Infrastructure Upgrades

Infrastructure upgrades are not always as exciting as deploying a new system, but are essential to ensure that systems remain supported and that bugs are kept in check. This is an important part of what we do.

We have recently been working with several customers to keep systems fresh, and these upgrades have included;


Nutanix and Veeam.

We have recently installed a Nutanix SX-1365 3-node cluster with Cisco SG550 10GbE switches to replace ageing traditional virtual infrastructure for a customer. The customer was already a VMware house and are now running vSphere on the new Nutanix infrastructure.

Servers were quickly and easily migrated across to the Nutanix platform, and backup is being managed using Veeam for local backup and also backup to offsite secure cloud storage.

Moving forward we will also be making use of Veeam Cloud Connect Replication to enable the customer to failover to a virtual data centre in the cloud for disaster recovery.

All in all, the deployment of a hyperconverged Nutanix infrastructure with Veeam has improved performance, capacity and functionality for this customer. It’s a great solution!

CommVault Intellisnap for Remote Site Backup

We have a customer who uses NetApp storage, with CommVault IntelliSnap for backup and data protection. IntelliSnap is able to leverage NetApp snapshots and replication for data protection, as well as traditional CommVault backup copies. It thus provides a single management window into data protection whilst being able to make use of the power of storage array snapshots.

This customer recently had a requirement to protect data that resides on physical Windows servers at remote, branch offices. We were able to help them configure their systems so that this data is protected by CommVault IntelliSnap Open Systems Data Protection (OSDP).

With this solution, after the first seed backup is taken, subsequent backups perform full-volume block-level incremental replication. This means that data from physical Windows partitions is replicated to a NetApp destination system, sending only changed blocks. The destination then efficiently stores this backup copy as a NetApp snapshot.

We are seeing great results. The remote sites are being protected with daily jobs that are completing faster than the previous tape backups even though the WAN links are of very modest bandwidth. The backup data at the destination is very efficiently stored. Furthermore, the customer is now able to dispense with tape management for the remote sites, and all the associated costs for tape transport and storage.

VMware Upgrades

We've been busy with several infrastructure upgrades recently. One aspect of these that has floated our boat is the VMware vCenter Server Appliance (VCSA), which is a preconfigured Linux virtual machine, which is optimized for running VMware vCenter Server® and the associated services on Linux.

As of vSphere 6.5, the VCSA has overtaken the traditional Windows software-based vCenter in terms of feature set, and this trend is set to continue, meaning that VCSA is now very much the way to go with vCenter deployments.

Fortunately, the migration from Windows-based vCenter to VCSA is pretty slick, and we have a fair few successful upgrade and migration stories under our belt, even where we needed to address some more complex environments with multiple vCenters and external PSC's supporting VMware Horizon VDI.

Cloud Backup with AltaVault

For one of our customers, we have recently deployed a NetApp AltaVault appliance to provide cloud backups.

AltaVault connects to a wide variety of cloud storage providers. When you back data up to the AltaVault on premises, data is encrypted as it is ingested. The AltaVault then manages automatic migration of the encrypted backup data to the cloud. The encryption keys remain on the on-premises appliance, so the cloud provider cannot access your data.

Over time, the backed up data is all moved to the cloud, with the appliance storing the most recent backups. Therefore long-term retention is in the cloud, but restores from recent backups are over the LAN.

AltaVault is also pretty agnostic about what drives the backup; it just offers storage via NAS protocols that you can use as a backup target.

In this instance, we are using CommVault to drive the backups, and sending the encrypted backup data to Amazon Glacier storage, which is ideal for this customer’s requirements as it is inexpensive, and the slower data access that Glacier offers is fine for archive backups, since restores from archived data are likely to be few and far between.

In this deployment we also have on-premise vault copies of data sets so the customer has pretty much dispensed with tape and the attendant costs of managing and securely storing tape media.

VMware Site Recovery Manager

We have recently completed a Disaster Recovery test for a customer. They use Virtual Desktops and Servers, and data is replicated to the DR site by the underlying storage arrays.

For this test, we used VMware Site Recovery Manager to perform a planned migration of virtual server workloads to the DR site (i.e. a graceful, planned failover). VDI desktop pools were already provisioned to save time in DR failover. After failover, systems at the primary site were powered down.

Failover occurred on a Friday evening, and the users returned to work on Monday as usual. Since their desktops are virtual, there was almost no user awareness that the primary site was down and that they were using desktops running in a different datacenter to usual. This is really the ultimate proof that the DR infrastructure and strategy work!

Production systems were then powered on, and replication reversed (using Site Recovery Manager reprotect for the virtual servers) whilst the users continued running from the DR site for the remainder of the week.

After a week of running from the DR site, another planned migration was performed on the Friday evening, returning workloads to the primary site. Users again returned to work on Monday with no operational impact.

Finally, a last replication reversal / reprotect was performed and the systems were back to their original state.

To summarise, we were able to migrate production workloads, including hundreds of virtual desktops and servers from one data centre to another in just a couple of hours. We were then able to migrate them back a week later in the same fashion. Users were largely unaware that this had occurred, and therefore the organisation can now have real confidence that their systems can survive a disaster.

XenApp 7.14

We’ve also recently been busy recently deploying a new Citrix Xenapp 7.14 farm for a customer. This is to replace a legacy Metaframe environment, providing secure virtual apps and desktops to users across multiple sites.

XenApp is still a great option for some use cases; the consolidation ratio is often better than with VDI, and Citrix published application delivery has always been pretty slick. In this instance, we deployed the XenApp servers on top of a VMware vSphere infrastructure, thus leveraging the best features from multiple vendors to achieve the customer’s objectives.

VMware Horizon 7.2

We’ve recently been busy upgrading VMware Horizon View from version 6.x to 7.2. This has included multiple connection servers and security servers.

As part of this upgrade, we’ve also had to address VMware UEM and App Volumes upgrades in order to maintain compatibility. Additionally, a minor upgrade to vCenter was also needed.

The process has gone smoothly, with a production VDI estate being successfully upgraded in a single evening. The customer in question can now take advantage of Horizon 7 features, including instant clones and the new blast extreme protocol.

Repurposing laptops as VDI clients.

We've recently built a custom Linux desktop image for use as a VDI client with legacy laptop hardware. This means that our customer is re-imaging laptops with a free and open-source CentOS Linux Operating System, running the VMware Horizon client software.

This is a great option for this customer, as they are able to extend the life of laptop hardware and protect their investment, whilst avoiding any unnecessary Microsoft licensing and management costs.

It also has support benefits; any possible user confusion around accessing a Windows VDI desktop from a Windows laptop is avoided as the local Linux laptop UI is completely different from the day-to-day Windows VDI environment. The "kiosk" nature of the image also means that the user is led straight to their VDI login without any unnecessary diversions or options.

We've also found that hardware compatibility is good; a single CentOS Linux image has been successfully deployed to laptops from more than one vendor (Dell and HP in this case).


News Updates and WannaCry

It’s been a while since this section was updated, but as always, it’s because we’ve been busy! However, we now aim to start providing more regular updates again.

One issue that was consuming our time a little while back was helping customers who had been affected by the WannaCry ransomware attack. Although it’s easy to criticise those who were hit for not having applied the relevant patch prior to the outbreak, we recognise that in some circumstances it is not always easy to apply patches immediately.

If you are unlucky enough to be infected by encrypting ransomware, there are only two courses of action open to you; either pay the ransom (not advisable) or restore systems and data from a time point prior to infection and accept loss of data that was created/changed after that time point. This is where a backup strategy that allows for frequent backups is invaluable. An example is NetApp snapshots; many of our customers create snapshot copies of their user data on an hourly basis or more frequently with no impact on performance. These snapshots can be used for data restore, and would allow for fast recovery of encrypted data from a very recent point in time.

Fortunately, most of our customers took sensible precautions as the attack unfolded and we helped many of them take steps to avoid infection. In the few cases where we did see infections occur (in customers where we had not provided infrastructure services), illumit was on hand to help remediate and/or work around the issues. This included assistance in rebuilding affected systems and restoring data (including sizeable databases) using older, tape-based backup solutions. This really did reinforce the value of a modern snapshot-based approach to data protection; systems could have been back online much faster than was possible with tape restores!

Clustered Data ONTAP

We've also recently re-deployed a NetApp FAS2240 as a switchless, 2-node storage cluster. This entailed implementation of the required 10GbE connectivity and replacing the 7-mode O/S with Clustered Data ONTAP 8.3. 

The process is disruptive, as the system is effectively wiped, so data had to be moved off for the upgrade. However, the nature of Clustered Data ONTAP means that this should not be necessary in the future; with NetApp storage clusters, data can be immortal.

The change to Clustered Data ONTAP from 7-mode is inevitable, and worthwhile. It feels very much like when the industry first adopted server virtualisation; with Clustered Data ONTAP, storage is virtualised, de-coupled from hardware and mobilised. The learning curve is similar, but so are the gains.

EqualLogic Flash array with Force10 switches.

We've recently deployed a Dell EqualLogic PS6210 SAN with an all-SSD configuration. This was connected to Dell Force10 MXL 10GbE switches to provide iSCSI storage to Dell PowerEdge blade servers.

The implementation was interesting, as the Force 10 switches had to connect back to an existing HP ProCurve network at the data centre core, and present iSCSI LUNs back to hosts on both Force10 and ProCurve ports.

The implementation was completed to schedule, including some unanticipated network design and configuration implementation, with no interruption to production services. The new iSCSI SAN was tested at over 125,000 read IOPS at 1ms response time - not bad!

Windows 2012, WDS and Sophos Safeguard.

We've recently upgraded a private sector client to Windows 2012 R2 Active Directory, migrating legacy servers from Windows 2003, including upgrading Symantec Backup Exec 2012 to 2014 on Windows 2008 R2 and decommissioning all off 2003.

Our SME work has also recently included roll out of new PCs for a number of clients, creating new images for Windows 7 HP Folio laptops and Dell Optiplex PCs with WDS for 2012 R2 and 2008 R2.

We've also recently implemented Sophos Safeguard server to encrypt laptops for GPs.

Fusion-IO and Flash Accel

We've recently been helping a client with Flash Accel. This is a product from NetApp that uses flash in the host servers to accelerate storage I/O.

We've deployed it using Fusion-IO cards in the host servers to accelerate virtualised SQL server workloads, and we're seeing SSD-performance read IOPS with a FAS2240 as the back-end storage system.

Recently we've also integrated SnapManager for SQL into the solution, so that we can create application-consistent SQL database backups using instantaneous snapshots whilst still achieving fantastic performance with a modest storage array.

EqualLogic Performance.

We've recently implemented SQL 2012 With Database Availability Groups on VMWare and with Dell Equalogic PS series SAN utilising SSD/SAS auto tiering. The objective was to provide high availability and high performance SQL hosting for a clinical system

As part of the project, we helped our client undertake some performance baselines to determine read and write performance of the implementation. The EqualLogic PS proved to be very fast, achieving 42,000 IOPS for sequential write operations using MS SQLIO.

Microsoft Licensing.

A customer was recently approached by Microsoft to perform a Software Asset Management review.

We worked with the customer to deploy a software tool across all of their PC and server estate to fully audit their machines and gather the live inventory information centrally.

This provided the customer with a complete picture of all the Microsoft software in use to ensure full licensing compliance, without stress or complication.

Microsoft Exchange Services.

We've recently decommissioned another Microsoft Exchange 2003 environment for an enterprise client. As part of the final tranche of work, we've also completed their Exchange 2010 deployment, with Database Availability Groups (DAG) to provide high availability for mail and collaboration services. DAG failover has been tested, and as usual, works extremely well.

We've also been busy with one of our SME clients, where we've migrated mailboxes from Exchange 2007 to Office 365, thus moving them from on-premise mail to cloud services. We had to use PSTs as the transport mechanism as RDP over HTTPS wasn’t possible due to an invalid internal domain name that had been used historically. Migration was achieved over a weekend for 70 mailboxes including shared, room and user mailboxes, and the client is very pleased with the result.


One of the historical challenges with a larger NetApp infrastructure has been centralised data protection management. Whilst NetApp has SnapManager tools, native Snapshots, SnapMirror, SnapVault, and OnCommand Unified Manager, they do not offer a unified view into what's happening across the NetApp estate in terms of backup.

We've always had a good word for CommVault, and NetApp has now re-badged a subset of the Simpana Suite as NetApp SnapProtect.

Having just deployed this for a client, we're pleased to see that it does indeed offer a single pane of glass into data protection; SnapShots, SnapVaults and SnapMirrors are all being driven from the SnapProtect console, and the CommServe will also be driving application-consistent backups for SQL and other apps in due course. It's also possible to back data off to tape, all from one console and backed by CommVault's proven and well-regarded technology.