Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
DevNull
Apr 4, 2007

And sometimes is seen a strange spot in the sky
A human being that was given to fly

BlankSystemDaemon posted:

To be fair, hardware-accelerated virtualization and SLAT wasn't really available on x86 until Nahelem and Orleans - and very few people had the talents to develop something without it, as it required intimate knowledge of the CPU.
It wasn't fun to use before virtualization of interrupts and I/O MMU virtualization, which was half a decade later.

The binary translator and SWMMU were fully support until 2021or so. I think there might be a few customer out there that are still running it under special contracts too. HV and the HWMMU are generally better, but there are a few workloads that worked better under the older virtualization. The monitor team at VMware finally removed the binary translator from the main code base in 2018 or so. We had a headstone made and placed it outside the offices. I think someone is trying to get it put into the computer history museum in Mountain View now.

Adbot
ADBOT LOVES YOU

ExcessBLarg!
Sep 1, 2001

BlankSystemDaemon posted:

To be fair, hardware-accelerated virtualization and SLAT wasn't really available on x86 until Nahelem and Orleans
The 80386 had v8086 mode all the way back on 1985. Who needs 32-bit OSes anyways?

BlankSystemDaemon
Mar 13, 2009



ExcessBLarg! posted:

The 80386 had v8086 mode all the way back on 1985. Who needs 32-bit OSes anyways?
Bill Gates spotted.

xarph
Jun 18, 2001


Dancing Peasant posted:

My group is working to get off of VMWare (for reasons stated already). And while there has been discussion on ProxMox, management and some engineers are leaning towards OpenShift/OpenStack as another solution.

We currently have Windows and RHEL primarily, so is there reason why OS/OS isn't discussed as a viable alternative?

Openstack literally sent my coworker to the hospital from exhaustion while they were trying to figure out how to install it with networking more complex than a flat vlan. And this was after a two month training class with one of the primary financial backers of the openstack foundation.

Openstack is not a product. It is an api specification for independent open source projects that wrap libvert, raw qemu+kvm, iptables, bhyve, hyper-v, chunks of systemd, docker, ceph, etc. The openstack trainer we sent to study under said it was a baggie with an ikea pamphlet and some screws in it, but you're on your own for the particleboard. He was right.

Sometimes they will issue a "release" which works if you use the exact versions they pinned at the time, and in 8 months when you have the message queue fall over or nova is completely wedged from waiting on a blocked qemu or neutron got into a fight with systemd-networkd and now your management network is gone. Your option then is pay mirantis $texas to build an entirely new openstack across the street and then cover the old one in concrete, because all of the upstream openstack projects will go "does it work on a clean install" or "it's fixed in this PR just install that straight into production."

If people give Proxmox stick for being a hobbyist home lab thing, then it's a loving IBM mainframe that has an uptime of 50 years compared to openstack.

CommieGIR
Aug 22, 2006

The blue glow is a feature, not a bug


Pillbug

Harry_Potato posted:

Nutanix is the last enterprise hypervisor standing. Decent support across vendors and tools and it checks the right corporate boxes. Xenserver has a lot of ground to cover before it can be taken seriously and the rest of the field is a KVM based tool but without the backing. Microsoft sells cloud and their only interest in hypervisors is using it as an on ramp. For all of us career virtualization guys, it's either learn a new product or apprentice at the muffler shop bending pipe. Hyperconverged is our last hope.

I'd disagree since Xenserver is used a lot believe it or not, there's more Xenserver clusters than there are Nutanix.

quote:

VMware dominates the market with 84% of all hypervisors running vSphere. Citrix XenServer follows with 10%, trailed by Microsoft’s Hyper-V and Nutanix’s AHV at 4% and 2%, respectively. Organization-wise, 68% use VMware, 18% Citrix, 11% HYPER Ventures, and 4% AHV.

At least among clients I've run into, its mostly been VMWare, obviously, but several Citrix clients and one or two Nutanix. Not saying Nutanix is bad, but its not got more market share either.

CommieGIR fucked around with this message at 02:39 on Mar 9, 2024

unknown
Nov 16, 2002
Ain't got no stinking title yet!


I'm dating myself, but I was at the usenix NSDI conference in 2005 where they were showing the first prototypes of live vm migrations between computers playing doom live. In retrospect that conference was wild for all the cutting edge tech that was being displayed and developed at the time - lots of zigbee stuff shown there too.
(https://www.usenix.org/legacy/events/nsdi05/tech/clark.html)

Wibla
Feb 16, 2011

OpenStack is a no-go, but it sounds like XCP-ng is worth investigating? At least for professional use. I'm happy with proxmox for home use / single host stuff.

in a well actually
Jan 26, 2011

dude, you gotta end it on the rhyme

xarph posted:

Openstack literally sent my coworker to the hospital from exhaustion while they were trying to figure out how to install it with networking more complex than a flat vlan. And this was after a two month training class with one of the primary financial backers of the openstack foundation.

Openstack is not a product. It is an api specification for independent open source projects that wrap libvert, raw qemu+kvm, iptables, bhyve, hyper-v, chunks of systemd, docker, ceph, etc. The openstack trainer we sent to study under said it was a baggie with an ikea pamphlet and some screws in it, but you're on your own for the particleboard. He was right.

Sometimes they will issue a "release" which works if you use the exact versions they pinned at the time, and in 8 months when you have the message queue fall over or nova is completely wedged from waiting on a blocked qemu or neutron got into a fight with systemd-networkd and now your management network is gone. Your option then is pay mirantis $texas to build an entirely new openstack across the street and then cover the old one in concrete, because all of the upstream openstack projects will go "does it work on a clean install" or "it's fixed in this PR just install that straight into production."

If people give Proxmox stick for being a hobbyist home lab thing, then it's a loving IBM mainframe that has an uptime of 50 years compared to openstack.

Not just oss. A lot of the plug in whatever architecture mistakes was driven by the commercial legacy product vendors trying to cash in on private cloud to ship some legacy poo poo that they'd stuck a ostack compat layer on

Potato Salad
Oct 23, 2014

nobody cares


Wibla posted:

OpenStack is a no-go, but it sounds like XCP-ng is worth investigating? At least for professional use. I'm happy with proxmox for home use / single host stuff.

xosan v2 is around the corner, god I hope it's around the corner

think S2D or VSAN, but tightly integrated with the hypervisor's control panels

Subjunctive
Sep 12, 2006

✨sparkle and shine✨

You folks make this sound like a lot more work than the cloud.

CommieGIR
Aug 22, 2006

The blue glow is a feature, not a bug


Pillbug

Subjunctive posted:

You folks make this sound like a lot more work than the cloud.

LMAO - If you think the cloud isn't work and isn't built of these bastardized technologies.

Also - the joy of doing Incident Response on someone's lovely cloud environment that got popped because it was 'easy to setup' and they did absolutely zero hardening and everything uses the same super-admin service account.

gently caress the cloud.

Thanks Ants
May 21, 2004

#essereFerrari


Cloud is good because I get to be all "if I can't see the sausage being made then it must all be great" about it

CommieGIR
Aug 22, 2006

The blue glow is a feature, not a bug


Pillbug

Thanks Ants posted:

Cloud is good because I get to be all "if I can't see the sausage being made then it must all be great" about it

Nah it's worse than that, because they let some Devs and SREs make the sausage and they stuffed it full of lies and bullshit.

Two groups of people who have no clue how networks and infrastructure works are being allowed to handle it all themselves.

CommieGIR fucked around with this message at 15:49 on Mar 9, 2024

Subjunctive
Sep 12, 2006

✨sparkle and shine✨

CommieGIR posted:

LMAO - If you think the cloud isn't work and isn't built of these bastardized technologies.

Also - the joy of doing Incident Response on someone's lovely cloud environment that got popped because it was 'easy to setup' and they did absolutely zero hardening and everything uses the same super-admin service account.

gently caress the cloud.

Well, you can set up cloud permissions correctly or not, and you can set up on-prem permissions correctly or not. Like, do the job well and things are easier. Try to pay bottom-quintile salaries and decouple security completely from infrastructure from application development and keep people from being able to try different things and you’re going to have a hard time.

I’ve worked with very large on-prem multi-DC stuff and while I didn’t run the base resource allocation layer I worked with the people who did, and it never sounded half as terrible as you are all describing. We didn’t use VMware or OpenStack or whatever, though, just custom virtualization stuff (or bare-metal systems) because there wasn’t really anything that could handle our scale. In 2012 I could go click around and allocate a few hundred machines in various DCs for a test deployment or whatever, I didn’t have to file tickets and wait around. Tell them what base image to use and what deployment namespace to pull apps and config from, boom.

We use cloud stuff exclusively where I am now and I work closely with the people who manage that on deployment models and system monitoring, and it is a ton easier than you are all describing here. We have tight control over what can access what, great audit trails, the dynamic scaling we need (our workloads vary by more than 50x over the course of the year). If someone wants to try something new we can trivially set them up in an isolated thing with some propagated safe test data and tooling, and all they can do is hit their budget limit. We were on-prem entirely until 2018, and the people who have been in both worlds for us much prefer this one. (We’ll probably do some more on-prem stuff in the future, for selected predictable loads because of better economics, but it’s going to take a lot of work to get to the point that teams can self-serve or scale database/compute/cache or whatever as well as they can even with GCP, which is not the #1 cloud provider in terms of tooling. That Oxide stuff looks really nice, though…)

Mostly, though, I was joking about how so much of this thread is complaining about horrors instead of being excited by new stuff that is making things easier.

Subjunctive
Sep 12, 2006

✨sparkle and shine✨

CommieGIR posted:

Two groups of people who have no clue how networks and infrastructure works are being allowed to handle it all themselves.

Yeah, don’t do that. Give the devs and SREs the tooling (including integration into the development stack) and education such that the thing you want them to do is the easy path and exceptional needs get thoughtful, collaborative support instead of “square peg, please choose from our selection of round holes”.

The whole reason any of this poo poo exists is to run the applications for the business.

Subjunctive
Sep 12, 2006

✨sparkle and shine✨

(But no matter what you do, some motherfucker is going to make you rack a few dozen Mac Minis on IKEA shelves so they can do CI.)

CommieGIR
Aug 22, 2006

The blue glow is a feature, not a bug


Pillbug

Subjunctive posted:

Well, you can set up cloud permissions correctly or not, and you can set up on-prem permissions correctly or not. Like, do the job well and things are easier. Try to pay bottom-quintile salaries and decouple security completely from infrastructure from application development and keep people from being able to try different things and you’re going to have a hard time.

I’ve worked with very large on-prem multi-DC stuff and while I didn’t run the base resource allocation layer I worked with the people who did, and it never sounded half as terrible as you are all describing. We didn’t use VMware or OpenStack or whatever, though, just custom virtualization stuff (or bare-metal systems) because there wasn’t really anything that could handle our scale. In 2012 I could go click around and allocate a few hundred machines in various DCs for a test deployment or whatever, I didn’t have to file tickets and wait around. Tell them what base image to use and what deployment namespace to pull apps and config from, boom.

We use cloud stuff exclusively where I am now and I work closely with the people who manage that on deployment models and system monitoring, and it is a ton easier than you are all describing here. We have tight control over what can access what, great audit trails, the dynamic scaling we need (our workloads vary by more than 50x over the course of the year). If someone wants to try something new we can trivially set them up in an isolated thing with some propagated safe test data and tooling, and all they can do is hit their budget limit. We were on-prem entirely until 2018, and the people who have been in both worlds for us much prefer this one. (We’ll probably do some more on-prem stuff in the future, for selected predictable loads because of better economics, but it’s going to take a lot of work to get to the point that teams can self-serve or scale database/compute/cache or whatever as well as they can even with GCP, which is not the #1 cloud provider in terms of tooling. That Oxide stuff looks really nice, though…)

Mostly, though, I was joking about how so much of this thread is complaining about horrors instead of being excited by new stuff that is making things easier.

Won't lie, I'm jealous, because this isn't common, but then again I tend to see the worst in companies because of doing Security.

Subjunctive posted:

Yeah, don’t do that. Give the devs and SREs the tooling (including integration into the development stack) and education such that the thing you want them to do is the easy path and exceptional needs get thoughtful, collaborative support instead of “square peg, please choose from our selection of round holes”.

The whole reason any of this poo poo exists is to run the applications for the business.

"Well, we fired the Infrastructure and Systems Engineering guys because Terraform lets the Devs and SREs do it all and save us money! How were we to know they would cause this mess? It saved the company millions!"

- Actual thing I was told during an incident as we asked who allowed their Devs to deploy very sketchy terraform that led to a total compromise of their cloud environment and led back to on prem getting compromised as well.

CommieGIR fucked around with this message at 19:23 on Mar 9, 2024

Moey
Oct 22, 2010

I LIKE TO MOVE IT

CommieGIR posted:

I tend to see the worst in companies because of doing Security.

Over the years at current gig we have done a handful of security audits, internal/external/physical/social/yada yada.

I will honestly say I've never been overly impressed with the tech/security/pen test/any staff. Almost all have seemed to be silo'ed from birth and never thought about wondering how something outside their small bread box works.

We just had the on-site portion of one done a month or two ago, and I actually enjoyed working with the few folks who came out. Multiple folks knowledgeable across just about everything within scope of what we requested.

10/10, will let them probe me again.

Thanks Ants
May 21, 2004

#essereFerrari


I've been on the receiving end of companies employed to do an audit as a box-ticking exercise to be able to obtain cyber insurance or bid for certain contracts, and it's a world of difference compared to actual security companies getting an understanding of the business and seeing their role as one of collaboration to improve security posture. The big four consulting firms taking fresh graduates and sending them off with a laptop are awful.

xarph
Jun 18, 2001


I've been introduced internally to the "jason api" which is issuing a POST request to an api endpoint which then sits in a queue with an in-progress state until that one guy named Jason wakes up and does the thing you want manually.

This exists in more clouds and saas products than you think. Yes, more than that.

tokin opposition
Apr 8, 2021

The dialectical struggle of history has always, essentially, been a question of how to apply justice to matter. Take away matter and what remains is justice.
tell me to piss off if this isn't the right place for this, but if I wanted to get a job that does virtualization*, what kind of skills or homelab projects would be good for putting on a resume or talking about in an interview?

* trying to escape helldesk ASAP

Zorak of Michigan
Jun 10, 2006

tokin opposition posted:

tell me to piss off if this isn't the right place for this, but if I wanted to get a job that does virtualization*, what kind of skills or homelab projects would be good for putting on a resume or talking about in an interview?

* trying to escape helldesk ASAP

You've asked at the time when we're all grappling with the enterprise standard (VMware) turning into absolute bandits with no clear successor. It's still the obvious answer but not by a large margin.

Kaddish
Feb 7, 2002

Zorak of Michigan posted:

You've asked at the time when we're all grappling with the enterprise standard (VMware) turning into absolute bandits with no clear successor. It's still the obvious answer but not by a large margin.

I mean, it's still the answer by a huge margin. But who knows what's going to happen in the next few years. I don't do our VM directly as I work with storage but it's looking like my org is just going to eat the cost and try to consolidate compute as much as possible. The other options just aren't feasible in the near-term. I know for certain management is taking a hard look at Azure. We're in the process of transitioning from on-prem exchange to 365 and we're seeing all these opportunities for collaborative stuff, as well as better administration/management and a lot of folks are wondering what else we're missing.

As a storage admin, my days are numbered. Unless they want to pay me to do the same thing in a significantly reduced environment.

That said, I've been saying that for years and I'm still around.

Kaddish fucked around with this message at 14:01 on Mar 15, 2024

Twerk from Home
Jan 17, 2009

This avatar brought to you by the 'save our dead gay forums' foundation.

tokin opposition posted:

tell me to piss off if this isn't the right place for this, but if I wanted to get a job that does virtualization*, what kind of skills or homelab projects would be good for putting on a resume or talking about in an interview?

* trying to escape helldesk ASAP

Tokin I don't know your exact skillset or where specifically you are wanting to go, but here's what I'd learn if I were in helldesk, Good At Computer, and wanted to get a better job ASAP:

  1. Install ESXi free on one of your computers. I know VMWare just cancelled the free one, but figure out a way.
  2. Make a lovely Wordpress host VM on there. You can do it lazy with the MySQL database on the same VM, or more realistically with a separate DB VM.
  3. Update the Wordpress default homepage and make it a photo of your cat or something so that you have some data in it.
  4. Make an AWS account and move that VM into AWS. Use EC2 T3 instances or similar to start, don't use Lightsail, Lightsail is EZ-mode.

If you want to learn more or do it better, I'd also think about moving the database into a separate managed RDS instance like db.t4g.micro, in any real organization you'd be doing infrastructure as code so instead of creating resources in the AWS console you'd be using something like the CDK or Pulumi if you are lucky or Terraform if you are not. You could also move VMs that are doing something more complicated than Wordpress, but I don't know what languages or techs you're comfortable with. You could build a tiny thing in Django or Laravel or Spring Boot that you then move into AWS, ideally with more outside parts like Redis for caching or a message queue.

If you really want to focus on on-premises infrastructure I'd replace the second half of the list with moving things into containers, then kubernetes pods. Keep the database on a separate VM outside of k8s, and if you've got 2 PCs to do this on have ESXi on one and move applications into k8s on VMs on Proxmox on the other one or something.

Edit: in the longer term I don't think Proxmox is going to be a winner. I have no idea what will, but k8s or something substantially similar to it sure is around to stay.

Also, I completely omitted all the networking/firewall/IAM stuff that would be the most complex parts of all this, figure out how to limit access to just your home IP and just your user through some identity platform. AWS Cognito maybe? And if you talk about this in an interview say "lift and shift multi-tier application" not "WordPress migration".

Twerk from Home fucked around with this message at 15:05 on Mar 15, 2024

in a well actually
Jan 26, 2011

dude, you gotta end it on the rhyme

Twerk from Home posted:

Also, I completely omitted all the networking/firewall/IAM stuff that would be the most complex parts of all this, figure out how to limit access to just your home IP and just your user through some identity platform.

Tailscale.

Twerk from Home
Jan 17, 2009

This avatar brought to you by the 'save our dead gay forums' foundation.

For it to Just Work and be something that you'd use? Sure. To learn skills that you're hoping make you immediately employable? AWS Cognito https://aws.amazon.com/cognito/ and OIDC federation with an outside identity provider.

in a well actually
Jan 26, 2011

dude, you gotta end it on the rhyme

Twerk from Home posted:

For it to Just Work and be something that you'd use? Sure. To learn skills that you're hoping make you immediately employable? AWS Cognito https://aws.amazon.com/cognito/ and OIDC federation with an outside identity provider.

That's way beyond a getting started "Spin up an esxi host and do a basic wordpress then copy to aws" learning virt scope, though. OIDC breaks in really unpleasant ways and an AWS IAM product is pretty far down the list of tech to learn to get started.

Perplx
Jun 26, 2004


Best viewed on Orgasma Plasma
Lipstick Apathy
Now that VMware killed the free tier you are officially allowed to pirate it.

the spyder
Feb 18, 2011
I saw an interesting infograph recently. Hypervisors on Nutanix deployments were 60/40 ESXi and AHV respectively in Q3 2023.
In February that switched to 40/60 - all existing clusters, so 20% migrated just in the last 6ish months. HyperV was still single digit numbers, but growing.

Motronic
Nov 6, 2009

Lots of workloads can be easily switched, but it's that last 10% that are always the problem.

Harry_Potato
May 21, 2021

Motronic posted:

Lots of workloads can be easily switched, but it's that last 10% that are always the problem.

Folks are adding Nutanix support to those pesky appliances. Load balancers, Firewalls phone systems are all seeing nutanix ports. This time next year it will only be hardcore folks running out of date crap that can't move.

Them and those that run everything in vRealize...

Subjunctive
Sep 12, 2006

✨sparkle and shine✨

Harry_Potato posted:

hardcore folks running out of date crap that can't move

you’re right, probably more than 10%

fresh_cheese
Jul 2, 2014

MY KPI IS HOW MANY VP NUTS I SUCK IN A FISCAL YEAR AND MY LAST THREE OFFICE CHAIRS COMMITTED SUICIDE
Itll be stuff that has a dependency on vmware specific management apis for things like virtual desktop solutions that really cant move to not-vmware platforms


You can run the cruddiest windows flavors under kvm/qemu now and they even kinda perform okayish with the virtio drivers. Well, you have to have somebody who knows how to install the virtio drivers and convert the .vmdk to .img or .qcow2 but comeon aaaaaaanybody can do that.

Arivia
Mar 17, 2011

fresh_cheese posted:

Itll be stuff that has a dependency on vmware specific management apis for things like virtual desktop solutions that really cant move to not-vmware platforms


You can run the cruddiest windows flavors under kvm/qemu now and they even kinda perform okayish with the virtio drivers. Well, you have to have somebody who knows how to install the virtio drivers and convert the .vmdk to .img or .qcow2 but comeon aaaaaaanybody can do that.

excellent, i was worrying about what i could do with my windows me distributed computing nodes. i just got the entire network talking to the windows 8.0 supervisor.

Adbot
ADBOT LOVES YOU

Harry_Potato
May 21, 2021

Arivia posted:

excellent, i was worrying about what i could do with my windows me distributed computing nodes. i just got the entire network talking to the windows 8.0 supervisor.

That's your issue, you should have used Vista.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply