Choosing the Right Virtualization Platform (Part 1)

by [Published on 24 Sept. 2013 / Last Updated on 24 Sept. 2013]

This article provides guidance for choosing the right virtualization platform based on considerations of scalability and security.

If you would like to read the next part of this article series please go to Choosing the Right Virtualization Platform (Part 2).

Introduction

Choosing the right platform for running your workloads isn't something that should be decided upon lightly. Loyalty may be admirable when it comes to soldiers defending their country or followers promoting their religion. Loyalty to a vendor however isn't an admirable trait because the customer/vendor relationship is based on a value-for-value exchange and not on intangibles like love for your homeland or hope for eternal bliss.

So when it comes to choosing the right virtualization platform for your organization, you've got to let go of loyalty and try and consider only the cold hard facts. How scalable is the platform? Is it secure? Can I move my workloads without incurring downtime? How expensive is it to license? What types of deployment scenarios does it support? These and similar questions should be at the forefront of your mind when evaluating your current virtualization platform and when looking for alternatives that might better meet your organization's needs.

Hyper-V is clearly a viable virtualization platform for many organizations. It's also included in-box as part of the Windows Server operating system. VMware however already has a great deal of traction in the marketplace. But traction is really just another form of loyalty. Traction can also be something else--inertia. The lazy solution is to stick with the solution you're using, supposedly simply because it works but perhaps more honestly because it could be a lot of work to change to another platform. In fact, it can even be work simply to investigate the capabilities of alternative platforms in order to accurately compare them with your current platform. And IT people usually don't like to take on additional work because they're usually overloaded with more than they can handle.

That's where this article and the next can help. I asked Eyas Taifour, a Delivery Architect at Microsoft Consulting Services (MCS) / Enterprise Services to compare the capabilities of Windows Server 2012 Hyper-V and VMware vSphere Hypervisor so readers of this site can make an informed decision concerning which virtualization platform they should be using for their organization. I asked him to focus on just the facts, and in this first article we compare the scalability and security of Windows Server 2012 Hyper-V with both VMware vSphere hypervisor and VMware vSphere 5.1 Enterprise Plus.

Windows Server 2012 Hyper-V and VMware compared

With Hyper-V, it is now easier than ever for organizations of any size to easily take advantage of the cost savings of virtualization, and make the best use of hardware investment through consolidation of servers into virtual machines. Windows Server 2012 extends virtualization with more features, greater scalability, and greater choices of deployment. Drastic improvements have been made on many fronts, including flexibility, scalability, security and High Availability.

A key theme when performing comparative analysis between VMware's hypervisor offerings and Microsoft Hyper-V is feature lock-down. VMware provides many offerings, starting from a free entry-level hypervisor which is quite limited in scalability and features (VMware vSphere hypervisor). Customers usually start from there, and as they progress find themselves constantly in need for edition upgrades to unlock some features. The savings attained from consolidating workloads into Virtual Machines are partially spent back by VMware customers on acquiring licenses to unlock features, as some ROI studies show. On the other hand, Windows Server 2012 does not have feature lockdowns. The SKUs of Windows Server 2012 all have the same technical capabilities, and as this article will show, usually surpass and sometimes match VMware's top end hypervisor offering.

Scalability

First and foremost, scalability and initial consolidation ratios represent a basic question frequently asked when sizing an environment. Organizations are looking to cut costs in hardware investments, and need to understand the maximum scalability and performance achievable with each hypervisor. The advent of private clouds and Infrastructure as a Service (IaaS) is changing the way IT is perceived in the organization. IT is now abstracting its datacenters and standardizing its infrastructure into scale units instead of looking at individual silos of resources. This pooling of resources forces departments to choose the technology that offers the highest scalability at the lowest cost. As Table 1-1 below shows, Hyper-V in Windows Server 2012 provides greater scalability across Host, VM, and Cluster when compared with VMware vSphere hypervisor.

 

Resource

Windows Server 2012 Hyper-V

VMware vSphere Hypervisor

VMware vSphere 5.1 Enterprise Plus

Host

Logical Processors

320

160

160

 

Physical memory

4 TB

32 GB

2 TB

 

Virtual CPUs per host

2048

2048

2048

VM

Virtual CPU per VM

64

8

64

 

Memory per VM

1 TB

32 GB

1 TB

 

Active VMs per host

1024

512

512

 

Guest NUMA

Yes

Yes

Yes

Cluster

Maximum nodes

64

N/A

32

 

Maximum VMs

8000

N/A

4000

Table 1-1: Scalability comparison of Windows Server 2012 Hyper-V and VMware vSphere Hypervisor

VMware positions "VMware vSphere hypervisor" as an entry-level solution designed to allow virtualization at no cost. However, organizations soon realize that some restrictions are imposed on this free hypervisor, forcing them to purchase one of the more advanced vSphere editions. Some examples are:

  • Limit on physical memory on the host, which is capped at 32GB on the vSphere hypervisor. This in turn limits the maximum virtual machine memory.
  • The inclusion of 32 Virtual Processors within a virtual machine, which is exclusive to the Enterprise Plus edition of vSphere (other editions, such as vSphere Hypervisor, vSphere 5.0 essentials, Essentials Plus, Standard, and Enterprise, remain capped at 8 virtual processors per virtual machine).

In almost all cases - whether opting for Microsoft Hyper-V or VMware vSphere - organizations will consider designing their environment for high availability. This is achieved through many measures on the solution design level, most notably through the deployment of clusters. If an organization decides to opt for VMware vSphere for its virtualization needs, it will require purchasing vSphere 5.1 to unlock high availability and resiliency features. Even then, clusters will be limited to 32 nodes and 4000 active VMs.

On the other hand, Windows Server 2012 ships with inbox roles and features that do not require additional licenses. These roles and features include Windows Server Failover Clustering, Cluster Shared Volumes, Live Migration, Live Storage Migration, Shared-Nothing Live Migration, Hyper-V replica, and many others. Hyper-V clusters in Windows Server 2012 can have a maximum of 64 nodes, and operate a total of 8000 active VMs.

Security

With the advent of Infrastructure as a service (IaaS), IT organizations and hosting providers need to offer their customers enhanced security and isolation one from another. If a service provider is hosting services for two companies, the IT staff must ensure that each company is provided its own privacy and security. Operations can become more complicated when customers decide to extend their datacenters to the service provider's, thus creating hybrid clouds. The service provider needs to ensure isolation of the VMs, and ensure no conflict will arise on the infrastructure.

Multi-tenancy is equally important in an enterprise environment. Usually, threat assessments (such as STRIDE), or other requirements dictate the need to segregate data and systems from each other (for example, finance systems, or R&D) from lower security zones. Organizations that run private clouds and operate an IaaS must consider multi-tenancy.

Windows Server 2012 contains new security and isolation capabilities through the Hyper-V extensible switch. IT teams can enforce network isolation on groups, which typically represent individual customers or specific workloads.

The extensible Hyper-V switch can further be extended with additional features, which in turn permits an ecosystem of virtual switches developed by partners. It is an open platform that lets multiple vendors provide extensions that are written to standard Windows API frameworks. The reliability is backed by the Windows Hardware Quality Labs (WHQL) certification program. Several partners have already announced extensions for the Hyper-V extensible switch, including:

  • Cisco Nexus 1000V series switches and UCS Virtual Machine Fabric Extender (VM-FEX)
  • NEC OpenFlow
  • 5nine Security Manager
  • InMon sFlow

Whilst VMware offers an advanced distributed switch, it is only available in the Enterprise Plus edition of vSphere 5.1. Lesser editions, such as the VMware vSphere hypervisor, do not have this functionality, thus forcing customers to upgrade to the highest edition at a substantial cost. The VMware vSphere vSwitch is not open or extensible. Up until recently, Cisco was the only vendor to provide an alternative switch to VMware vSphere Distributed Switch.

On the other hand, Windows Server 2012 is working closely with partners to deliver extended functionality across a variety of different extension types, from packet inspection and filtering through to forwarding and intrusion detection, offering customers a great choice. Table 1-2 below describes the advantages of the Hyper-V extensible switch over VMware's vSwitch:

Capability

Windows Server 2012 Hyper-V

VMware vSphere hypervisor

VMware vSphere 5.1 Enterprise Plus

Extensible Network Switch

Yes

No

Replaceable

Confirmed Partner extensions

4

No

2

Private Virtual LAN (PVLAN)

Yes

No

Yes

ARP/ND Spoofing Protection

Yes

No

vCloud Network & Security / Partner

DHCP Snooping/DHCP Guard

Yes

No

vCloud Network & Security / Partner

Virtual Port ACLs

Yes

No

vCloud Network & Security / Partner

Trunk mode to virtual machine

Yes

No

Yes

Port Monitoring

Yes

Per port group

Yes

Port Mirroring

Yes

Per port group

Yes

Table 1-2: Capability comparison of Hyper-V extensible switch and VMware's vSwitch

Many of the capabilities needed to secure a virtualized network are not available in VMware vSphere hypervisor. Even with vSphere 5.1 Enterprise Plus, key security capabilities are only available through VMware's vCloud Network & Security or through partner extensions (additional purchases on top of vSphere). This means that customers once again will have to purchase additional technologies to unlock certain features.

In the second part of this two-part article, we will compare the mobility, VDI support and licensing of Windows Server 2012 Hyper-V with both VMware vSphere hypervisor and VMware vSphere 5.1 Enterprise Plus.

If you would like to read the next part of this article series please go to Choosing the Right Virtualization Platform (Part 2).

Featured Links