Nutanix for Horizon VDI

We have recently deployed a 4-node Nutanix cluster to support a customer’s VMware Horizon 7 VDI environment. This was to replace a legacy infrastructure where the servers and the storage array had reached end of life.

The new infrastructure consists of four Nutanix nodes in a single 2u chassis, thus collapsing the entire solution into the rack space that was previously required for just the storage. We are also helping the customer transition from the legacy VDI platform to the new one.

Since Horizon is in use, we had to deploy with VMware ESXi as the hypervisor, but with Nutanix this is no problem; you are free to choose your hypervisor!

Another beauty of using HCI for VDI is that you can size the solution for current needs, safe in the knowledge that you can grow as required without re-architecting or replacing, and without huge step costs.

This customer has a small cluster now, but as their VDI user base expands, they can simply add nodes one at a time as required, bringing both additional compute and additional storage for the new users.

(not a customer cluster - this is the Prism Element UI for a demo environment with 31 nodes!)

(not a customer cluster - this is the Prism Element UI for a demo environment with 31 nodes!)

FlexPod with Cisco Nexus 9300

As part of our ongoing FlexPod project with a customer, we have deployed Cisco Nexus N9K-C93180YC-EX switches. They have two FlexPods at separate locations, and we have configured a Nexus 9300 vPC pair for each FlexPod.

These switches handle the traditional network traffic for the UCS blade servers and the NetApp storage controllers, and we are also using iSCSI boot for the UCS blades.

These switches are a great option where fibre-channel is not required in the infrastructure, as removing FC and FCoE from the setup simplifies FlexPod configuration and helps reduce cost.

Nutanix Cluster Expansions

We’ve recently been working with one of our Nutanix customers, and have helped them expand their clusters by deploying new nodes. Not all of the new nodes were of the same specification, as they are intended for different use cases, but this is not a problem!

The work encompassed two clusters, taking the total node count from eight up to twenty nodes.

It’s difficult to over-state the simplicity of Nutanix. We;

  • updated the existing clusters to latest software releases, with one-click upgrades from the Prism UI (since we’re running AHV, this is especially slick).

  • imaged the new nodes

  • checked network configuration on the new nodes and amended where necessary (we have non-default ovswitch bridges and bonds at this customer)

  • expanded the cluster by adding the nodes from the Prism UI

  • provided knowledge transfer to the customer

Deployment of additional compute and storage for two sites took two days, including end-to-end software and firmware updates across the entire HCI estate. We are struggling to think of another infrastructure where we could achieve this in a similar time frame……

NetApp AFF for FlexPod.

We’ve recently commenced work on a large infrastructure refresh for a customer. This is a complex migration and upgrade that will result in virtual workloads running on a standardised FlexPod platform.

The first task has been standing up some brand new NetApp ONTAP clusters for the customer. This has encompassed three clusters at three sites, with a total of ten nodes.

Four of these nodes are All-Flash FAS (AFF) models, and we are really looking forward to helping this client put them through their paces.

We have also deployed DS460c disk shelves as part of this work, which really does push storage density further, cramming 60 capacity drives into a 4U enclosure.

Next up will be some Cisco UCS and Nexus work to start bringing the FlexPods together…….

NetApp HCI

We’ve recently deployed NetApp HCI for a customer. The nodes that comprise the system are building blocks just like any HCI platform, and expansion is just as simple and modular.

This is a different take on HCI though, in that the storage and compute nodes are separate, and run different software. The compute nodes run VMware vSphere, and the storage nodes run NetApp ElementOS to form a SolidFire storage cluster.

This has the benefits of providing a continuation of the customer’s legacy vSphere environment which it replaces, and with which they are familiar. However, it also brings SolidFire storage and associated performance (SolidFire is all-flash). Management of the entire platform is managed from within the vSphere UI.

Furthermore, the customer is now able to guarantee storage performance for their VMs using SolidFire storage QoS, meaning that their critical workloads now run well no matter what else is occurring on the platform.

Overall performance is substantially improved over the legacy systems, with SQL operations running between 6 and 10 times faster than before. One critical operation that used to take over an hour is now completing in 10 minutes. This is a big win for the customer.

Finally, we have also been able to configure NetApp SnapMirror replication from the NetApp HCI cluster to a NetApp FAS system (running ONTAP) at a remote site for efficient and cost-effective offsite data protection. This cross-platform replication is part of the NetApp Data Fabric premise, and we’re looking forward to exploring more Data Fabric capabilities as the environment develops.

Nutanix AHV

We’ve been busy with several projects recently where Hyper-Converged Infrastructure (HCI) has come to the fore.

One such project has resulted in a Nutanix AHV deployment, consisting of two Nutanix clusters at two different sites. On top of all the standard Nutanix goodness, this provides the benefit of VM replication between the sites using Nutanix Protection Domains.

AHV is Nutanix’ own hypervisor, meaning that the hosts (nodes) do not need to run VMware ESXi or Microsoft Hyper-V. This is a breath of fresh air, in the best possible sense.

Because Nutanix owns and controls the entire stack in an AHV cluster, the beautiful Nutanix PRISM interface is now a single pane that is used for all administration, including VM management. Furthermore, operations such as upgrades are now completely native and therefore even more painless.

AHV is not at complete feature parity with VMware vSphere yet, but it is very close. If you are looking at HCI or Nutanix, it should definitely be considered.

Infrastructure Upgrades

Infrastructure upgrades are not always as exciting as deploying a new system, but are essential to ensure that systems remain supported and that bugs are kept in check. This is an important part of what we do.

We have recently been working with several customers to keep systems fresh, and these upgrades have included;

bubble-ss.png

Nutanix and Veeam.

We have recently installed a Nutanix SX-1365 3-node cluster with Cisco SG550 10GbE switches to replace ageing traditional virtual infrastructure for a customer. The customer was already a VMware house and are now running vSphere on the new Nutanix infrastructure.

Servers were quickly and easily migrated across to the Nutanix platform, and backup is being managed using Veeam for local backup and also backup to offsite secure cloud storage.

Moving forward we will also be making use of Veeam Cloud Connect Replication to enable the customer to failover to a virtual data centre in the cloud for disaster recovery.

All in all, the deployment of a hyperconverged Nutanix infrastructure with Veeam has improved performance, capacity and functionality for this customer. It’s a great solution!

CommVault Intellisnap for Remote Site Backup

We have a customer who uses NetApp storage, with CommVault IntelliSnap for backup and data protection. IntelliSnap is able to leverage NetApp snapshots and replication for data protection, as well as traditional CommVault backup copies. It thus provides a single management window into data protection whilst being able to make use of the power of storage array snapshots.

This customer recently had a requirement to protect data that resides on physical Windows servers at remote, branch offices. We were able to help them configure their systems so that this data is protected by CommVault IntelliSnap Open Systems Data Protection (OSDP).

With this solution, after the first seed backup is taken, subsequent backups perform full-volume block-level incremental replication. This means that data from physical Windows partitions is replicated to a NetApp destination system, sending only changed blocks. The destination then efficiently stores this backup copy as a NetApp snapshot.

We are seeing great results. The remote sites are being protected with daily jobs that are completing faster than the previous tape backups even though the WAN links are of very modest bandwidth. The backup data at the destination is very efficiently stored. Furthermore, the customer is now able to dispense with tape management for the remote sites, and all the associated costs for tape transport and storage.

VMware Upgrades

We've been busy with several infrastructure upgrades recently. One aspect of these that has floated our boat is the VMware vCenter Server Appliance (VCSA), which is a preconfigured Linux virtual machine, which is optimized for running VMware vCenter Server® and the associated services on Linux.

As of vSphere 6.5, the VCSA has overtaken the traditional Windows software-based vCenter in terms of feature set, and this trend is set to continue, meaning that VCSA is now very much the way to go with vCenter deployments.

Fortunately, the migration from Windows-based vCenter to VCSA is pretty slick, and we have a fair few successful upgrade and migration stories under our belt, even where we needed to address some more complex environments with multiple vCenters and external PSC's supporting VMware Horizon VDI.

Cloud Backup with AltaVault

For one of our customers, we have recently deployed a NetApp AltaVault appliance to provide cloud backups.

AltaVault connects to a wide variety of cloud storage providers. When you back data up to the AltaVault on premises, data is encrypted as it is ingested. The AltaVault then manages automatic migration of the encrypted backup data to the cloud. The encryption keys remain on the on-premises appliance, so the cloud provider cannot access your data.

Over time, the backed up data is all moved to the cloud, with the appliance storing the most recent backups. Therefore long-term retention is in the cloud, but restores from recent backups are over the LAN.

AltaVault is also pretty agnostic about what drives the backup; it just offers storage via NAS protocols that you can use as a backup target.

In this instance, we are using CommVault to drive the backups, and sending the encrypted backup data to Amazon Glacier storage, which is ideal for this customer’s requirements as it is inexpensive, and the slower data access that Glacier offers is fine for archive backups, since restores from archived data are likely to be few and far between.

In this deployment we also have on-premise vault copies of data sets so the customer has pretty much dispensed with tape and the attendant costs of managing and securely storing tape media.

VMware Site Recovery Manager

We have recently completed a Disaster Recovery test for a customer. They use Virtual Desktops and Servers, and data is replicated to the DR site by the underlying storage arrays.

For this test, we used VMware Site Recovery Manager to perform a planned migration of virtual server workloads to the DR site (i.e. a graceful, planned failover). VDI desktop pools were already provisioned to save time in DR failover. After failover, systems at the primary site were powered down.

Failover occurred on a Friday evening, and the users returned to work on Monday as usual. Since their desktops are virtual, there was almost no user awareness that the primary site was down and that they were using desktops running in a different datacenter to usual. This is really the ultimate proof that the DR infrastructure and strategy work!

Production systems were then powered on, and replication reversed (using Site Recovery Manager reprotect for the virtual servers) whilst the users continued running from the DR site for the remainder of the week.

After a week of running from the DR site, another planned migration was performed on the Friday evening, returning workloads to the primary site. Users again returned to work on Monday with no operational impact.

Finally, a last replication reversal / reprotect was performed and the systems were back to their original state.

To summarise, we were able to migrate production workloads, including hundreds of virtual desktops and servers from one data centre to another in just a couple of hours. We were then able to migrate them back a week later in the same fashion. Users were largely unaware that this had occurred, and therefore the organisation can now have real confidence that their systems can survive a disaster.

XenApp 7.14

We’ve also recently been busy recently deploying a new Citrix Xenapp 7.14 farm for a customer. This is to replace a legacy Metaframe environment, providing secure virtual apps and desktops to users across multiple sites.

XenApp is still a great option for some use cases; the consolidation ratio is often better than with VDI, and Citrix published application delivery has always been pretty slick. In this instance, we deployed the XenApp servers on top of a VMware vSphere infrastructure, thus leveraging the best features from multiple vendors to achieve the customer’s objectives.

VMware Horizon 7.2

We’ve recently been busy upgrading VMware Horizon View from version 6.x to 7.2. This has included multiple connection servers and security servers.

As part of this upgrade, we’ve also had to address VMware UEM and App Volumes upgrades in order to maintain compatibility. Additionally, a minor upgrade to vCenter was also needed.

The process has gone smoothly, with a production VDI estate being successfully upgraded in a single evening. The customer in question can now take advantage of Horizon 7 features, including instant clones and the new blast extreme protocol.

Repurposing laptops as VDI clients.

We've recently built a custom Linux desktop image for use as a VDI client with legacy laptop hardware. This means that our customer is re-imaging laptops with a free and open-source CentOS Linux Operating System, running the VMware Horizon client software.

This is a great option for this customer, as they are able to extend the life of laptop hardware and protect their investment, whilst avoiding any unnecessary Microsoft licensing and management costs.

It also has support benefits; any possible user confusion around accessing a Windows VDI desktop from a Windows laptop is avoided as the local Linux laptop UI is completely different from the day-to-day Windows VDI environment. The "kiosk" nature of the image also means that the user is led straight to their VDI login without any unnecessary diversions or options.

We've also found that hardware compatibility is good; a single CentOS Linux image has been successfully deployed to laptops from more than one vendor (Dell and HP in this case).

 

News Updates and WannaCry

It’s been a while since this section was updated, but as always, it’s because we’ve been busy! However, we now aim to start providing more regular updates again.

One issue that was consuming our time a little while back was helping customers who had been affected by the WannaCry ransomware attack. Although it’s easy to criticise those who were hit for not having applied the relevant patch prior to the outbreak, we recognise that in some circumstances it is not always easy to apply patches immediately.

If you are unlucky enough to be infected by encrypting ransomware, there are only two courses of action open to you; either pay the ransom (not advisable) or restore systems and data from a time point prior to infection and accept loss of data that was created/changed after that time point. This is where a backup strategy that allows for frequent backups is invaluable. An example is NetApp snapshots; many of our customers create snapshot copies of their user data on an hourly basis or more frequently with no impact on performance. These snapshots can be used for data restore, and would allow for fast recovery of encrypted data from a very recent point in time.

Fortunately, most of our customers took sensible precautions as the attack unfolded and we helped many of them take steps to avoid infection. In the few cases where we did see infections occur (in customers where we had not provided infrastructure services), illumit was on hand to help remediate and/or work around the issues. This included assistance in rebuilding affected systems and restoring data (including sizeable databases) using older, tape-based backup solutions. This really did reinforce the value of a modern snapshot-based approach to data protection; systems could have been back online much faster than was possible with tape restores!

Clustered Data ONTAP

We've also recently re-deployed a NetApp FAS2240 as a switchless, 2-node storage cluster. This entailed implementation of the required 10GbE connectivity and replacing the 7-mode O/S with Clustered Data ONTAP 8.3. 

The process is disruptive, as the system is effectively wiped, so data had to be moved off for the upgrade. However, the nature of Clustered Data ONTAP means that this should not be necessary in the future; with NetApp storage clusters, data can be immortal.

The change to Clustered Data ONTAP from 7-mode is inevitable, and worthwhile. It feels very much like when the industry first adopted server virtualisation; with Clustered Data ONTAP, storage is virtualised, de-coupled from hardware and mobilised. The learning curve is similar, but so are the gains.

EqualLogic Flash array with Force10 switches.

We've recently deployed a Dell EqualLogic PS6210 SAN with an all-SSD configuration. This was connected to Dell Force10 MXL 10GbE switches to provide iSCSI storage to Dell PowerEdge blade servers.

The implementation was interesting, as the Force 10 switches had to connect back to an existing HP ProCurve network at the data centre core, and present iSCSI LUNs back to hosts on both Force10 and ProCurve ports.

The implementation was completed to schedule, including some unanticipated network design and configuration implementation, with no interruption to production services. The new iSCSI SAN was tested at over 125,000 read IOPS at 1ms response time - not bad!

Windows 2012, WDS and Sophos Safeguard.

We've recently upgraded a private sector client to Windows 2012 R2 Active Directory, migrating legacy servers from Windows 2003, including upgrading Symantec Backup Exec 2012 to 2014 on Windows 2008 R2 and decommissioning all off 2003.

Our SME work has also recently included roll out of new PCs for a number of clients, creating new images for Windows 7 HP Folio laptops and Dell Optiplex PCs with WDS for 2012 R2 and 2008 R2.

We've also recently implemented Sophos Safeguard server to encrypt laptops for GPs.