouldn’t be surprised seeing how slow they are.
-
@stacksofplates said in If all hypervisors were priced the same...:
@storageninja said in If all hypervisors were priced the same...:
@stacksofplates said in If all hypervisors were priced the same...:
Also, decisions are often more nuanced than simple TCO decisions. If you have compliance requirements this often shifts to commercial solutions that have validated FIPS 140-2 modules/solutions. If you need a DISA STIG at a given level paying some money and being able to deploy a single VIB to harden compliance vs. go through checklists and argue with auditors can be a big deal. How do you quantify the cost of applying with NIST for validation with a do it yourself setup vs. a turnkey solution?
RHEL/RHV have a good solution here. Auditors go through OpenSCAP scans with nice HTML reports and we justify any “failures.” It’s a pretty nice system.
That just audits if it was set. What I'm talking about is a single package you deploy that goes ahead and sets the configuration settings up for you.
On ESXi you can use Update Manager to track compliance with the DISA VIB, and use that for tracking it. Just attach as a baseline to your clusters and let Update Manager keep it up to date. Ed Groggin I think has a tool that will do an auto-generation of a report on the hardening guidelines.
Looking online, I'm not seeing Server 2016 in STIG viewer yet. Has Microsoft not gotten a STIG out yet?
Also Redhat Virtulization licensing cost as much (or more) than vSphere Standard. At that point if you don't need/want Redhat support VMware looks a lot more attractive. Oddly the only STIG for Suse I'm seeing is for Z series.
Well yes and no. They have built in remediations with OpenSCAP, so you can have it auto remediate your machine. We ran an auto remediate to get the correct settings and then pushed it all out with Ansible since we can apply specific rules or not based on the type of machine since they are all RHEL based (workstations, servers, hypervisors, etc). We don’t use RHV, but they have a subset of rules for RHV which is why I mentioned it. We use bare KVM for systems and it works out pretty well. Ya I’m not sure about 2016 but I wouldn’t be surprised seeing how slow they are.
The remediations are in Bash, Ansible, and I think Puppet? Anyway I have written a few of the Ansible remediations for them and have had them pulled into the project.