Virtualization Adapted Adapting Business Processes for Virtual Infrastrcuture (and vice-versa)


VMworld 2010 Fun Facts

Filed under: Uncategorized — Tags: , — iben @ 20:46
  • set an all time high with 21,000 unique visitors on August 30
  • Over 29,000 tweets on VMworld over 5 days
  • 5,670 attendees came through registration during the first 3 hours of the show on Monday August 30
  • 21,643 pieces of candy consumed at the VMworld Roadside Stop (How many M&Ms in a bag?)
  • 101,470 sodas and 4,852 coffees consumed over 4 days (How many beers?)
  • In 1 day 4,954 granola bars, 3,500 bags trail mix consumed!
  • 718 people who enjoyed the Bungee and Hamster Ball activities at the VMworld Party (I missed this fun.)
  • Just under 11 miles of CAT 5 cable used for the Labs
  • 13,188 attendees used the WiFi (does this mean unique MAC addresses?)
  • 160 VMware spokespeople trained on ITaaS story  (What are the qualifications of a “Spokesperson”?)
  • Announced six products, services and two acquisitions globally (Integrien and TriCipher)
  • LabCloud delivered 15,344 labs compared to 4,500 labs in 2009
  • Delivered Over 21,000 lab hours
  • Deployed a total of 145,097 VMs
  • Every hour LabCloud was creating and destroying approximately 4,000 Virtual Machines


ESX Partitioning

Filed under: virtualization — iben @ 16:28

ESX Partitioning

Rename the local VMFS partition during installation. The default name is “Storage1″, but should be “local-<hostname>”.

ESX hosts have required and optional partitions. These are suggestions and can be increased if more disk space is available.
Mount Point Size(m) Description
/ 5120 The / (or “root”) partition stores the ESX system and all files not stored in another custom partition. If this partition is filled to capacity, the ESX host could crash. This is bad.
swap 1600
/var 2048 The /var partition stores most system logs. Creating a custom /var partition provides substantial, dedicated log storage space (/var/log) while protecting the / partition from being filled by log files. Normally /var is part of the / partition.
/var/log 4096 The /var partition stores most system logs. Creating a custom /var partition provides substantial, dedicated log storage space (/var/log) while protecting the / partition from being filled by log files. Normally /var is part of the / partition.
/var/core 15360 The /var partition stores most system logs. Creating a custom /var partition provides substantial, dedicated log storage space (/var/log) while protecting the / partition from being filled by log files. Normally /var is part of the / partition.
/opt 2048
/home 2048 The /home partition is created as a failsafe to help prevent / from filling up. Service console accounts (not vCenter) each have an associated /home folder. As a best practice, administrators should not use these folders for storage. If service console accounts are to be used and there are multiple users requiring access, the size of this partition may need to be increased. By default, /home is part of the / partition. By creating a custom partition for it the / partition will be protected if /home fills to capacity.
/vmimages 1024 Traditionally, /vmimages was used to store CD-ROM images (.ISOs) and Floppy Disk images (.flp, .img). However, most organizations following best-practices have moved this from each individual host to a single shared-storage location. However, by default ESX creates a /vmimages folder within / . This makes it dangerously easy for an Administrator to mistake it for the shared-storage repository and copy images into it that will fill / . As a failsafe to help prevent this, a small custom /vmimages partition can be created. If the local /vmimages folder is actually used, this size may need to be increased.
/tmp 2048 The /tmp partition is also created as a failsafe to help prevent filling the / partition. /tmp is often used to untar support files, temporarily store copied logs and stage patches. By default, /tmp is part of the / partition. By creating a custom partition for it the / partition will be protected if /tmp fills to capacity.
/boot and vmkcore are physical partitions. /, swap, /var/log, and all the optional partitions are stored on a virtual disk called esxconsole-<system-uuid>/esxconsole.vmdk. The virtual disk is stored in a VMFS volume.
You cannot define the sizes of the /boot, vmkcore, and /vmfs partitions when you use the graphical or text installation modes. You can define these partition sizes when you do a scripted installation.
ESX Required Partitions
/boot ext3 The ESX boot disk requires 1.25GB of free space and includes the /boot and vmkcore partitions. The /boot partition alone requires 1100MB.
The boot drive usually defaults to the specified /boot partition location.
Stores information required to boot the ESX host system.
/ ext3 Calculated dynamically based on the size of the /usr partition. By default, the minimum size is 5GB and no /usr partition is defined.
Contains the ESX operating system and services, accessible through the service console. Also contains third-party add-on services or applications you install.
The service console must be installed on a VMFS datastore that is resident on a host’s local disk or on a SAN disk that is masked and zoned to that particular host only.
Used to store virtual machines.
You can create any number of VMFS volumes on each LUN if the space is available.
vmkcore The ESX boot disk requires 1.25GB of free space and includes the /boot and vmkcore partitions. The /boot partition alone requires 1100MB.
Used to store core dumps for debugging and technical support.
If multiple ESX hosts share a SAN, configure a vmkcore partition with 100MB for each host.
Optional Partitions
You can create optional partitions during or after the ESX installation procedure.
/home ext3 512MB Virtual disk in a VMFS volume Used for storage by individual users.
/tmp ext3 1024MB Virtual disk in a VMFS volume Used to store temporary files.
/usr ext3 Virtual disk in a VMFS volume Used for user programs and data.
/var/log ext3 2000MB Virtual disk in a VMFS volume Used to store log files.


Kickstart Example:

#System bootloader configuration

#bootloader –driveorder=/dev/sda –location=mbr

#Disk partitioning information

part /boot –fstype=ext3 –size=250 –ondisk=/dev/sda

part :storage1 –fstype=vmfs3 –size=10000 –grow –ondisk=/dev/sda

part none –fstype=vmkcore –size=110 –ondisk=/dev/sda

# Create the .vmdk for the cos on the vmfs partition.

virtualdisk esxconsole –size=7712 –onvmfs=$host:storage1

# Partitioning the cos virtual disk.

part swap –fstype=swap –size=800 –onvirtualdisk=esxconsole

part /var/log –fstype=ext3 –size=2048 –onvirtualdisk=esxconsole

part / –fstype=ext3 –size=3030 –grow –onvirtualdisk=esxconsole


Run Windows 7 from your iPad

Filed under: virtualization — Tags: , , , , — iben @ 08:43

Run Windows 7 Desktop from your iPad


Got (want) a new iPad but not sure how to justify it for business reasons?

Follow this recipe for a sure fire winner that will please everyone who tries it!

Low calorie, safe and secure, and surprisingly reasonable for the budget conscious coupon clippers among us.


  • 1 Handheld Device – any of these will work
    • iPad 1st or 2nd generation either wifi or 3G will be fine
    • Andriod Tablet device – tested with Dell Streak 5 on Froyo 2.2
  • 1 Bluetooth Keyboard (Optional)
  • Wyse PocketCloud App
  • Wyse PocketCloud Windows Companion application


WARNING: Be sure to read entire recipe prior to beginning work. Failure to follow directions could cause your expense report to be rejected by the finance department.

NOTE: We take a detailed bottom up approach. This is less about instant gratification but ensures your first experience is successful. Once you’ve got it working once in a POC (Proof of Concept) then adapt this recipe to fit your own environment. Contact me and I can help you get setup based on your business needs.

Configure your Windows 7 Desktop to be accessed via RDP from the Internet.

This can be done at home on a physical machine however most businesses will choose to do this with Virtual Machines hosted on VMware ESX and brokered by VMware View 4 Manager for controlled access from the Internet with RSA 2 Factor Authentication One Time Password Tokens. Be sure the ESX hosts are protected with a tool like the HyTrust Appliance (HTA).

Install the Wyse PocketCloud Windows Companion software on the Windows 7 Desktop.

Pair the bluetooth keyboard with the iPad.

Configure wireless access on the iPad.

Download the PocketCloud App on the iPad.

Use the PocketCloud App on the iPad to connect over the Internet to the Windows 7 Desktop.

Login to the Windows 7 Desktop.

Start the Wyse PocketCloud Companion software on the Windows 7 Desktop

Use the iPad as a remote thin terminal screen.

Use the bluetooth keyboard to give you a real computer like experience.

No mouse? No Problem – just use your fingers to click, double-click, right click, select, copy and paste, etc.


VMware View 4.6 released 2/24 – over 160 bugs fixed and supports  Windows 7 SP1 RC 64 bit ODBC DSN <– Windows 7 DVM Setup Guide

Get the Wyse PocketCloud App from the Apple App Store. Many companies will simply purchase a $50 Apple iTunes Gift card and have their employees expense it. Learn more from this this web site:

  • Updated: Feb 18, 2011
  • Current Version: 2.1.217
  • Support for multi-tasking (background mode)
  • Optional support for Japanese language key entry mechanism.
  • Support for physical keyboard command key mappings (copy, cut, paste)
  • Full screen mode supported for both iPhone and iPad (removal of iPhone/iPad status bar).
  • Application fully supports all device orientations.
  • When connecting at iPad native resolution, screen auto-locks for ease of use.

Wyse PocketCloud Windows Companion:

Bluetooth keyboards are pretty cheap now. Models are available from Apple, Logitech, and Micro$oft: <– #1 recommendation! Very Nice @ $100

News reports on iPad and Windows 7:


vSphere Network Isolation Addresses

Filed under: virtualization — Tags: , , , , , , — iben @ 14:45

Network Isolation Addresses

A network isolation address is an IP address that is pinged to determine if a host is isolated from the network. This address is pinged only when a host has stopped receiving heartbeats from all other hosts in the cluster. If a host can ping its network isolation address, the host is not network isolated, and the other hosts in the cluster have failed. However, if the host cannot ping its isolation address, it is likely that the host has become isolated from the network and no failover action is taken.

By default, the network isolation address is the default gateway for the host. There is only one default gateway specified, regardless of how many service console networks have been defined, so you should use the das.isolationaddress[…] advanced attribute to add isolation addresses for additional networks. For example,  das.isolationAddress2 to add an isolation address for your second network, das.isolationAddress3 for the third, up to a maximum of das.isolationAddress9 for the ninth.

When you specify additional isolation address, VMware recommends that you increase the setting for the das.failuredetectiontime advanced attribute to 20000 milliseconds (20 seconds) or greater. A node that is isolated from the network needs time to release its virtual machine’s VMFS locks if the host isolation response is to fail over the virtual machines (not to leave them powered on.) This must happen before the other nodes declare the node as failed, so that they can power on the virtual machines, without getting an error that the virtual machines are still locked by the isolated node.

For more information on VMware HA advanced attributes, see “Customizing VMware HA Behavior,” on page 26.

Sets the address to ping to determine if a host is isolated from the network. This address is pinged only when heartbeats are not received from any other host in the cluster. If not specified, the default gateway of the console network is used. This default gateway has to be a reliable address that is available, so that the host can determine if it is isolated from the network. You can specify multiple isolation addresses (up to 10) for the cluster: das.isolationaddressX, where X = 1-10. Typically you should specify one per service console. Specifying too many addresses makes isolation detection take too long and can affect VMware HA behavior.

By default, VMware HA uses the default gateway of the console network as an isolation address. This attribute specifies whether or not this default is used (true|false).


Updated Security for home network

Filed under: home — Tags: , , — iben @ 18:07

Follow these steps to upgrade your home network for improved security.

  1. Change wireless settings on ISP router to use WPA instead of WEP.
  2. Change wireless settings on laptop to use WPA instead of WEP.
  3. Setup a second wireless router on the LAN port and change wireless settings on ISP router to use WPA instead of WEP. Do not use the WAN port.
  4. Disable the DHCP server on the second wireless router.

Home Wireless Network Diagram


Application Performance Testing Method

Filed under: virtualization — Tags: , , , , , , , , , — iben @ 12:46

Are certain applications running slowly occasionally? Sometimes things are superfast and then they slow to a crawl. What’s going on?

First of all – do all you can to ensure the environment is configured according to established Best Practices. One of the benefits of VMware’s acquisition of the Zimbra email / collaboration server software is that they need to ensure users optimize the deployments on their Hypervisor. This document here covers the main settings to check on a Virtual Machine that needs to perform well under load:

Any tool that uses SNMP to gather performance metrics can be used to baseline and stress test infrastructure and determine where the bottle necks are.

Basic methodology could go something like this…

1 – identify end to end system components from end user terminal through network to virtual machines, esx hosts, and storage.

2 – configure SNMP for all devices (keep in mind that the latest ESX/ESXi vSphere versions don’t have many performance counters exposed via SNMP and you’ll need to use their APIs)

3 – verify use patterns and confirm data collection over time (1 week or month). Tune alerts for normal use.

4 – schedule stress test for each component to determine performance ceiling and baseline throughput capacity.

5 – make changes as needed to improve end user experience.

6 – verify changes had desired effect.

Performance Troubleshooting for VMware vSphere

vsphere4-performance-troubleshooting.pdf (2.1 MB)

Possible tools that could be used to poll for performance metrics include:

Do you know of a tool that should be added to this list? Please send it to me.


Using Cryptographic Hashes to verify file download integrity

Filed under: virtualization — Tags: , , , , , , , , , , — iben @ 10:58

The SHA hash functions are a set of cryptographic hash functions designed by the National Security Agency (NSA) and published by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm.

Vendors provide a sha-1 hash for software downloads. This enables you to verify that your downloaded files are unaltered from the original.

To confirm file integrity, use an sha-1 utility on your computer to calculate your own hash for files downloaded from the VMware web site.

If your calculated hash matches the message digest we provide, you are assured that the file was downloaded intact.

sha-1 utilities are available for Windows and Linux and Mac. Most UNIX installations provide a sha1sum command for sha-1 hashes. You may need a newer linux kernel to calculate the checksums for larger files.

The File Checksum Integrity Verifier (FCIV) can be used on Windows based products to verify sha-1 values. Please see for details on FCIV.

Mac OS X: How to Verify a SHA-1 Digest

Instructions on checking an sha-1 checksum on a Mac:
In Finder, browse to /Applications/Utilities.
Double-click on the Terminal icon. A Terminal window will appear.
In the Terminal window, type: “openssl sha1 ” (sha1 followed by a space).
Drag the downloaded file from the Finder into the Terminal window.
Click in the Terminal window, press the Return key, and compare the checksum displayed to the screen to the one on the vendor’s download page.

From TechNet

Windows Server 2008 R2 Standard, Enterprise, Datacenter, and Web (x64) – DVD (English)
File Name: en_windows_server_2008_r2_standard_enterprise_datacenter_web_x64_dvd_x15-50365.iso
Size: 2,858 (MB)
Date Published (UTC): 8/31/2009 10:22:24 AM
Last Updated (UTC): 1/11/2010 4:31:40 PM
SHA1: A548D6743129F2A02C907D2758773A1F6BB1BCD7
 ISO/CRC: 8F94460B

About MD5

MD5 was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4. In 1996, a flaw was found with the design of MD5. While it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1 (which has since been found also to be vulnerable). In 2004, more serious flaws were discovered, making further use of the algorithm for security purposes questionable; specifically, a group of researchers described how to create a pair of files that share the same MD5 checksum. Further advances were made in breaking MD5 in 2005, 2006, and 2007. In an attack on MD5 published in December 2008, a group of researchers used this technique to fake SSL certificate validity.

US-CERT says MD5 “should be considered cryptographically broken and unsuitable for further use,”and most U.S. government applications now require the SHA-2 family of hash functions.

VMware Data Recovery

Filed under: virtualization — Tags: , , , , , , — iben @ 10:49

VMware Data Recovery (CD ISO)
Released 11/19/09 | Version 1.1 | Size 418 MB | Binary (.iso)
Deploy VMware Data Recovery virtual appliance plus management components.
SHA1SUM 44dc0cd0c3e774d4912412b51dabeadf28d959b9


Host Profiles N1KV VDS

Filed under: virtualization — Tags: , , , , , , , , , , , — iben @ 06:21

Background to Using Host Profiles

The vDS UI also allows a phased migration of vmnics from vSS to vDS without disruption to an operational environment. VMs can be migrated from a vSS to a vDS on the fly so long as the vDS and vSS have connectivity to the same network at the same time and the origin Port Group on the vSS and destination DV Port Group on the vDS are configured to the same VLAN.

Host Profiles provide a way to migrate multiple hosts at one time. Host Profiles use a golden profile from a migrated host to propagate a configuration to a number of other hosts.

When applying a Host Profile to a host, the host must be in Maintenance Mode. This requires VMs to be either powered down or migrated to another host.

Host Profiles are most appropriate for new installations of similarly configured hosts (i.e. same number of vmnics, same vmnic to physical switch configuration, no active VMS).

The table below summarizes the deployment situations and suggested methods for migration from vSS to vDS. Note: These are suggestions only; both methods will work within the guidelines mentioned above.

Summary of Migration Methods

Table 1 – Summary of vSS to vDS Migration Methods

DeploymentSituation SuggestedMethod Details
New servers, same vmnic config, no active VMs vDS UI + HP Migrate first host with vDS UI. Take host profile and apply to remaining hosts
<5 Existing Servers, no active VMs vDS UI Small number of servers. Can use host profiles, but possibly easier to continue with vDS UI
>5 Existing servers, same vmnic configs, no active VMs vDS UI + HP Larger number of servers with similar vmnic configuration. No active VMs so can enter maintenance mode and use Host Profiles
Existing Servers, active/operational VMs vDS UI Cannot use Maintenance Mode as VMs active. Phased vmnic migration suggested to ensurecontinuity of VM communications
 Existing Servers, dissimilar vmnic configurations vDS UI Enables per host tailoring of vmnic to dvUplink PortGroup mapping
Ongoing Compliance Checking HP Non-disruptively check network settings are compliant with approved “golden” configuration

Note: vDS UI = Use vDS UI; HP = use Host Profiles; vDS + HP = use vDS UI to deploy first host and Host Profiles for remaining hosts.

Applying NIC Teaming Policies to DV Port Groups With a vSS, NIC teaming policies are defined on the virtual switch with an optional override on each Port Group definition.  With vDS, NIC teaming policies are only defined on the DV Port Groups and apply to dvUplinks, not vmnics.  The vmnics are mapped to the dvUplinks on a per host basis.  This enables each host to have a different vmnic to physical host configuration and yet use the same NIC teaming policy over all hosts spanned by the vDS.

Monitoring Hash vmnic Selection in NIC Teams

The esxtop command from the ESX console can reveal the physical NIC (vmnic) used by virtual port or VM within a NIC team.

Use esxtop to see the following information:

  • PORT-ID represents an internal port number on the virtual switch
  • USED-BY column shows what that port number is used by (e.g. VMkernel, VM, etc)
  • TEAM-PNIC column shows what physical nic (vmnic) is being used for traffic from that virtual port (the result of the hash within the NIC team)
  • The remaining columns indicate the Receive and Transmit traffic rates on those ports.

To use esxtop, type esxtop from the ESX console and then type n.

A list of commands for the ESX command line interface is published in Chapter 6 of the ESX 4.0 Configuration Guide (available at To control console output to one page at a time by adding the | more suffix to the commands. For example:
esxcfg-vswitch –l | more


(See page 8)


List of log files VMware vSphere ESX Classic version 4

Filed under: virtualization — Tags: , , , , , , , , — iben @ 11:02
The following log files contain information that needs to be track on a VMware vSphere ESX 4 Classic Host to be in compliance with many security standards and best practices such as CIS Benchmark, PCI-DSS, SOX section 404, HIPPA, CPNI, COSO, ISO 20001, COBIT, and so on.
You can use syslog or splunk lightweight forwarders for this purpose.














Table with Explanation of files to log for VMware vSphere ESX Classic version 4






 Records activities related to the virtual machines and ESX

VMkernel warnings


Records activities with the virtual machines

VMkernel summary


Used to determine uptime and availability statistics for ESX; comma separated

VMkernel summary human readable


Used to determine uptime and availability statistics for ESX; human‐readable summary

ESX host agent log


Contains information on the agent that manages and configures the ESX host and its virtual machines

vCenter agent



Contains information on the agent that communicates with vCenter

Web access

Log all the files in the directory /var/log/vmware/webAccess/*.log
client.log, proxy.log, unitTest.log, viewhelper.log, objectMonitor.log, timer.log, updateThread.log

Records information on Web-based access to ESX
(service vmware-webAccess start on ESX host to enable this)

Authentication log


Contains records of connections that require authentication, such as VMware daemons and actions initiated by the xinetd.

Service Console


Contain all general log messages used to troubleshoot virtual machines or ESX

Virtual machines

The same directory as the affected virtual machine’s configuration files; named vmware.log and vmware‐*.log



Contain Virtual Machine Power Events, system crashes, Tools status and activity, Time Sync, Virtual Hardware changes, VMotion Migrations, Machine Clones,

Table  – List of ESX Host Files to Log



« Newer PostsOlder Posts »

Powered by WordPress