It’s day one of Citrix Synergy 2016, and what a great day it is for the XenServer product group! If you haven’t heard by now (check out Steve Wilson’s post), we just launched our most significant release ever: XenServer 7!
In this post, I want to give you a little insight into the key themes, features and product enhancements that are are going to benefit Citrix customers, whether they are using XenServer for traditional server virtualization, or application and desktop virtualization with XenApp and XenDesktop.
Enhanced graphics leadership
Since May 2013, when Citrix introduced NVDIA GRID vGPU integration to an eager Synergy audience, XenServer has led the field in hypervisor-based virtualized graphics.
In XenServer 7, Citrix extends support for NVIDIA GRID, to include the M6 & M60 GPUs, also increasing the number of vGPU sessions per host to 128. Add to this the introduction of GRID vGPU support for RHEL, OEL, CentOS and Ubuntu Linux desktops, and you have a flexible platform for either Windows or Linux-based, graphics intensive applications. This opens up new opportunities for our customers to virtualize Linux applications that have traditionally been desktop or workstation bound, centralizing them securely within the datacenter and benefiting from shared infrastructure to be used on cheaper, commodity end-user devices, PCs, tablets.
XenServer 7.0 with the NVIDIA TESLA M10 supports up to 128 NVIDIA GRID vGPU-enabled VMs (a 33% increase on XenServer 6.5), enabling the highest density deployments of GPU-accelerated applications across the enterprise for knowledge workers, and with the TESLA M60/M6, it supports the most graphics demanding CAD users – with no compromise in performance,” says John Fanelli, VP Product for NVIDIA GRID. “With GRID software, Citrix customers benefit from twice yearly updates to ensure they always have access to the latest innovations and improvements. Support for Linux brings the benefits of virtualization to an entirely new customers in industries such as oil and gas, media and entertainment, and aerospace and defense.
XenServer 7 also sees the introduction of a new GPU vendor. Following close collaboration with Intel, XenServer is the first hypervisor platform to support Intel’s virtualized graphics, GVT-g, which is based on the Iris Pro Graphics chipset. So, you might be asking, “Why is this so interesting?” For a start, the GPU is embedded within the CPU socket, requiring no additional hardware. Presently, it’s based on Broadwell CPUs (Xeon E3 v4), and is able to run up to 7 GPU sessions per CPU socket.
This creates a very low barrier to entry for businesses seeking to leverage enhanced graphics benefits via XenApp or XenDesktop. Learn more about GVT-g from Intel here.
Microsoft Technology integration
Citrix has a long history of integrating with, and supporting Microsoft operating systems and infrastructure products, and XenServer 7 is no exception.
- Automated Microsoft Windows VM driver management
Do you administer a larger XenServer environment? We currently support up to 1000 VMs per host, and have customers running thousands of hosts, so when time comes to updating the Windows VMs’ XenTools, it can be quite a challenge. Even with smaller infrastructures, the process of updating many Windows VMs can be a headache, something we’ve heard loud and clear from our customers. Our solution? Automation.
In XenServer 7, it is now possible to let Microsoft Update Services automatically install and/or update the Windows VM I/O drivers contained within those VMs, moving this once cumbersome process into the standard organizational framework for how their Windows machines are updated. - Microsoft Server Message Block (SMB) support
Adding to the wide variety of host storage connectivity, XenServer 7 now includes SMB to enable IT admins to use Windows storage devices running SMB for their XenServer VM’s disks. - Docker containers in Windows Server 2016
In May 2015, XenServer introduced Docker container management for Linux VMs, opening up visibility and management to IT admins, of the containers being used within their XenServer infrastructures. This year for XenServer 7, we are really excited to be supporting Docker containers on Microsoft Windows Server 2016 OS, rounding off our of Docker support across both Linux and Windows, the first and only commercial hypervisor to do so.
- A new Microsoft System Center Operations Manager (SCOM) management pack is now integrated and licensed in XenServer 7. For customers wanting greater Microsoft SCOM management visibility, this ties in well across the Citrix stack.
- The Microsoft Active Directory integration within XenServer has been improved, changing the underlying connectivity components, which increases the scalability to support large AD forests, whilst also increasing performance.
- XenServer 7 includes templates for Microsoft Windows 10 and preview of Windows Server 2016.
Revolutionary Security
Infrastructure security is always a challenge, and whether it’s protection from viruses, malware or hackers, there are a variety of tools and methods used by security vendors to help businesses protect their IT infrastructures from the variety of tools and methods used by the people with malicious intent. A big challenge is how malware and hackers get around, disable, or hide themselves from existing security solutions.
If someone can leverage a software vulnerability to gain access to a system, they tend to work their way up the security chain, seeking to get the highest level of system privileges from where they can disable security software and do the most damage or gain access to the most sensitive data.
XenServer 7 is different.
Working closely with Bitdefender, Citrix is proud to announce XenServer Direct Inspect APIs, which allow integration from third party security software companies to leverage hypervisor memory introspection (HVMI). This uses a privileged security appliance (SVA), one per-host to inspect the memory of VMs running on the host. As introspection is happening from outside the guest VM, there are no agents required within the VMs, and as such, nothing for a virus, piece of malware or hacker to disable within the VM. Should anyone also hack into a VM OS, they would also only be able to see within the boundaries of that VM container, and be completely unaware that a host-based SVA could be monitoring and blocking their activity; we call this “better than physical” protection.
Security products based on virus or malware signatures protect you from known risks, however what about day-zero attacks? How do you protect yourself against something for which there is no known signature? Bitdefender’s integration goes beyond the standard signature checking, by examining the techniques used by viruses or malware rather than their signatures, enabling protection of systems against day-zero attacks.
This solution isn’t targeted at replacing all disk based scanning protection, as the Direct Inspect APIs feature is a memory based solution, yet it extends protection through either a kernel-mode or user-mode (for specific applications), providing protection against a variety of security threats, including existing security products from being disabled. As such it complements existing disk based protection solutions. Find out more from Bitdefender on this blog and data sheet.
XenServer Direct Inspect APIs with Bitdefender GravityZone is a first and unique security feature for commercial hypervisors.
XenServer Management, Scalability and Performance
XenServer Health Check
If you’re a XenServer customer and you’ve ever spoken to Citrix Support, you will be familiar with Server Status Reports. With XenServer Health Check, we wanted to take the traditional tactical support process in a new direction, enabling proactive support of virtualized infrastructures.
It’s a simple approach; provide a mechanism that allows for regular infrastructure report uploads to Citrix Insight Services (CIS), perform analysis of the reports within the CIS cloud, then report back to the XenServer infrastructure on findings. With integration to CIS, this is an opt-in feature, whereby enrollment requires the appropriate host/pool & CIS credentials. The IT admin also defines the frequency (default is 2 weeks), the time and day of the week for the uploads.
Once the initial report for a given resource pool has been uploaded and analyzed, the resulting notifications are immediately available from XenCenter, with further information and reports available via a link to CIS:
Scalability and Performance
If you’ve ever heard me present, I will likely have uttered words similar to “we’ve scaled up” or “we have better performance”. Well I don’t like to disappoint, so guess what? We have scaled up and have better performance in XenServer 7 than any other previous release:
- 5x host RAM increase 5TB – more RAM potentially means bigger hosts and more VMs
- 2x host CPUs increase to 288 – increasing CPUs for greater density
- 2x host VBDs (disks) per SR up to 4096
- 8x VM RAM increase to 1.5TB – new VM use cases, such as in-memory databases
- 2x VM vCPUs increase to 32 – larger VMs to support more CPU intensive applications
- Support for Citrix AppDisks increases VM VBDs to 255
XenServer now also supports cgroups, something I hope that the Linux gurus amongst us would nod approvingly at, as these ensure that core processes running within dom0 have sufficient resource. This ensures that IT admins can still administer their hosts even when they’re under extreme load.
Host Management
- The latest XenCenter now includes a button for launching an SSH console session within PuTTY, making things far simpler to bring up a console session with minimal effort.
- XenServer Conversion Manager has been updated, and now supports the batch conversions of newer Windows releases (including Windows 10) from the latest VMware vSphere versions (including 6.0) to XenServer. This greatly simplifies the process of moving VMs from vSphere for customers seeking to avoid the vTax and adopt a more cost effective solution.
This isn’t everything included within XenServer 7, and I haven’t gone into sufficient detail to provide you everything you need to know about the features listed, however hopefully this overview will wet your appetite for more. Keep your eyes and ears open to further product and feature announcements coming soon, and in the mean time, check out XenServer on the web, upgrade your existing infrastructure to leverage its benefits, and follow @XenServer on Twitter.
Additional Resources:
- Intel: Making new server virtualization capabilities a reality
- Intel: Cloud security with Citrix XenServer and Xeon E5
- Bitdefender: Hypervisor Memory Introspection
- XenServer.org: XenServer Dundee Released
- XenOrchestra: Citrix Ready? Yes we are!