Configuring the Load Balancer in the VMware vCloud Director

Today we will learn to configure the load balancer (Load Balancer) in the control panel vCloud Director. As the name implies, this tool is balancing traffic web resource among multiple servers for a given algorithm and protocol. Since the load is distributed between servers that perform the same function (e.g., web-server), in case of failure of one of the servers, the load will be redistributed among the remaining in service. Thus, the balancer increases the resiliency of the site. In general, a useful thing for websites that are hosted in the cloud, especially for online shopping.

How does it work?

The function of the load balancer in the panel performs a vCloud Director vShield Edge. This service acts as a translator of addresses (NAT), it is configured Firewall, VPN, DHCP and static routing.

To make things work, when setting prescribes the following:

Servers Pool - the IP addresses of the servers (VMs) between which the load is balanced. At the same step, we specify the protocol (HTTP, HTTPS, and TCP), on which the load balancer is drawn to the servers, and the parameters for tracking the availability of virtual machines. On the basis of this monitoring will be made ​​the decision to redirect traffic to a running server in case of failure.

Servers Virtual (Virtual the IP) - the external IP-address through which users access the resources hosted on the virtual machines (Pool Servers). Below is an exemplary diagram of how it can look for a conditional site.

Instructions

Let's start with the configuration. At the start, we need: - vShield Edge, which is connected to the external network. - Network-level organization in which there are at least two virtual machines (pardon the captaincy :)).  The service of all this is created automatically, but if you use vCloud Director somewhere else, here are detailed instructions for setting up the network.  External IP-address, or a range. See it possible properties vShield Edge. In our case it is 92.242.44.150. I write it somewhere. - Internal IP of virtual machines that will participate in the balancing. To do this, go to the tab My Cloud, open the desired VM vApp c. We are looking for desired information in the appropriate column.

So there you go to set up:

1.     Go to section Administration and click on the virtual data center.

2.     Go to the tab Edge Gateways. Click the right button to select the Edge and Edge Gateway Services.

3.     In the new window go to the tab Load Balancer. First, you need to add a pool of virtual machines (servers), between which will balance the load. To do this, click on the Pool Servers and click Add.

4.     Prescribes pool name and description if needed.

5.     Next, choose on what will be available to the server protocol (HTTP, HTTPS, and TCP), ports and balancing method, i.e. algorithm, according to which traffic will be shared between virtual machines. The following methods: - the IP Hash: all requests from the same IP-address will be exposed to the same server from the pool - Round Robin: requests are distributed in turn among servers, depending on the desired weight.  -  URI: all requests to the same address will fall on one virtual machine. Applicable only for servers that are available on the protocol http. -  Least Connected: the new request will be routed to the least loaded server. For example, select the protocol http, Port 80, the method of Round Robin.

6.     In the next step set the parameters on which will be monitoring the availability of a pool of servers:

·        Port

·        Protocol

·        The interval between calls (interval)

·        An interval during which must be answered by the server (timeout)

·        The required number of successful appeals ( threshold health)

·        Allowable number of unsuccessful calls to the message server failure (unhealthy threshold). Here you can tweak the default values, the main thing - do not overdo it and not to put, for example, for field 1 second timeout. :) In the URI for HTTP service indicate the address to which the balancer will check the server status. It can be left as is (/).Esli not looking for easy ways, you can create a static web page for each server. In this case, the 200 OK response indicates that everything is working.

1.     Next, add the newly created pool of IP-addresses of virtual machines (Members). To do this, click Add, and shall be pursuant to the IP addresses of machines between which will be balanced. For example, 192.168.1.2 and 192.168.1.3.

The Ratio Weight specify server weight balancing. If the first server, specify the weight of 1 and 2 for the second, then the second server will come in 2 times more calls. If set to 0 - the server will not participate in the balancing.Adding a second virtual machine and click Next.

2.     On the Ready to Complete check everything again, and click Finish.

3.     Go back to the home page and go to the tab Virtual Servers. Click Add.

4.     Prescribes the name of the virtual server.

·        In the field of Applied On select network (outside!). In our case it cloudlite-internet-2.

·        The IP address is assigned from the Sub-Allocated the IP Pool (the one that we saw here)

·        Select the server pool created in the previous step.

·        If you need to make every customer got to the server, to which he applied for the first time, select the Persistence Method Cookie. When all added, click OK.

5.     Do not forget to click OK on the main page.

With all the balancer itself. If you have not set up Firewall, you should do it - list the rules for him so that he missed the right traffic (detailed instructions here).

That's it! Good luck in the panel vCloud Director!

CloudLITE 2.0

Work on the Bugs Cloud Provider

In mid-October, we restarted the cloud service CloudLITE, changing the platform provisioning and billing BILLManager. Today will tell that we have changed, and why.

CloudLITE - it's IaaS-service based on VMware, to automatically deploy virtual data center, create virtual machines with any operating systems and configurations, and manage it all through the farm panel VMware vCloud Director. 

So the service was at the time of its launch in April. Since CloudLITE already managed to fill some bumps (no casualties among customers, thankfully), to acquire a stable pool of customers who have helped us to pay attention to some points and make adjustments to the further development of the service.

Control Panel: It was

As shown, the rich functionality panel vCloud Director not everyone liked, yes, many users appreciated the possibility of enterprise-solutions, but there were many of those this abundance rather confused. Go to vCloud Director was not easy, especially for yesterday Users VDS / VPS: a complete stranger interface, a lot of options ... We have tried as far as possible "facilitate" an acquaintance through the means of instruction manual and video, but still some users lost, wrong - and as a result left disappointed.

Again, as it turned out, not everyone is in principle need a vast bunch of settings: Many well be arranged in one-click opportunity to create a standard virtual server - preferably with a preloaded operating system and other system software. Not surprisingly, these people are totally inspired by the idea of spending time and effort to the study of the rich instrumentation vCloud Director.  As a result, truly appreciated CloudLITE only users who are already familiar with vCloud, - but because we wanted to please everyone.

Control Panel: Become

Thus, the problem lay in the fact that, while maintaining the functionality of vCloud Director for those who really need it, do CloudLITE convenient and useful for users who are just discovering the possibilities of IaaS. 

The result was a compromise solution. In a new personal account on the basis of BillManager (thanks to colleagues from ISPsystem :)) there was a lite-panel virtual machines. Now users who are more convenient to deal with the default templates of virtual machines can deploy virtual server directly in your account.

Here you can do all basic operations with a virtual machine: 

·        Create / delete

·        On / off / restart

·        Transition to the management console of the machine 

·        Setting the backup (based on Veeam Backup & Replication Enterprise)

·        Purchase of licenses Windows Server Standard 2008 and 2012.

More tweaks are always available in vCloud Director: there you can work with all network settings (Firewall, NAT, VPN, load balancer, etc.), Load the ISO-images of the OS, deploy virtual machines with their operating systems, create VM templates, and import and export them.

Calculator vs fixed rates

In the original version, we had a calculator which allows you to create almost any configuration of power (CPU, memory, disk) and immediately estimate the cost of the extended channel and additional IP. Life has shown that in most cases, users need very specific - that is amenable to standardization :) - "set" parameters. The new release, we decided to move to fixed rates (12 pieces), broken down by four categories. We left the opportunity to adjust the individual parameters within a single tariff, for example, to increase the individual drives are not moving at the same time at a senior rate and additional purchasing unnecessary additional processors and memory. In the same way you can deal with memory and processors (starting from the tariff group Standard).

Payment Methods: it was

We are faced with the fact that the IT staff to explore the CloudLITE often registered as private individuals (paying a "test" pool with personal card) that at the time of placement of productive "renew" account to the legal entity. The problem was that in the first release CloudLITE users cannot make these changes on their own.

Payment methods: become

The new Dashboard we considered like user script and added this feature. Now, by registering at any convenient status (physical \ legal entity, individual entrepreneur), the user can, if necessary, change it by yourself before each payment.

Billing resources: it was

In the first release to activate the virtual resources needed to make full payment in advance for the month ahead: if at the beginning of the month on account of lacking to the total cost of the subscription, the resources left in the lock. Despite our methodical through an automatic e-mail reminders, some people were late with payment and as a result found the stopped their resources.  There have been such cases: the user for whatever reason, could not pay the full amount at the beginning of the calendar month and requested a postponement. We often went to meet, especially for regular customers, but each such request had to handle manually - but I wanted a system for solving the problem :).

Billing resources: become

CloudLITE 2.0 The minimum billing period - a calendar day, and therefore no need to make 100% advance payment for the month ahead. Users can gradually replenish the account for any amount - the main thing that made ​​money was enough to pay for the day. 

It will also be convenient to those who have the resources - or the specific configuration - need only a few days.

VMware Virtual SAN Cloud (VSAN)

Why do you and how to cook it

In the first post we mentioned about CloudLITE virtual store VMware Virtual SAN (VSAN). Today, we focus on the technology and more will tell you what to consider when creating a VSAN for the project.

Why do you VSAN

Traditional architecture consists of three key components:

1.     Servers,

2.     Storage system (DSS),

3.     Storage Area Network that connects storage to servers through a block (FC, FCoE, ISCSI) or file protocols (NFS, SMB) using the appropriate switches.

To manage this economy need three different interface, three different competences and, in an amicable way, three different specialist.  The deployment of this architecture takes a long time, and rapid scaling is also quite a trivial task. If your project involves predictable and systematic scale, to add a new store has a week, and in the state there are experts who will be engaged in the design, the traditional architecture - your choice.  When you have a project (for example, public cloud) is growing leaps, adding a new repository with minimal automation capabilities it will take a lot of time.

This is where it comes in a converged architecture VSAN, which allows to combine computing functions in the server and storage functions.

VSAN as a converged solution

The convergent solution enables you to create the infrastructure of the typical units that combine several functions (e.g., computing, storage). Management of such infrastructure through a single interface, and scalability - by adding a block.  In the case of VSAN each unit - a server. Not all, of course, but more on that later. How the server does performs the functions of storage? VSAN collects from local drives virtual servers "external" storage available to all computing nodes of the cluster virtualization. In this program part of VSAN runs on the same servers as the compute nodes. Thus, on one and the same machine and arranged calculator (compute node), and a part of the storage system (storage node) - all in one vial.

How it works

Each server has 1 to 5 disk groups. In each group - at least one SSD-drive (a necessary condition for building VSAN) and from 1 to 7 HDD-drives.

SSD-drives in the disk group is made ​​up of a common pool of data caching. VSAN first reads data from the cache; if data is not in cache, VSAN is sent to the HDD-drives.  For each virtual machine you can configure your FTT (failures to tolerate). The default is 2, ie. E., all data are written once virtual machines on 2 different server cluster. If one server fails, we will have a synchronous replica on another, and all the I/O operation will go to the second copy.

What to look for when designing VSAN

Relative ease of deployment does not negate careful design architecture VSAN. Here are a few points on which we would like to dwell:

1.     Compatible hardware. Although VSAN and gives a certain freedom in the choice of "iron", it is wise to stay within the list to ensure compatibility with VMware VSAN equipment. So you do not have an educated bet select compatible controllers, adapters and so on. In the case of CloudLITE on set of technical and economic parameters, we chose Huawei FusionServer RH5885 V3. This model has on board more efficient PCIe flash card (in comparison with the already became a classic SSD-drives), which, by the way, saves "slots for drives" and create more disk groups. In the near future it will arrange unboxing. Stay tuned :).

2.     Network.  In the configuration of a VSAN VM can work in one place, and stored - in the other. It makes quite high demands on the network: you must be at least 10 GB network.

3.     Performance disk controllers. The disk controller must provide a buffer to surround a large queue. Load it is significant: the controller will give the data necessary not only to that server, but to the entire cluster. For example, the reduction of the disposed disk group to the new group you want to record large amounts of data in a short time. Recording speed just will depend on the performance of the controller.

4.     The volume of discs. In this situation no longer is better. Quite the contrary. Although currently available disks 4, 6 TB, VSAN is better to build from 1TB drives. Let's imagine an emergency situation when the cache we do not gets (replacing "a melted" disk group, backup or vosstanavleniju backup): 6 TB drives will recover up to 6 times longer than the 1 TB drives (if ottalkivatcya the ratio of the speed of reading to the volume Stored data - IOPS / GB). Here we are, of course, talking about the worst case, but the situation is not out of the realm of fantasy. And the desire to use VSAN volume wheels completely fell off, just imagine how many will recover the data on the hard disk 7 to 6 TB.

5.     The ratio of the volume of SSD to the hard disk. It will directly affect the final performance of the disk group: the higher capacity SSD (the more data is in the cache), the better the performance. In CloudLITE used for caching PCIe flash cards - they have less latency compared to the SSD. Incidentally, in the VSAN

6.     Supports disk groups consisting only of SSD. 6. The ratio of computing power disk space. When designing VSAN should be all carefully bed: calculate the ratio of processors, memory, and number of disk groups, and calculate how much of the increase computing power that it was cost effective. When running the decision can no longer be on the fly add disk space for VSAN (storage node), not adding a new server, and therefore processor and memory. Alternatively, when the server is used only as a storage (t. E. Compute node of the server is idle), it is possible, but uneconomical: it is actually a return to the traditional configuration and the refusal of the benefits of a converged solution.

Operating an Internal Cloud Server

Huawei RH5885 V3 - Unboxing

Today will go down to earth, let's talk about Hardware and see what and how is arranged inside operating an internal cloud server Huawei Tecal RH5885H V3.

It is on this model, a cluster of server’s deployed virtualization IaaS-service. Recall that on the same servers we live hypervisor and distributed virtual storage VMware VSAN. Before we proceed directly to the unboxing, a few words on why chose this model. No, it's not an Asian import substitution.

1.     In its virtualization clusters, we use 4-a socket servers because they allow you to allocate more cores on one virtual machine. This server meets this parameter.

2.     The server was needed for a specific architecture with solutions VSAN. As we mentioned in the previous post, we have VMware Hardware Compatibility List, suitable for the construction of a virtual storage system. Among this sample we need 4 of socket server is not too much.

3.     This model, unlike analog, available on the market, operates on a series of processors Intel Xeon E 7.

4.     Cluster configuration implies the presence of 24 disks per server. This model allows you to create just three disk group, each of which is 7 hard drives and 1 SSD (in this case, take their place PCIe flash card).

5.     Finally, the price-quality ratio. It is clear that all 4 of socket servers - its enterprise-solutions that are good value for money. But even in this market segment have models reviewed above or below. The selected model just gives a lot of opportunities, but at a lower cost.

6.     And he with green accents (our corporate color), and here we could not resist :). Let's get started.

In the photo below we see a well-designed and carefully executed ventilation system with front access and filters.

Fans can be changed "on the hot." In order for the repair work the cold air is not "funneling" through an empty hole in each module is provided cap, which prevents parasitic air exchange.

Now's go inside. Thanks to its modular structure, the server can be separated without any tools. What is particularly pleased because it is very detailed and very visual circuit assembly \ dismantling server modules: everywhere there are explanations as for what to catch, marking the constituent elements of the server (disk modules, processors, and so forth), In general, do not get lost.

Right - the two expansion module to install a PCIe card.

This configuration uses a PCIe card 4 - 3 PCIe SSD ES3000 and 1 PCIe Ethernet Adapter. Interface Card CN21ITGAA000 made based on the Intel 82599 and has a 2 x 10G external network interface. Another 2 x 10G adapter is integrated on the motherboard.

Go ahead. In the middle - a compartment with 4 processors Intel Xeon E7-4830 v2. Left - a compartment with memory cards installed RDIMM.

We're going to install. At this stage, everything went without too much difficulty. The only thing that has raised questions to the server device is complete slide. You could do and more convenient.

To manage the server and its services available to the entire standard in today's technology - BMC, IPMI, SOL, KVM over IP and Virtual Media.

Access to the service processor is carried out, including through the touchpad. C it means you can set the appropriate settings of the service processor, check the status of all components of the server, and even play a game of Tetris.

View from the hot aisle include: meals from different beams connected to two PSU, which are reserved and allow replacing hot-swappable.

That's all. What we can say at the end of 6 months of operation: the servers are stable and do not cause any problems with the operation and maintenance. Is not this the most important thing in iron?

Windows 7 and 8 Joined Surveillance

Barely subsided recent scandal with "spying" for the Windows user 10 as the internet rumors that Microsoft is also introducing mechanisms for transferring data in Windows 7 and Windows 8. Experts believe that the OS does not monitor users, and analyze their data improve services and display advertising.

Immediately after the release of a new version of the Windows operating system, many users and 10 publications drew attention to the large amount of data about the user is sent to the server of the Microsoft. However, it mentioned even the beta testers of the new OS a year earlier.

Among the information to be transmitted proved to search queries, user location, visited sites, as well as other confidential information.

Discussion turned around and a voice assistant Cortana, who collects contact data users, as well as information about calls and messages. When you try to shut Cortana access to the servers on which information is sent, the voice assistant simply refuses to run and gives an error. Full list of addresses to which "collaborates» Cortana, published portal Habrahabr.ru citing Czech researcher.

Resonance around Windows 10 made it to draw attention to the administration of torrent trackers. Some of them have decided to block users of Windows 10, decided that the new OS will begin the removal of pirated content on computers.

Attend to Windows policy 10 and Russian lawyers, sent a request to the complaint to collect confidential information to the Prosecutor General of the Russian Federation. Lawyers worried that data about their customers can be obtained by third parties. They therefore proposed to introduce the option to disable user data when installing the system for government agencies and institutions where important privacy information.

Strict policy Microsoft's data collection in Windows 10 made the specialists in the field of cyber security to pay attention to earlier versions of the OS.

Portal Arstechnica.com said that in April this year, Microsoft has added to Windows 7 and 8, "Diagnostic tracking service" to collect data about the problems in the OS and third-party applications, participating in the program Applications Insights. These data fall into the hands of developers to improve their products. However, some users of the forum noted that the service consumes considerable resources of computer memory, as well as traffic loads.

Recall that at the default setting "Update Windows» operating independently sets all recommended updates to your computer. One of these recent updates for Windows 7 and 8, was the package of KB 3068708 titled "Update for a more comfortable user experience and diagnostic telemetry."

Name alarming. However, it is unclear what kind of information sends Windows, because the data sent to the server Microsoft, encrypted and sent through the protocol HTTPS.