Big companies that use VMware say the Host Profiles feature in vSphere Enterprise Plus doesn't meet their configuration...
Ken Owens, the vice president of security and servers at cloud computing provider Savvis Inc., deemed vSphere Host Profiles a "very basic" configuration management tool for ESX Server. "You basically build a host, harden it and then choose it as your profile," he said. Host Profiles doesn't provide a graphical view of configuration changes or visibility into guest-level virtual machine settings, he added.
Similarly, Israel Lawson, the director of virtualization technology at the medical transcription firm MedQuist LLC, said the level of granularity and detail provided by Host Profiles is "minimal."
"Host Profiles takes a 65% swipe of things that most people do, but it doesn't hit the details," Lawson said. The remaining 35% "you have to do by hand."
Instead of Host Profiles, Savvis Inc. and MedQuist plan to adopt a new configuration management tool from Reflex Systems, which specializes in virtualization management.
The strength of vProfile comes from Reflex's experience in security , said Bernd Harzog, an analyst at the Virtualization Practice. "Since they have a security vendor's perspective -- they see everything -- it's not surprising that they'd have a very robust product." That visibility stems from Reflex's integration with the VMware VMsafe application programming interfaces, Harzog said.Why vProfile over Host Profiles?
In addition to ESX-level configuration settings, vProfile allows administrators to act on guests, clusters and vCenter hosts; perform scheduled or ad hoc remediation; and roll back to historical profile definitions.
Graphical "heat maps" allow users to users to home in on configuration differences. The product also integrates with security and change control functionality found in other Reflex VMC modules as well as with Reflex's configuration management database and the VQL scripting language.The vProfile module snaps into the company's Virtualization Management Center (VMC) console alongside other Reflex modules, such as the vTrust security management module, and the vWatch monitoring tool.
VProfile is available now with prices starting at $795 per ESX server socket.
In addition to being a solid technology from a security provider, Harzog noted Reflex's focus on guest-level configuration. "Making sure that the host is properly configured isn't all that hard. But how many guests do you have per host: 20, 30, 40? On the guest, configuration consistency is a much bigger problem -- especially as you start to virtualize more than just the low-hanging fruit."
MedQuist's Lawson said vProfile is particularly valuable for large organizations with hundreds -- if not thousands -- of hosts. MedQuist has about 130 ESX hosts today, but at a previous position, Lawson worked in an environment with about 1,000 hosts and 10,000 virtual machines. There, having access to a robust configuration management tool "would save weeks of work -- not just days," he said.
"To say it is a time saver is a massive understatement," Lawson said.Host Profiles no slouch
But despite perceived limitations of Host Profiles some VMware shops use the feature a lot.
The inclusion of Host Profiles "was one of the main reasons we chose to go with [vSphere] Enterprise Plus," said Jared Wray, a principal at cloud computing provider Tier 3.
Tier 3 uses Host Profiles to build out new ESX nodes and to ensure that they remain true to their profile over time.
"We can bring nodes in and out of rotation, and when we bring them back in, we want to make sure they're still in compliance," Wray said.
Likewise, Mark Vaughn, enterprise architect at a national real estate information firm, said his team also uses Host Profiles to ensure compliance and enforce a standard ESX configuration for things like network, storage, firewall and switch settings. "And for things that are normally used -- but not always -- you can leave that as a prompt for the user," he added.
In all, "Host Profiles has taken a lot of weight off of us during installation," Vaughn said, eliminating tasks "that you used to have to do manually or with a script that you had to maintain."VMware ConfigControl conundrum
At the same time, VMware has had its hands full bringing its own configuration management tool, vCenter ConfigControl, to market. Originally announced in 2008, the ConfigControl release has been pushed back to sometime this year.
Complicating matters is VMware's recent acquisition of software assets from parent company EMC. Last month, VMware took the lion's share of EMC's Ionix portfolio, including the configuration and change management capabilities from EMC's ConfigureSoft acquisition last year. As it stands, the Ionix Server Configuration Manager collects and manages hardware and operating system-level configuration data, and that functionality could conceivably be merged with ConfigControl or used to augment Host Profiles.
"VMware faces a significant integration effort," said Harzog. "My presumption is that they'll choose to integrate ConfigControl with Ionix and cause further delays." That, in turn, could give Reflex vProfile "a longer runway," he said.
Regardless of how VMware's configuration management efforts end up, observers expect its offerings to become more sophisticated over time.
"It's like with switching -- VMware is taking over the logic of the network," said Tier 3's Wray. "It's the same with profiling and templates; it's going to get built into VMware," he said.