VMware Advantages whitepaper EXPOSED ( Part 1 )

VMware has just released a white paper titled “why choose VMware for server virtualization” with detailed comparison between VMware Vsphere 5.1, windows server 2012 hyper-v and Citrix Xen server 6. The white paper is available here https://www.vmware.com/files/pdf/vmware_advantage.pdf

Microsoft has previously published a very similar white paper previously titled “competitive advantage of windows server 2012 hyper-v over VMware Vsphere 5.1”. The white paper is available here https://download.microsoft.com/download/E/8/E/E8ECBD78-F07A-4A6F-9401-AA1760ED6985/Competitive-Advantages-of-Windows-Server-Hyper-V-over-VMware-vSphere.pdf

A lot of the information in VMware white paper is misleading, especially that it is comparing against the capabilities of windows server 2012 without the muscle power of system center suite, which completes Microsoft virtualization and cloud solution.

I encourage you to read both white papers to have an overview of the visions and virtualization capabilities of both solutions.

I am going to run through the comparison tables in the VMware white paper point by point and explain my personal opinion on each point commenting on both Microsoft and VMware, I am not going to commend about Citrix Xen server.

The information below represents my personal view and analysis and does not represent Microsoft’s opinion

Table 1. Comparison of Key Hypervisor and Security Features among Virtualization Platforms

clip_image002

1- Scalability: windows server 2012 hyper-v is far more scalable than Vsphere 5.1, I tried to sum up some of the important scalability number is the below table

Point of comparison

Windows server 2012 Hyper-v

VMware Vsphere Ent plus 5.1

Active virtual machines per host

1,024

512

Maximum virtual disk size

64 TB

2 TB

Maximum nodes per cluster

64

32

Maximum VMs per cluster

8000

3000

To make a fair comparison, from numbers perspective both platforms are very scalable to handle current business critical applications with the exception of VMware 2TB virtual disk limitation which can be a limitation in the near future.

Although the white paper doesn’t show a red mark at Microsoft's side, but now I am wondering why there is even a right check mark on VMware side :)

2- Purpose-build hypervisor

VMware claims that hyper-v relies on windows OS. Hyper-v is a role component of windows server , the moment you enable hyper-v on a windows box you will be asked to restart multiple times , during these restarts the system architecturally changes where the hypervisor is slid between the hardware and the windows OS which is referred to as the parent partition after you enable hyper-v. The parent partition seamlessly integrates with guest operating systems (VMS) to provide high-performance enlightened I/O for storage, networking, graphics, and input subsystems from VM through to hardware via a high-speed in-memory VMBus.  This microkernelized Hyper-V architecture enables the highest performance for mission-critical workloads running on a bare-metal hypervisor. In fact designing hyper-v as a role in windows server added a lot of enhancement to the overall solution where hyper-v can benefit from windows server 2012 features like Power Shell, de-duplication, storage spaces enhancement with server 2012 and SMB v 3.0 which allows you to store virtual machines on a file share. So I don’t see any deficiently in enhancing hyper-v capabilities with the already robust and feature rich windows server platform and changing the architecture of the system when hyper-v is enabled to a bare-metal hyper-visor technology.

3- Simplified patching

The document is mentioning that Microsoft is having unrelated patching, meaning updates that are not related directly to hyper-v. This can be eliminated by using hyper-v server 2012 edition, which doesn’t include all of the other windows components in the parent partition but only binaries for hyper-v, so you wouldn’t get updates for printer drivers and PowerShell for example, but you’d only get updates that are directly related to hyper-v.

System center manages patches and updates across physical hosts, virtual machines and client desktops, now extending the capabilities to UNIX, Linux and Mac OS X  devices with SP1 release, also allowing extra capabilities like using distribution points hosted on windows azure (public cloud) which makes a lot of sense to desktop users always out of office.  VMware is a company that is only offering solutions related to virtualization, so Microsoft extending their patching system beyond that might not make sense to them, but it would certainly make sense to customers demanding a solid single patching solution for their virtual, physical and desktop environments.

4- Advanced memory management

Microsoft uses dynamic memory to enhance memory utilization by dynamically adjusting the amount of memory available to virtual machines in response to changes in the workloads. The benefits of Dynamic Memory include higher virtual machine consolidation ratios and increased flexibility. VMware indeed uses a lot of techniques for memory improvements, but some of them really brings no value to the applications running.

Let’s for instance discuss, VMware Transparent page sharing: so how does TPS work? if you are running multiple VMs on the same server, the hypervisor would scan the Rams drop out duplicates from all the VMs and uses references to only one copy, think of it as storage de-duplication but for memory so if you have multiple VMS running the same OS there is a very high chance of finding duplicate areas in memory, sounds like a cool technology, right?. Now, the amount of RAM in VMs has increased dramatically since this technology came out. Memory was arranged in pages that were 4KB in size, the hypervisor would scan RAM, drop out duplicates, and track them very simple and neat. Nowadays, for several performance reasons, memory is arranged in much larger pages like 2MB. The chances of finding identical blocks of memory that are 2MB in size is very very low that the computing costs of doing that would cancel out any benefits from finding them so it became a computing overhead and not a benefit for performance. Because having large quantities of RAM is the norm and is not going away, Microsoft chose not to implement transparent page sharing which would end up as a computing overhead. Moreover technologies like ASLR (address space layout randomization) really leave minimum benefit of transparent page sharing.

5- Small attack surface area

The disk foot print should not be considered as performance measure or a measure for the attach surface, let me tell you why, the +5 GB the whitepaper is referring to as hyper-v foot print it not related to hyper-v at all, it’s related to windows operating system disk foot print which contains dormant files like un enabled roles or services, drivers for thousands of devices. This is what customers asked for, they wanted to be able to add role or features, install a new device seamlessly without needing to insert the windows CD or go online to fetch some files. So these files are dormant files, they resides on hard disk and they are never executed in memory unless they’ve been asked to do, so they don’t act as an attach surface , what really counts as an attack surface is the bits loaded into memory not disk. Microsoft virtualization stack loaded in memory is about 20 MB, where around 600 KB of them are for the hypervisor.

I’ve previously posted a separate blog about the foot print comparisons, for more information please check

https://blogs.technet.com/b/meacoex/archive/2010/10/16/microsoft-hyper-v-and-vmware-vsphere-footprints.aspx

6- Centralized security management

the white papers claims that Microsoft is using separate tools for security management, the truth is that these tools are components of the system center suite, and they are not only used to manage security for the virtual infrastructure but also for the physical infrastructure as well and with SP1 update system center endpoint protection is extended to Mac OS X and certain flavors of Linux. Microsoft’s focus is not limited only to the virtual infrastructure, but it offers a complete management suite for the physical and virtual infrastructure.

7- Agent less virtual machine protection

VMware claims the Microsoft hyper-v cannot be extended into having an agent less antivirus , this is very untrue , windows server 2012 hyper-v introduced the hyper-v extensible switch With built-in support enabling independent software vendors (ISVs) to create extensible plug-ins (known as Virtual Switch Extensions) that can provide enhanced networking and security capabilities, For example 5 nine has released a security manager for windows server 2012 hyper-v which provides agent less

Technorati Tags: hyper-v vs vmware,vmware advantages,windows server 2012 hyper-v,Vsphere 5.1,compare,hyperv,vmware

antivirus, virtual firewall and intrusion detection.

https://www.5nine.com/Docs/5nine_Security_Manager_White_Paper.pdf

Other vendors has released extensions for the hyper-v extensible switch like Cisco, NEC and InMon

8- Software defined security

VMware claims that hyper-v doesn’t have software defined security features, well security isn’t just different because the machine is virtualized, Microsoft offered unified end to end security solutions for both virtual and physical infrastructures not just virtual machines like VMware, making things more simple again using the windows server 2012 hyper-v extensible switch hyper-v security features are extended covering a lot of advanced security features. For example here is the cisco nexus 1000V plug-in extension for hyper-v https://www.cisco.com/en/US/products/ps9902/index.html

Conclusion

We’ve discussed the first comparison table posted by VMware and ran through the comparison points one by one. Microsoft offers end to end management solutions for datacenters where it include virtual and physical environments or maybe an extension to public cloud, a lot the points VMware claims that Microsoft does not offer as part of windows server 2012 hyper-v is actually true, Microsoft does not think of these capabilities from a virtualized environment perspective only. Microsoft understand that each customer will have a mix of virtual, physical and public cloud environment and that’s why Microsoft does not offer these as part of windows server 2012 hyper-v but as part of system center suite which makes it easier for the customer to manage their heterogeneous environments , when you closely think about it , VMware just adds complexity introducing new set of tools for customers to manage only their virtual environment , while using other existing tools to manage their physical environment.