VMware Cloud Community
Brett_Riverboat
Contributor
Contributor
‎08-11-2023 02:59 AM

Nested virtualisation - running ESXi 5.5 u3 in ESXi 7

Hello everyone. Quick question, but a lot of background info to go with it. And sorry if this is on the wrong board.

In a nutshell, I have a need to run an existing ESXi 5.5 u3 environment on modern hardware. Obviously, 5.5 u3 is EOL (and unsupported on the new hardware) so this will have to be done with nested virtualisation. Hopefully some knowledgeable person(s) might read this and be able to give a yay / nay, plus any caveats or gotchas I should be aware of.

The current 5.5 environment runs on 2x Dell M1000e chassis with a full complement of 16x M6xx blades in each. It has redundant attached storage (in the form of 4 arrays, 2 pairs with one pair per M1000e) and a mix of fibre and ethernet networking to connect everything together using the fabric switches in the back of the chassis as well as some external switches. On it are about 100 VMs of varying sizes and purposes, and each M1000e has 1x vCenter to manage it all. Each M1000e also has it's own IP subnet.

The 4x storage arrays are physical boxes with a RAID card, several SSDs and DataCore software running on Windows. I know, but I didn't design it...

I am also provided with pre-built images for the blades and SANs which are installed using a bootable USB stick.

Finally, this entire environment has a bespoke front-end bit of software that links in to vCenter, the CMC on the M1000e chassis and the DataCore software to provide a simple control interface that can be used by staff members who are not that technical to perform day to day tasks. This bit of software runs on a separate PC and connects via ethernet to the 5.5 u3 environment.

Essentialy, I need to virtualise this environment. Taking everything in both M1000e chassis into account, the RAM and storage values are relatively low but the CPU core count is high (600+). Initial investgations would suggest something like a Dell MX7000 chassis fully populated with 8x MX740c sleds would be enough to mimic the core count of one fully populated M1000e, the RAM and storage values would be trivial to attain.

So...my plan is to get a fully loaded MX7000, install ESXi 7.0 onto it, and use that to create 16 VMs with the same resources as the blades in the M1000e. I plan to then deploy my 5.5 u3 blade image onto those 16 VMs which I'm hoping will be treated just like they were blades in the M1000e. So let's call these VMs 'vblades'. I was going to have 2 SSDs per sled (one larger and one smaller) and use VSAN on them. The smaller ones would be used for 'local' drives to install and run ESX on the vblade, with the larger ones being used as shared storage. I'd then carve up that shared storage to make 16 individual LUNs visible to all 16 vblades.

I'd then create another 2 VMs in ESX7 and deploy the SAN image to those VMs, making sure they had the same resources allocated as the physical SANs. I have to do it this way as the control PC software (which is the ony thing from the 5.5 u3 environment that will remain physical) links into the DataCore API. This process would then be repeated on a second MX7000 to represent the other M1000e.

I have assumed that my ESXi 5.5 u3 environment would talk to ESXi 7, and that ESXi 7 would then talk to the modern hardware, and that at no point would ESXi 5.5 u3 try to engage directly with something it doesn't support or have a driver for - would that be correct?

I appreciate this is a bit of a faff...why don't I just upgrade everything to ESXi 7 etc, but I can't. Most, if not all, of the existing VMs and supplied images can't be altered and certainly can't be upgraded. So I am left with only the nested virtualisation option.

The good news is that this new environment will be used for development only, we're not going to put any load on it and won't need it to connect out to any physical hardware other than the control PC.

I hope I have explained everything OK. If not, assuming anyone has even read this far, then please ask for clarification on anything and I'll do my best to provide it.

Other than that, any advice on the above would be much appreciated

Thanks.

Labels (2)
0 Kudos
12 Replies
maksym007
Expert
Expert
‎08-11-2023 08:14 AM

Do you still have ISO of 5.5 u3? 

Does it even make sense to have 5.5 u3 nested ? 

0 Kudos
scott28tt
VMware Employee
VMware Employee
‎08-11-2023 01:22 PM

Why can’t you just run the VMs that you had hosted on the old 5.5 hosts on new 7.0 hosts?

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos
maksym007
Expert
Expert
‎08-11-2023 01:35 PM

Exactly. Even better. Hardware Compatiblity version only adjust and here you go

0 Kudos
Brett_Riverboat
Contributor
Contributor
‎08-17-2023 02:51 AM

That would be easier...but for various reasons they must remain on 5.5u3. 

Basically, the software has to remain as is (all components) but the hardware needs to be upgraded to the something modern. I know it doesn't make a lot of sense but that's what I have been tasked with investigating. I just need to get to the point where the 5.5u3 software can run without alteration on some new kit - it doesn't matter how that is accomplished, it just seemed that nested virtualisation (even though it's not generally recommended by VMWare) would be the best way of doing this. Probably the only way really.

Thanks

0 Kudos
scott28tt
VMware Employee
VMware Employee
‎08-17-2023 03:30 AM

It's WAY out of support, they must have some pretty heavy reasons.

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos
Brett_Riverboat
Contributor
Contributor
‎08-17-2023 03:36 AM

Indeed they do. And support availability is not a concern. I know 5.5u3 is old, but it has to be used. I have no choice in that matter.

I was just asking if it were feasible to approach the problem in this way. I know it's neither ideal nor recommended, but I was just trying to get a feel for whether in theory it would work. and I figured a question here would be a good start.  

 

0 Kudos
Kinnison
Commander
Commander
‎08-17-2023 04:27 AM

Hello,


In a particular case like yours perhaps your best option is to build a "pilot environment" leaving aside "modernity and market trends" in order to validate the feasibility, functionality and reliability of what constitutes your objective. look only at simplicity which is by no means synonymous with banality.


What I mean is that everyone's personal experiences are not in principle replicable in a different context.


Regards,
Ferdinando

0 Kudos
markey165
Expert
Expert
‎08-17-2023 04:39 AM

@Brett_Riverboat - Ouch, so its important enough to HAVE to run on 5.5, but not important enough to protect against ransomware or require any support. Fingers crossed whatever it is, isn't important or business critical 🙏

I realize you're only doing what you've been asked, but i'd be amazed if whatever it is can't be moved to a supported platform!

Hope you get it sorted, and please make sure you've got good backups! 😉

 

_____________________________________________
If this post helps you, please leave Kudo | or mark this reply as an answer
0 Kudos
Kinnison
Commander
Commander
‎08-17-2023 05:05 AM

Hello markey165,


There are such particular contexts where things "worthy of a museum" are still in use, some time ago I have the opportunity to see a power plant (conventional) still managed by an object called "IBM 1612" so I'm not too surprised that someone, nowadays and no matter what, is forced to live with something like ESXi 5.5 (or even worse) even if, if he could, he would gladly do without it.


Regards,
Ferdinando

0 Kudos
Brett_Riverboat
Contributor
Contributor
‎08-17-2023 05:23 AM

The environment is not internet-facing, and never will be, so ransomware etc is not a concern. It's very much a closed system.

It's also infinitely re-deployable in the event of a VM error or disk failure for example, and it doesn't store live data. It's basically a management and number crunching environment.

I just wanted a few second opinions on whether my approach to getting it running on modern hardware was viable, that's all. 

Thanks

0 Kudos
markey165
Expert
Expert
‎08-17-2023 05:59 AM

@Brett_Riverboat Totally understand and have been in similar situations myself . I just make sure when asked to run such systems, that someone else is accepting the risk 😊!

Bear in mind that your ESXi hosts don't need to be Internet facing for ransomware to be a concern. A bad actor can infiltrate your network via other avenues, then move laterally to other systems. However, if its a closed platform and not accessible to the general network, then you should be fine.

Anyway hope you get it all working ok 👍

 

_____________________________________________
If this post helps you, please leave Kudo | or mark this reply as an answer
0 Kudos
scott28tt
VMware Employee
VMware Employee
‎08-17-2023 06:56 AM

It sounds like an interesting project for an unusual use case.

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos