Ideal Software Licensing Model - Requirements Collection

I'm looking for some feedback and thoughts from the community to help define a reasonable Licensing Model that takes Physical & Virtual into account. From my view as a client I don't think this is all that complicated at the end of the day.

More discussions with some vendors around licensing and I'm finding more and more that the following two axioms are defining these discussions:

  • Vendors want to get paid for their software (obviously the most they can be). They are not stupid in most cases.
  • Clients want to pay for what they use (obviously the least they have to). They are not stupid in most cases.


The challenges come from the fact that Vendors don't get the following generally:

  • A VM in VMware is limited in processing to the vCPUs it has.
  • A vCPU is limited to what a given core is individually capable of.
  • More clients might be willing to use your software if I didn't need to pay for 12 cores of power when I only need 2 today.
  • VMotion of a VM does not mean I'm suddenly gaining more cores of processing.


Clients get upset cause of the following items:

  • When a Vendor assumes I'm an idiot and can pull the wool over my eyes. This a good relationship does not make.
  • A Vendor goes and says a Virtual does less than a physical, then charges me more if it is virtual.
  • A Vendor requires me to license this big physical box and I only want a couple cores worth or less than # of cores in physical box.
  • I want to use your software and because I'm running it as a virtual you want to charge me more. I can't even buy smaller physicals to use your software within my software budget (smallest thing I can buy within reason today is an 8 core system and I only need 2 cores worth).
  • A Vendor limits me to some physical box even though the OS/Software will be on a virtual machine. (Who cares what physical box is on it as long as I pay for the CPU MHz I'm using? Your software doesn't. Only your legal does.)
  • If I buy a lot of your software you can cut me deals since I'm spending a lot of money with you and then I'll be interested in licensing models by physical cores or just a volume level discount. I'd rather not start there if I can avoid it.
  • We've seen what happens to good tech when licensing models can't take tech into account. See the Mainframe and Computer Associates licensing stubbornness in the 80s contribute significantly to the rise of the distributed computing space. We don't want to deal with that migration if we can avoid it.


So there's some of the requirements I have come up with. What other requirements/gotchas can you think of that have got you in dealing with vendors? Anything different when dealing with Solaris or AIX or HP/UX virtualization?

Continue reading »

Limits have their limits

I've been chewing on this post by Duncan at Yellow Bricks for the past month and a half. It covers some complicated issues that one has to deal with in a enterprise size environment with many assumptions on what gets you into this mess in the first place. The best thing to do is downscale and upscale as needed based on good performance monitoring and bottleneck research. Thankfully I've managed to make good relationships with most teams where I work that this has become the standard operating procedure though sometimes we just can't. At the end of the day the issue boils down to the simple goal:

"As the VMware environment administrator, how can I make better use of what I have available to me?"

For my environment I run into a variety of political reasons going from..

  • "I am going to need that extra 2 CPUs someday in the future so I can't give them up now."
  • "The vendor docs say I really do need 8 CPUs and 128G of RAM for my 3 users even though 126G is unused."
  • "Someone on your team said I really do need that 8G of RAM so I won't give it up"
  • "Oh come on.. what's another 2G of RAM"
  • "I gave up my budget for a physical to do this as a virtual even though I'm still spending less in the grand scheme. Gimme more resources."


to the begging

  • "Pleaseeee. I think it'll help my issues. It might even make me look better to my co-workers."


I have two distinct use cases that really showcase that this kind of capability can be a hard item to use.

Case #1: The poorly written VBscript

Back in the early Windows 3.1 days when VB was a novel concept, some developers made this ground breaking app that would pull data from a remote system, massage the data a bit and put it into a centralized Btrieve database. Well this script that they wrote goes to sleep for a minute after the remote system's queue it checks is empty. This script sleep function checks the clock to see if a minute has passed. It constantly checks the clock which consumes 100% of the CPU all the time. This wasn't much of an issue when each one of these systems was on its own old PC system. We virtualized them since 16 XP workstations in the datacenter is a management headache. Now that's 16 high power, multiple generation newer cores being used 100% all day long for no good reason.

We, VMware Admins, have discovered that on the old PCs these systems would easily take 5-10 mins to work through their work queues. On the newest hardware we have with these as VMs, it takes under 15 seconds to do the same work. So for 60 seconds it is doing nothing except checking the hardware clock.

Solution #1: CPU limits good

We implemented a CPU limiting resource pool for these VBscript VMs. They are still running mega fast in comparison to where they were a year ago. Now they are using no more than 8 cores worth at any given time. A big improvement until the app developers decide if they are going to replace all that code with sleep 60 or recode the entire app.

Case #2: vCenter SQL Server Memory Limits

Due to a feature in vCenter 4.0U1 and ESX 3.5 Hosts, when I increased the RAM on my vCenter dedicated SQL Server from 4G to 8G, a Memory limit was set of 4G. When I would go onto the SQL instance, SQL Server.exe would only be using about 3600 Megs yet all 8G was consumed/used. This screamed to me an issue with the OS instance. After close to 10 days of head beating and not understanding why my brand new vCenter 4.0U1 system was running so poorly, a co-worker with a fresh set of eyes noticed this setting on the SQL Server instance.

Solution #2: Memory limits bad

This is obvious. We disabled the limit and the SQL Server performance went through the roof instantly. We simply couldn't tell easily that the driver was using 4G of RAM as it wasn't a process. Nobody noticed the ballooning happening.

At the end of the day there's pros and cons to having this level of capabilities. This is why I like ESX and the general approach of VMware. Give you everything we can in terms of options, configurations and rope to hang yourself and two of your friends. We will attempt to automate this and hide this as much as we can. The Vendor will never know all the situations we, people in the field, are going to run into so let's give us all the options they can. Use that rope with caution.

http://www.amazon.com/gp/feature.html/ref=amb_link_86250151_1?ie=UTF8&docId=1000453281&pf_rd_m=ATVPDKIKX0DER&pf_rd_s=right-1&pf_rd_r=1RRCWNZDTV8MFM1WDEGE&pf_rd_t=101&pf_rd_p=503481191&pf_rd_i=163856011

Continue reading »

New vmware.com HomePage Layout & View 4 is released

New vmware.com HomePage is now live. I had an "anonymous internet tipster" give the heads up last night. Looks good and a bit more sleek in fitting with the branding of the new vmware logo.

Along with that View 4 is finally released. I've been playing with some beta bits for a while now and the PCoIP is pretty impressive catchup with ICA protocol. I'm looking forward to the mass quantity of comparisons that are going to come out now between ICA & PCoIP.

Continue reading »

Running 20008 Active Directory with Bind

One of the fun things about running stuff at home, once you have something working remotely well you sure don't want to change it. As such I have setup Bind 9 with DHCP and it works pretty good with a bunch of scripts I have to handle various dynamic adding and removing from my running system. Every system in this house works off of this base, very stable system. This works pretty well and there in comes the issue. I am attempting to bring up an Active Directory Domain for testing a variety of products and as is typical MS, as long as you give all your money to MS, everything works great. The minute you step out of that paradigm the documentation and functionality tends to falter a bit.

In order to setup Windows 2008 Active Directory domain, the system basically expects you to use MS DNS/DHCP services. I have no desire to tear down a perfectly functional environment and make it work now with MS DNS. After a significant amount of digging I found some good webpages on how to setup Bind to work with AD. None of them worked right though.


So plan D at this point was reading some of the docs on Active Directory and DNS on technet and then turning up named logging and watching for what the future DC was asking for. Create the domain without passing the network tests and then just run dcdiag /test:DNS a couple dozen times added in each entry as you need to. Add this into /etc/named.conf and then run service named restart.

logging {

category "default" { "debug"; };
category "general" { "debug"; };
category "database" { "debug"; };
category "security" { "debug"; };
category "config" { "debug"; };
category "resolver" { "debug"; };
category "xfer-in" { "debug"; };
category "xfer-out" { "debug"; };
category "notify" { "debug"; };
category "client" { "debug"; };
category "unmatched" { "debug"; };
category "network" { "debug"; };
category "update" { "debug"; };
category "queries" { "debug"; };
category "dispatch" { "debug"; };
category "dnssec" { "debug"; };
category "lame-servers" { "debug"; };
channel "debug" {
file "/tmp/namedebug" versions 2 size 50m;
print-time yes;
print-category yes;
};


After watching this log file and trying to promote a machine to a DC a couple dozen times and testing this, I found the following DNS entries in your zone are needed.

If my DC is going to have a DNS name of DC.home.here.org with an IP of 192.168.1.4 and the domain is HOME, then these are the entries needed.

home.here.org A 192.168.1.4
DC.home.here.org A 192.168.1.4
UID #1 - the subkey in HKLMSoftwareMicrosoftCryptographyAutoEnrollmentAEDirectoryCache
UID #2 - I don't know where this comes from. I think it is something Domain related. It isn't in the registry.
(These UID based DNS entries might not be needed - not sure)

$ORIGIN _msdcs.home.here.org.
(UID #1 - might not be needed) CNAME DC.home.here.org.

$ORIGIN _tcp.Default-First-Site-Name._sites.dc._msdcs.home.here.org.
_kerberos SRV 0 0 88 DC.home.here.org.
_ldap SRV 0 0 389 DC.home.here.org.

$ORIGIN _tcp.dc._msdcs.home.here.org.
_kerberos SRV 0 0 88 DC.home.here.org.
_ldap SRV 0 0 389 DC.home.here.org.

$ORIGIN _msdcs.home.here.org.
_ldap._tcp.(UID#2 - might not be needed).domains SRV 0 0 389 DC.home.here.org.
gc A 192.168.1.4

$ORIGIN gc._msdcs.home.here.org.
_ldap._tcp.Default-First-Site-Name._sites SRV 0 0 389 DC.home.here.org.
_ldap._tcp SRV 0 0 389 DC.home.here.org.

$ORIGIN _msdcs.home.here.org.
_ldap._tcp.pdc SRV 0 0 389 DC.home.here.org.

$ORIGIN _tcp.Default-First-Site-Name._sites.home.here.org.
_gc SRV 0 0 3268 DC.home.here.org.
_kerberos SRV 0 0 88 DC.home.here.org.
_ldap SRV 0 0 389 DC.home.here.org.

$ORIGIN _tcp.home.here.org.
_kerberos SRV 0 0 88 DC.home.here.org.
_kpasswd SRV 0 0 464 DC.home.here.org.
_ldap SRV 0 0 389 DC.home.here.org.

$ORIGIN home.here.org.
_kerberos._udp SRV 0 0 88 DC
DC A 192.168.1.4


Enter all these and then try creating your domain again. This got me up and running. It would be nice in the spirit of openness to give me an option from dcdiag to dump all the DNS entries the system is looking for and testing.

Continue reading »
Top