 Tom here from Lawrence Systems. We're going to talk about XCPNG, Zen Orchestra, and some of the latest updates to the project. Now if you're not familiar with XCPNG, I do have plenty of videos on the topic, including an entire Getting Started video I made for 2020, which is how to build a fully open source virtualization lab with XCPNG and Zen Orchestra. And if you're not familiar with the project, XCPNG is the base, essentially the hypervisor. Zen Orchestra is the add-on that runs as a virtual machine. Well, and they kind of are made by the same people, so I look at them as one product. But they are two separate things, and the Zen Orchestra updates have been really interesting lately. They got some really cool new features, so I'm going to dive into those. But first, if you'd like to learn more about me and my company, head over to LawrenceSystems.com. If you'd like to hire a short project, there's a hires button right at the top. If you'd like to help keep this channel sponsor-free and thank you to everyone who already has, there is a join button here for YouTube and a Patreon page. Your support is greatly appreciated. If you're looking for deals or discounts on products and services we offer on this channel, check out the affiliate links down below. They're in the description of all of our videos, including a link to our shirt store. We have a wide variety of shirts that we sell, and new designs come out, well, randomly, so check back frequently. And finally, our forums. Forums.LawrenceSystems.com is where you can have a more in-depth discussion about this video and other tech topics you've seen on this channel. Now, back to our content. And we'll start here. The XCP-NG documentation. So, the documentation has been, like, really updated. They've got an official site for it. It's xcpng.org slash docs. Now, this is for the XCP-NG hypervisor. And they were kind enough to feature some of my videos because I break down some comparisons and some history of the project. And this is actually part of a presentation I had did at a local group talking about it. And I do compare it to, like, VMware and I compare to Proxmox. So for those of you looking for a difference and looking for some history, I'll leave a link to this. And of course, it's right on the very first page of the documentation. Zen Orchestra, the add-on that runs on here, they've been really hard at work adding features to this. Now, the cool thing about Zen Orchestra, if you're not familiar with it, is it adds full functionality right down to the backups with XCP-NG. So, XCP-NG itself is all command line driven. Zen Orchestra gives you the nice web interface. That's a lot we're going to talk about. Now, we'll start with the 547. Now, I've done previous videos and everything leading up to this right here. The ones I haven't covered, 547 and 548. So, that's the latest updates from them right now. And it already supported OVA import. And if you're not familiar with the open virtualization application, a lot of different places provide a file. You can just download an import into your hypervisor and just, you know, something turnkey started up and running. They've added support for OVA too. This is a feature I really like is being able to just go in and import these because sometimes there's some virtual appliances you want to test out but don't want to take the time to do all the configuration. OVA import was nice. OVA2 import is nicer. Now, this, the SDN controller rules. This is a little bit more complicated. At some point, I will do a dedicated video on it because they're really ramping this up. Now, what this is is software defined networking and it is Zen Orchestra tying series of XCPNG servers together. This is a really cool concept. Now, it sounds kind of complicated but they do break it down. And essentially what you end up doing here is you take several XCPNG physical servers, several hosts, and you can have them all networked together. Even if they're not, let's say, even in the same data center, the same rack. And the advantage of this is being able to have virtual machines that have private network that don't directly access the rest of the network. It's really good for doing a private virtual lab. This is also really good if you're a security researcher and you need to do sandbox testing because you can put whatever firewall you want virtually in front, then design essentially entire network infrastructure that ties a series of servers together that only can talk to each other over private encrypted networks. And it's just really neat what they're doing with this. And they got now the ability to even create very specific traffic rules and going to be adding the option so you can actually apply the traffic rules on a per interface setting. So this is a project in development but really slick if you want to test it out. It's all, once again, free. There's no licenses needed for any of this. It's really cool. I've done a little bit of testing with it. Not enough to get in depth to do a video but I will in the future just do probably a video just focus on this software defined networking as it matures. So that's really cool. The LDAP over TLS config encryption. This is actually a feature I'm really happy they added the ability to when you download the config file out of Zen Orchestra, it didn't have an encryption option. Now I would just encrypt it myself when I do a backup of my config but it's really cool that they built it in. That's just, you know, the way it should be I think. Record failed user attempts to the audit log. Now they have an extensive audit log and one of the cool things that you can see with Zen Orchestra is everything that happened on a per user basis every change made. Now Zen Orchestra is actually used in a lot of data centers. We've done some consulting with some big companies that have this implemented and they have many users using Zen Orchestra and it's nice to have that audit trail of hey, who changed this or who did this with a virtual machine and they've got an entire audit log, audit trail, an integrity checker for it and a lot of data that you can gather from that. It also has a tamper proof system that they built in and it's just really nice. They're getting a lot more fine grained into that particular part of it and trust me audit logs are wonderful because sometimes and it's not necessarily malicious of course it's great for reverse engineering when someone did something malicious. It's also sometimes people just make mistakes they did things and well people sometimes they don't remember doing them or may try to deny doing them that audit log is actually really helpful. Backup improvements. Backups are the core of Zen Orchestra working and improving them every day. This is something I'm going to show you in person is like the list of VMs not backed up. I really like this and this is our Zen Orchestra and specifically this is you see how it says no support. I like to show people I'm using the compiled version so all these features you can buy the paid version of Zen Orchestra and get them all and get full support or if you want to compile them yourself if you're using this in a lab or for testing I like to do that because I know a lot of people will are going to start out by putting this in their lab putting it's in a testing zone you can get access to all the features without any support through this so I'm using this version and I'm on the latest version but I can say backed up VMs or I can say not backed up VMs which it's going to show none right now because I have backups on all of them but this is just a really good feature so I've now changed it to filter not running VMs these are some lab stuff that I have so it doesn't show there's any backups on there. Related to the backups as well the next feature they added was the ability to check the health of the backups and this is interesting because with the backup system being fully integrated with XEP and G one of things is if you don't have a backup job but you somehow have a backup file it can show you that list and actually I do this quite a bit because I create temporary backups I'll create a job and say you know what I just need something because I was building it on those supermicros for a demo I did I want to still hold on to that file for a little while but I don't need the virtual machine anymore I can destroy it but leave all of these set up in there this is kind of a neat use case when you're building a lab or I don't need a clutter of a backup jobs but I can still have all of those backed up servers that I can have and you can see how they're listed right here as far as the actual back overview backup jobs are listed here restore jobs even if they don't have anything and healthy can say hey these are these files that you have that don't have any of the backup jobs related to them just kind of nice because they give you different ways to pivot data also when you're looking at any particular backup you can go now inside the virtual machine when you're looking at it and say hey right here's the backup it's enabled what was the last status of that backup successful go here look at it and say all right here's the how long it took to back up and by the way when you do delta backups are impressively fast so it only took a few seconds as it said a few seconds so from 835 to 840 803 235 seconds to do the transfer and then merge the backups to create the delta so I have a snapshot of this and this one actually runs every couple hours and of course they added the edit button right here for convenience so let's go back down the list and I believe that is it now this is one thing they do have faster backup listings so when there's a lot of backups it does they optimize the performance on there no timeouts I never have enough in there to the timeouts but for some of the clients with large volumes of backups on there and you know hundreds of VMs sometimes I guess it would time out if they didn't have enough speed and it would wait too long on there so that's been fixed and this is something interesting too there's people have talked about bottlenecks now one of the bottlenecks is the way the compression works when you turn the compression on and the file transfer combined with a few other factors it can be really trouble hard to troubleshoot the backup performance and they're adding more optimization in there one of the things I've noticed is sometimes it doesn't seem to spread the load across all the processors with the previous versions it seems to be doing a better job of that so the backups do seem to be running faster now but they're also doing the data collected thanks to tracers won't be displayed in your infrastructure the data is stored in the log server proxies this is all part of uh enhancements and this is one of things I really like is they're always looking at it going how can we make it better it doesn't just work it's what can we do to make it better now let's move on to the zen 548 update this is that filter backup jobs this is kind of enhancement so 547 they didn't add it to actually add in 548 which is the latest one right now so that was what I just showed you there the accidental deletion this is kind of neat and I always thought it maybe was too easy to delete a vm and because it's only giving you one prompt so this will stop you at that extra prompt so it's more steps to delete a vm they I mean I appreciate how easy they made it but I guess this is nice because when you have production stuff you don't want to go delete this vm it does ask if you're sure but you can just say yes now it just stops you at that point right there so prevent from accidental deletion it's just a little button you can hit nice minor little enhancement but may save some people some oops time on there of course you show you to have backups and don't rely on you know just having it there but still it saves you from that whoops uh copy clone vm templates when you're building the vm templates this is kind of cool I like the way that it does this as well so thin or thick provision so that's two different options and it depends on the type of storage repository you're using but you go to advanced now it just tells you now this was not in there before just you had to dig around a little bit to see if it was thicker than provisions so they've added it right there nice little enhancement you know it's a simple thing sometimes and they kind of explain the difference between them proper detection for pv drivers management agent they're now doing clear diff differentiation between management agent and the pv drivers therefore they are now able to detect both so this is when you load the zen tools it's uh has a little bit of a better understanding now this is actually something I like a lot and I'm going to hopefully ask I got to submit probably a request for this or maybe they'll watch the video and notice it they put the ip address next to the interface that's great the only other request I would have is and one I'll show you a couple of examples so when you're in a lot of different areas you can do things like copy to clipboard so this is copy the virtual id to the clipboard a little clipboard icon that shows up all over the place now what I'd like to see is also and we'll go over here like to where they show the network interface when you want to ssh into something you have a lot of them I just copy paste it they actually made it easier to copy and paste because of putting it next to each interface so if there's a list of interfaces you get a list of on there but I'd love the copy button next to it there I could just copy and then paste it right in the terminal when I got a ssh into something especially when I'm building a bunch of lab servers usually set the dhcp so they're gonna go ahead and grab another um ip address out of the pool and it'd be nice to just have that copy button so um because they actually have you can copy right here that would be the uuid for the interface which is also really handy because uuids are really long that's for some advanced uses where you want to apply very specific features at the command line level to any particular uuid which could be like a virtual interface I've got some other videos where I dive into that where I talk about applying parameters to the virtual interface so it's really nice that they have that there but it would be cool if they had that as well open flow rules this is why I was talking about the rules that are gonna be coming for the sdn controller and audit log fingerprints to the cloud this is obviously no audit log just sitting locally is always the best way to check integrity so setting it to the cloud so they will increase the security or in the audit log by providing optional store fingerprints uh to your online zen orcasha.com account this way fingerprints cannot be altered by malicious user locally without triggering us as part of the commercial version of zen orcasha but still you know really cool that they're adding that on there I'm really happy about all those little features because the question that comes up a lot is is this a commercially viable product can it be used in production all you have done tom has shown lab environments and yeah that's because I can't just show you people's production environments all the time obviously besides my own which we do run in production we've put this in production for quite a few clients and consulted with a lot of them on there now a couple other things I'm going to clearly mention on this if you are using this in production and you would like to buy and purchase like a support contract or anything around like that that is completely an option xcpng has and if we look over and look over to their main site so while xcpng is free and open source and that's xcpng.org or g and this is where you download this is where you get the fully open source software this is where you can buy support contracts from them so yes this is a completely commercially supported product that you can get for free and pay for support of that is how they sell their system so you if you wanted to buy fully support and have tickets and things like that or have different options reach out and talk to them they also have their forums and such for giving support they also have the free turn keys and orchestra appliance or different options for doing monthly support packages for zen orchestra as well so just want to make sure you're aware of all the different options are when it comes to supporting zen server if you know how to use it you just want to test it out without any support you can do that if you want to buy a support contract because you're going to deploy it at a large commercial enterprise environment and you go you know i really want to be able to have people to call people to talk to and a support line any you know agreements on this they have those options as well so it's free completely to test out your lab you're completely free to use it as a home user i have videos on how to compile zen orchestra from sources i'll leave links to the lab how to compile from sources all down below in the description so you you know can try it out for yourself and fully try it out no you know no features not included you do get some extra bells whistles and upgrades including some auto deployment options if you do get the paid version there is that because they have the option on the paid version for auto deploying some of the without getting an iso auto deploying virtual machines and things like that there's some add-ons you do get for the paid version but hundred percent everything you can do in terms of like backups and all those other features if you compile from source you can have all of that so go ahead and check out those other videos if you're interested in learning more about zen check out their blog and there's always new updates coming they also have a few conferences and a few details of the future of zen uh which is a highly active developed project with more and more features getting added all the time because i've seen a few people comment that they think zen is dead and zen is far from dead and check out my other videos you want to learn about the history of the project it's actually kind of interesting in a whole structure of how it was built and it's been around longer than you think thanks and thank you for making it to the end of the video if you like this video please give it a thumbs up if you'd like to see more content from the channel hit the subscribe button and hit the bell icon if you like youtube to notify you when new videos come out if you'd like to hire us head over to laurancesystems.com fill out our contact page and let us know what we can help you with and what projects you'd like us to work together on if you want to carry on the discussion head over to forums.laurancesystems.com where we can carry on the discussion about this video other videos or other tech topics in general even suggestions for new videos they're accepted right there on our forums which are free also if you like to help the channel in other ways head over to our affiliate page we have a lot of great tech offers for you and once again thanks for watching and see you next time