Storage Peer Incite: Notes from Wikibon’s May 3, 2011 Research Meeting
Recorded audio from the Peer Incite:
Earlier this month the Wikibon community gathered to discuss the issue of virtualizing Oracle databases. Users have reported that Oracle has reacted negatively to user desires to virtualize its installations using VMware and other third-party hypervisors, while its own virtualization software has proven immature to the point of not providing the benefits users are seeking.
David Vellante provides a summary of this discussion in his article below. David Floyer provides the arguments against virtualizing large Oracle databases, or at least for moving cautiously and only after virtualizing smaller "low hanging fruit". Gary MacFadden discusses the related issue of selling business users on virtualization, while Jeff Kelly encourages vendors to help their customers with Oracle virtualizations. Finally consultant Nathan Biggs, CEO of House of Brick, which specializes in virtualizing Oracle installations on VMware and other hypervisors, provides the top seven reasons that users should forge ahead with Oracle virtualizations.G. Berton Latamore, Editor
Virtualizing Oracle databases and applications based on Oracle can yield significant business benefits including cost reduction, improved recoverability, and faster time to application change. However Oracle, in its desire to maintain account control and bundle as much of its hardware and software stack as possible, is often less than supportive of customers that want to virtualize Oracle with non-Oracle technologies (e.g. VMware, Hyper-V and Citrix). Oracle’s support and certification of non-Oracle virtualization platforms is mixed and highly dependent on five main factors:
- The size of the customer,
- Deal flow/size of the deal,
- Timing in the quarter,
- Customer expertise,
- Industry affinity.
This was the message shared with the Wikibon community at its May 3rd, 2011 Peer Incite – "Oracle and VMware: Peas in a Pod or Oil and Water?" In general, the consensus among Wikibon users is the larger the customer the more likely Oracle will be to provide exemplary support for virtualization platforms outside of its own virtualization platform.
Two industry practitioners, Nathan Biggs from consultancy House of Brick and Bill Santille, a recognized expert and advisor to CIOs, joined the call to provide perspectives. Generally, Briggs argues that virtualizing Oracle was a good business decision and support from Oracle is typically excellent. Santille, however, recommends caution with respect to virtualizing mission critical databases without Oracle’s blessing. Both camps agreed that virtualizing Oracle for test and dev systems made good business sense, even without Oracle certification.
In addition, David Floyer presented research from a recent Wikibon community study that uncovered several findings pertinent to Oracle customers that want to virtualize, including the following:
- Technically, it appears that Oracle can and will, in many cases, support and even certify non-Oracle virtualization platforms including VMware.
- Customers in the pharmaceutical industry are able to receive certification for virtualization by paying Oracle large fees.
- By mid-decade, the community believes 90% of Oracle databases within enterprises will be virtualized with VMware as the dominant platform.
- Users should be aware that there are issues that warrant consideration around virtualizing large Oracle databases, including increased complexity of deployment and potential performance impacts. Importantly, once virtualization is deployed, management complexity declines.
- Improperly configured storage was the most frequently cited culprit causing performance problems in virtualized Oracle shops.
- Most Oracle database-based applications, however, are candidates for virtualization. The exception is very large, high value, mission critical applications that are not certified by Oracle to run in a virtual environment. Users should carefully consider virtualizing such systems and weigh the business risks.
- Oracle will provide good support for non-Oracle virtualization platforms. However that support varies widely based primarily on how much is spent with Oracle.
- Several customers reported that often Oracle will ask them to recreate problems on physical systems so that the problem can be isolated. Oracle argues, and Wikibon agrees, that it must do this to minimize finger pointing.
- Nonetheless, it appears Oracle is being less than proactive with regard to supporting and certifying Oracle for virtualized platforms – with the exception of Oracle VM and in cases where customers pay Oracle large sums.
Advice to Oracle DBAs
There are several actions users can take to extract maximum value from virtualizing Oracle while at the same time minimizing risk, including:
- Choose the right virtualization platform. Several options are available. VMware right now is the front-runner in the enterprise, but Microsoft Hyper-V and Citrix Xen are both increasingly popular and growing. There are others such as IBM’s LPAR and of course, Oracle VM.
- Properly configuring system and storage resources. There will be overhead associated with virtualizing Oracle. This overhead can be minimized and made negligible for most applications with some careful planning and expertise. The use of outside consultants may be warranted as this is a long-term platform decision for organizations.
- Understand Oracle’s virtualization policies. Users should familiarize themselves with Oracle’s partitioning guidelines. Clearly Oracle is not eager to allow users to cut their Oracle software and maintenance bills using virtualization.
- Be prepared to recreate problems on physical machines. The number of customers reporting that Oracle insists on this policy cannot be ignored. Oracle has every right to do this as a means of avoiding finger pointing and users should expect that Oracle will adhere to this strategy. However, third-party software tools are available that simplify migrating a database to and from a virtualized environment are available in the market.
- Push for VMware support from ISVs. SAP, IBM, and others will support Oracle running under VMware, and this is a critical piece of the puzzle. Several vendors have announced tested and proven solutions, which are an excellent customer ‘freebie’ that warrants investigation.
- Reduce reliance on Oracle. Some Wikibon users have reported that they are having great success with non-Oracle databases in virtual environments. Several Wikibon members are migrating key applications to Microsoft SQL Server or in some cases IBM’s DB2 because the vendors are stable and provide better support for virtualization than Oracle does. However, migrating mission-critical databases is not advisable in most cases as the risks may not outweigh the rewards.
- Rethinking the organizational structures. Infrastructure support has been built out along stove-piped lines – e.g. server admins, storage admins, DBAs, network admins, etc. These roles are changing as a result of virtualization, and organizations must re-consider common goals, incentive systems and reporting structures.
On balance, the Wikibon community advises that customers begin to aggressively adopt virtualization technologies for Oracle environments. Because there are risks, especially given Oracle’s selective support and certification approach, users should start small with test and dev systems and work their way across the application portfolio. Some systems may never migrate but most will, and therefore it is important to establish good technical, operational, and procedural practices that can serve as a platform for the next five to ten years.
Action item: By mid-decade, 90% of Oracle-based applications will be virtualized. This inevitability heightens the imperative that organizations begin to formally develop a virtualization plan instead of ad hoc test and dev deployments. Establishing best practices today will serve to ensure that virtualizing Oracle will be both profitable and less risky down the road.
The Peer Incite on May 3, 2011, featured a debate on the benefits of virtualization of Oracle workloads. A great synopsis of the positive reasons for migration were given by Nathan Briggs, CEO of House of Brick as a Wikibon article. Wikibon has also indicated its full support in a research note called "Damn the Torpedoes: Virtualize Oracle as Fast as Possible" for taking an aggressive approach to virtualizing product Oracle systems.
Bill Santilli, however, took a more cautious and pragmatic approach in saying that the risks of introducing an extra layer of complexity are not justified for many mission critical workloads.
Wikibon suggests five main areas for CIO focus when reviewing whether or not to virtualize mission critical applications:
Server Capacity Requirements of the Application
The business case for running multiple virtual machines on a single physical machine is overwhelming. The case for reduction goes down dramatically as the number of virtual servers on a physical server goes down. The CPU tax of 18%, the I/O tax of 20% for higher quality storage together with the cost of VMware licenses will eliminate cost reduction as a reason for virtualization as the size of the individual workloads increase to be a significant percentage of server capacity.
Application High-Availability Requirements
Virtualization and the use of VMware’s Site Recovery Manager can be very cost-effective methods of providing “good enough” high-availability solutions. However, the very highest levels of availability require the use of Oracle RAC and other solutions and are often based on non-X86 architectures. If the line-of-business can cost-justify the expenditure (and especially if a platform migration is required), virtualization is very unlikely to be an optimum strategy.
Application and Data Security Requirements
Current security practice for X86 systems is based on creating and defending walls around physical parts of the infrastructure. The walls and the defenses are not perfect, but there is significant experience within the security community on how to establish best practice in such an environment. To achieve very high levels of security, an integrated architecture involving hardware and software functionality is required: for example, mainframe systems from IBM and Unisys have much higher levels of security functionality based on their ability to define a complete, integrated security-stack including hardware and software.
At the recent EMCworld, Paul Moritz spoke of the requirement to develop virtual walls with both hardware function (from Intel) and software function. He pointed out the monitoring tools patrolling these walls would be creating so much data that completely new security analytic tools were required. VMware is making aggressive investments in security, but the bottom line is that VMware security is currently still a work in progress. The level of security that can be achieved by this new approach has yet to be assessed by the security community.
For systems requiring the highest levels of security, best practice for VMware will continue to be to create physical walls round the virtual resources, and isolate sensitive applications as much as possible. This may mean creating multiple VMware secure islands and may impact the business case for virtualization.
Potential for Optimization of Oracle Licensing
In a research note called "Oracle Negotiation Myths and Understanding Virtualization Adoption in Oracle Shops", Wikibon is on record as saying that achieving long-term significant reduction of Oracle licenses using virtualization is an illusion. Short-tem tactical savings can be made, but care should be taken in assuming that those savings will survive the next budget cycle. Oracle savings should not be a significant part of the business case for virtualizing an application.
Application Requirement for Oracle and ISV Support
For most customers, Oracle does not provide support and qualification for virtualized environments, with the exception of Oracle RAC. Oracle can and does insist on the recreation of new problems in a physical server environment. Wikibon has discussed these issues extensively. At the end of the day, the line-of-business and application development will have to decide if the threat or reality of reduced support is more significant than the reduced operational costs.
Action item: CIOs should take a pragmatic approach and fully engage the different parts of IT and the lines-of-business in decisions on whether or not to virtualize production Oracle-based applications with high business value. There is plenty of low handing fruit for virtualization of production applications. Wikibon would recommend ensuring that every application virtualized is a success rather than pushing the envelope too quickly.
Migrating an IT organization from a primarily physical infrastructure to the virtual world brings significant organizational challenges that go well beyond the direct purview of CIOs and their team members.
With roughly 2/3rds of the average IT budget earmarked for managing day-to-day infrastructure or operations overhead and pressure from management to produce better-faster-cheaper results from basically flat budgets, CIOs are looking to virtualization to decrease costs while not degrading service levels in the process.
Wikibon has written extensively on the subject of virtualization and its impact on budgets. Virtualization technologies - especially when applied to server and storage assets - have the potential to free up a significant percentage of resources that can be reallocated to new projects and help drive business innovation or top line growth. Wikibon’s recent Peer Incite focused on Oracle and VMware shed light on specific application areas to target but also cautioned users to plan carefully and communicate the strategy clearly both to the IT organization and to the business lines that they support.
Transforming the IT Organization
In the physical world, IT is organized in stovepipes - servers, storage, database admin, network admin, etc. In a virtual world, where you're placing an abstraction layer in between the physical and logical (i.e. the hypervisor) these go away. Thus, IT organizations will need to flatten the organization and focus teams on shared incentives. In addition, IT will need to get buy-in from application development heads and the lines of business.
Selling Virtualization to the Business
Business leaders and application owners who are used to having dedicated hardware and services to support their apps will need to be educated on the benefits of virtualization for them including lower cost of computing – especially when chargebacks are involved. Other benefits include budget to tackle additional projects, higher application availability as well as improved failover capabilities.
CIOs should be cautious of vendor claims that any application, no matter how monolithic, can be virtualized with ease. For example, according to several expert sources recently interviewed by Wikibon, databases such as Oracle place “significant demands on the underlying runtime and infrastructure due to their need for transactions that can span network and storage I/O usually simultaneously.” Since x86 hypervisors, like VMware, are new, they are still evolving this capability. For more detailed information, review this White Paper from VMware.
When implemented with care, virtualization technology can provide many benefits to both IT and the business lines it supports. CIOs will need to rethink their IT organizational structure and effectively communicate these changes and the benefits to their business line customers.
Action item: Start small and communicate effectively. Most virtualization experts and IT organizations that have already gone through the process recommend starting with smaller, less mission-critical applications first and making sure the effected business units and IT personnel are on board with the strategy.
Oracle is less than enthusiastic about supporting customers who want to virtualize Oracle databases on VMware or other non-Oracle platforms. Except for very large deals, generally $5 million or more, or in cases where Oracle customers present a powerful, united front, Oracle is unlikely to offer VMware certification and frequently will offer less than proactive service.
We believe Oracle’s position is based on economics, not technology. From a technology perspective, we believe Oracle is more than capable of supporting and certifying VMware and other virtual environments. Rather, in our opinion, Oracle has made the business decision to sometimes withhold VMware support in an effort to persuade customers to choose its own virtualization offering, Oracle VM.
For Wikibon users that forge ahead and virtualize Oracle databases on VMware without Oracle’s blessing, we have found that Oracle will often only provide support when needed if customers return their deployments to physical instances, a not uncomplicated step. In short, Oracle is attempting to make running Oracle on VMware such a risky and potentially complicated endeavor that most customers will opt not to do so.
That is unfortunate, as there are numerous benefits of virtualizing Oracle on VMware over Oracle VM. Moreover, several Wikibon users have reported success with virtualizing Oracle and in some regions good support from the database vendor.
Since Oracle is unlikely to change its position broadly any time soon, application vendors should help Oracle database customers who want to virtualize on VMware band together and organize themselves by industry, geography or a combination of both in order to increase their collective bargaining power with Oracle.
A similar strategy has already proven successful for the pharmaceutical industry, which, with the support of the Food and Drug Administration and large payments to Oracle, has enticed the vendor to certify VMware at drug makers and other pharmaceutical companies.
Action item: With the pharmaceutical industry as a guide, application vendors like SAP and Microsoft should help identify and organize large groups of Oracle customers to create critical negotiating mass. Such groups of customers, presenting a united front, are more likely to succeed in cajoling Oracle to support VMware, Hyper-V and Citrix installations than any single customer. Large Oracle customers should lead the way, with smaller customers following right behind. Taking such steps, Wikibon believes 90% of Oracle databases will be virtualized by the middle of this decade, with VMware the dominant platform.
At House of Brick, these are the reasons we typically discuss with our clients considering a tier-1 virtualization project. We say that any one of these would be sufficient reason to proceed, but most organizations get them all.
- Cost Reduction — This comes in the form of both CapEx reductions from hardware and hardware-based software licensing, and OpEx reductions from improved manageability, shorter development cycles, improved QA, etc.
- Near 100% Reliable Disaster Recoverability — Historical recovery from a DR image has been dicey at best. VMware provides a near 100% recoverability by encapsulating the application, settings, operating system, and all patches inside the VM without the need for manual synchronization of systems. That recovered VM can go on any appropriate hardware.
- Product Release Cycle Optimization — Full clones at the push of a button for QA/UAT testing without using application vendor cloning tools; Isolated test environments; Quick server provisioning; Improved development server management, etc.
- High Availability (HA) — VMware HA and RAC working side-by-side for optimal availability; Use VMware HA only for SLA’s of 5 to 10 minutes at a fraction of the cost of Oracle RAC.
- .Oracle (or other hardware-based) License Optimization — Load up the hardware with more Oracle workloads without paying for more licenses; comingle pre-production and production workloads on the same servers with performance isolation; use SRM and array-based replication to maintain recoverable DR copies in remote data centers without licensing the standby servers (until and unless they are needed).
- Production Error Capture — When there is a production problem, create a snapshot (after a brief down) to capture the reproducible error state. That production capture can then be triaged and diagnosed in a safe environment.
- Security Considerations — Complete isolation between systems on the same host; smaller attack target footprint; processor-based VM security assist, VMKernel hardware isolation; randomization of executable locations; Dynamic Binary Translation; zero-based memory; storage isolation between VM’s that prevents wide-scale data corruption; virtual switches less vulnerable to MAC spoofing, random frame, and other types of attacks; etc.
Action item: The reasons for virtualizing Tier-1 workloads are more rich and complex than those for virtualizing less critical systems. Evaluate these reasons to see if your organization could benefit from an Oracle or other Tier-1 virtualization strategy.