Posted by Brian on Sep 14, 2010 in VMware, vSphere | 1 comment
This is something that I did not pay much attention to but it’s one of those wacky things that you will notice at 4 AM while working a Disaster Recovery Drill. Anyways it struck me weird that the power controls and reset buttons available in the VM console are different than the ones available by right click the VM in the inventory list. The ones from the VM console require VMware tools to be installed and the ones from the tree list do not.
I really came to this conclusion while working on a DR drill this week for a client and we are using vSphere 4.1 for the drill. I had never ran into this with previous versions of vCenter server so I’ll have to take another look and see if this is something new to 4.1.
Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and is helps lead the Chicago VMUG group. This blog Virtualize Tips was started to document and remember things that I come across while working with tech.
Mail | Web | Twitter | LinkedIn | More Posts (169)
Posted by Brian on Sep 8, 2010 in Tools, Troubleshooting, VMware, vSphere | 1 comment
This is something that we get on a regular basis from the security team. When doing their regular security scans for compliance and vulnerabilities I always get a long list of ESX hosts. The scans normally come back and complain about an OpenSSH x11 vulnerability or an OpenSSH Memory and Buffer Overflow.
These seem to be False positives from the tool being used to scan the hosts. We always make sure that we have installed the necessary updates related to OpenSSH as VMware releases them. But the tool always comes back with these issues. It seems to stem from the fact that the tool looks at OpenSSH in generic terms and assumes that all vendors implement it in the same way. From the documents listed below VMware indicates that since ESX 3.x VMware no longer included the x11 packages with their products. I would recommend that you make sure you are up to date on your patches and if the scans still come back dirty that you should discuss this results with the Application vendor that created the scanning tool. You might find out that this is common and they are just false positives.
Links:
VMware ESX Server and Security Issues in OpenSSH
Security Response: SSH Version Installed with ESX Server May Be Vulnerable
Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and is helps lead the Chicago VMUG group. This blog Virtualize Tips was started to document and remember things that I come across while working with tech.
Mail | Web | Twitter | LinkedIn | More Posts (169)
Posted by Brian on Aug 31, 2010 in Cloud, vCloud, VMware, VMworld, vSphere | 0 comments
So your head is probably spinning this week with all of the news coming out of VMworld 2010. I know it’s only day 2 and each evening my head was pounding after absorbing so much new information. Today was day 2 and the information fountain was turned up all the way with the Keynote speak, there was several new products announced. In this post I am covering vCloud Datacenter service and what it has to offer to your Service Catalog.
To break this down in simple terms. I see this as the public version of vCloud that provides you the ability to link up your internal private cloud build on vCloud Director. This service allows you to provision app’s and VM’s out in the public space when you need to. Maybe its because you are out of space on your private cloud or that you just want something out there for other reasons. The vCloud Datacenter services gives you the interoperability that you want with ease of use and VMware is promising the security that Corporations are demanding. This will all be provided by vCloud Director and the new vShield product family.
Here some of what VMware has to say about vCloud Datacenter services.
Built to predefined specifications and based on secure VMware cloud infrastructure technology, vCloud Datacenter Services provide multilevel, auditable security through SAS 70 Type II or ISO 27001 compliance. vCloud Datacenter Services also provide best-in-class virtual firewall capabilities, Layer 2 isolation, role-based access control and the ability to integrate with Active Directory. Access to end user activity logs keeps you in control and allows you to calibrate user access levels for enhanced end user security.
Because vCloud Datacenter Services are built upon the same, globally consistent foundation as your internal datacenter or private cloud, VMware vCloud Director and VMware vSphere, internal virtualized applications can be easily moved to a vCloud Datacenter Services without re-architecting or refactoring. Rather than being locked into a proprietary cloud platform as you may be with other providers, you can choose the vCloud Service Provider that best meets your needs and manage, move and operate your applications as if they were on site.
Link to vCloud Datacenter services at VMware
Here are some of the differences between what vCloud Datacenter Service has to offer compared to public clouds.
|
vCloud Datacenter Services
|
Other public clouds
|
| COMPATIBILITY AND ADMINISTRATION |
|
|
| Use existing internal VMs or vApps in the cloud |
Yes
|
No
|
| Familiar VMware infrastructure |
Yes
|
No
|
| Authenticate users against enterprise directory |
Yes
|
No
|
| Multi-user, role-based access control |
Yes
|
No – one user per account
|
| Identical GUI for internal and external clouds |
Yes
|
No
|
| Move applications between virtual data centers |
Yes
|
No
|
| PERFORMANCE |
|
|
| Predictable performance from resource allocation (committed VDC and dedicated VDC) |
Yes
|
No – depends on other tenants’ use
|
| Storage performance |
5x
|
1x
|
| NETWORKING AND SECURITY |
|
|
| Firewall per vApp and per organization |
Yes
|
No – per VM
|
| Full virtual layer 2 networking |
Yes
|
No – L3 only
|
| Auditable security with all logs provided |
Yes
|
No
|
| Optional physical segregation of resources |
Yes
|
No
|
Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and is helps lead the Chicago VMUG group. This blog Virtualize Tips was started to document and remember things that I come across while working with tech.
Mail | Web | Twitter | LinkedIn | More Posts (169)
Posted by Brian on Aug 31, 2010 in Cloud, vCloud, VMworld, vSphere | 2 comments
You can now hear the sigh of relief as many bound by NDA to keep silent about Project Redwood. This morning brings the news of the official announcement from VMware about vCloud Director or vCD. This is the new VMware Cloud Infrastructure solution that will allow Corporations and Service Providers to build clouds and ITaaS ( IT as a Service ) consumption models. Below is a quote from the VMware press release about vCloud Director.
VMware vCloud(TM) Director: A new model for delivering and consuming
infrastructure services
VMware vCloud Director changes the way IT
delivers infrastructure services and the way users access and consume
them. By extending the resource pooling capabilities of VMware
vSphere, VMware vCloud Director enables IT to create "virtual data
centers" (VDCs) -- logical pools of compute, network and storage
resources with defined management policies, SLAs and pricing. IT
organizations can offer these VDCs -- along with catalogs of other
infrastructure and application services such as virtual appliances,
VMs, and OS images -- to users through fully automated self-service
access.
So what is vCloud Director
To put it in the simplest terms it’s a layer that sits on top of vCenter server and abstracts all the resources that vCenter has under it’s control. You then combine all of these resources into large pools for your Customers or Tenants to consume. Also vCloud Director provides the Customer a Self Service portal to use.
So what exactly are the resources that vCloud Director abstracts from vCenter server? Below is a list of the resources and the vSphere term to bring it all together.
- Compute resources = vSphere Clusters and Resource Pools
- Network resources = dvSwitches and portgroups
- Storage = Datastores ( VMFS and NFS )
These resources are then presented to you via the Self Service Portal of vCD. As an administrator you can use the vCloud Director Portal to split up and assign resources to Customers, Department or some other business division. These call also be referred to as an Organization, this sounds a lot like Lab Manager. The vCloud Director product was designed to work with both Enterprise and Service Provider clouds. The resources are divided up and assigned to a Virtual Datacenter or vDC. There are two types of vDC’s available withing vCloud Director.
- Provider Virtual Datacenter ( Provider vDC )
- Organization Virtual Datacenter ( org vDC )
The Provider Virtual Datacenter is the base for compute resources. When creating a Provider Virtual Datacenter you will need to select a resource pool. Nex you will need to associate at least one datastore with the Provider vDC, this might be all LUNs masked to your cluster. Duncan from Yellow Bricks layed out the following theory
Some of my colleagues described the Provider vDC as the object where you specify the SLA and I guess that explains the concept a bit more. So for instance you could have a Gold Provider vDC with 15K FC disks and N+2 redundancy for HA while your Silver Provider vDC just offers N+1 redundancy and runs on SATA disk… everything is possible.
Now that a Provider vDC was created you can create an Org vDC and associate the Org vDC to a vCD Organization. Its possible that an Organization can have multiple Org vDCs associated to it. For example it’s possible to have 3 Org vDCs owned by a single Organization across two Provider vDCs. Those provider vDCs could each have a different SLA.
So in my thought vCloud Director does seem be Lab Manager on steroids which is a phrase that I’ve heard before. Many of these ideas do seem to be based off of the Organizations, configurations and networking that Lab Manager was using.
Pricing and Availability
VMware vCloud Director is currently available and is licensed per VM starting at $150 per VM.
Build Secure, Multi-Tenant Clouds – VMware vCloud Director lets administrators group users by policy, such as a business unit, division or subsidiary. Each group has isolated virtual resources, independent LDAP-authentication, specific policy controls and unique catalogs. To ensure security and compliance in a cloud environment where multiple organizations share infrastructure resources, VMware vCloud Director includes VMware vShield perimeter protection, port-level firewall, and NAT and DHCP services.
vCloud Director Links
Download link for vCloud Director
vCloud Director Install and Configuration guide
vCloud Director User Guide
vCloud Director Administrators guide
Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and is helps lead the Chicago VMUG group. This blog Virtualize Tips was started to document and remember things that I come across while working with tech.
Mail | Web | Twitter | LinkedIn | More Posts (169)
Posted by Brian on Aug 3, 2010 in vCenter Server, VMware, vSphere | 0 comments
I will start this post off with the standard snapshot warning. Just a reminder that Snapshots are not backups, they are only a change log of the original virtual disk. You should not count on them as a backup. There are a number of different reasons that you might use a snapshot for. One of my most used reasons would be for a software upgrade I would use the snapshot to allow for an easy rollback to the machine state prior to the upgrade. If you have some other reasons leave a comment to share with others.
- The maximum supported amount in a chain is 32. However, VMware recommends that you use only 2-3 snapshots in a chain.
- Use no single snapshot for more than 24-72 hours.
-
- This prevents snapshots from growing so large as to cause issues when deleting/committing them to the original virtual machine disks. Take the snapshot, make the changes to the virtual machine, and delete/commit the snapshot as soon as you have verified the proper working state of the virtual machine.
- Be especially diligent with snapshot use on high-transaction virtual machines such as email and database servers. These snapshots can very quickly grow in size, filling datastore space. Commit snapshots on these virtual machines as soon as you have verified the proper working state of the process you are testing.|
- If using a third party product that takes advantage of snapshots (such as virtual machine backup software), regularly monitor systems configured for backups to ensure that no snapshots remain active for extensive periods of time.
-
- Snapshots should only be present for the duration of the backup process.
- Snapshots taken by third party software (called via API) may not show up in the vCenter Snapshot Manager. Routinely check for snapshots via the command-line.
- An excessive number of snapshots in a chain or snapshots large in size may cause decreased virtual machine and host performance.
You can find some more details from VMware on troubleshooting snapshots here.
Brian is a Technical Architect for a VMware partner and owner of this website. He is active in the VMware community and is helps lead the Chicago VMUG group. This blog Virtualize Tips was started to document and remember things that I come across while working with tech.
Mail | Web | Twitter | LinkedIn | More Posts (169)
