WilliamLam.com

Community stories of VMware & Apple OS X in Production: Part 6

by // Leave a Comment

Company: Public Education K-12
Software: VMware vSphere
Hardware: Xserve

[William] - Hi Pete, thanks for reaching out on Twitter and offering to share your experiences in managing VMware and Apple OS X in an academic environment. Can you start off by quickly introducing yourself and what your role is currently?

[Pete] - My name is Pete Wann, I've been a sysadmin for over 15 years, mostly in education. I switched to Mac at the OSX transition because I was really interested in the Unix (BSD) foundation. My interest in Unix was piqued by my exposure to Solaris in the military, and since then I've tried to focus my career around all the various flavors out there, it just so happens that I like Macs, and it's been a good niche to be in. The community is awesome and ridiculously supportive.

My current role is as a Principal Systems Technologist at Oracle. I work for our Global IT group, but I primarily support a subset of our Marketing department. I'm responsible for the infrastructure around our video, print, and web production efforts. Although, the specific implementation we're going to discuss was done at my last position, with a large school district in Alaska.

[William] - Thanks for the background Pete. So I hear you were involved in an implementation that involved VMware and Apple OS X Technologies, can you share with us some more details about the environment?

[Pete] - Well, as you know, Apple discontinued the Xserve in 2010. (boo! hiss!) This was disastrous for that environment since the schools were very far apart, and our WAN links were slow and sometimes tenuous, in addition to some decisions made before I arrived about how home directories were handled, we needed to have some kind of server presence in every school. Since we couldn't count on having someone in each school who was comfortable going into a server closet to reset a system, we really needed Lights-Out-Management on whatever hardware we put out there.

Additionally, this was by far the largest Open Directory deployment that we (or Apple) had ever heard of. We had both computers and users in OD, and with our sometimes rickety WAN, we needed to have OD replicas as close to the clients as we could get, so again, a server presence in every school.

Eventually we migrated all of our user authentication over to AD, but still used OD for some computer management functions (mostly we used JAMF Casper for imaging and package deployment), so we still needed separate OD replicas for each school. (Each school was its own OU within OD so that we could distribute computer management tasks.)

[William] - I too remember the EOL announcement of the Xserve, it definitely had an impact to everyone who relied on that hardware. It sounds like you had a decent Apple Infrastructure, where was all this running? Physical or Virtual?

[Pete] - At the time, ESX did not support the Apple RAID card, so I could not use the internal storage with any of the systems I had available, which was fine with me, since I didn't want any moving parts on the hosts if I could avoid it, to hopefully increase longevity.

So, after much bugging of the powers-that-be, I got three licenses for vSphere for the three Xserves I scrounged from our secondary schools, removed all internal storage, then installed ESXi on a small USB drive on each host. I used the built-in iSCSI support in ESXi to connect to our NetApp storage, and integrated the Xserves with the rest of our vSphere environment, with full support for vMotion and everything. It was really easy, and worked insanely well.

We wound up virtualizing about 20 hosts across the three Xserves, mostly OS X, but also a couple of Linux hosts to act as web front-ends for our Casper environment. I fought hard to make the Xserves full-fledged members of the vSphere deployment, but my counterparts on the Windows side resisted harder. I still think that was a waste of available CPU power, but such is life.

[William] - Wow, this is pretty cool! I think this is the first implementation that I have heard of that leverages external storage w/Apple hardware. Could you share some details about the hardware specs for the Xserve and how you came to this particular configuration?

[Pete] - Well, in the case of the Xserves, we lucked out by having already ordered 77 of the last generation before Apple announced the end-of-production. We were in the process of transitioning from Xserve G5s to Intel in all the schools.

I was at the MacTech conference in LA when word came out that the Xserve was killed (Can you imagine the mood in that room?) and immediately got in touch with my boss to ask for as many more of the last generation we could afford to buy. Initially my intention was to go with Parallels Server, and we did buy it and deploy it at a couple of sites, but let's just say that didn't go well, and I jumped off that path as soon as ESXi 5 was released.

Initially I wanted dual-processor systems with the internal SSD and maxed RAM (I believe 48GB on that model), and since I was still thinking in terms of what Parallels Server supported, I got 3 internal 1Tb drives to use for local storage. Unfortunately, the option of adding the internal SSD as a fourth drive disappeared almost as quickly as it appeared, and we missed the window. I got the rest of what i asked for, though.

Once I discovered that ESXi 5 didn't support the Apple internal RAID controller, I had to find another solution for storage, since I didn't want to run everything, Hypervisor and VM Storage on USB drives. Fortunately for me, our vSphere environment was already configured to connect to our NetApp NAS, so it was trivial to add that storage for the VMs once the Xserves were added as hosts to the vSphere DC.

I also managed to scrounge additional NICs for the Xserves to give the nodes more network capacity for the guest VMs. So I think ultimately we wound up with 6 total 1Gb connections — 1 management, 1 vMotion etc., and 4 on a vSwitch for guest VMs. The three Xserves were segregated into their own vDC to avoid confusion for our management and SysAdmins.

[William] - How did you go about monitoring this infrastructure? Any challenges or gotchas you found while building and managing this environment?

[Pete] - Honestly, no. We used all of the same management tools that we used for our wider vSphere environment, and it all just worked.

At the time, I believe they were implementing some monitoring tools from Symantec, but I left while that was still being implemented. Before that was in place, it was largely a manual process. I stayed as hands-off as possible once I had my environment up and running because I take a "less is more" approach to being a SysAdmin. 🙂

The ONLY gotcha, and it was very easily overcome, was the lack of support in ESXi 5.0 for the Apple internal RAID controller. That turned out to be good for us, as it forced us to use the existing vSphere infrastructure.

As for management, we just had to embrace a new way of deploying VMs, but there again, once I built a template for vSphere, it was trivial to deploy new Mac VMs, which I then configured as needed. If we'd had a larger environment, I would have leveraged tools like Puppet or Casper to auto-configure hosts to our needs.

[William] - In building out this environment, it sounds like you learned quite a bit. Was this something you already had some experienced with or were you learning on the job? If the latter, were there any key resources you leveraged that helped you build and manage such an infrastructure?

[Pete] - I had experience with VMware from my previous job, where I got involved in deploying new VMware nodes to help transition to a virtual datacenter. In truth, it worked so well and was so easy to set up, I didn't really need support except for gathering the specifics of our environment.

There was literally no difference between the setup for generic x86 hardware and Xserve as far as I could see. The only difference was that in addition to all the other guest OSes, we could also run OS X on these hosts.

[William] - Pete, I would like to thank you very much for your time this afternoon and sharing with us your experiences. I think this has been very informative/educational and should help others thinking about building or managing a similar type of environment. Before we finish up, do you have any words of wisdom or advice to others looking to start a similar project and perhaps also working in the academic/education field?

[Pete] - I would say that if you're thinking about it and if you think that virtualizing OS X will help, then go for it. It's actually easier than you probably think. Also, I'd say to remember that as a SysAdmin, managing up is just as important as managing your systems. Keep your eyes open to what's happening in your industry, and try to be prepared for new things and opportunities to save money and improve efficiency. Especially in public K12, budgets are shrinking, but demands (particularly on IT) are increasing. Don't be afraid to speak up if you think you can find a way to save money and provide the same or a better level of service for your students.

If you are interested in sharing your story with the community (can be completely anonymous) on how you use VMware and Mac OS X in Production, you can reach out to me here.

 

Community stories of VMware & Apple OS X in Production: Part 5

by // 2 Comments

Company: Artwork Systems Nordic A/S (AWSN)
Software: VMware vSphere
Hardware: Apple Mac Pro

[William] - Hi Mads, thank you for taking some time this morning to share with the community your past experiences managing a VMware and Apple OS X environment. Before we get started, can you introduce yourself and what you currently do?

[Mads] - My name is Mads Fog Albrechtslund, and I currently work as a vSphere Consultant for Businessman A/S Denmark. The reason for my current employment, is primarily a Mac based vSphere project I did at my former employer, Artwork Systems Nordic A/S also in Denmark. Before I became a vSphere Consultant, my primary job function was as a Mac Consultant, in which I have several Apple related certifications.

[William] - Could you describe what your vSphere project was about?

[Mads] - The vSphere Project, was that of virtualizing and consolidating the infrastructure of Artwork Systems Nordic A/S (AWSN). AWSN is a reseller of hardware and software to the graphical industry, thereby running a lot of Apple systems and software that require Mac OS X underneath.

When I started at the company in early 2009, there were around 8-10 servers, and only 9 employees. Every server was just a desktop Mac or PC, running multiple services at once, trying to use the hardware at best. I started by consolidating and somewhat standardizing all these machines, into a Rack cabinet.

But I still wanted to make it better, more flexible and faster to deploy new OS'es when they are needed. I also wanted to move away from running multiple services on a single OS. I started looking into virtualization around late 2010, before VMware even made vSphere compatible with the Mac's. And we started working with a competitor of VMware, which at the time was about to release a bare-metal hypervisor that was compatible with Mac hardware.

We invested time, money and hardware in that initial project, only to around 6 month later to find out that the vendor would drop that bare-metal software again.

[William] - Ouch! I guess that is one of the risks when working with a new company/startup. So what did you end up doing after the company dropped support for bare-metal support?

[Mads] - So when VMware release vSphere 5.0 which was compatible with Apple hardware, I asked my boss to try again. He said "Sure, go ahead…. but we don't have a lot of money to do this with". So I needed to make this project as cheap as possible.

What I ended up with was 3 Mac Pro's (2x 2008 and 1x 2009), which I got almost free from a customer, extra RAM (32GB in each Mac Pro), extra NIC's (4 NIC's in each Mac Pro), a Synology RS812+ NAS and VMware vSphere Essentials bundle.

Here is a picture of the 3 Mac Pros:

awsn-mac-pro
[William] - I too remember when VMware announced support for Apple Hardware with vSphere 5.0, that was a huge deal for many customers. Were there any performance or availability requirements that you had to take into considerations while designing this solution? Did all Virtual Machines run off of the NAS system or was it a mix between local and remote storage?

[Mads] - All VM's ran off the NAS over iSCSI. I did consider the availability of that design, but given the constraints of the money of the project, there was not much of a choice. I did not want to run the VM's on the local disks inside each Mac Pro, considering that if one Mac Pro died, I would not easily have the possibility to power-on that VM on another Mac Pro.

The performance of the NAS was not great, but good enough. After I left, the NAS was upgraded to a Synology DS1813+, and then using the old Synology RS812+ as a backup destination. The load on the VM's was light, as there only was 10 employees in the company, and most of the VM's was only for testing or designing solutions for the customers.

[William] - What type of Virtual Machines and applications were you running on the Mac Pros?

[Mads] - The 3 Mac Pro's are running around 20 VM's, where most of them are either OS X based or Linux Virtual Appliance's. My plan was to do one service per OS, to keep it as simple as possible. Almost all the OS X based VMs are running OS X 10.8 Mountain Lion. Some of them are just plain Client installations, but most of them have the Server app installed, to run Open Directory, DNS or File Server.

The Client installations are running specific software that the company sells, like graphical processing software from Enfocus or FTP software from Rumpus. There is also an older OS X based VM, running Mac OS X Server 10.6, which runs a special graphical procession software called Odystar from a company called Esko. This software only exist on Mac OS X, and it also requires a HASP USB dongle for its license. Most of the VM's are configured as low as possible, which for most is 1 vCPU and 2GB ram.

The Mail server for the company, is based on Kerio Connect software, which is also something that the company is a reseller of for its smaller graphical customers. That software exist either as a virtual appliance, a Windows install or a Mac based install. We ended up with choosing a Mac based installation, because we knew it better.

[William] - How did you go about monitoring the Virtual Machines as well as the underlying hardware? Any particular tools that you found worked well for your organization?

[Mads ] - We did not do much of monitoring, of neither the VMs or the hardware. I was onsite, and sitting almost beside the rack most of the time, so if there was any trouble either physically or virtual, I could fix it fast. I had configured email reporting in all the solutions that gave the option (vCenter Server, Synology NAS and some of the applications).

[William] - I know you had started this project back in 2010 and there was definitely a limited amount of hardware options to run Apple OS X VMs. Today, there are a few more options and if you were to do it again, would you have done anything differently? Would you still consider the Mac Pro (Tower) or look at potentially the newer Mac Pro (Black) or even the Mac Mini’s?

[Mads] - We did start out by looking at the Mac Mini's, but considering that we could only run 3 hosts because of the vSphere Essential license, we needed to get more RAM in each host, than the Mac Mini's could provide. The Tower based Mac Pro is still the best option for this installation, given that it is available for a reasonable price, runs more than 16GB ram and you can get 2x CPU sockets in each host.

The new black version of the Mac Pro, is especially not a good fit, primarily because of the price and because of the dual GPU's and only 1 CPU. I would love a Mac Mini with 32GB ram, that would properly fit perfectly, considering the advances in CPU technology over the 2008/2009 CPU's in the Mac Pro's currently running the environment.

[William] - Mads, thank you very much for spending your morning and sharing with us your experiences with running vSphere on the Mac Pros. You have provided a lot of good information that I know will surely help the VMware and Apple community. One final question before I let you go. Is there any tips/tricks you would recommend for someone looking to start a similar project? Any particular resources you would recommend people check out?

[Mads] - First of a big thanks to yourself, for provide great content on http://www.virtuallyghetto.com. I have also provided my own experiences both on my personal blog www.hazenet.dk and on businessman's company blog bmspeak.businessmann.dk

On my own blog, I have written about issues with screensavers in Mac OS X VM's and I have also written a long blog post about how make a never booted Mac OS X template VM, which don't have any UUID's set.

If you are interested in sharing your story with the community (can be completely anonymous) on how you use VMware and Mac OS X in Production, you can reach out to me here.

 

How to run Nested Mac OS X guest on ESXi VM on top VMware Fusion?

by // 1 Comment

You might be asking, why would anyone want to do this? Well, luckily this is not a "because you can" type of answer but was it was an interesting solution that one of our VMware Engineers (Darius) had shared with me after helping out on this VMTN Community forum thread.

The user was running VMware Fusion on his physical Mac OS X system and wanted to be able to test OS X Mavericks under ESXi. Not having a physical ESXi host to test with, the next best thing was to run a ESXi VM under VMware Fusion and then run the Mavericks guest on top of that.

Here is a quick diagram of the user setup:

nested-mac-osx-vm-on-esxi-on-fusion0
The issue with just simply doing this is that for a Mac OS X guest to properly run on ESXi, the underlying hardware must be Apple Hardware. The reason for this is not a technical challenges, but rather a legal one per Apple's EULA. The way in which ESXi detects that the underlying hardware is Apple is by checking whether Apple's SMC (System Management Controller) is available.

In the scenario above, the Nested ESXi VM is not automatically passing through the SMC from the physical Mac OS X system and hence the Mac OS X VM at the very top of the stack will not properly function. The solution that Darius found was to add the following two Advanced VM Settings (VMX) entries to the ESXi VM:

smc.present = "TRUE"
smbios.reflectHost = "TRUE"

This will allow the passing of the underlying SMC up into the Nested ESXi VM which will then allow Mac OS X guest VMs to properly function. We can also confirm this by check the Nested ESXi MOB by pointing a browser to the following URL: https://[ESXI-IP]/mob/?moid=ha-host&doPath=hardware

nested-mac-osx-vm-on-esxi-on-fusion3
If you did not add the two entries above, then the smcPresent property would show up as false. In our case, we did add the following two entries and we now run our Mac OS X Guest. Here are a couple of screenshots of performing this on my iMac at home running the same exact configuration:

nested-mac-osx-vm-on-esxi-on-fusion1nested-mac-osx-vm-on-esxi-on-fusion2
Thanks Darius for sharing this with me and the community! I am sure this will come in handy for anyone wanting to test Mac OS X guests under ESXi but do not have a physical ESXi host and can easily substitute using VMware Fusion.