July, 2011 | Aidan Finn, IT Pro

Hyper-V & System Center Business is Booming & Lots of Service Providers are Missing It!

Ever wonder what happened to those people that stuck to their horses (quite literally) in the early 1890’s and refused to admit that the automobile was replacing their horse & cart construction biz?

I am getting LOTS of emails from businesses from around the world who are looking for Hyper-V consulting. I’m not really in that business so I cannot help – I work in the “channel” now, working with those companies that do the actual implementation work.

This surge in interest and emails to me had me thinking overnight … there must be a real shortage of quality in Hyper-V/System Center expertise around the world. The demand is out there, boosted by certain announcements last week, and it seems like some folks want to stick to making carriages while their customers are looking for some V6 goodness. The customer wants what they want, so they’ll go looking for it, and the local carpenter goes without work.

One of the things that many of these consulting companies miss out on is the potential of a Hyper-V sale. They make the mistake of comparing it to a VMware sale. If you sell VMware virtualisation, you go in, install it, do some P2V, leave and maybe come back in 2-3 years to get a license renewal. If you sell Hyper-V + System Center Management Suite (often the most economic way to buy/sell SysCtr) then the customer has rights to all of System Center across all of their VMs. You might implement VMM, DPM and some of OpsMgr initially. But after that, you can easily go back to the customer to talk about future possibilities, and find yourself involved in every IT project that happens in that site, even if it is outside of your core skills, e.g. you implemented backup/monitoring and they hire someone else to do CRM and needs … backup/monitoring! Or you install ConfigMgr for the servers, and now can expand it to the desktops, then add on Forefront Endpoint Protection services, and then find yourself doing moer and more higher value security work for that client.

If you are a consulting practice, what do you make your best margin on?

Hardware? You’re lucky to make between 9-13% in this competitive environment.
Software? Hah! If you sell 4 VMware hosts at $40K you might make $4000 in margin? Maybe VMware will throw you a bone in a finders fee? And then that’s the end of your consulting for that virtualisation-only deal with the customer. You’ve also blown that customer’s budget for the year. Whoops!
Services? Ah here we go! This is where you are making between $1,000 and $1,800 (if not more) per day from the customer for each person-day on their site – with very large margins. Take that $40K of VMware sales, and call it around $26K in System Center sales (I’ve already shown in the last few days that Hyper-V is free). After the virtualisation project, you’ve left the customer with $14K more in their budget (versus the VMware job). And you’ve left them with licensing for System Center. What do sales people like? They love having reasons to talk to their customer – and now they do because the customer has licensing and budget to deal with technology and business issues and you can target that $14K with services.

If you find yourself being that carpenter, and what to be the money making Hyper-V/System consulting practice then here’s a few ideas:

No business has ever made a cent without investment. Despite what you may think, you cannot become an expert in virtualisation and systems management overnight based on some experience with 1980’s email technology. Your staff have to be given the time and the budget to learn. You cannot get anywhere without this real business investment.
Anyone fighting the business plan needs to be dealt with. It’s fine to speak about a strategy out of one side of your mouth, it’s another to actually do what’s required.
Sales & marketing staff must be trained. They are not too busy. Are you more concerned about selling horse carts in the next few weeks or having a sustainable business over the next 5+ years?
You cannot expect all consultants to become all things to all people. Divide them up and train each person on 1 or two things. For example, person A might learn Hyper-V and DPM. Person B might learn DPM and VMM. Person C might learn VMM and OpsMgr. Person D might learn OpsMgr and Hyper-V. You’ve spread the skills, allowing everyone time to learn, and given coverage to products in case someone is unavailable. Let them develop those skills on courses, in labs, and in certifications.
You will need to hire in skills. Someone has to have an overall view of the technologies.
Start the path of obtaining virtualisation and systems management competencies through the Microsoft Partner Network. This requires effort from consultants and Sales. You will not get a competency overnight – you do need past experience with customer satisfaction surveys.
Sales and marketing need to promote the service. The work is out there, but sales do not normally come knocking on your door. Here’s where you need to stretch. You may have a core market that you’ve sold to up to now, but the fact that they’ve been happy buying ancient crap from you up to now should tell you something. Find a new customer base. That requires some of that investment and buy-in from the relevant sales/marketing staff.
You may have to start small to prove yourself and develop a reputation. You may have to challenge old decision making rules. You may need to reach out to new strategic business partners to add expertise that is outside of your core business.

My inbox proves the work is out there. The ability to penetrate a customer site with virtualisation, and then expand into systems management and security beyond virtualisation seems like an obvious benefit of doing Hyper-V based services. By selling Hyper-V/System Center versus the alternative, you also are changing how the customer spends their budget with you: instead of selling lots of low margin software, you are selling less low margin software and more high value services. Finally: you’ll also have a business.

Mastering Lync Server 2010 – Available for Pre-Order

I am not the person to approach if you have questions on Exchange Server or Lync Server. But Nathan Winters is. Nathan was an Exchange MVP until he “went blue” (had his firmware changed [some say upgraded] by Redmond) and has been doing large deployments of Exchange and OCS for years in the UK. And it is good news for those wanting to learn Lync Server 2010 that Nathan is currently slaving away on writing Mastering Lync Server 2010 – in fact I believe the writing phase is nearly over and RTM will be before the end of the year (if not much sooner). Both authors (and the tech reviewer too AFAIK) are insiders and you can be sure that this read will be as accurate and informative as it can get. And who knows – the Core CAL Suite will include Lync licensing from August 2011 which makes this communications tool, that can eliminate travel and make home working possible, even more economic.

Technorati Tags: Books

Common Windows VM Virtualisation Licensing Mistakes

I am not a licensing expert (and hence my lawyer says you should consult a real one for your requirements), but I do work with a team of them, and every day I learn something. Over the past few months, I’ve had a lot of conversations about virtualisation (XenServer, Hyper-V, and VMware) and licensing with various users/implementers of the technology. And I’m finding that two mistakes are being commonly made … and putting those organisations into an illegal situation.

Let’s get to the first one … and it’s one that is common in VMware houses and in organisations that have P2V’d.

Using Windows Server Standard Edition to License Migrating VMs on a Virtual Cluster

I am assuming that you already know that you cannot legally reuse a P2V’d OEM license because that license is tied to the tin it was originally installed on or bought with. That’s why it was so cheap.

A lot of organisations are licensing their virtual machines with Windows Server Standard, one at a time. It’s fine to install that edition of Windows Server on a VM. And there is no issue with using it … as long as that virtual machine does not move from physical host to physical host more than once every 90 days. I also believe that there is a geographic distance limitation on legally moving that VM (and that one depends on what region you are in AFAIK). In other words, if you build a virtualised cluster and are VMotion-ing or Live Migrating VMs (each licensed with individual copies of Windows Server Standard) around (manually, PRO, DRS) more than once every 90 days then you are breaking the licensing rules of Windows Server Standard edition and are subject to punishment.

A really common instance of this mistake is a VMware house. They don’t realise or haven’t been educated by their VMware reseller/implementer about correct (and cheaper in dense environments!) Windows licensing in a virtualised environment. The implementer either mistakenly sees it as irrelevant in VMware-world or is just plain uneducated.

Here’s the truth: ever since 2004 or 2005 (I can’t remember when and am too lazy to google it) we can license Windows as follows in a virtualised environment:

Windows Server Standard: Assign 1 license to the host (which may be used for Hyper-V or not used for Xen or VMware) and get 1 free license for a VM on that host.
Windows Server Enterprise: Assign 1 license to the host (same as Standard) and get up to 4 free licenses (with downgrade rights) for VMs on that host.
Windows Server Datacenter: Assign 2 (minimum) per proc (socket, not core) licenses to the host and get unlimited free licenses (with downgrade rights) for VMs on that host.

It feels silly that I’m rehashing this. This should be common knowledge, just like that you need to insert a power cable in a computer to start it up. But it just does not seem all that common.

Have you made this “licensing with individual copies of Windows Server Standard” mistake? Think you’ll get away with it? Hah! Your Microsoft reseller has records, their distributor(s) have records, and Microsoft has records. And those records get looked at every quarter or half year. It’s easy to see who has what, and these days it is assumed that virtualisation is being used. For example, if one looks at a customer’s records and I see 40 copies of Windows Server Standard, they may assume that Windows Server Standard has been deployed on a reasonably sized virtualisation farm and that DRS/VMotion/Live Migration is enabled. That customer is possibly illegally using those licenses and their name is added to the audit list of someone like the Business Software Alliance (BSA).

Under Licensing a Virtualisation Cluster with Windows Server Enterprise

This one is common in small/medium companies. A customer wants/deploys a virtualisation cluster (Xen, VMware or Hyper-V) with two hosts and between 5-8 virtual machines. The virtualisation cluster will be active-active and virtual machines will be balanced across both hosts.

Each host is licensed with Windows Server Enterprise edition. That provides up to 4 free copies of Windows Server for VMs running on those hosts. Sweet; everything is licensed pretty economically because it works out cheaper than buying lots of copies of Standard edition, even if using XenServer or VMware for the hosts. It’s an active-active cluster. So from time to time VMs might move around for performance load balancing (DRS or PRO). That might mean there could be 5 VMs on one host and 3 on the other. Or there could be a host failure/maintenance window and that would mean host A could have 8 VMs and host B would have 0.

Remember that Windows Server Enterprise gives you up to 4 free licenses for VMs on that host the license is assigned to. In this case, 1 license is assigned to Host A and 1 license is assigned to host B. This customer is now illegally licensed because they have 8 VMs on Host A running Windows Server, but are only covered for 4. It doesn’t matter if it’s a temporary thing. It is illegal. And this is quite common.

The correct way to license this is to either:

Purchase 2 copies of Windows Server Enterprise for each host allowing up to 8 VMs per host for those DRS/PRO/failover situations. Remember that each host will be legally limited to a maximum 8 VMs now, even in emergencies.
Purchase Windows Server Datacenter per processor (min 2 per host) per host allowing unlimited VMs per host, thus making it the most flexible option.

Summary

You need to understand how Standard/Enterprise/Datacenter licensing works in virtualisation, just like you need to know that you have to buy a copy of Office for every one you install. Fro each deployment, you need to understand:

a) Will there be VMotion/Live Migration/DRS/Dynamic Optimization/Power Optimisation or whatever where the VMs will move around more than once every 90 days?

b) If you license VMs at the host level with Enterprise, will the number of VMs ever exceed the licensed number for that host, even if just for a very short period of time?

If you are at all confused, then call a real licensing expert, and not just your virtualisation reseller/implementer.

I know VMware marketing are reading this blog and try to misquote it or make smart comments here from time to time. Everything here applies to the legal licensing of VMs, no matter what virtualisation is used. In fact, license your host with Enterprise or Datacenter (and getting licensing for your VMs) and a fully featured Hyper-V is just a tick box and 2 reboots away, saving you on that ever icreasing vTax. So take that, stuff it in your pipe, and smoke it

Technorati Tags: Virtualisation,Licensing

Deploy Office 2010 via ConfigMgr 2007

Yesterday I wrapped up the deployment and proof-of-concept of deploying Office 2010 with SP1 via System Center Configuration Manager 2007 R3. It was a nice one: branch distribution points, client deployment in a mature XP network, etc.

Here’s a rough idea of what I did:

Install a site server in the central site. Local SQL installation to make backup/recovery more manageable via the ConfigMgr backup task. Boundaries were defined (the IP subnets in the ConfigMgr site). Enable auto discovery from AD every hour. Small network (by ConfigMgr standards) and it’s good to get changes frequently if using groups for collections.
Deployed branch distribution point in the local site. I set the sample one up as a protected BDP. This associates the subnets of the branch office with the BDP, restricting access to clients in that site.
Deployed some ConfigMgr clients to test machines by hand. I did not enable client push installation (proof of concept).
Packaged Office 2010 using setup /admin. Note I used SETUP_REBOOT in the setup properties (Office Customization Tool) and set it to Never. This prevents Office 2010 setup from rebooting the machine if previous versions of Office are running during setup. If this situation occurs, Office 2010 setup would reboot the PC with no notice to the user – bad! Instead, I’ configured the package program to let ConfigMgr reboot the PC (no matter what – probably not a bad thing anyway).
Slipstreamed Office 2010 Service Pack 1 into the package.
Distributed the package to the Site Server’s distribution point and to the BDP. Force the BDP to download the package by running the BDP maintenance task in the BDP server’s Configuration Manager client (Control Panel).
Setup up a proof of concept collection.
Advertised the package setup program to the collection. Forced policy refresh on the test machines by running the machine policy refresh in the ConfigMgr client (Control Panel).
Sat back and watched the goodness.

For production deployment:

We wanted to restrict client deployment impact on the network. I copied the client setup files into SYSVOL and created a .bat script to run CCMSETUP with the flag to define the site name. That would copy the ConfigMgr client setup files to DCs in every site. I setup a GPO to run a startup script that would execute this .bat file. That GPO could be linked to appropriate objects in AD to force setup of the client on machines. They’d install from the local SYSVOL and eliminate any WAN impact. Eventually, the GPO can be removed/unlinked, and client push installation can be enabled, thus hitting those last few machines that haven’t rebooted (to get the startup script to run) or any new machines that are added to the domain. I also find that this scripted solution tends to get me better results in a mature XP network.
Office 2010 is to be deployed 1 site at a time. The AD sites/OUs don’t match the physical sites (not all that unusual) so I setup a collection definition where: (system role = workstation AND (network configuration IP address = 192.168.1.% OR network configuration IP address = 192.168.2.%). This will include all XP (or later) PCs on the site’s subnets in the collection, and exclude server machines.

From there, a new advertisement can be created to run the Office 2010 SP1 install at a pre-scheduled time. ConfigMgr reports can be monitored to see which exceptions (problems) need to be dealt with. The clients in the site will install from the local BDP.

For following sites, one at a time:

Add the branch office subnets to the ConfigMgr site boundaries.
Install a BDP and protect it with the site’s subnets from the boundaries list.
Distribute the Office 2010 package to the BDP.
Create a new collection specifying the subnets with the % wildcard.
Advertise the Office 2010 package program.

For something like this, you need to test, test, test. You cannot test enough. Sounds like a lot of work, but your up front time investment saves a bunch of time and money on the back end, versus a manual install to hundreds or thousands of PCs. This works out being not so bad if you license intelligently too: ConfigMgr + SQL combined with a (desktop) Core CAL Suite (includes a bunch of CALs and a ConfigMgr management license). And after that, you have a fine solution in ConfigMgr to manage the entire life cycle of the PCs you manage:

Zero touch OS image deployment
Software deployment
Patching (MSFT and third party)
Desired configuration management (2012 adds auto rectify)
Software/hardware auditing
License auditing/usage measurement
Power monitoring/policy enforcement (saving money!)
2012 also adds “user centric computing” and Android/iOS device management
Reporting on more than you could dream of … all the way to identifying those machines that you need to replace.
And Dell/HP are fully invested in it as a solution, recognising the power it adds for their customers.

Jeez, I’ve totally gone over to the dark side of sales Smile Despite that, I love ConfigMgr; it allows me to play out my megalomania fantasies, even if they are limited to absolutely everything in the AD forest that I can get a ConfigMgr client onto.

Technorati Tags: ConfigMgr,System Center,Office

First Official Showing of Windows Server “8” Hyper-V

Odds are you’ve already read about this on Ben Armstrong’s blog (I’ve been engaged on an intense deployment project with little time to keep the blog up to date), but it’s worth me posting just in case. Microsoft showed off Windows Server 8 (2012? MSFT have a thing against the number 13 so I doubt it will be Windows Server 2013) for the first time and featured Hyper-V. Hyper-V Replica was on show, allowing a VM to be replicated to another (possibly remote) Hyper-V host.

The video is online and you can jump to around the 37 minute mark to start hearing about Windows 8.

It seems we have two authentication methods for the replication:

HTTP aka Windows authentication: Probably for hosts inside the same forest.
HTTPS aka certificates: Maybe for hosts in different forests? Could be great for replicating to a “public cloud”? Pure guessing.

File this under “we’ll learn more at/after the Build Conference in September”.

An interesting screen shot is this one:

Cool: we can optionally keep a history of replicas! Maybe a VM’s OS or application corrupts in site A but we can restore a previous version in site B before the corruption started? And it appears to allow us to use VSS to take snaps every X hours to get consistent replicas. That’s critical for things like Exchange or SQL Server.

A big challenge for replication is getting that first big block of data over the WAN. MSFT has thought of that, as you can see below. We can schedule it for out of hours, export to removable media and import on the destination host, or use backup/restore (apparently).

This is just a simple wizard to get something complex (under the hood) to work. And it’s software based so it should work with any Hyper-V supported hardware.

This was a very early build on show at WPC11 so things are subject to change. We’ll learn more, I guess, at/after the Build conference. Until then, everything is speculation so don’t plan your deployments until at least the RC release next year!

Jeff Woolsey says in the video that this will be an alternative to those very expensive hardware replication mechanisms that are the only option right now. Yup. Also an alternative to the vTax alternative by VMware because Hyper-V Replica will be a built-in feature at no extra cost.

Technorati Tags: Hyper-V,Windows 8,Virtualisation,DR

70-681 (Windows 7/Office 2010 Deployment) Exam Preparation

I’ve been asked several times during the last week about how to prepare for 70-681, the exam on deploying Windows 7 and Office 2010, so I thought it was worthy of a blog post. The issue is that there is no guidance from Microsoft on how to prepare for it in terms of materials. And that is because it pulls in information from all over the place. Think about it; Windows 7 deployment can include:

MAP
ACT
WAIK/ImageX
WDS
MDT
ConfigMgr OSD/Zero Touch

That’s 6 different products. By the way, we cover all that in Mastering Windows 7 Deployment. And that’s just Windows. This exam also covers Office 2010. They typically go hand in hand, which is why the exam includes both topics. And this certification will be mandatory from May 2012 for the Microsoft partner Desktop competency (new and renewing partners).

If you want blogs/websites to read for preparation then check out:

From time to time, Microsoft is known to run classes for partners on training. Your registered partner contacts in your company should be getting email announcements from the local MSFT partner team with any such information. These courses are usually anywhere from free to very economic. This is just a starting point to get the attendees on the ladder. A course cannot be a complete exam prep. And folks like Rhonda Layfield (USA) and Johan Arwidmark (in Europe but also USA) are known to run their own deployment training classes which can be attended by the public (for a fee).

In the end, most of the OS deployment stuff centres on a few things like WinPE, WSIM, SysPrep, and drivers. I did the Vista/O2007 exam and Office deployment questions asked about evaluation/migration stuff. To be honest, nothing prepares you for this exam like doing a lot of work in a lab. That’s where your MSDN/TechNet licensing and a virtualisation host come in really handy. You can get a little prep work done also in the TechNet Labs for Windows 7.

Technorati Tags: Deployment,Windows 7,Office,System Center,ACT,MAP,MDT,ConfigMgr,WDS,WAIK

System Center Operations Manager 2012 Beta

OpsMgr/SCOM 2012 beta has been launched. It will …

“… help you manage your data centre and cloud environments by:

Delivering flexible and cost effective enterprise-class monitoring and diagnostics while reducing the total cost of ownership by leveraging commodity hardware, with standard configurations to monitor heterogeneous environments.
Helping to ensure the availability of business-critical applications and services through market-leading .NET application performance monitoring and diagnostics plus JEE application health monitoring.
Providing a comprehensive view of data centres, and private and public clouds.

Feature Summary

Predictable performance and availability of critical applications
- End-to-end views of application health and topology
- Establishment of application service-level delivery (SLAs)
- Precise identification of application errors
Flexible and cost-effective infrastructure monitoring

In-depth monitoring, diagnostics, and reporting for heterogeneous environments
Integrated network device monitoring and alerts
Simplified management infrastructure

Comprehensive monitoring for your data centre and cloud—on your terms

Integrated physical, virtual, and cloud management
Common console across data centre and clouds
Rich reporting”

The things that look most interesting to me from the TechNet videos that I’ve watched are the more fault tolerant/simplified management server groups, and built-in network monitoring. The second product I ever worked with in my career was a networking product that my then employer started to sell (but stopped soon after we started training sales people). OpsMgr appears to work similarly: feed in a bunch of network device credentials, point it at one “seed” device, and let OpsMgr discover the rest of the network from there based on what it finds. And after that you have port and protocol level fault and performance monitoring. I guess we’ll find out more once we get the beta installed.

Technorati Tags: Operations Manager,System Center

More on the VMware Fiasco

Thanks to Kristian Nese for the tweet/heads up. There’s a thread on VMware’s forums that is currently at 49 pages of VMware customers ranting about the eventual huge price increase.

I did have someone criticise my pricing of VMware in my last post on the subject. I chose 4 copies of vSphere 5 Enterprise Plus to license a 2 CPU server with 192 GB RAM, costing $13,980 to license your virtualisation for that hardware. The criticism was that I should have used 8 copies of vSphere 5 Standard instead. That’s kind of tough to do. Microsoft and VMware mix and match features differently. For example DRS. VMware put it in their vSphere package. Hyper-V does not have DRS but SCVMM 2012 provides it under a different name. You’ll also find the same is true of Distributed Power Management. My previous comparison included System Center Management Suite, which by the way provides upgrade rights (like a built-in software assurance). vSphere 5 Standard does not include DRS or Distributed Power Management.

Many VMware folks fail to remember that ESXi = Hyper-V, vSphere = Hyper-V + System Center (but the MSFT option is cheaper to buy and own). Hyper-V + System Center is much more than vSphere Standard.

Anyway, to keep people happy … a copy of vSphere Standard costs $995:

Product	Microsoft	VMware	Comment
Virtualisation	Free	8 * vSphere 5 Standard Plus $7,960	Hyper-V is included in Windows licensing so it’s free. The Microsoft option is already $7,960 ahead.
Windows for unlimited VMs	2 * Windows Server DC $5,998	2 * Windows Server DC $5,998	This applies to anyone on any virtualisation platform.
Monitoring	System Center Management Suite DC $5,240	vCenter Operations (25 VM pack) * 2 $7,564	Not a good comparison: MSFT option includes licensing to use all of Microsoft’s System Center products and it’s still around 1/3 cheaper!
Total	$11,238	$21,522	Now the MSFT option is only 52% of the cost of the VMware option, but thanks to System Center 2012, MSFT has some of those “critical” virtualisation features like power optimisation and DRS not in this vSphere 5 option.

To be fair, one could monitor that VMware server and it’s VMs using System Center Operations Manager. Given the density, a SMSD license (as in the VMware option) could be used to limit costs. However, a 3rd party management pack from Veeam (which looks excellent) or Quest (which I have not seen) would have to be purchased to enable VMware virtualisation monitoring. Then you could dump vCenter Operations. I reckon that would cost around $6,200 (including 3rd party management pack), saving around $1,300 from the VMware column.

I got a very interesting email overnight. The author (thanks by the way) said:

Renata Budko, vp marketing at HyTrust: “With vSphere 5.0 new licensing model, VMware is trying to capture a larger portion of the value, particularly from the customers who are reaping the benefits of virtualization with aggressive consolidation ratios of 10:1 or higher. The new model will put more emphasis on right-sizing the virtual machines and just in time provisioning.”

So here’s the message:

VMware are doing you a favour by increasing the cost of virtualisation. It reinforces the value of their product. I’m filing that under "Things that make you go hmmm”.
VMware are helping you “right-size” your virtualisation hosts by punishing you for “over speccing” your hosts. That’s so generous of them! I’m sure the plan wasn’t to hurt your budget and improve their bottom line. Not at all.

I’ve also read/heard that VMware aren’t concerned about their customers switching to Hyper-V. Maybe they should read that 49 page thread. I talked to a few people over the last few days in the VMware market and it sure got them concerned.

Let me finish by saying (again) that VMware do make a great virtualisation product. I just happen to believe that’s where they stop being great. Saying you have superior management is easy. But when your alleged superiority is a virtualisation layer product and a 1990’s style framework of recently acquired products then you’re really stretching it.

Businesses don’t care all that much about virtualisation. They care about line of business applications that enable operations and profit generation. That’s why we have all this talk about cloud and consumerisation of IT. Some little strip of software is of little interest to a CIO/CEO. But managing that CRM or web sales application, ensuring SLA, rapid provision and flexibility are. And it’s that layer that Microsoft has everyone beat. And that’s why I got into Hyper-V back in 2008.

Technorati Tags: Hyper-V,VMware,System Center,Virtualisation

Finished Reading Zero Day by Mark Russinovich

One of the nice things about not having constant deadlines is that I can “chillax”. I’ve been getting a lot of reading done on my Kindle/iPad combination. And the latest book I’ve read is Zero Day, the debut novel by famous Windows insider guru Mark Russinovich.

The book centres around an independent IT security consultant who stumbles on a worldwide IT security threat, and then goes on from there. I normally cannot stand any form of entertainment that features IT. There are usually so many holes in the technology that is the centre of the plot that I focus on those rather than on the story. Not so here, as you would expect. The IT stuff appears accurate to me, and technical terms like a rootkit are dealt with at a high enough level that your granny will know all about them when she finishes the book.

The story is OK. I think it was missing a little something, a hook, … I dunno, I’m no novelist! It’s just that I finished it and was left wanting something more from it. But that’s just my opinion; lots of others have loved it and Mark Russinovich broke the news yesterday that a publisher has agreed to publish a follow up.

Where the book scores points is that it gets across that businesses are failing to get the most basic IT security practices right. Things like patching and antivirus still are not being done. And that probably goes back to an old soapbox rant of mine: many decision makers don’t value IT, and therefore don’t understand how it can benefit a business if dealt with strategically or put it at the risk of complete destruction if the right staff aren’t hired and best practices aren’t implemented. So if you are in IT and want a Secret Santa gift for the CIO/CEO, give them a copy of Zero Day Smile

I’m now reading Daemon by Daniel Suarez. I’m just a short way into it but it’s started out well. Leo Laporte and Steve Gibson both recommended it on the TWiT security podcast a few weeks ago. I’ll blame them if it sucks Winking smile

Technorati Tags: Books,Security

New VMware Licensing – Really? Are they Mental or What?

You may just have noticed a slight pro-Hyper-V bias to this blog Smile Yeah, I prefer it because I think it does what I need and there is more focus from Microsoft on what the business cares about: business applications. But from time to time I’ve said that VMware have an excellent server virtualisation product. Recently I’ve been heard to say that I think VMware got a huge leap on Microsoft by virtually stealing the term Private Cloud in their marketing efforts. A few of us geeks know what Microsoft are up to. VMware have been doing huge road shows to reach a much wider audience to say “we are the private, public, and hybrid cloud”. That might be about to change.

VMware announced their new pricing structure. It is moving away from a predictable per host model to a model that charges for processors and assigned memory.

SKU	vRAM entitlement
vSphere 5 Essentials Kit	24 GB
vSphere 5 Essentials Plus Kit	24 GB
vSphere 5 Standard	24 GB
vSphere 5 Enterprise	32 GB
vSphere 5 Enterprise Plus	48 GB

By the way, ESXi 5 (the free one) entitles you to a not-so-massive 8GB of RAM. An example is a typical DL380 or R710 host with 2 CPUs and 196 GB RAM. To license it you will need 4 * vSphere 5 Enterprise Plus licenses. They cost $3,495 retail each. So virtualisation (only) on that host will cost $13,980

Rather confusingly, cloud deployments have a different licensing model for vCloud Director, etc. They are sold on a VM-bundle basis. vCloud Director costs $3,750 for 25 VMs. Not cheap, not at all! vOperations is more money and the much ballyhooed SRM is seriously mad money.

VMware customers are expressing their dissatisfaction all over the net. Many are reporting that this vTax (as Microsoft cleverly calls it) is going to increase their virtualisation costs significantly. And don’t forget, this gives you your virtualisation licensing and nothing else.

Let’s saunter over to the Microsoft alternative. If you license your Windows VMs correctly (on any virtualisation platform) then you’re probably licensing per host, using DataCenter edition. That licenses all the host (if required) and unlimited number of VMs on that host. The retail (and no one pays retail!) price is $2,999. That DL380 or R710 will be licensed for unlimited Windows Server VMs for $5,998.

By the way, you can install that Windows Server Datacenter on the host (you’re entitled to) and enable Hyper-V instead of ESXi. All of the features of Hyper-V are included at no hidden or extra cost. Clustering, Live Migration, Dynamic Memory are all there. Hyper-V Replica is on the way in Windows Server 8 (announced this week at WPC) to replicate VM workloads from host to host, site to site. No need for VMware.

But aren’t VMware the private cloud? Bollox! If you want private cloud then look at the service (the business application) centric System Center Virtual Machine Manager 2012. You can get that as part of a bundle from Microsoft called the System Center Management Suite. You can license a 2 CPU host (and all VMs and applications on that host) for all of Microsoft’s systems management products for $5,240 (retail). That’s private cloud, virtualisation management, enterprise monitoring, service/helpdesk management, backup, configuration management, and runbook automation. In other words, you can manage the entire service stack – the stuff that the business cares about.

Let’s compare the two vendors on a single 2U server with 2 CPUs and 196 GB RAM (my hardware sweet spot by the way). We’ll also assume that there are 50 VMs on this host:

Product	Microsoft	VMware	Comments
Virtualisation	Free	4 * vSphere 5 Enterprise Plus $13,980	Hyper-V is included in Windows licensing so it’s free. The Microsoft option is already $13,980 ahead.
Windows for Unlimited VMs	2 * Windows Server DC $5,998	2 * Windows Server DC $5,998
Monitoring	System Center Management Suite DC $5,240	vCenter Operations (25 VM pack) * 2 $7,564	Not a good comparison: MSFT option includes licensing to use all of Microsoft’s System Center products and it’s still around 1/3 cheaper!
Total	$11,238	$27,542	MSFT is $16,304 (59%) cheaper, doesn’t limit your RAM assignment to VMs, and includes all of their management products.

What is a private cloud? It’s a mechanism where end users will freely deploy VMs as and when they need them, with no restrictions placed on them by IT. We can measure and optionally cross-charge. But do we really want to get into the whole “we can’t use that much RAM because it’ll add another $4K tax on our virtualisation. Sorry the business will need to do without!”. Not good.

If I’m a customer, I have to seriously revisit the Microsoft option. It’s 59% cheaper, does way more across the entire application stack, and the focus is on the business application in the private cloud, not on the irrelevant (yeah I said it) hypervisor layer that can probably fit on a tiny disk. And with all those cash savings, I can refocus my budget on taking advantage of all those management systems.

If’ I’m a consulting company, I look at what I make margin on. You’re lucky to make 10% margin on software. Services are where the money really is. If you’re selling VMware to your customer then you’re getting them to spend 59% more on software that you’ll make 10% margin on. If you sold the MSFT alternative then you know that customer has 59% extra budget that can be spent on services. They’ll have all that System Center licensing goodness that you can revisit to deploy and engineer. That’s 70%+ margin on human effort. What sounds better and more profitable? And you know what: more of your competition are taking advantage of this. Why aren’t you?

Technorati Tags: VMware,Hyper-V,Private Cloud,Virtualisation,System Center