Free virtual appliances can fill critical virtual infrastructure holes. Virtual appliances are preconfigured virtual...
machines (VMs) that consist of an operating system and application, which eliminates installation and compatibility problems and simplify VM deployment.
Customers are demanding more from their virtual environments and looking for more services to run in VMs. This tip covers two free virtual appliances that provide VMware networking and monitoring. I've used both appliances, and they are suited for small virtualization environments.
VMware networking with Untangle 8.0
I've used Untangle as a VM, but now it's even easier to use as a virtual appliance. The Untangle appliance provides basic firewall services, protocol management and Quality of Service (QoS). In my home lab, I use the Untangle appliance as a Domain Name Server, Dynamic Host Configuration Protocol server, Web-content filter, spyware blocker and default gateway. Figure 1 shows the Untangle appliance installed on a virtual machine.
The Untangle virtual appliance can also be installed on a dedicated server, and it even functions as an appliance without virtualization. In either situation, the Untangle appliance delivers the same features in a very intuitive interface. It's a boon to a small home network, small office and anyone who wants to manage Internet connectivity in a cost-effective manner.
Untangle functions as a virtual rack appliance, which is an appliance within an appliance. Spyware Blocker within the Untangle appliance, for example, protects users against malware installation -- regardless of browser, operating system or configuration. The Untangle virtual appliance intercepts traffic and runs it through specified rules. Figure 2 depicts the Untangle virtual rack running in my lab.
The current version of the Untangle appliance is not distributed through the VMware Virtual Appliance Marketplace. Instead, it's on the Untangle wiki in the OVF format. Use the distributions that include VMware Tools on the appliances. Depending on your comfort with Linux environments, you can also download the version for physical systems and install VMware Tools, but I find the appliance distribution easier.
For virtualized environments, the Untangle appliance is especially useful because it can also manage the connections between networks. Its routing and firewall capabilities can create several interfaces and route rules, such as port forwarding and port redirection.
The free version has most of the features that small networks need. For the paid packages (i.e., Premium, Standard and Education), there are advanced features -- such as WAN failover and WAN balancing -- that add resiliency to sites with limited connectivity. Additional integration options, such as Active Directory identity management, can be a boon for a ready-to-go solution as well.
With the virtualized Untangle appliance, there are additional considerations for a virtualized firewall and network appliance. First, determine if the appliance will migrate from one host to another. In a small cluster that has two or three servers, it's best to have the Internet connectivity on a small switch that each server has a dedicated pair of vmnic interfaces. This arrangement allows the Untangle virtual appliance to migrate to another host to ensure Internet connectivity.
For a single VMware server solution, VMware Update Manager can make management difficult. When it runs, every VM must be off of an ESX or ESXi host. If the virtualization server holds the network routing, there is an issue with retrieving the updates. In this situation, I've used a backup laptop or hardware router device for Internet connectivity. A small vSphere cluster with vMotion works nicely for this configuration, however.
VMware monitoring with isyVmon v2.0 Freeware Edition
For server health visibility and availability, there are a lot of very expensive options. When a ping times out, for example, we need more than a script that pages. But how much infrastructure monitoring do we need? Many cost-conscious IT pros have gravitated to open source Nagios tools for infrastructure monitoring.
The isyVmon virtual appliance is a free option that provides Nagios monitoring for VMware environments. It simplifies the Nagios configuration, and it puts Nagios into a virtual machine format that is very comfortable for VMware admins. The isyVmon virtual appliance is in the VMware Appliance Marketplace, and the VM is sized to monitor up to 400 servers (although the free version is limited to 10 hosts). The virtual appliance is also reasonably sized, with 2 GB of RAM as it is initially set up.
After the virtual appliance is installed as an OVF, your first stop should be the isyVmon Admin Guide. It explains how to access the system and add a host into the monitoring pane, for example.
The isyVmon appliance works with a configured inventory of hosts that are entered into groups and templates. This setup allows the administrator to choose what happens when a system becomes unavailable. These actions include email alerts and a panel that displays a malfunctioning host's situation in red. Figure 3 shows offline virtual machine and how the free version enforces the 10 node host limit.
The check algorithm can be as simple as pinging VMs, or it can be more involved, such as gathering disk space information, checking CPU or listening for a TCP port. It can also monitor physical systems, not just virtual machines.
In terms of a VM for a monitoring platform, there are additional considerations. Ideally, the virtual machine is hosted within a vSphere cluster with High Availability. That way, the monitoring solution can inform of a virtualization host failure, in addition to what vCenter would report. I'd have both alerts available, even though they are duplicative.
A good monitoring virtual appliance isn't complete without a series of dashboards and graphs, and the isyVmon virtual appliance is no exception.
This free virtual appliance can scale pretty high. If there are simple checks only as ping, it can go quite high as a virtual machine. If more there are more involved monitoring factors, virtual switch port saturation may become a factor. Furthermore, the amount of CPU may become a consideration. IsyVmon allows the virtual appliance to scale out to additional nodes, which are called satellites, to distribute the workload.
About the expert
Rick Vanover (firstname.lastname@example.org) has the vExpert, VCP, MCITP, MCTS and MCSA certifications. He is an IT veteran who specializes in virtualization, server hardware, operating system support and technology management. Follow Rick on Twitter @RickVanover.