Virtualization Adapted Adapting Business Processes for Virtual Infrastrcuture (and vice-versa)

2010/10/28

VAAI – Netapp

Filed under: virtualization — Tags: , , , , , — iben @ 15:21

New NetApp Virtual Storage Console 2.0 (VSC) integrates with VMware vSphere vStorage APIs for Array Integration (VAAI). VAAI provides additional interfaces to enable advanced capabilities developed by VMware vSphere workflows to integrate advanced storage capabilities from NetApp and other vendors.

http://media.netapp.com/documents/wp-7106.pdf

VSC consists of three distinct capabilities:

  • Storage Console is the foundation capability, providing storage discovery, health monitoring, capacity management, and storage configuration according to best practices.
  • Provisioning and Cloning (formerly NetApp Rapid Cloning Utility) provides end-to-end datastore management-provisioning, resizing, and deletion-and rapid, space-efficient VM server and desktop cloning, patching, and updating utilizing NetApp FlexClone technology.
  • Backup and Recovery (formerly NetApp SnapManager for Virtual Infrastructure) automates data protection processes by enabling VMware admins to centrally manage backup and recovery of datastores and VMs without impacting guest performance, and to rapidly recover from backups at any level of granularity-datastore, VM, VMDK, or guest file.

Provisioning and Cloning

The provisioning and cloning capability of VSC 2.0 includes all the capabilities of previous versions of RCU, including the ability to efficiently clone new virtual machines from a baseline using NetApp FlexClone technology, manage and secure storage paths, configure deduplication and thin provisioining for storage efficiency, and resize datastores.

Another significant feature is the ability to redeploy existing virtual machines to bring them up to date with the latest patches and so on. Working from a baseline virtual machine that contains the same OS and applications as your deployed virtual machines plus the desired updates, this feature allows you to quickly reconstruct your existing VMDK files while keeping the unique configuration files for each VM intact. You can also choose to maintain current customization settings or apply new settings.

baselines_902x646.jpg

Figure – Redeploying your existing virtual machines from an updated baseline.

VMFS Versions – Drivers and Formats

Filed under: virtualization — Tags: , , , , — iben @ 15:14

There are no significant on-disk format changes going from version 3.33 to 3.46. However, there is a significant change between VMFS driver version 3.46 and driver version 3.33. In particular, 3.46 contains VAAI extensions, which leads VMFS to use hardware accelerated locking and the hardware accelerated data mover on VAAI compliant hardware.

So the short answer is that you do not need to upgrade to a new on-disk vmfs 3.46 but instead the new 3.46 driver on ESX 4.1 will bring you the benefit even with vmfs 3.33 on-disk filesystem, if these are on array whose firmware is upgraded that provides such VAAI extensions.

VMware ESX 3 – VMFS ver 3.21
VMware ESX 3.5 – VMFS ver 3.31
VMware vSphere 4 – VMFS ver 3.33
VMware vSphere 4.1 – VMFS ver 3.46
VMware vSphere 5 – VMFS ver 5

HyTrust Appliance 2.1 Available

Filed under: virtualization — Tags: , , , , , , , , , , , , — iben @ 14:36

HyTrust recently celebrated its 3-year birthday.  HyTrust was founded in October 2007 to bring secure access control and policy to virtual infrastructure, enabling wider adoption of virtualization throughout the enterprise — exactly the same focus that we have today.

It’s amazing to see what we have achieved in the last three years: great enterprise customers; solid partnerships with the major players in virtualization (VMware, Cisco, RSA, Intel and Symantec); numerous accolades, including Best of Show at VMworld; and, of course, several significant releases of HyTrust Appliance…

So we’re excited to let you know that HyTrust Appliance 2.1 is now generally available. It is chock-full of exciting new enterprise features, including protection for the control of Cisco Nexus 1000V, application-level high availability, and smart card support.  As always, we have also made 2.1 available in the Community Edition form, which can be downloaded for free here: 
http://info.hytrust.com/appliance.html

New HyTrust Appliance Capabilities At a Glance

  • Support for VMware vSphere 4.1
  • Integrated access control, policy and audit logging for Cisco Nexus 1000V CLI management (NX-OS command set)
  • Support for complex, multi-domain Active Directory environments
  • Single sign-on via Windows pass-through authentication with smart card integration
  • New ESX hardening templates including VMware Hardening Guide 4.0 and (Sarbanes Oxley) SOX hardening template
  • Application-level high availability (in addition to VMware HA/FT and federation)

If you would like to take a look at the new functionality, we have recorded demos of the new version available for your viewing pleasure.
http://info.hytrust.com/recorded_product_demo.html

For those of you currently evaluating HyTrust Appliance, we’d like to extend an added incentive to make your purchase in Q4: for a limited time, HyTrust is offering a free “jump-start” professional services package to help you get up and running quickly. Contact sales (sales@hytrust.com) for more information.

2010/06/09

ESX Partitioning

Filed under: virtualization — iben @ 16:28

ESX Partitioning

https://docs.google.com/Doc?docid=0AQRs60J__1-TZGY5bXg1NjNfMTI3MjI0ZnB2ZGo&hl=en


Rename the local VMFS partition during installation. The default name is “Storage1″, but should be “local-<hostname>”.

ESX hosts have required and optional partitions. These are suggestions and can be increased if more disk space is available.
Mount Point Size(m) Description
/ 5120 The / (or “root”) partition stores the ESX system and all files not stored in another custom partition. If this partition is filled to capacity, the ESX host could crash. This is bad.
swap 1600
/var 2048 The /var partition stores most system logs. Creating a custom /var partition provides substantial, dedicated log storage space (/var/log) while protecting the / partition from being filled by log files. Normally /var is part of the / partition.
/var/log 4096 The /var partition stores most system logs. Creating a custom /var partition provides substantial, dedicated log storage space (/var/log) while protecting the / partition from being filled by log files. Normally /var is part of the / partition.
/var/core 15360 The /var partition stores most system logs. Creating a custom /var partition provides substantial, dedicated log storage space (/var/log) while protecting the / partition from being filled by log files. Normally /var is part of the / partition.
/opt 2048
/home 2048 The /home partition is created as a failsafe to help prevent / from filling up. Service console accounts (not vCenter) each have an associated /home folder. As a best practice, administrators should not use these folders for storage. If service console accounts are to be used and there are multiple users requiring access, the size of this partition may need to be increased. By default, /home is part of the / partition. By creating a custom partition for it the / partition will be protected if /home fills to capacity.
/vmimages 1024 Traditionally, /vmimages was used to store CD-ROM images (.ISOs) and Floppy Disk images (.flp, .img). However, most organizations following best-practices have moved this from each individual host to a single shared-storage location. However, by default ESX creates a /vmimages folder within / . This makes it dangerously easy for an Administrator to mistake it for the shared-storage repository and copy images into it that will fill / . As a failsafe to help prevent this, a small custom /vmimages partition can be created. If the local /vmimages folder is actually used, this size may need to be increased.
/tmp 2048 The /tmp partition is also created as a failsafe to help prevent filling the / partition. /tmp is often used to untar support files, temporarily store copied logs and stage patches. By default, /tmp is part of the / partition. By creating a custom partition for it the / partition will be protected if /tmp fills to capacity.
/boot and vmkcore are physical partitions. /, swap, /var/log, and all the optional partitions are stored on a virtual disk called esxconsole-<system-uuid>/esxconsole.vmdk. The virtual disk is stored in a VMFS volume.
You cannot define the sizes of the /boot, vmkcore, and /vmfs partitions when you use the graphical or text installation modes. You can define these partition sizes when you do a scripted installation.
ESX Required Partitions
/boot ext3 The ESX boot disk requires 1.25GB of free space and includes the /boot and vmkcore partitions. The /boot partition alone requires 1100MB.
The boot drive usually defaults to the specified /boot partition location.
Stores information required to boot the ESX host system.
/ ext3 Calculated dynamically based on the size of the /usr partition. By default, the minimum size is 5GB and no /usr partition is defined.
Contains the ESX operating system and services, accessible through the service console. Also contains third-party add-on services or applications you install.
The service console must be installed on a VMFS datastore that is resident on a host’s local disk or on a SAN disk that is masked and zoned to that particular host only.
Used to store virtual machines.
You can create any number of VMFS volumes on each LUN if the space is available.
vmkcore The ESX boot disk requires 1.25GB of free space and includes the /boot and vmkcore partitions. The /boot partition alone requires 1100MB.
Used to store core dumps for debugging and technical support.
If multiple ESX hosts share a SAN, configure a vmkcore partition with 100MB for each host.
Optional Partitions
You can create optional partitions during or after the ESX installation procedure.
/home ext3 512MB Virtual disk in a VMFS volume Used for storage by individual users.
/tmp ext3 1024MB Virtual disk in a VMFS volume Used to store temporary files.
/usr ext3 Virtual disk in a VMFS volume Used for user programs and data.
/var/log ext3 2000MB Virtual disk in a VMFS volume Used to store log files.

Reference

Kickstart Example:

#System bootloader configuration

#bootloader –driveorder=/dev/sda –location=mbr

#Disk partitioning information

part /boot –fstype=ext3 –size=250 –ondisk=/dev/sda

part :storage1 –fstype=vmfs3 –size=10000 –grow –ondisk=/dev/sda

part none –fstype=vmkcore –size=110 –ondisk=/dev/sda

# Create the .vmdk for the cos on the vmfs partition.

virtualdisk esxconsole –size=7712 –onvmfs=$host:storage1

# Partitioning the cos virtual disk.

part swap –fstype=swap –size=800 –onvirtualdisk=esxconsole

part /var/log –fstype=ext3 –size=2048 –onvirtualdisk=esxconsole

part / –fstype=ext3 –size=3030 –grow –onvirtualdisk=esxconsole

2010/04/27

Run Windows 7 from your iPad

Filed under: virtualization — Tags: , , , , — iben @ 08:43

Run Windows 7 Desktop from your iPad

Introduction

Got (want) a new iPad but not sure how to justify it for business reasons?

Follow this recipe for a sure fire winner that will please everyone who tries it!

Low calorie, safe and secure, and surprisingly reasonable for the budget conscious coupon clippers among us.

Ingredients:

  • 1 Handheld Device – any of these will work
    • iPad 1st or 2nd generation either wifi or 3G will be fine
    • Andriod Tablet device – tested with Dell Streak 5 on Froyo 2.2
  • 1 Bluetooth Keyboard (Optional)
  • Wyse PocketCloud App
  • Wyse PocketCloud Windows Companion application

Directions:

WARNING: Be sure to read entire recipe prior to beginning work. Failure to follow directions could cause your expense report to be rejected by the finance department.

NOTE: We take a detailed bottom up approach. This is less about instant gratification but ensures your first experience is successful. Once you’ve got it working once in a POC (Proof of Concept) then adapt this recipe to fit your own environment. Contact me and I can help you get setup based on your business needs.

Configure your Windows 7 Desktop to be accessed via RDP from the Internet.

This can be done at home on a physical machine however most businesses will choose to do this with Virtual Machines hosted on VMware ESX and brokered by VMware View 4 Manager for controlled access from the Internet with RSA 2 Factor Authentication One Time Password Tokens. Be sure the ESX hosts are protected with a tool like the HyTrust Appliance (HTA).

Install the Wyse PocketCloud Windows Companion software on the Windows 7 Desktop.

Pair the bluetooth keyboard with the iPad.

Configure wireless access on the iPad.

Download the PocketCloud App on the iPad.

Use the PocketCloud App on the iPad to connect over the Internet to the Windows 7 Desktop.

Login to the Windows 7 Desktop.

Start the Wyse PocketCloud Companion software on the Windows 7 Desktop

Use the iPad as a remote thin terminal screen.

Use the bluetooth keyboard to give you a real computer like experience.

No mouse? No Problem – just use your fingers to click, double-click, right click, select, copy and paste, etc.

References:

VMware View 4.6 released 2/24 – over 160 bugs fixed and supports  Windows 7 SP1 RC 64 bit ODBC DSN http://ht.ly/436ut

http://iben.users.sonic.net/wp//2011/01/review-win7-view-optimization-guide/ <– Windows 7 DVM Setup Guide

Get the Wyse PocketCloud App from the Apple App Store. Many companies will simply purchase a $50 Apple iTunes Gift card and have their employees expense it. Learn more from this this web site:

http://www.wyse.com/products/software/pocketcloud/index.asp

http://itunes.apple.com/app/wyse-pocketcloud-remote-desktop/id326512817

  • Updated: Feb 18, 2011
  • Current Version: 2.1.217
  • Support for multi-tasking (background mode)
  • Optional support for Japanese language key entry mechanism.
  • Support for physical keyboard command key mappings (copy, cut, paste)
  • Full screen mode supported for both iPhone and iPad (removal of iPhone/iPad status bar).
  • Application fully supports all device orientations.
  • When connecting at iPad native resolution, screen auto-locks for ease of use.

Wyse PocketCloud Windows Companion:

http://www.wyse.com/supportdownload/PocketCloud/PocketCloud%20Windows%20Companion.exe

Bluetooth keyboards are pretty cheap now. Models are available from Apple, Logitech, and Micro$oft:

http://www.zagg.com/accessories/logitech-ipad-2-keyboard-case <– #1 recommendation! Very Nice @ $100

http://www.engadget.com/2009/12/16/microsoft-bluetooth-mobile-keyboard-6000-the-perfect-travel-key/

http://www.sonyinsider.com/2009/10/25/vaio-bluetooth-keyboard-vgp-bkb1/

News reports on iPad and Windows 7:

http://www.crn.com/mobile/224201173

http://iben.users.sonic.net/wp//2010/04/win7ipad/

2010/04/20

vSphere Network Isolation Addresses

Filed under: virtualization — Tags: , , , , , , — iben @ 14:45

http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_availability.pdf

Network Isolation Addresses

A network isolation address is an IP address that is pinged to determine if a host is isolated from the network. This address is pinged only when a host has stopped receiving heartbeats from all other hosts in the cluster. If a host can ping its network isolation address, the host is not network isolated, and the other hosts in the cluster have failed. However, if the host cannot ping its isolation address, it is likely that the host has become isolated from the network and no failover action is taken.

By default, the network isolation address is the default gateway for the host. There is only one default gateway specified, regardless of how many service console networks have been defined, so you should use the das.isolationaddress[…] advanced attribute to add isolation addresses for additional networks. For example,  das.isolationAddress2 to add an isolation address for your second network, das.isolationAddress3 for the third, up to a maximum of das.isolationAddress9 for the ninth.

When you specify additional isolation address, VMware recommends that you increase the setting for the das.failuredetectiontime advanced attribute to 20000 milliseconds (20 seconds) or greater. A node that is isolated from the network needs time to release its virtual machine’s VMFS locks if the host isolation response is to fail over the virtual machines (not to leave them powered on.) This must happen before the other nodes declare the node as failed, so that they can power on the virtual machines, without getting an error that the virtual machines are still locked by the isolated node.

For more information on VMware HA advanced attributes, see “Customizing VMware HA Behavior,” on page 26.

das.isolationaddress
Sets the address to ping to determine if a host is isolated from the network. This address is pinged only when heartbeats are not received from any other host in the cluster. If not specified, the default gateway of the console network is used. This default gateway has to be a reliable address that is available, so that the host can determine if it is isolated from the network. You can specify multiple isolation addresses (up to 10) for the cluster: das.isolationaddressX, where X = 1-10. Typically you should specify one per service console. Specifying too many addresses makes isolation detection take too long and can affect VMware HA behavior.

das.usedefaultisolationaddress
By default, VMware HA uses the default gateway of the console network as an isolation address. This attribute specifies whether or not this default is used (true|false).

2010/03/30

Application Performance Testing Method

Filed under: virtualization — Tags: , , , , , , , , , — iben @ 12:46

Are certain applications running slowly occasionally? Sometimes things are superfast and then they slow to a crawl. What’s going on?

First of all – do all you can to ensure the environment is configured according to established Best Practices. One of the benefits of VMware’s acquisition of the Zimbra email / collaboration server software is that they need to ensure users optimize the deployments on their Hypervisor. This document here covers the main settings to check on a Virtual Machine that needs to perform well under load: http://iben.users.sonic.net/wp//2011/05/performance-recommendations-for-virtualizing-anything-with-vmware-vsphere-4/

Any tool that uses SNMP to gather performance metrics can be used to baseline and stress test infrastructure and determine where the bottle necks are.

Basic methodology could go something like this…

1 – identify end to end system components from end user terminal through network to virtual machines, esx hosts, and storage.

2 – configure SNMP for all devices (keep in mind that the latest ESX/ESXi vSphere versions don’t have many performance counters exposed via SNMP and you’ll need to use their APIs)

3 – verify use patterns and confirm data collection over time (1 week or month). Tune alerts for normal use.

4 – schedule stress test for each component to determine performance ceiling and baseline throughput capacity.

5 – make changes as needed to improve end user experience.

6 – verify changes had desired effect.

Performance Troubleshooting for VMware vSphere

vsphere4-performance-troubleshooting.pdf (2.1 MB)

http://communities.vmware.com/docs/DOC-10352

Possible tools that could be used to poll for performance metrics include:

http://www.scriptlogic.com/Products/perspective/

http://www.vizioncore.com/products/vFoglight/features.php

http://www.whatsupgold.com/technology/network-management/monitoring-technologies/index.aspx

http://www.quest.com/Quest_Site_Assets/PDF/DSA-FoglightNetworkDevice-US-VC.pdf

http://network-optimisation.com/technology/network_monitoring/snmp_monitoring.php

http://www.microsoft.com/systemcenter/operationsmanager/en/us/default.aspx

http://www.manageengine.com/products/opmanager/index.html

http://www.managementsoftware.hp.com

http://www.solarwinds.com/products/orion/modules.aspx

http://www.veeam.com/vmware-esx-monitoring.html

http://www.monitorsnmp.com/

http://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a008011fde2.shtml

http://www.sage.org/lists/sage-members-archive/2002/msg01878.html

Do you know of a tool that should be added to this list? Please send it to me.

 

Using Cryptographic Hashes to verify file download integrity

Filed under: virtualization — Tags: , , , , , , , , , , — iben @ 10:58

The SHA hash functions are a set of cryptographic hash functions designed by the National Security Agency (NSA) and published by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm.

Vendors provide a sha-1 hash for software downloads. This enables you to verify that your downloaded files are unaltered from the original.

To confirm file integrity, use an sha-1 utility on your computer to calculate your own hash for files downloaded from the VMware web site.

If your calculated hash matches the message digest we provide, you are assured that the file was downloaded intact.

sha-1 utilities are available for Windows and Linux and Mac. Most UNIX installations provide a sha1sum command for sha-1 hashes. You may need a newer linux kernel to calculate the checksums for larger files.

The File Checksum Integrity Verifier (FCIV) can be used on Windows based products to verify sha-1 values. Please see http://support.microsoft.com/kb/841290 for details on FCIV.

Mac OS X: How to Verify a SHA-1 Digest http://support.apple.com/kb/HT1652

Instructions on checking an sha-1 checksum on a Mac:
In Finder, browse to /Applications/Utilities.
Double-click on the Terminal icon. A Terminal window will appear.
In the Terminal window, type: “openssl sha1 ” (sha1 followed by a space).
Drag the downloaded file from the Finder into the Terminal window.
Click in the Terminal window, press the Return key, and compare the checksum displayed to the screen to the one on the vendor’s download page.

From TechNet

Windows Server 2008 R2 Standard, Enterprise, Datacenter, and Web (x64) – DVD (English)
File Name: en_windows_server_2008_r2_standard_enterprise_datacenter_web_x64_dvd_x15-50365.iso
Size: 2,858 (MB)
Date Published (UTC): 8/31/2009 10:22:24 AM
Last Updated (UTC): 1/11/2010 4:31:40 PM
SHA1: A548D6743129F2A02C907D2758773A1F6BB1BCD7
 ISO/CRC: 8F94460B

About MD5

MD5 was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4. In 1996, a flaw was found with the design of MD5. While it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1 (which has since been found also to be vulnerable). In 2004, more serious flaws were discovered, making further use of the algorithm for security purposes questionable; specifically, a group of researchers described how to create a pair of files that share the same MD5 checksum. Further advances were made in breaking MD5 in 2005, 2006, and 2007. In an attack on MD5 published in December 2008, a group of researchers used this technique to fake SSL certificate validity.

US-CERT says MD5 “should be considered cryptographically broken and unsuitable for further use,”and most U.S. government applications now require the SHA-2 family of hash functions.

VMware Data Recovery

Filed under: virtualization — Tags: , , , , , , — iben @ 10:49

VMware Data Recovery (CD ISO)
Released 11/19/09 | Version 1.1 | Size 418 MB | Binary (.iso)
Deploy VMware Data Recovery virtual appliance plus management components.
SHA1SUM 44dc0cd0c3e774d4912412b51dabeadf28d959b9

2010/03/26

Host Profiles N1KV VDS

Filed under: virtualization — Tags: , , , , , , , , , , , — iben @ 06:21

Background to Using Host Profiles

The vDS UI also allows a phased migration of vmnics from vSS to vDS without disruption to an operational environment. VMs can be migrated from a vSS to a vDS on the fly so long as the vDS and vSS have connectivity to the same network at the same time and the origin Port Group on the vSS and destination DV Port Group on the vDS are configured to the same VLAN.

Host Profiles provide a way to migrate multiple hosts at one time. Host Profiles use a golden profile from a migrated host to propagate a configuration to a number of other hosts.

When applying a Host Profile to a host, the host must be in Maintenance Mode. This requires VMs to be either powered down or migrated to another host.

Host Profiles are most appropriate for new installations of similarly configured hosts (i.e. same number of vmnics, same vmnic to physical switch configuration, no active VMS).

The table below summarizes the deployment situations and suggested methods for migration from vSS to vDS. Note: These are suggestions only; both methods will work within the guidelines mentioned above.

Summary of Migration Methods

Table 1 – Summary of vSS to vDS Migration Methods

DeploymentSituation SuggestedMethod Details
New servers, same vmnic config, no active VMs vDS UI + HP Migrate first host with vDS UI. Take host profile and apply to remaining hosts
<5 Existing Servers, no active VMs vDS UI Small number of servers. Can use host profiles, but possibly easier to continue with vDS UI
>5 Existing servers, same vmnic configs, no active VMs vDS UI + HP Larger number of servers with similar vmnic configuration. No active VMs so can enter maintenance mode and use Host Profiles
Existing Servers, active/operational VMs vDS UI Cannot use Maintenance Mode as VMs active. Phased vmnic migration suggested to ensurecontinuity of VM communications
 Existing Servers, dissimilar vmnic configurations vDS UI Enables per host tailoring of vmnic to dvUplink PortGroup mapping
Ongoing Compliance Checking HP Non-disruptively check network settings are compliant with approved “golden” configuration

Note: vDS UI = Use vDS UI; HP = use Host Profiles; vDS + HP = use vDS UI to deploy first host and Host Profiles for remaining hosts.

Applying NIC Teaming Policies to DV Port Groups With a vSS, NIC teaming policies are defined on the virtual switch with an optional override on each Port Group definition.  With vDS, NIC teaming policies are only defined on the DV Port Groups and apply to dvUplinks, not vmnics.  The vmnics are mapped to the dvUplinks on a per host basis.  This enables each host to have a different vmnic to physical host configuration and yet use the same NIC teaming policy over all hosts spanned by the vDS.

Monitoring Hash vmnic Selection in NIC Teams

The esxtop command from the ESX console can reveal the physical NIC (vmnic) used by virtual port or VM within a NIC team.

Use esxtop to see the following information:

  • PORT-ID represents an internal port number on the virtual switch
  • USED-BY column shows what that port number is used by (e.g. VMkernel, VM, etc)
  • TEAM-PNIC column shows what physical nic (vmnic) is being used for traffic from that virtual port (the result of the hash within the NIC team)
  • The remaining columns indicate the Receive and Transmit traffic rates on those ports.

To use esxtop, type esxtop from the ESX console and then type n.

A list of commands for the ESX command line interface is published in Chapter 6 of the ESX 4.0 Configuration Guide (available at http://www.vmware.com/support/pubs/). To control console output to one page at a time by adding the | more suffix to the commands. For example:
esxcfg-vswitch –l | more

 Reference: http://vmware.com/files/pdf/vsphere-vnetwork-ds-migration-configuration-wp.pdf 

(See page 8)

« Newer PostsOlder Posts »

Powered by WordPress