Kemp Load Balancer – How easy is it?

Today’s IT administrators and engineers are often pushed to do more and more, with less time and even less training. There is now an ever increasing trend towards admins having to posses a wider variety of skills. The disparate disciplines of network, storage and compute are becoming more of a necessary combined skill set for todays cloud and virtualisation bods. In pretty much the same way that there’s probably only 3 crew members who fully understand how the USS Enterprise (NCC-1701) works, now it’s becoming the same in the world of IT.

This brings me onto the subject of load balancers. When I was in Barcelona for the VMworld 2014 event, I stopped by the Kemp stand to have a look at their latest offerings.

I was suprised by some of the new offerings that they have. I’ve never thought about issues with load balancing for VMware Log Insight  so it was interesting to see the Kemp implementation of a load balancer for that. Another offering which piqued my interest is the Global Server Load Balancing (GLSB) for VMware vCloud Air  which effectively allows you to extend your private data centre into the VMware vCloud Air virtual data centre and load balance between the two. Very nifty bit of design!! :-)

Load balancers can be both a blessing and a curse. Over the years I’ve used several different technologies, Cisco, F5 and Windows Network Load Balancing (otherwise known as NLB). Some are easier to setup than others.

I remember working on a client site and having to use Cisco Load Balancers (WS 500 range if memory serves). The issue was one of getting the right person to set them up. Keeping in mind that the client was a telecoms company with tens of thousands of employees, you’d think it would be a formality. However, after they were setup in a sort of working fashion from the network team, it took me almost a year to find someone who had the correct skill set to configure them properly. This person turned out to be a contractor, who was eight and a half months pregnant and was leaving at the end of the week! Anyhow, after barely two hours of work and it was done and they’ve worked faultlessly ever since.

Getting back to Kemp, I was telling them of this nightmare scenario, when they asked me if I fancied having a look at their virtual load balancer range. I’d seen their physical appliances on a customer site before and their VMware admin raved about their ease of use. So I said I would and then create a blog about it!

What I’ve also decided to do, which is something others might do for a proof of concept, is to not read the manual! So I’m going to install this using zero training or instructions and see if I can successfully install and configure the Load Balancer to sit in front of two standard web servers and load balance between the pair of then, in a round robin fashion. Something I would normally have for an internal web service for one of my enterprise level customers.

I downloaded the Kemp VLM-5000 virtual appliance, which is good for up to 5 Gbps and 10,000 SSL transactions per second. I’m not going to get anywhere near this, as I’m going to test the install usability only. To begin with, download the virtual appliance. This comes in a number of options and the best for me was to select the VMware OVF file format.

Download the Virtual Appliance

Download the Virtual Appliance

 

After downloading, it’s a simple task to deploy the OVF file.

Deploy the OVF File

Deploy the OVF File

As I’m just using my Mac Book Pro for this proof of concept install, using a nested ESXi server, I’ve gone for the thin provision option for the datastore.

Thin provisioning all the way! :-)

Thin provisioning all the way! :-)

 

Once you’ve gone through the install procedure, it’s time to power it up. It’s a true web browser thin client front end, which means that you have the option of setting this up, or even administrating it, via your iPad!

Once you’ve accepted the EULA and updated it, or not as the case may be, then it’s time to get it registered. I went for the online registration, which required me to use my Kemp username and password, which I’d previously setup. Pretty straightforward in this mode. I also tried the offline licensing mode, which is a bit more hassle, with having to get license keys and copying and pasting them into the browser window, but it’s no great hardship.

Registration time...

Registration time…

 

Once you’ve completed that part, reboot the VM and then you’re ready to start the config! One thing to remember is that the username is bal and the initial password is 1fourall. Something Three Muskateers-esk about that… :-)

After logging in, I configured the second internal interface, which is on a different subnet from the external virtual IP Address, otherwise known as a virtual service or VIP. The external network was on a 192.1.168.n network and the internal was setup as a 10.1.0.n network. The Kemp Load Balancer was going to act as both a round robin load balancer with a NAT on the front end.

Second Ethernet Connection

Second Ethernet Connection

 

Next thing to do was to create the front end, sometimes called a VIP or in Kemp parlance, a virtual service. This is the front door of two or more web servers that a user would connect to and would be oblivious to the workings behind the curtain.

Configure a Virtual Service

Configure a Virtual Service

 

Now we’ve sorted out the virtual welcome mat, it’s onto the magic at the backend. I’ve created a couple of small WordPress web servers from a great resource at Turnkey for downloading ready made Linux wordpress VM’s here. Once installed, it’s a case of creating a resource on the Kemp Load Balancer, called somewhat ironically, real servers.

Configure Real Servers

Configure Real Servers

 

Once setup, you check on the status of the web servers, as shown below.

Web Server Status

Web Server Status

 

It’s also really easy to check on the status of the actual front end of the virtual service as well. As you can see, it’s setup for round robin.

Virtual Service Status

Virtual Service Status

 

Round robin to Web Server 1.

Welcome to Web Server 1

Welcome to Web Server 1

 

Round robin to Web Server 2.

Welcome to Web Server 2

Welcome to Web Server 2

 

And it works exactly as it says on the tin! I set this Kemp VLM-5000 virtual appliance up as a single load balancer, on layer 7 with round robin load balancing, all without the aid of instructions or a safety net!

I couldn’t really time this install, as I spent more time taking screen shots than actually installing it. But on a typical install, I reckon once you’ve downloaded the OVF file, you should be able to go from zero to hero within 20 minutes, easily!

For me, it’s all about the usability, because I’m busy enough without having to learn yet another CLI environment. The fact that I can get this up and running and load balancing with zero RTFM required, makes me a happy bunny. I also appreciate that I can get this installed and running on my own proof of concept, running on VMware Fusion on my Mac, test my config design and then export it, ready to be uploaded onto a production environment. Not only that, but I can easily hand this over to the support team for them to look after it, with minimal training from me!

Easy to test, easy to setup and really easy to handover to support :-)

Have a look at the Kemp Technologies site for more details on their products.

Be Sociable, Share!

{ 0 comments }

The UK power generation infrastructure is relatively well protected, but the best way to attack it may not necessarily be to attempt it head on.

In a series of three separate blogs, Cloud Computing and Virtualisation specialist, Graham F French, looks at the darker side of these progressive technologies.

The ‘Internet of Things‘ is a catch all title, describing innumerable objects and devices that are directly or indirectly conected to the Web.

Depending on who you believe, there will be something like 26 to 30 billion ‘things’ connected to the Internet by 2020. One of the main areas of growth in this tech sector is home based ‘intelligent’ devices. That could be one of any number of things;

  • Heating
  • Lighting
  • Washing Machine
  • Fridge/Freezer
  • Smart TV
  • Home Security
  • Smart Meters
  • Mains Powered WiFi controlled devices
  • Broadband router

Britain is heading towards a perfect storm of closing power plants coupled with an increase in power usage. Lots of people have multiple smart devices, iPhones, iPads and computers/laptops, all of which need to be charged on a regular basis. Add into the mix the multiplying proliferation of ‘Internet of Things’ and you have an ever increasing power demand from a decreasing number of viable power sources.

Having the occasional outage doesn’t help the situation much, the recent Dicot B Power Station fire removed around 1.3 megawatts of generation from the UK National Grid, which is enough to power around 1 million homes.

Peak usage in the UK tends to occur in the Winter, normally on a Monday at 6pm. A report called “The impact of changing energy use patterns in buildings on peak electricity demand in the UK” from the UK Government Department of Energy and Climate Change (DECC), pretty much tells anyone with an Internet connection of the typical UK peak usage.

One of the main issues at the moment is the diminishing amount of available headroom capacity that the United Kingdom will have in the winter of 2014/2015. The BBC News website reports on how, as a nation, we’ve gone from 17% to 4% spare capacity over the last three years. This doesn’t bode well for the short to medium term.

On 14th August 2003, the North East and Mid West of the United States and the Ontario area of Canada, experienced a blackout of epic proportions that knocked out the power for 55 million people in one incident. That’s very nearly the entire population of the United Kingdom (63 million at 2011 Census) without electricity!!

Mind you, that was an unintentional blackout, what’s worse is when you’ve got a perfectly functioning power plant and your drunken boss calls to shut it down because he can’t get a free drink..!

But getting back to the UK, the fact that we are now using more energy saving lightbulbs bodes well for the long term, but will the new power stations be online and providing power in time to prevent rolling blackouts?? Time will tell.

In the meantime, if you wanted to create a UK power blackout, the best way is not to choose the difficult option and attack the power plants themselves with some sort of Stuxnet worm, but to hack the home based technology for saving power and spreading the power usage throughout the day, and turn it against itself. There are already devices available to turn appliances on and off according to the time of day or the wholesale energy price. Not forgetting lots of home automation devices like WeMo used to control pretty much any mains powered device and then there’s the control logic behind that in services like IFTTT.com who provide a service to switch your home automation devices on or off, depending on certain criteria, such as the local weather conditions.

Timing is everything, so plan it for a Monday, around 6pm in the winter, especially around a major event. Winter Olympics is always a good bet. There’s always a surge after a main programme when lots of people switch their kettles on to make a cuppa. and then as you’ve already hacked into a wide variety of smart meters and home black boxes, swich everything, and I mean everything, on! Plus, set the washing machine to spin and press go!!

Sit back and say hello to the next major rolling blackout…

Oh, by the way, if you can sustain the blackout for any sort of time, something longer than 48 hours or at least long enough to create enough issues that getting the UK back up and running is a prolonged affair, then you’ve got the opportunity to cause a severe economic issue.

Happy hacking… :-)

Coming soon – The last episode in this series of three blogs about the Internet of Things – We know where you’re going!

 

Be Sociable, Share!

{ 0 comments }

Evo:Rail – 4 hosts into 3 licenses does not go…

In a previous post, I’ve praised the ingenuity of Evo:Rail and the ease and simplicity with which it can be installed. However, the very use case for me is not without it’s issue. VMware sells an edition called ROBO, which stands for Remote Office, Branch Office. This is a handy way of purchasing licenses, especially in a 10 SKU pack, that allows me to get the software that my customer needs, in a value for money manner. ROBO is a great way of purchasing vSphere licenses for an enterprise that has a number of branch offices. Something I have utilised a fair amount in the past. It’s easier to cost a solution and much easier to order with a single SKU.

But, and this is a big one, the ROBO license covers you for 6 CPU sockets, which in essence means 3 hosts. Eco:Rail promotes itself on the premise that you can configure 4 hosts in a single 2 U appliance. Which is great for me and my customer, until I tell them that their license model will be a lot more expensive.

Because what you cannot do, is purchase a ROBO license for 3 hosts and then utilise them on a 4 host solution. It just doesn’t work. Buying a 4 license for the 4 host implementation when you have a fair number of branches, could be a deal breaker. Or at least, put the client off from utilising an Evo:Rail solution.

I wonder if anyone in VMware has brought this up…?

Be Sociable, Share!

{ 0 comments }

Evo:Rail – from zero to hero in 18 minutes!!

Something I’ve always thought was lacking in the virtualisation space was a quick and painless way to implement new hardware. I’ve done a fair number of projects where small numbers of hypervisors were required in a remote branch or office, as well as the usual data centre installations.

Until the recent announcement of Evo:Rail from VMware and their hardware partners, there have been all sorts of designs to incorporate multiple hosts and shared storage. On top of this there’s also the major issue of mis-configuration between different installation engineers, especially when you are implementing this strategy across multiple countries and timezones!

Hoping for something that will ease my troubles in this area, I took on the Evo:Rail challenge in VMworld Barcelona. Working from a blank set of Evo:Rail hardware, I was overseen by VMware’s own Mike Laverick, who was very helpful in setting up the event.

I was given a sheet of paper with the correct settings and informed that there were several deliberate mistakes in the default config that I had to locate and correct during the install. On top of this, I was competing against another individual and I was going to be timed to see if I was quick enough to make the final!

As it turns out, I fat fingered the admin password at the start and then after the install had to guess what my mistake was. In total I lost well over a minute trying different combinations (thankfully I can touch type!), but I still managed to complete the install and configure task in 18 minutes and 16 seconds. Plus, I also beat my opponent, who was around a minute and a half behind me.

However, we were both winners, having managed to configure 4 hosts in one appliance, from nothing to fully complete in under 20 minutes. Nothing short of an astounding and innovative approach to a problem I have encountered a number of times.

Well done Mike, VMware and the gang! :-)

Be Sociable, Share!

{ 0 comments }

Internet of Things – be careful what you wish for…

Fancy waking up to a David Guetta concert at 3am in your house, with your smart lights pulsing, or in your neighbourhood or how about your entire city..?

A hacker might!

In a series of three separate blogs, Cloud Computing and Virtualisation specialist, Graham F French, looks at the darker side of these progressive technologies.

The ‘Internet of Things‘ is a catch all title, describing innumerable objects and devices that are directly or indirectly conected to the Web.

Depending on who you believe, there will be something like 26 to 30 billion ‘things’ connected to the Internet by 2020. One of the main areas of growth in this tech sector is home based ‘intelligent’ devices. That could be one of any number of things;

  • Heating
  • Lighting
  • Washing Machine
  • Fridge/Freezer
  • Smart TV
  • Home Security
  • Smart Meters
  • Broadband router

Not forgetting your smartphones, tablets, laptops, NAS storage devices and computers, this makes up for a lot of devices that a single household could potentially have connected to the Internet.

Each device, regardless of size or complexity, needs an operating system in order to allow it to carry out it’s normal function and also connect to the home network and the Internet. This is easily understandable for your iPad or iPhone, but it’s also the same for your remote controlled lightbulb, washing machine or broadband router. These other sorts of devices are likely to utilise an open source operating system, called Linux.

One of the main concerns in the home based Internet of Things, is one of security. More specifically, the difficulty in keeping all of the different devices patched and updated. That’s assuming of course that the vendor is either willing or able to create, test and distribute updates in a timely fashion. Or at all…

Even today, many broadband routers are hopelessly out of date when it come to security patching. And these devices are more than likely provided by your chosen ISP, so you’d think that they would at least try a bit harder. Given that most vendors rely on the ‘if it ain’t broke, don’t fix it’ mantra, the chances of getting your web connected fridge/freezer or washer updated on a regular basis are next to none existent.

So where does this leave the average person, who is more likely to be more concerned with updating their Facebook status, rather than their growing list of Internet enabled devices?

Well, that’s easy. It leaves us wide open. All it takes is a group of hackers to utilise a small number of vulnerabilities common to most connected homes and you’ve got chaos.

Take my home town of Newcastle upon Tyne, with a population of almost 280,000. How many of those need to be rudely awakened at 3 am with an impromptu light and sound show from David Guetta to make it onto the global news front page? Fifty thousand, ten thousand or just enough to make it look bigger than it is..? Two or three thousand should do it.

Plus you won’t need an hour long concert either. Sixty seconds of it will cause enough of an alarm to get everyone’s attention. Do that three times in the same week and you’ll have every armchair critic and his dog remonstrating against this modern day ‘scurge’.

The Internet of Things will bring a huge change to how we run our everyday lives, in ways that we currently only dream of. But, for the sake of a good night’s sleep, make sure you keep them up to date.

 

Coming soon in this series of three blogs about the Internet of Things – Want to create a UK power blackout? Turn on your washing machine…

Be Sociable, Share!

{ 0 comments }

VMware EVO:RAIL

VMware have announced their Hyper-Converged Infrastructure Solutions package, called EVO:RAIL. EVO stands for an evolutionary technology. It’s very much the vSphere in a box solution that other vendors have been threatening to produced over the years, some have had some success with it.

However, after watching the youtube presentation here, it’s looking like a very accomplished piece of engineering and automation. Something that I continually advocate to anyone who sits still long enough!!

There’s also an offering called EVO:RACK, which is for a larger implementation of the same technology, more of a private/public vCloud data centre in a box approach. For more information, see the official VMware CTO blog here.

Be Sociable, Share!

{ 0 comments }

Goodbye vCHS – Hello vCloud Air

Not that I’m claiming that VMware are copying from the same homework as Apple, but I’ve already got an iPad with the same name…

At last they have seen the light and gotten rid of that terrible brand, vCHS.

VMware announced their newly branded on-demand cloud as ‘vCloud Air’. There are two data centres in the UK, the latest opening in October 2013.

If you want to get your hands on this, via the Hands on Labs, take a look here.

The official VMware press release is available here.

Be Sociable, Share!

{ 0 comments }

VMworld 2015 – Dates and Locations

The dates and locations for the VMworld 2015 have been announced as follows;

VMworld US will be in San Francisco again, August 30th – September 3rd 2015

VMworld Europe will in Barcelona again, October 13th – 15th 2015

Be Sociable, Share!

{ 0 comments }

What is VMware VSAN?

Many of customers are very aware of the pitfalls of vendor lock-in. Once you’ve invested the budget into the main part of your storage and the time required to get it up and running and tuned to the requirements, you’ve pretty much committed yourself longterm into the one, same, storage vendor. This is not great for getting competitive prices for extra storage, once you’ve already bought the storage, and the vendors know this.

What would be handy, is if you can utilise generic storage from any vendor of your choice and then use that in a supported configuration.

This is where VMware Virtual SAN (VSAN) comes in.

VSAN is implemented at the kernel love and therefore gains in performance because of this, unlike the issues of latency that can occur with the Virtual Storage Appliance (VSA). 

VSAN has been designed from the ground up to be an alternative to the standard storage that you’d normally purchase. The idea behind VSAN is to utilise server based local storage and share it amongst the rest of the infrastructure. The overall strategy of VSAN is to allow you to use HA and DRS, just as you would normally do with the usual storage vendors.

You enable VSAN at the cluster level and is easy to set it up, it’s just like HA and DRS, as you only need to put a check in a box and that’s it!

There are some requirements for VSAN

  • 3 to 32 hosts per cluster (must have 3 as a minimum)
  • 1 SSD and 1 to 7 standard Hard Drives, in order to create a disk group
  • 10 GbE recommended but 1 GbE for minimum requirements
  • HA must be enabled for cluster (DRS is optional)
  • vSphere 5.5 or higher
  • Correct VSAN licence

There is still an outstanding question of how well this will perform in a highly utilised infrastructure, especially as at the kernel level, this will have an impact on the CPU. VMware has shown that the highest level is 10% utilisation of the CPU when pushing nearly 2 million IOPs.

Be Sociable, Share!

{ 0 comments }

vSphere Hardening Guides

Security is usually the last thing that gets considered in a design or when you are implementing a new virtualised environment. However, there are lots of industries and government organisations where security is their first and foremost concern.

As I’ve worked in both finance and Central/Local Government organisations, the main question you will often hear, is how do I ensure that this is secure…?

Security is a multi-layered approach and is more of a journey, rather than a destination. There is no magic silver bullet solution and one size does not fit all. Every environment and organisation has different requirements and their approach to risk is unique in each case.

If security is a concern in your environment, I’d advise on hardening the vSphere environment as one of the many layers of defence. VMware publish hardening guides for their platform. Click on the link below for further information.

http://www.vmware.com/security/hardening-guides.html

Be Sociable, Share!

{ 0 comments }