End Of A VCP Era

No VCPIt was back in November 2011 when I first obtained the VCP qualification, I remember how excited I was when I passed this exam.  I was designing and installing vSphere 4.x on HPE hardware and this was a string in my bow that validated my expertise.

Move forward to September 2017 and the IT industry has evolved.  The skills required to design and deploy vSphere environments are common place and the demand that I see from customers isn’t around architecting a vSphere platform.

A customer might require some assistance to migrate to the target platform, but when they are consuming it, where does the next the next requirement come from?

Throughout my IT career, I have always built my knowledge based on what I believe is credible within the market place.  This hasn’t ever been from a technical perspective, rather a business point of view.

When studying for certifications, you are taking time away from family, friends and generally doing the things you enjoy outside of work.  When I make this commitment, I want to use my time efficiently on what I believe will yield the highest reward for the least investment.

With the above in mind, it is with a heavy heart that I will let me VCP expire this month.  The reason I say heavy heart is that I have so many found memories of not only of using the cool technology that VMware have provided, but the people I have worked with designing and deploying vSphere solutions not only on a professional level but also across the community.

As they say when one chapter closes another begins, watch this space!

What’s This GDPR Thing All About?

GDPRThis blog post is certainly a bit different from my usual repertoire, however I strongly encourage any ‘Architect’ level person to have a good grasp of the implications to their customers.

Overview

In it’s essence General Data Protection Regulation (GDPR) strengthens the rights of individuals in the European Union (EU) to control their personal data.  This places emphasis on businesses ensure they have adequate privacy and data protection measures whilst protecting personal data by design and default.

Individuals will have significantly enhanced rights, such as to access and receive a copy of their personal data, as well as to have it erased.

It should be noted that companies who violate the GDPR could face fines up to the greater of €20 million or 4% of annual global turnover (revenue), whichever is greater. GDPR actually become law in the EU on 27 April 2016 but given the significant changes faced, a two year transition was granted, which means that enforcement begins on 25 May 2018.

For more GDPR information visit the Information Commissioners Office.

Key Concepts

GDRP is structured around six principles which are:

  • Requiring transparency on the handling and use of personal data.
  • Limiting personal data processing to specified, legitimate purposes.
  • Limiting personal data collection and storage to intended purposes.
  • Enabling individuals to correct or request deletion of their personal data.
  • Limiting the storage of personally identifiable data for only as long as necessary for its intended purpose.
  • Ensuring personal data is protected using appropriate security practices.

Key Changes

Microsoft have broken down the key changes to GDPR under four key verticals which are:

  1. Personal Privacy – Individuals have the right to :
    • Access their personal data
    • Correct errors in their personal data
    • Erase their personal data
    • Object to processing of their personal data
    • Export personal data
  2. Controls & Notifications – Companies will need to:
    • Protect personal data using appropriate security
    • Notify authorities of personal data breaches within 72 hours
    • Obtain appropriate consents for processing data
    • Keep records detailing data processing
  3. Transparent Policies – Companies are required to:
    • Provide clear notice of data collection
    • Outline processing purposes and use cases
    • Define data retention and deletion policies
  4. IT & Training – Companies will need to:
    • Train privacy personnel and employees
    • Audit and update data policies
    • Create and manage compliant vendor contracts

Challenges

Let’s have a look at a scenario around the starters and leavers process.  Bob leaves the employment of VMFocus after 10 years service and is moving onto pastures new.  Bob requests that VMFocus erases his personal data, what could this effect?

  • Active Directory credentials as most are personally identifiable including device logins
  • Line of business applications which hold user specific credentials
  • Database records
  • Email records
  • ERP systems
  • File systems
  • HR records

All of the above items are fairly straight forward to erase data, however thought needs to be given to the order of data removal as a significant number of applications are Active Directory integrated to provide either Same Sign-On or Single Sign-On.

Outside of this, real consideration needs to be given to the 10 years worth of backups that hold Bob’s details, how does VMFocus go about restoring information of tapes and then deleting this?  What are the implications in man hours to undertake such as task?

Three months after Bob requesting his personal data is removed, VMFocus is scrutinised and a specific client file and email that Bob was working on needs to be accessed.  How does VMFocus go about providing these details?

From a technical perspective, these are some of the questions we need to start thinking about answering.  The next few months are going to be very interesting and I expect we are going to see a few companies on the news with GDPR breaches.

Microsoft Azure Enterprise Cost Management

azureMicrosoft have announced the preview of Enterprise Cost Management for Azure, which is great news for Enterprise Agreement customers.

Until now gaining visibility of spend on an Azure Enterprise Agreement has been difficult to manage even when combined with Tags and Resource Groups.

It should also be noted that an Enterprise Agreement doesn’t provide spending limits (see offer details), quotas or even billing alerts (see prevent unexpected costs) so customers are often wary of migrating services to Microsoft Azure and/or providing access to their Azure Portals due to fear of being stung by large bills.

It is understandable that Microsoft do not want to ‘turn off’ customers workloads, however their could be a case for this in a development environment where a person leaves a ‘monster VM’ up and running of a month by mistake.

This is a step in the right direction, hopefully we will see billing alerts added in the not to distant future.

 

VMware on AWS My Thoughts

vmware-and-amazon-web-services-extending-vmware-into-aws-1As VMworld 2017 has just finished I have been giving VMware on AWS some thought.  Lot’s of questions have been running through my head, so I thought I would try and transcribe some here.

What Is It?

It’s a minimum of 4 x of vSphere Hosts running VMware’s SDDC (ESXi, NSX and vSAN) which is dedicated to a customer.  VMware manage the availability, patching and maintenance whilst the customer consumes the resources.

Each ESXi Host provides 36 x CPU Cores, 512GB RAM and 8 NVMe drives.  Some of this space is dedicated to management items such as vCenter and NSX VM’s so overall usable resources will be less.

Why Would I Use It?

This is a question I have been pondering on, my initial thoughts are:

  • A customers infrastructure lifecycle is at the point of refresh and they are moving to an ‘opex model’
  • A customer needs to exit a datacentre quickly and this could be one of a number of options
  • A customer is deploying a remote office and doesn’t want to invest in on-premises infrastructure for their VM estate
  • Target for disaster recovery to reduce on-premises secondary datacentre footprint (not sure if SRM is supported yet)

Even though I’m not convinced by this one, a potential candidate for a use case is to extend your on-premises operational model to AWS.

Another one which I’m not convinced by is reducing your on-premises operational costs by having someone else manage maintenance by patching your storage, ESXi Hosts and vCenter.  Are companies really going to make Dave redundant? Nope they are just going to get Dave doing something different for that one day a month (or Dave gets to chill out).

Would I Recommend It?

The concise answer is potentially.  The customers that I work with are reviewing their application estate and looking to either keep, kill, consolidate or transform them.

  • The keep category often fall into ‘that’s too difficult to tackle basket’ or we have only just invested in a new application or release
  • Kill generally means that the application will be ‘withered on the vine’
  • Consolidate generally means a number of applications will be collapsed into a single master
  • Transform usually means from on-premises to a SaaS type offering for example Exchange On-Premises to Office 365 Exchange Online

Out of these, which are the use cases for VMware on AWS?  The answer is simple anything heritage AKA Virtual Machine, as PaaS and SaaS will go somewhere else.

Infrastructure Applications such as Active Directory Domain Services, Certificate Services, File, Print and SQL are either highly available natively or can be designed and deployed on IaaS in a highly available fashion and as such aren’t great candidates for VMware on AWS.

Whats The Cost?

The monthly cost of an one year reserved ESXi Host (30% discount) is $4,332.00 of which we need four which makes the monthly cost roughly $17,328.00 which is circa £13,500 per month or £162,000 per year for compute and storage.  Note network charges and Operating System licenses are not included.

Using the same 30% discount level on Microsoft Azure you could run:

  • 268 x A2 v2 VM continuously for 12 months
  • 143 x D2 v2 VM continuously for 12 months

Taking into account that a single ESXi Host is used for tolerate failures.  We have 1,536GB of RAM minus circa 10% of management cluster and general overhead gives circa 1,382GB of useable RAM.

Using the same RAM metrics as the above Azure VM’s you could run the equivalent of:

  • 346 x A2 VM’s using VMware on AWS
  • 197 x D2 VM’s using VMware on AWS

Final Thought

Generally I’m seeing customers moving to a PaaS or SaaS offering for low hanging fruit and then dealing with the more complex applications on a case by case basis with a view to transforming these into a PaaS or SaaS model.

If customers are migrating 100 plus heritage VM’s to a cloud platform and they cannot be re-architected to be natively highly or have an SLA that simple backup and restore routines will not cater for then VMware on AWS is a viable option.

I do see that VMware on AWS has a place in the market, however the place is for heritage systems and I wonder how long it will be until the earnings from VMware on AWS start to dwindle?

Azure Updates – Enhancement Summary April 2017 to July 2017

azureOver the past three months, I have been leading a delivery engagement which has meant that I’m not as up to speed as I perhaps should have been on the latest enhancements to Microsoft Azure.

With this in mind, I thought I would share with you , the feature enhancements over the past few months that have had the biggest impact to the customers I work with.

Azure Service Health (Preview)

Planned and unplanned maintenance events are always a hot topic when educating customers on the use of cloud for IaaS as it’s a paradigm shift from the on-premises operating model.

Rather than having an email letting you know that West Europe is going to be patched in the future or checking the Azure Status URL, Microsoft have rolled this up into Service Health.

In a nutshell this lets you know what ongoing issues in Azure services are impacting your resources, provides you with a PDF summary of the issue for problem management.

Read more here.

Azure VM Configuration Changes (Private Preview)

Let’s face it a significant proportion of operational outages are caused by people making changes without following the correct internal procedures.  To circumvent this, Microsoft have introduced Azure VM Configuration Changes which can track all Windows Services, Linus Daemons, Software by default.

Azure VM Configuration Changes also allows you to view changes in the last 30 minutes, hour, six hours, 7 days or 30 days so you can pinpoint when changes occurred to the VM.

See more here.

Azure Large Disks

One of the challenges around IaaS VMs was trying to fit existing file structures into or across multiple 1TB hard drives.  This caused a few challenges for customers who had to rework GPO’s or migrate data to enable the use of file services within Azure.

Another significant challenge was using Azure Site Recovery to protect a VM with a hard drive larger than 1TB.  To address both of these issues Microsoft have launchged 4TB for Azure IaaS VM’s,

See more here and here.

Azure Application Gateway

Security is always a hot topic when it comes to cloud and Microsoft has fixed the gap it had between DNS based Global Site Load Balancing using Traffic Manager and Azure Load Balancer which worked at Layer 4 (TCP/UDP).

Azure Application Gateway acts as a Web Application Firewall to protect from common web attacks such as SQL injection, cross site scripting and session hijacks.

Read more here.

Faster Azure VPN Gateway

When customers embark on their cloud journey, it normally starts with a Site to Site VPN whilst ExpressRoute is put in place.  A previous limiting factor with Site to Site VPN’s was the bandwidth limit and SLA.

Microsoft have resolved this by introducing a new series of VPN gateways appropriately titled VpnGw1, VpnGw2 and VpnGw3 which will provide an SLA of 99.95% with up to 1.25Gbsp throughput at the same cost as the previous gateways.

Read more here.