I will try and provide some more details about each product below gathering any details that are available as of today. In the image below are some of the concerns that VMware is address based on what Enterprises have been telling them.

vShield Endpoint – vShield Endpoint provides on-host antivirus and malware protection that reduces performance latency and eliminates the need to maintain individual security agents in each and every virtual machine, helping to simplify security administration while minimizing the risk of malware infections. Datasheet

vShield App -VMware vShield App protects applications in the virtual datacenter from network-based threats. vShield App gives organizations the ability to create and manage business-relevant policies that adapt to dynamic cloud environments. It also provides deep visibility into network communications between virtual machines and granular enforcement through security groups. Datasheet

vShield Edge – vShield Edge is a network gateway solution that protects the edges of the virtual datacenter with DCHP, network address translation (NAT), firewalling, load balancing, site-to-site VPN, port group isolation and other capabilities that help organizations maintain proper segmentation between different organizational units. Datasheet

vShield Manager – Included with all vShield products, vShield Manager provides a central point of control for managing, deploying, reporting, logging and integrating third-party security services. Working in conjunction with vCenter Server, vShield Manager also enables role-based access control and administrative delegation as part of a unified framework for managing virtualization security.

vShield Zones – VMware vShield Zones, included with vSphere, provides basic protection from network-based threats in virtual datacenters, with application firewalling and policy management based on administrator-defined zones, using basic traffic information such as the source IP address, the destination port, and so on.

Here is a quote from a VMware product release.

Enterprise Partner Extranets – vShield lets enterprises extend their networks and application resources to branch offices, home offices and business partner sites through site-to-site VPN services that offer simplified provisioning, streamline administrative tasks and improve scalability. All traffic between sites is encrypted using IPsec to maintain the confidentiality and integrity of all site-to-site communications.

vShield Product Family Brochure

About Brian

Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and is helps lead the Chicago VMUG group. This blog Virtualize Tips was started to document and remember things that I come across while working with tech.

Mail | Web | Twitter | LinkedIn | More Posts (170)

Each VMworld lab topic is based on a Pod. The lab pod’s are heavily customized installs that are based on vSphere, Lab manager wither their own Active Directory and vCenter server. To break it down they are creating nested or virtualized copies of vSphere ESX and ESXi server within VMware Lab Manager and associated products. This allows them to deploy them in just a few minutes and also have around 30 different topics stored in Lab Manager configurations waiting to be deployed for the next lab. It was discussed today that each hour they expect about 5000 virtual machines will be created and destroyed.

Your probably wondering what it takes to run all of this virtualize goodness and where is it at. Well the VMworld labs are being sources from 2 off site Data centers and 1 on site facility. The entire VMworld lab setup is going to be monitored and supported by over 100 VMware employees from the Services and Engineering groups. They will be there to make sure things are going smoothly and answer any questions that attendees might have.

Some estimated stats that VMware is throwing out what will be served up during the 4 day even.

• Over 100,000 virtual machine will be provisioned this week.
• Total memory for the vSphere hosts supporting the VMworld labs is 36TB
• Each data center has 4 racks of servers and 2 racks of storage
• 20,000 Lab set hours for the week
• HP, Dell, EMC, Xsigo, Netapp and Cisco are providing the hardware
• Each lab seat has a Wyse thin client

About Brian

Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and is helps lead the Chicago VMUG group. This blog Virtualize Tips was started to document and remember things that I come across while working with tech.

Mail | Web | Twitter | LinkedIn | More Posts (170)

By creating the Vkernel CMS package they will be releasing 3 updated existing products along with one new product in a single virtual appliance. This allows for a easier and faster deployment and greater integration between the products. That was not previously available. You would still license the 3 products separately at $299 each per socket. Which if you have a large environment could be costly. I was impressed by several of the new features and the flexibility the new reporting is able to provide.

Below you can see some of the new reporting and data mining features from Vkernel. These are important in Capacity Management. I liked the ability to report on changes made within a selected time frame and then the HA reporting function. Getting notified of a cluster that will have an HA issue if a host should fail would be nice, this could be caused by someone dropping in a monster virtual machine that messes up your vSphere slot sizes.

This slide covers the automation of right sizing VM’s or reclaiming over provisioned virtual machines. This would probably scare the crap out of any Virtual admin that I have ever worked with. But if you have a lab or development environment it could be very handy to have this run nightly or weekly and pull back resources that users have gotten too greedy with.

Below you can see a slide that shows some details about the Inventory app included in the CMS package from Vkernel. It seems to offer some flexibility for pulling details out of your Virtual Infrastructure. For example you could quickly pull a list of powered off virtual machines.

About Brian

Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and is helps lead the Chicago VMUG group. This blog Virtualize Tips was started to document and remember things that I come across while working with tech.

Mail | Web | Twitter | LinkedIn | More Posts (170)

The only details I could find so far are on a scripting related page on VMware site here.

About Brian

Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and is helps lead the Chicago VMUG group. This blog Virtualize Tips was started to document and remember things that I come across while working with tech.

Mail | Web | Twitter | LinkedIn | More Posts (170)

There are a couple of different ways that you can enable AD integration ( vSphere client, vCLI, scripting or Host Profiles). In this post I will cover the method through vSphere client.

Pre Step: On Active Directory you must create a new group called “ESX Admins”. It must be that exact spelling. The add users to this group and you can connect w/ AD credentials. You can also give permissions directly to someones user ID although this would not be the best way.

Step 1: Connect to your host directly with the vSphere client. You are also suppose to be able to do this same method when connecting to vCenter server, but I have heard mixed results. I will try once my console is updated to vCenter 4.1. You then need to click on the Configuration Tab. Then select the “Advanced Services” selection from the Software box on the lower left. Then you click on the “Properties” link that is shown in the picture below.

Step 2: You will be presented with a Directory Services Configuration window that is shown below. In the select “Service Type” drop down you will need to select “Active Directory”.  The in the Domain field you need to type in the name of your domain that you will be connecting to. Next step is to click the “Join Domain” button and you will be presented with an authentication window shown in the next step.

Step 3: In this part you need to enter in credentials that will allow you to connect and join the ESXi Host to the domain. You can enter your credentials in the format listed below (Domain\user) or use this format ( administrator@test.com). I had more luck using the second option.

Step 4: After successfully entering your logon ID your ESXi host is added to the Domain. You can see from the image below my host was added to the default computer container since I did not specify another OU for them to be placed into.

Step 5: Now that your VMware host was added to the domain you can now add users or groups to the Permissions tab. You can see below once on the Permissions area you right click and select “Add Permission”

Step 6: In this step the Assign Permissions window has opened and you need to select the Administrator role from the section pointed out in the image below. Then click the Add button on the left side to pick your User or Group from the Active Directory connection.

Step 7: You first must select your Domain from the domain drop down list at the top of the window shown below.

Step 8: Once you have select the Domain that you integrated with you will be presented with a list of Users and Groups. You should select your User/Group and press the Add button and then click OK.

Step 9:  Now that you have added your Domain account or group you will see it in the lists of users as shown below.

Step 10: Once you have completed the steps above you will now be able to close your vSphere Client connection and connect back using your newly configured Active Directory Integration. Again you have two ways to enter your Domain credentials ( Domain\user or user@domain.com)

Step 11: Once your have logged in with your domain credentials you will be able to see in the lower right corner of the vSphere Client that you have authenticated with a Domain account.

Step 12:  Now the next step was to see which ways I could all use the new AD integration. From the picture below you can see that I was able to use the Domain logon to authenticate to ESXi 4.1 TSM (Tech Support Mode) from the console and from a remote SSH connection. I was able to use my id in the format shown below to authenticate but did not have any luck use the Domain\user format for these type of logons. This have have just been something in my lab so your mileage may vary.

Step 13: Lastly I wanted to see if I could authenticate to the DCUI ( Direct Console User Interface) of ESXi 4.1 using a Domain account. I was not able to have any success logging into the DCUI with the AD account using either format listed earlier. Which is kind of weird since I was able to use the AD logon for the TSM login form the console. If you had different results form this leave me a comment with what you did different I would love to hear.

Lastly I will be trying some of the others methods that I listed at the beginning for setting up the AD integration when I have some time. I will be sure to link them to this article. If you are curious you can see a very simplified version of this in the VMware KB article.

About Brian

Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and is helps lead the Chicago VMUG group. This blog Virtualize Tips was started to document and remember things that I come across while working with tech.

Mail | Web | Twitter | LinkedIn | More Posts (170)

So to make it crystal clear when I installed ESXi 4.1 with Build # 260247 I entered a 10 digit password for “root”. After the install and a reboot I was able to login using my password as expected. I then enabled TSM mode for local and SSH access. I was then able to log on using local or SSH as the method using my exact password, just the first 8 digits or the 8digits plus anything else after. I even tried entering the first 8 digits and several digits of random characters afterward and it still accepts the password.

I will post a follow up to this post once something is released from VMware regarding this password issue. Until then you can follow along with the thread over on the VMware forums if you wish.

Update July 19th, 2010

VMware released a KB article today that basically explains the issue but does not really offer a fix. It really looks like there will not be a fix and we will just be limited to 8 character passwords. VMware KB Article.

About Brian

Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and is helps lead the Chicago VMUG group. This blog Virtualize Tips was started to document and remember things that I come across while working with tech.

Mail | Web | Twitter | LinkedIn | More Posts (170)

• Scripted Install for ESXi. Scripted installation of ESXi to local and remote disks allows rapid deployment of ESXi to many machines. You can start the scripted installation with a CD-ROM drive or over the network by using PXE booting. You cannot use scripted installation to install ESXi to a USB device.
• vSphere Client Removal from ESX/ESXi Builds. For ESX and ESXi, the vSphere Client is available for download from the VMware Web site. It is no longer packaged with builds of ESX and ESXi. After installing ESX and ESXi, users are directed to the download page on the VMware Web site to get the compatible vSphere Client for that release. The vSphere Client is still packaged with builds of vCenter Server.

• Boot from SAN. vSphere 4.1 enables ESXi boot from SAN (BFN). iSCSI, FCoE, and Fibre Channel boot are supported. Refer to the Hardware Compatibility Guide for the latest list of NICs and Converged Adapters that are supported with iSCSI boot.
• Hardware Acceleration with vStorage APIs for Array Integration (VAAI). ESX can offload specific storage operations to compliant storage hardware. With storage hardware assistance, ESX performs these operations faster and consumes less CPU, memory, and storage fabric bandwidth.
• Storage Performance Statistics. vSphere 4.1 offers enhanced visibility into storage throughput and latency of hosts and virtual machines, and aids in troubleshooting storage performance issues. NFS statistics are now available in vCenter Server performance charts, as well as esxtop. New VMDK and datastore statistics are included. All statistics are available through the vSphere SDK.
• Storage I/O Control. This feature provides quality-of-service capabilities for storage I/O in the form of I/O shares and limits that are enforced across all virtual machines accessing a datastore, regardless of which host they are running on. Using Storage I/O Control, vSphere administrators can ensure that the most important virtual machines get adequate I/O resources even in times of congestion.
• Network I/O Control. Traffic-management controls allow flexible partitioning of physical NIC bandwidth between different traffic types, including virtual machine, vMotion, FT, and IP storage traffic (vNetwork Distributed Switch only).
• Lockdown Mode Enhancements. VMware ESXi 4.1 lockdown mode allows the administrator to tightly restrict access to the ESXi Direct Console User Interface (DCUI) and Tech Support Mode (TSM). When lockdown mode is enabled, DCUI access is restricted to the root user, while access to Tech Support Mode is completely disabled for all users. With lockdown mode enabled, access to the host for management or monitoring using CIM is possible only through vCenter Server. Direct access to the host using the vSphere Client is not permitted.
• Improved Support for Handling Recalled Patches in vCenter Update Manager. Update Manager 4.1 immediately sends critical notifications about recalled ESX and related patches. In addition, Update Manager prevents you from installing a recalled patch that you might have already downloaded. This feature also helps you identify hosts where recalled patches might already be installed.
• ESX/ESXi Active Directory Integration. Integration with Microsoft Active Directory allows seamless user authentication for ESX/ESXi. You can maintain users and groups in Active Directory for centralized user management and you can assign privileges to users or groups on ESX/ESXi hosts. In vSphere 4.1, integration with Active Directory allows you to roll out permission rules to hosts by using Host Profiles.
• Memory Compression. Compressed memory is a new level of the memory hierarchy, between RAM and disk. Slower than memory, but much faster than disk, compressed memory improves the performance of virtual machines when memory is under contention, because less virtual memory is swapped to disk.

You can see the full feature list on the VMware page, the list is pretty long.

About Brian

Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and is helps lead the Chicago VMUG group. This blog Virtualize Tips was started to document and remember things that I come across while working with tech.

Mail | Web | Twitter | LinkedIn | More Posts (170)