Keep database licensing under control by combining strong storage policies with AHV auditing
In the early years of my career in enterprise software, I often heard that downtime of servers, networks, and components was undesirable, but the fidelity of your data was mission critical. Most things can be restarted or fixed, but lost data might remain lost forever. It’s a real concern when you run a mission-critical workload that might be responsible for making your end of year financial sales, or a workload who’s resulting work could impact lives. It’s no surprise then, that databases are critical components of any stateful computer architecture.
Databases and database management systems have a long history and come in many generations and vendors. By the 1990s, relational databases (RDBMS) became very popular. Despite newer NoSQL databases having come to market in the 2000s, relational databases are still quite popular and widely used on physical and virtualized servers. According to Wikipedia, IBM DB2, Oracle, MySQL, and Microsoft SQL Server still remain the most-searched RDBMS’. These databases remain especially common because technologies like virtualization can extend the lifespan of legacy applications years, if not decades, beyond their original intended use.
Licensing Complexity with VirtualizationAs a result of databases’ importance and value to businesses of all sizes, licensing for databases can be very expensive. Licenses for paid databases are commonly assessed on the count of CPU cores or processor sockets, whereas storage is typically not a license metric. On a physical server, this is straightforward. The cores or processors for the servers used for the database are counted and the license cost is assessed. Virtualization’s cost and management benefits over bare-metal have made it the standard for deploying applications, but this has resulted in some complexity for database licensing.
Virtualization allows for movement of running virtual machines across clusters of host server nodes; known as live migration. With anywhere from 3-32 physical server or hyper-converged (HCI) nodes in a cluster, licensed database vendors have applied an expensive, opportunistic approach to licensing in a virtual environment and generally require every CPU socket or core to be licensed. As a result, customers using virtualization have optimized for dedicated, smaller clusters to limit their exposure to over licensing.
Nutanix hyper-converged infrastructure scales linearly by including storage and compute in every node. To add storage needed for your database, you will also add compute. This is a core benefit of Nutanix HCI. In many cases, however, customers don’t need or intend to run their database servers on all nodes, and therefore don’t want to pay for expensive database licenses on nodes they won’t be using to run database VMs. In the past, customers have deployed VM:Host affinity rules which kept database VMs on approved compute nodes. This wasn’t well-received by these same vendors since this enforcement was not believed to be strong enough.
Nutanix Introduces Strong Node Enforcement and AuditingIn the AOS 5.10 release from November 2018, Nutanix introduced a pair of features which work perfectly together to control license scope for databases. These are the Never Schedulable node policyand AHV Auditing. Together these give you unbreakably strong control over AHV HCI nodes to be deployed as a storage-only node type, and a machine-generated audit trail of all configuration and migration changes to AHV VMs in Prism Central.
See AOS 5.10 What’s New & Prism 5.10 What’s New (Nutanix portal links).
These two features together provide a defensible solution for turning your selected nodes into storage only, and the verifiable audit trail to show you or auditors the history of changes and movement within your Nutanix environment. Strong policy combined with verifiable audit proof give you control over your database VMs, and greater control over which nodes are subject to database licensing.
Introducing the Never Schedulable storage-only policy [Documentation]License databases use server CPU processor core or socket count as the license cost metric when buying entitlements. Storage space is not part of this costing calculation for licensing for Oracle and MS-SQL. To separate an HCI node for use as storage-only inside a cluster, you can now use the Never Schedulable policy to enforce that user VMs (UVMs) can never run on this node. This includes all UVMs regardless if they are database VMs or not. Never Schedulable is a strict policy which changes the node type to storage-only. This fully prevents any VMs including agent VMs and Prism Central VMs from running on this node. Only the Nutanix Controller VM (CVM) can run on this node.
To further enforce policy clarity, the policy can only be changed by fully removing the storage-only node from the Nutanix cluster. A core component of enforcing policy fidelity is ensuring that no one can modify this policy while the node remains in the cluster. Never Schedulable cannot be accidentally turned off which removes any risk from accidental clicks which could incur a licensing impact event. To add or remove the Never Schedulable policy, your node must be removed from the cluster. Removal from the cluster will remove all data from the node. When adding a new node this will be a rapid process. Existing nodes with significant amounts of data can take several hours to remove while data is migrated back to the cluster.
Never Schedulable highlights:
- Introduced with AOS 5.10
- Never Schedulable allows only the Controller VM (CVM) to operate on that node. All other VMs including agent VMs and Prism Central VMs are strictly prevented from running on this node.
- This strict policy can only be added or removed when the target node is not part of the cluster in which it will reside. This prevents any ability to change the node type while it lives in the cluster.
Introducing AHV Auditing [Documentation]The Prism 5.10 release introduces AHV Auditing. Auditing appears in Prism Central under Activity > Audits, next to Alerts, Events, and Tasks. This feature provides an auto-generated audit trail of VM configuration and changes, complete with a record of all related details to the event. Each audit includes a change event description, name of the user who performed the change, entity type, operation type, request time, and cluster on which the change was made.
This feature complements the Never Schedulable node policy to provide a machine-generated, unalterable record of VM configuration and migration changes. Combined with remote syslog, you can now use any reporting tool like Splunk to provide an audit trail to confirm that your VMs never touched the storage-only Never Schedulable nodes in your cluster. This is a powerful combination which gives you control and verification for your database VMs.
AHV auditing highlights:
- Introduced with Prism 5.10
- Automatic VM auditing for configuration changes, live migrations, and more
- Remote syslog server configurable for long-term retention
Increase Database ROI by Controlling License UsageDatabases are very valuable, but no one wants to spend more on licenses than necessary. Nutanix now enables you to leverage HCI for your database workloads through a strong storage-only policy on AHV nodes and automatically producing an unalterable audit trail for compliance reporting. The policy gives you control. The audit trail gives you proof of compliance. Together you get peace of mind that you’re only using your licensed databases where you intended and getting the most from your HCI investment.
Are you using licensed databases with AHV? Try this today to decrease your license spend and increase control today.
Disclaimer: This blog may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such site.
2019 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and the other Nutanix products and features mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. All other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s).