October 10, 2017 – At the Nutanix .NEXT 2017 conference (North America), Nutanix announced a tool that would simplify Virtual Machine (VM) and database migrations to a Nutanix private cloud.
Today, Nutanix has publicly released those tools – known as Nutanix Xtract for VMs & Nutanix for DBs.
Up until today, cross-hypervisor VM migrations were possible via a multi-step approach such as:
File-system whitelisting of Nutanix Storage
Mount the AHV container as an NFS datastore to vSphere
Storage vMotioning VM(s)
Convert VM disks to AHV by importing into the Image Configuration Service
Create new AHV VM and attach imported Windows disk to the VM
Today, Nutanix Xtract for VMs allows for agentless live-migration of Virtual Machines from VMware ESXi to Acropolis AHV – with minimal downtime.
Streamlined migrations with one-click simplicity
Near-zero downtime with full cutover control
Simple test migrations and roll-back capabilities
Cost efficient – included with all Nutanix software editions
In keeping with the Nutanix release cycle, today is another day of innovation — for you, the customer, at no additional cost.
Translated:
More efficient
Less impactful
Automated
And, no cost! 🤑
Nutanix Xtract for VMs has the following functionality upon the v1.0 GA release:
Migrate powered on or powered off VMs
Pause and resume migration
Schedule migration
Schedule data-seeding for the virtual machines in advance and cut over to a new AHV cluster
Manage VM migration between multiple clusters from a single management interface
Sort and group VMs for easy migration
Monitor details of migration plan execution even at the individual VM level
Cancel in-progress migration for individual VMs
Migrate all AHV certified OSes
So… starting today – you, the customer, can now migrate your Guest OSes supported by AHV from vCenter and ESXi 5.5, 6.0, and 6.5 to Acropolis AOS 5.0.x and 5.1.x.
There are a few Unsupported Features that you should note, but otherwise — in so few words…
Select your VMs
– Map ESXi port group to AHV target network
– Schedule time for migration to complete
Grab your beverage of choice and wait for a periodic sync to destination
Perform final cutover/migration of VM
Upon final cutover, the source VM is shutdown and the target VM is brought up live on Nutanix AHV.
Virtualizing servers and applications is nothing new, and is often considered common practice these days. More and more Tier 1 applications – Domain Controllers, Microsoft Exchange Server, Microsoft SQL Server, and VDI Desktops – are provisioned as Virtual Machines, due to their ability to be agile and highly available. With continued advancements at the hypervisor and storage levels – including VM high availability, distributed/dynamic scheduling, and scale-out, shared-nothing architectures, infrastructure is much more resilient than ever. However, human error is still a VERY common factor in many unplanned outages. Out of the box, Microsoft Windows desktop and server OSes allow any user the ability to eject various HotPlug devices, which could lead to a server or desktop being immediately disconnected and unavailable.
The Windows feature to ‘Safely Remove Hardware and Eject Media’ sounds good in theory, say to eject a USB drive from the operating system. Thanks to Windows Search Index, the OS will often prevent you doing something really bad, such as ejecting a virtualized SCSI attached disk. Nonetheless, ejecting a virtualized network adapter of a production VM seems like a great way to ruin your day.
This STILL does not prevent an administrator (you know, the ones often working on servers) from accidentally clicking the wrong icon.
Well-respect consultant and developer Helge Klein released a great (and frequently referenced!) post in 2012, detailing the ability to disable HotPlug functionality in VMware ESX – both at the hypervisor level, along within the Windows Guest OS.
Nutanix
Since the publishing of Helge’s article, additional hypervisors have been released and adopted in the marketplace. Nutanix may have started the explosion on the scene as a storage disruptor, while making traditional three-tier architecture obsolete. In doing so, Nutanix still allowed a choice of industry standard hypervisors, VMware ESX or Microsoft Hyper-V, to run on top of their commodity hardware. But Nutanix did not stop at simply disrupting the storage market, they wanted to ensure a practice known as ‘Invisible Infrastructure for Enterprise Computing.’ In theory – the storage shouldn’t matter, the hypervisor shouldn’t matter – IT should be a transparent and turnkey solution that focuses on applications and on the business. At .NEXT, Nutanix’s first user conference in June 2015, another disruptive announcement was dropped – Nutanix would release their own hypervisor entitled Acropolis (AHV), based on Linux KVM. Only 1 year later at .NEXT 2016, Nutanix is now reporting 15% of all deployed clusters are running AHV for client workloads.
Placing key infrastructure workloads on Acropolis, such as Microsoft Exchange, SQL, and Citrix XenDesktop, and VMware View are vendor supported (and recommended, if I must say so myself) AND yield an incredible ROI to the business. However, proper precautions need to be addressed to ensure users or administrators cannot accidentally eject virtualized hardware.
Windows VMs running on AHV will have 3 HotPlug devices within the guest OS
Nutanix VirtIO Ethernet Adapter
Nutanix VirtIO Balloon Driver
Nutanix VirtIO SCSI pass-through controller
Currently on Nutanix Acropolis, there is no supported way to disable HotPlug functionality at the hypervisor level. I have confirmed with Nutanix support and engineering that this is not something that is currently publicly exposed.
Currently, the best approach to disabling HotPlug devices within the guest OS would be to disable functionality from within the registry by changing flags on the ‘Capabilities’ key, based on each device within HKLM\SYSTEM\CCS\Enum\PCI.
A few notes regarding these changes:
Security permissions for all keys under ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\PCI’ are protected so that only the SYSTEM account has Full Control.
You could create a workaround by launching Regedit.exe as the SYSTEM account, leveraging a tool like Systernals PSExec (Owned by Microsoft)
Command Prompt – cmd.exe – Run as Administrator
> psexec -i -d -s c:\windows\regedit.exe
However, due to these keys being reverted upon machine restart, the best way to achieve this functionality is either via a computer startup script or Group Policy Preference registry keys – both which run under the SYSTEM account – and applied at computer boot.
Deployment – GPP
The simple and repeatable way to deploy these registry is using Group Policy Preference registry items
Update the REG_DWORD value of the Capabilities key to decimal value of (2) for the following keys:
Whichever methodology you choose – following this change, the HotPlug functionality of the Nutanix VirtIO devices should be removed – making users and admins sleep a little easier at night!
