Our final day at #CFD25 dove deeply into the feature sets of the recently-released VMware Cloud Foundation 9.0 (VCF 9.0). It was refreshing to discuss the intricacies of cloud computing that didn’t immediately turn towards how many hundreds or thousands of Docker or Kubernetes containers we can deploy at scale. Instead we focused on where a lot of the real work still happens out of sight and mind: the rugged families of databases capturing the exabytes of data eventually used to create documents everyone wants their generative AI workloads to consume.
As a long-time beta tester, user, and afficianado of Oracle Cloud Infrastructure (OCI), I understood the challenges laid at VMware’s doorstep to transform their offerings: Modern IT organizations must effectively operationalize their computing, storage, and networking infrastructure. I equate these facets to an aircraft’s three-bladed propeller: If just one blade is under-performing, the power and effectiveness of the other two will be compromised as well.
Blade #1: Managing Memory To Forestall the Impending DRAMpocalypse
As our VWmare presenter acknowledged, we’re currently in the throes of a“DRAMpocalypse,” so it’s never been more crucial for IT shops to manage their existing server’s memory resources effectively. (I recently purchased a new FrameWork laptop – hopefully the last one I’ll ever need to buy – and the recent spike prices for DRAM memory were a wallet-shocker.)
Answering this DRAMpocalypse, VCF 9.0 offers advanced memory tiering features to exchange the least-active pages from DRAM to NVMe. While most modern databases provide this tiering capability via software, this actually happens within the VMware configuration itself. It’s a hypervisor-native tiering mechanism that leverages what VMware terms a Logical Memory Unit, comprised of DRAM at the top of the tier and the slower NVMe storage tiered below.
The tiering mechanism’s goal is to keep CPUs from waiting to process pages in memory. As database workloads proceed, VMs consume logical memory and the tiering software dynamically relocates the hottest pages to DRAM and switches out the colder pages to NVMe storage. The tiering algorithm takes into account the I/O access method – read-only vs. read-write – needed for operations, too.
VMware claims this tiering method at least doubles the effective use of memory and returns a corresponding 40% reduction in TCO because the hottest pages are placed essentially closer to the CPU. The tiering algorithm is configured automatically so it doesn’t need constant monitoring for effectiveness.
Again, this isn’t a revolutionary concept – Oracle Database 12c implemented this feature 10+ years ago – but since the memory management is native to the hypervisor itself, less sophisticated or open source databases like MySQL or PostGres can take advantage of these performance enhancements.
And since this strategy insures that hottest pages aren’t being constantly exchanged between DRAM and NVMes, there’s also a side benefit: the potential to extend NVME useful life by preventing extensive read/write operations over time.
Finally, several data encryption security features are supported, and it can be deployed at either the host or VM level. Check out this detailed video demonstrating these features, and here’s the deeper details from VMware: https://blogs.vmware.com/cloud-foundation/vcf-advanced-memory-tiering/
Blade #2: Managing MySQL, Postgres, and SQL Server Databases with Data Services Manager 9 (DSM)
I thought it was pretty gutsy for VMware to show up in a room populated with several experienced DBAs from at least three database families – SQL Server, Oracle, and MySQL – to talk about the second prop blade: Data Services Manager 9 (DSM).
DSM offers full support for MySQL and Postgres – two of the most popular open-source database these days – as well as SQL Server. DSM gives VSphere administrators a central management portal to manage and control related resources via specific data service policies and infrastructure policies that limit access to database resources to specific users.
Infrastructure policies make it simple to grant privileges to qualified users – perhaps a trusted DevOps resource, or a junior DBA – to deploy clones of existing production databases, even permitting deployment of prior versions of database engines (releases) for researching issues related to prior releases.
Our VMware presenter also demonstrated how to deploy resources to support a MySQL database through DSM, including the ability to quickly deploy a clustered MySQL environment – a non-trivial exercise – with just a few mouse clicks.
Finally, as an experienced DBA, let me assure you if your DBAs aren’t constantly fretting about backing up your organization’s crucial databases – which should include development and staging databases! – then you haven’t got the right people on staff. VMware showed how DSM 9 made it simple to enable backup strategies, including selection of the appropriate storage targets for backup files.
I did probe our presenters about preserving Transparent Data Encryption (TDE) for MySQL databases. TDE is a particularly valuable feature for MySQL environments; it ensures data is truly encrypted within the database itself. This implies that any backups taken of TDE-encrypted database files remain encrypted to guarantee any database blocks within encrypted tablespaces are also encrypted when they’re backed up to eliminate a potential vector for discovering / accessing data.
Here’s a detailed look at this set of features; you can watch our CFD25 delegates’ spirited questioning too.
Blade #3: Tying It All Together Within Virtual Private Clouds (VPCs)
I’ll admit that the final blade on the prop – networking – tends to be the least interesting (and thus most often ignored) feature for data engineers and experienced DBAs.
Deploying the network infrastructure to support a modern database with proper restrictions is crucial to keeping data secured properly within any application and database environment. (I’ve recently struggled to set up relatively complex networking within OCI environments, so trust me: if networking isn’t in your regular wheelhouse, this operation is potentially error-prone.)
VMware demonstrated how VCF Networking NSX services made short work of building out robust public / private network infrastructure within a Virtual Private Cloud (VPC) in matter of minutes without having to worry about choosing exactly the right IPv4 addresses to make everything work. A particularly useful feature: VCF will not allow subnets to be deployed within overlapping CIDR address blocks accidentally, thus insuring network communication isn’t compromised by face-palm-level mistakes.
What wasn’t readily apparent was how to insure that particular ports within IP addresses are blocked or opened. To their credit, our VMware colleagues explained the best way to guarantee that protection level was to deploy their VDefense toolset to control port-level permissions.
Here’s a detailed look at this offering from VMware’s perspective, and here’s our delegates’ in-depth discussions and questions.
Conclusion: When All Blades Work …
Overall, VCF 9.0 looks to me like a full-featured yet evolving toolset valuable for open-source database management and corresponding support for application development and production deployments. Its self-service features mean IT shops can relegate complex performance monitoring, database environment management, and networking to reasonably qualified or junior team members without incurring significant risks of self-harm.
