When looking into performance on a virtualized workload, one of the most important statistics to watch is CPU Ready Time.
What is CPU Ready Time, you ask?
Well, CPU Ready Time is the amount of time that a vCPU is waiting for a time slot on a physical CPU core. In other words, if you are seeing a high CPU Ready Time, that means that your host is having a high amount of CPU contention and may be over subscribed.
There is a great VMware KB Article that explains how to calculate CPU Ready % from the CPU Ready summation values that you find on the performance tab in the vClient:
Converting between CPU summation and CPU % ready values
Sizing VM’s appropriately is very important. Just because you have a physical server that has 8 cores does not necessarily mean that its VM counterpart needs to have as many vCPUs. The best approach is to start small and grow as needed. A VM that is oversized can actually perform worse than one that is undersized.
We all know that VMware NSX brings L2–L4 network services up into the logical space, things like Layer 2 switching, distributed layer 3 routing, and distributed firewalling can all now be processed within the hypervisor.
Yeah so? That is so 2013.
What is 2014 going to bring?
What else did NSX enable that is not as broadly spoken about? Network visibility for the hypervisor.
Once you have lifted your network up into the logical space (software) you then have end to end visibility into the logical traffic flows. When DRS is given insight into these flows it can then be able to use that information (in addition to traditional compute level information) to more intelligently place VM’s in the environment. Enter Network DRS. A very simplistic scenario of this would be if you have 2 VM’s that are on separate hosts and those VM’s are generating a significant amount of traffic between each other. Since DRS would now have insight into the logical network traffic flows it would detect this and migrate one of the VM’s onto the same host as the other. Now, instead of having the network traffic go out onto the physical wire, it would be moving between the two VM’s at bus speed.
This is just one very brief example of the exciting things that NSX enables. VMware very briefly mentioned this as a technology preview at VMworld 2013. I, for one, am very excited to see what progress has been made to bring this to a generally available reality.
After spending the last week in training, I was doing some research on memory management in ESXi. In doing so, I ran across one of the most amazingly clear depictions of memory flow from the inside of ESXi:
If you want to get it in PDF format, there is a downloadable version available on the VMware KB article:
VMware vSphere 5 Memory Management and Monitoring
If you have never had the “Oh So Wonderful” fun involved with replacing and/or updating SSL certificates within your VMware infrastructures, you should consider yourself fortunate. For those of us who have, VMware has delivered a tool to save our sanity. Enter vCenter Certificate Automation Tool. According to VMware, the main two purposes for the tool is:
- Certificate Signing Request generation and Certificate update – Helps with certificate deployment and trust update. Note that the tool does not generate custom certificates for you. You are expected to generate these certificates offline following the instructions in this document.
- Update Steps Planner – Allows you to plan the sequence of certificate updates for the components. This prevents errors in the process that might otherwise occur.
Per VMware, in order utilize the tool you must be able to meet all of the following requirements:
- Administrative privileges on the server(s) on which you are running the tool. Although non-administrator users can download and launch the tool, all operations fail without the proper permissions.
- Access to each server that has vSphere components for which the SSL certificate should be updated.
- All vCenter Server components for which the certificates are to be updated are already installed and running.
- The new certificates and private keys already exist and you know the location of the new certificates. For increased security, generate each certificate and private key on the machine where it will be used.
To get all of the complete details be sure to check out the VMware KB articles below:
Deploying and Using the SSL Certificate Automation Tool 5.5
Generating certificates for use with the VMware SSL Certificate Automation Tool