Virtualization Adapted Adapting Business Processes for Virtual Infrastrcuture (and vice-versa)

2011/01/05

Review of VMware View Optimization Guide Windows 7 pdf

Filed under: virtualization — Tags: , , , , , — iben @ 11:44

Just reviewed this guide and wanted to share.

Very helpful scripts are included with the adobe acrobat pdf which allow rapid customization and optimization of windows 7 desktops for VMware view.

A few tips:

  • open the pdf with the adobe acrobat reader app
  • you will find included 2 embedded files: commands.txt and ts.xml – save them to a shared folder
  • access the shared folder from the windows 7 template machine being configured
  • tweak your current user environment as you wish – it will be copied and set for use as the default user profile
  • change the folder options view to Disable “Hide extensions for Known file types” and click “Apply to Folders”
  • rename the commands.txt file to commands.bat (see notes below)
  • run the included commands.bat script from an “admin” command prompt or it won’t work right
  • take advantage of the new registry keys to denote current image version and author info
  • run ipconfig /release then shutdown the windows 7 template machine being configured
  • take a snapshot of the windows 7 template machine being configured

Customizing Linked-Clone Desktops with QuickPrep

You can personalize the linked-clone desktops that are created from a parent virtual machine by using the QuickPrep system tool. View Composer executes QuickPrep when a linked-clone desktop is created or recomposed.
QuickPrep customizes a linked-clone desktop in several ways:
Gives the computer a name that you specify when you create the linked-clone pool.
Creates a computer account in Active Directory, joining the computer to the appropriate domain.
Mounts the View Composer persistent disk. The Windows user profile is redirected to this disk.
Redirects temp and paging files to a separate disk.
These steps might require the linked clones to restart one or more times.
QuickPrep uses KMS volume license keys to activate Windows 7 and Windows Vista linked-clone desktops. For details, see Activating Windows 7 and Windows Vista on Linked-Clone Desktops.
You can create your own scripts to further customize the linked clones. QuickPrep can run two types of scripts at predefined times:
After linked clones are created or recomposed
Immediately before linked clones are powered off
For guidelines and rules for using QuickPrep customization scripts, see Running QuickPrep Customization Scripts.
Note
View Composer requires domain user credentials to join linked-clone desktops to an Active Directory domain. For details, see Create a User Account for View Composer.

Link to doc

http://www.vmware.com/files/pdf/VMware-View-OptimizationGuideWindows7-EN.pdf

Command.Bat listing

The contents of the commands.bat (aka commands.txt) file are listed here for your review. Review them and edit as needed for your environment.

rem  Setting Default HKCU values by loading and modifying the default user registry hive


reg load "hku\temp" "%USERPROFILE%\..\Default User\NTUSER.DAT"


reg ADD "hku\temp\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /d "%windir%\system32\scrnsave.scr" /f


reg ADD "hku\temp\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v ScreenSaveTimeOut /d "600" /f


reg ADD "hku\temp\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v ScreenSaverIsSecure /d "1" /f


reg ADD "hku\temp\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v Wallpaper /d " " /f


reg ADD "hku\temp\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache" /v Persistent /t REG_DWORD /d 0x0 /f


reg ADD "hku\temp\Software\Microsoft\Feeds" /v SyncStatus /t REG_DWORD /d 0x0 /f


reg ADD "hku\temp\Software\Microsoft\WIndows\CurrentVersion\Policies\Explorer" /v HideSCAHealth /t REG_DWORD /d 0x1 /f


reg unload "hku\temp"


rem Making modifications to the HKLM hive


reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main" /v DisableFirstRunCustomize /t REG_DWORD /d 0x1 /f


reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters" /v EnableSuperfetch /t REG_DWORD /d 0x0 /f


reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate /t REG_DWORD /d 0x1 /f


reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /v DisableSR /t REG_DWORD /d 0x1 /f


reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Disk" /v TimeOutValue /t REG_DWORD /d 200 /f


reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Image" /v Revision /t REG_SZ /d 1.0 /f


reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Image" /v Virtual /t REG_SZ /d Yes /f


reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application" /v MaxSize /t REG_DWORD /d 0x100000 /f


reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application" /v Retention /t REG_DWORD /d 0x0 /f


reg ADD "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f


reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System" /v MaxSize /t REG_DWORD /d 0x100000 /f


reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System" /v Retention /t REG_DWORD /d 0x0 /f


reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security" /v MaxSize /t REG_DWORD /d 0x100000 /f


reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security" /v Retention /t REG_DWORD /d 0x0 /f


reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v CrashDumpEnabled /t REG_DWORD /d 0x0 /f


reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoRecycleFiles /t REG_DWORD /d 0x1 /f


reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0x0 /f


reg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0x0 /f


reg ADD "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system" /v EnableLUA /t REG_DWORD /d 0x0 /f


reg Add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Sideshow" /v Disabled /t REG_DWORD /d 0x1 /f


rem Using Powershell to perform Windows Services modifications


Powershell Set-Service 'BDESVC' -startuptype "disabled"


Powershell Set-Service 'wbengine' -startuptype "disabled"


Powershell Set-Service 'DPS' -startuptype "disabled"


Powershell Set-Service 'UxSms' -startuptype "disabled"


Powershell Set-Service 'Defragsvc' -startuptype "disabled"


Powershell Set-Service 'HomeGroupListener' -startuptype "disabled"


Powershell Set-Service 'HomeGroupProvider' -startuptype "disabled"


Powershell Set-Service 'iphlpsvc' -startuptype "disabled"


Powershell Set-Service 'MSiSCSI' -startuptype "disabled"


Powershell Set-Service 'swprv' -startuptype "disabled"


Powershell Set-Service 'CscService' -startuptype "disabled"


Powershell Set-Service 'SstpSvc' -startuptype "disabled"


Powershell Set-Service 'wscsvc' -startuptype "disabled"


Powershell Set-Service 'SSDPSRV' -startuptype "disabled"


Powershell Set-Service 'SysMain' -startuptype "disabled"


Powershell Set-Service 'TabletInputService' -startuptype "disabled"


Powershell Set-Service 'Themes' -startuptype "disabled"


Powershell Set-Service 'upnphost' -startuptype "disabled"


Powershell Set-Service 'VSS' -startuptype "disabled"


Powershell Set-Service 'SDRSVC' -startuptype "disabled"


Powershell Set-Service 'WinDefend' -startuptype "disabled"


Powershell Set-Service 'WerSvc' -startuptype "disabled"


Powershell Set-Service 'MpsSvc' -startuptype "disabled"


Powershell Set-Service 'ehRecvr' -startuptype "disabled"


Powershell Set-Service 'ehSched' -startuptype "disabled"


Powershell Set-Service 'WSearch' -startuptype "disabled"


Powershell Set-Service 'wuauserv' -startuptype "disabled"


Powershell Set-Service 'Wlansvc' -startuptype "disabled"


Powershell Set-Service 'WwanSvc' -startuptype "disabled"


rem Making miscellaneous modifications


bcdedit /set BOOTUX disabled


vssadmin delete shadows /All /Quiet


Powershell disable-computerrestore -drive c:\


netsh advfirewall set allprofiles state off


powercfg -H OFF


net stop "sysmain"


fsutil behavior set DisableLastAccess 1


rem Making modifications to Scheduled Tasks


schtasks /change /TN "\Microsoft\Windows\Defrag\ScheduledDefrag" /Disable


schtasks /change /TN "\Microsoft\Windows\SystemRestore\SR" /Disable


schtasks /change /TN "\Microsoft\Windows\Registry\RegIdleBackup" /Disable


schtasks /change /TN "\Microsoft\Windows Defender\MPIdleTask" /Disable


schtasks /change /TN "\Microsoft\Windows Defender\MP Scheduled Scan" /Disable


schtasks /change /TN "\Microsoft\Windows\Maintenance\WinSAT" /Disable

rem  Setting Default HKCU values by loading and modifying the default user registry hivereg load "hku\temp" "%USERPROFILE%\..\Default User\NTUSER.DAT"reg ADD "hku\temp\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /d "%windir%\system32\scrnsave.scr" /freg ADD "hku\temp\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v ScreenSaveTimeOut /d "600" /freg ADD "hku\temp\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v ScreenSaverIsSecure /d "1" /freg ADD "hku\temp\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v Wallpaper /d " " /freg ADD "hku\temp\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache" /v Persistent /t REG_DWORD /d 0x0 /freg ADD "hku\temp\Software\Microsoft\Feeds" /v SyncStatus /t REG_DWORD /d 0x0 /freg ADD "hku\temp\Software\Microsoft\WIndows\CurrentVersion\Policies\Explorer" /v HideSCAHealth /t REG_DWORD /d 0x1 /freg unload "hku\temp"
rem Making modifications to the HKLM hive reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main" /v DisableFirstRunCustomize /t REG_DWORD /d 0x1 /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters" /v EnableSuperfetch /t REG_DWORD /d 0x0 /freg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate /t REG_DWORD /d 0x1 /freg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /v DisableSR /t REG_DWORD /d 0x1 /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Disk" /v TimeOutValue /t REG_DWORD /d 200 /freg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Image" /v Revision /t REG_SZ /d 1.0 /f
reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Image" /v Virtual /t REG_SZ /d Yes /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application" /v MaxSize /t REG_DWORD /d 0x100000 /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application" /v Retention /t REG_DWORD /d 0x0 /freg ADD "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Network\NewNetworkWindowOff" /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System" /v MaxSize /t REG_DWORD /d 0x100000 /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System" /v Retention /t REG_DWORD /d 0x0 /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security" /v MaxSize /t REG_DWORD /d 0x100000 /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security" /v Retention /t REG_DWORD /d 0x0 /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v CrashDumpEnabled /t REG_DWORD /d 0x0 /freg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoRecycleFiles /t REG_DWORD /d 0x1 /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0x0 /freg ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0x0 /freg ADD "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system" /v EnableLUA /t REG_DWORD /d 0x0 /freg Add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Sideshow" /v Disabled /t REG_DWORD /d 0x1 /f
rem Using Powershell to perform Windows Services modificationsPowershell Set-Service 'BDESVC' -startuptype "disabled"Powershell Set-Service 'wbengine' -startuptype "disabled"Powershell Set-Service 'DPS' -startuptype "disabled"Powershell Set-Service 'UxSms' -startuptype "disabled"Powershell Set-Service 'Defragsvc' -startuptype "disabled"Powershell Set-Service 'HomeGroupListener' -startuptype "disabled"Powershell Set-Service 'HomeGroupProvider' -startuptype "disabled"Powershell Set-Service 'iphlpsvc' -startuptype "disabled"Powershell Set-Service 'MSiSCSI' -startuptype "disabled"Powershell Set-Service 'swprv' -startuptype "disabled"Powershell Set-Service 'CscService' -startuptype "disabled"Powershell Set-Service 'SstpSvc' -startuptype "disabled"Powershell Set-Service 'wscsvc' -startuptype "disabled"Powershell Set-Service 'SSDPSRV' -startuptype "disabled"Powershell Set-Service 'SysMain' -startuptype "disabled"Powershell Set-Service 'TabletInputService' -startuptype "disabled"Powershell Set-Service 'Themes' -startuptype "disabled"Powershell Set-Service 'upnphost' -startuptype "disabled"Powershell Set-Service 'VSS' -startuptype "disabled"Powershell Set-Service 'SDRSVC' -startuptype "disabled"Powershell Set-Service 'WinDefend' -startuptype "disabled"Powershell Set-Service 'WerSvc' -startuptype "disabled"Powershell Set-Service 'MpsSvc' -startuptype "disabled"Powershell Set-Service 'ehRecvr' -startuptype "disabled"Powershell Set-Service 'ehSched' -startuptype "disabled"Powershell Set-Service 'WSearch' -startuptype "disabled"Powershell Set-Service 'wuauserv' -startuptype "disabled"Powershell Set-Service 'Wlansvc' -startuptype "disabled"Powershell Set-Service 'WwanSvc' -startuptype "disabled"
rem Making miscellaneous modificationsbcdedit /set BOOTUX disabledvssadmin delete shadows /All /QuietPowershell disable-computerrestore -drive c:\netsh advfirewall set allprofiles state offpowercfg -H OFFnet stop "sysmain"fsutil behavior set DisableLastAccess 1
rem Making modifications to Scheduled Tasksschtasks /change /TN "\Microsoft\Windows\Defrag\ScheduledDefrag" /Disableschtasks /change /TN "\Microsoft\Windows\SystemRestore\SR" /Disableschtasks /change /TN "\Microsoft\Windows\Registry\RegIdleBackup" /Disableschtasks /change /TN "\Microsoft\Windows Defender\MPIdleTask" /Disableschtasks /change /TN "\Microsoft\Windows Defender\MP Scheduled Scan" /Disableschtasks /change /TN "\Microsoft\Windows\Maintenance\WinSAT" /Disable

2010/11/13

VMware VAAI Certification Test Summary

Filed under: virtualization — Tags: , , , , , , , — iben @ 17:47

VMware VAAI Certification Test Summary

Based on the VMware VAAI Certification Guide Revision date: 20101011

This guide is intended for VMware partners who want to certify VAAI storage with ESX to claim compatibility in the VMware HCLs.

The vStorage API calls off load certain storage operations to the storage array and optimize the storage operation. They are the new application programming interfaces in the VMKernel. Using a small set of primitives or fundamental operations that can be issued to an array supporting these interfaces, ESX can improve the performance on certain storage operations such as cloning, snapshotting, mirroring, zeroing blocks, and replication.

You certify these offload operations with your storage arrays and use this certification to obtain a listing in the VMware compatibility guide:

  • Atomic Test and Set (ATS) also known as Hardware Assisted Locking: a mechanism to modify a disk sector to improve the performance of ESX updating metadata.
  • Full Copy: given a source range of LBAs, copies them into the given destination range of LBAs.
  • Block Zeroing or Write Same: zeroes out the given range of LBAs.

VAAI Certification Test Process List

  1. BlockZeroDiskTest
    1. This test verifies that when ESX uses the VAAI BlockZero primitive, an eager‐zeroed‐thick vmdk volume is created faster.
    2. The operation compares execution time with and without enabling the VAAI BlockZero primitive. The test passes only if the execution time with VAAI enabled is less than with VAAI disabled.
    3. The test is conducted with continuous I/O to the array under test from four virtual machines running on the ESX host.
    4. IMPORTANT Do not run any extraneous workloads on the storage array under test during the first 30 minutes of this test to avoid the possibility of non‐constant workloads skewing the test times and causing a test failure.
    5. Estimated test time: 30 minutes
  2. BlockZeroRDMTests
    1. This test verifies that zeroing a vmdk volume on an RDM disk is performed correctly when ESX uses the VAAI BlockZero primitive. The test is run on both a non‐pass‐through RDM as well as a pass‐through RDM disk.
    2. The operation is conducted with and without enabling the VAAI BlockZero primitive. The test logs note the execution times with and without the VAAI BlockZero primitive, but the time does not determine test passing or failing.
    3. The test is conducted with continuous I/O to the array under test from four virtual machines running on the ESX host.
    4. Estimated test time: 5 minutes to 3 hours
  3. BlockZeroMultiOffloadTests
    1. This test verifies that simultaneous creation of virtual disks on a shared datastore from two ESX hosts with VAAI BlockZero primitive enabled functions properly.
    2. The operation is conducted with and without enabling the VAAI BlockZero primitive. The test logs note the execution times with and without the VAAI BlockZero primitive, but the time does not determine test passing or failing.
    3. This test is conducted with no I/O to the array under test.
    4. Estimated test time: 10‐20 minutes
  4. FullCopyDiskTest
    1. This test verifies that when ESX uses the VAAI FullCopy primitive, a vmdk volume clones faster.
    2. The operation is conducted with and without enabling the VAAI FullCopy primitive. The test logs note the execution times with and without the VAAI FullCopy primitive, but the time does not determine test passing or failing.
    3. The test is conducted with continuous I/O to the array under test from four virtual machines running on the ESX host.
    4. Estimated test time: 36 hours, with a majority of the time spent verifying cloned volume contents.
  5. FullCopyRDMTests
    1. This test verifies that cloning a vmdk volume to an RDM disk is done correctly when ESX host uses the VAAI FullCopy primitive. The test is run with both a non‐pass‐through RDM as well as a pass‐through RDM disk as the destination disk.
    2. The operation is conducted with and without enabling the VAAI FullCopy primitive. The test logs note the execution times with and without the VAAI FullCopy primitive, but the time does not determine test passing or failing.
    3. The test is conducted with continuous I/O to the array under test from four virtual machines running on the ESX host.
    4. Estimated test time: 18 hours, with a majority of the time spent verifying cloned volume contents.
  6. FullCopyCloneVMTests
    1. This test verifies that virtual machine cloning operations function properly with the VAAI FullCopy primitive enabled.
    2. The test clones a virtual machine to both the same datastore as the source virtual machine as well as to a different datastore.
    3. The operation compares execution time with and without enabling the VAAI FullCopy primitive. The test passes only if the execution time with VAAI enabled is less than with VAAI disabled.
    4. The test is conducted with continuous I/O to the array under test from four virtual machines running on the ESX host.
    5. IMPORTANT Do not run any extraneous workloads on the storage array under test during the first 30 minutes of this test to avoid the possibility of non‐constant workloads skewing the test times and causing a test failure.
    6. Estimated test time: 1 hour
  7. FullCopyCloneVMRDMTests
    1. This test verifies that virtual machine cloning operation from a non‐pass‐through RDM LUN to a pass‐through RDM LUN functions properly with the VAAI FullCopy primitive enabled.
    2. The operation is conducted with and without enabling the VAAI FullCopy primitive. The test logs note the execution times with and without the VAAI FullCopy primitive, but the time does not determine test passing or failing.
    3. The test is conducted with continuous I/O to the array under test from four virtual machines running on the ESX host.
    4. Estimated test time: 32 minutes
  8. FullCopyMultiOffloadTests
    1. This test verifies that the VAAI feature improves concurrent Full Copy from two ESX hosts.
    2. The operation is conducted with and without enabling the VAAI FullCopy primitive. The test logs note the execution times, but the time does not determine test passing or failing.
    3. This test is conducted with no I/O to the array under test.
    4. Estimated test time: 20 minutes
  9. ATSFileOpTests
    1. This test verifies that when ESX enables the VAAI ATS primitive, the file create, delete, read and write operations perform faster with simultaneous access to the LUN from two ESX hosts.
    2. The operation compares execution time with and without enabling the VAAI ATS primitive. The test passes only if the execution time with VAAI enabled is less than with VAAI disabled.
    3. This test is conducted with no I/O to the array under test.
    4. IMPORTANT Do not run any extraneous workloads on the storage array under test during the first 30 minutes of this test to avoid the possibility of non‐constant workloads skewing the test times and causing a test failure.
    5. Estimated test time: 12‐20 minutes
  10. ATSMultiLengthFileTests
    1. This test verifies that when ESX hosts use the VAAI ATS primitive, simultaneous file modifications from two ESX hosts function properly.
    2. The operation compares execution time with and without enabling the VAAI ATS primitive. The operation is conducted with and without enabling the VAAI ATS primitive. The test logs note the execution times, but the time does not determine test passing or failing.
    3. This test is conducted with no I/O to the array under test.
    4. Estimated test time: 3‐10 minutes
  11. ATSReserveTests
    1. This test verifies that when ESX hosts use the VAAI ATS primitive, file locking and unlocking modifications from two ESX hosts function properly.
    2. This test is conducted with no I/O to the array under test.
    3. Estimated test time: 3‐5 minutes

2010/10/28

VAAI – Netapp

Filed under: virtualization — Tags: , , , , , — iben @ 15:21

New NetApp Virtual Storage Console 2.0 (VSC) integrates with VMware vSphere vStorage APIs for Array Integration (VAAI). VAAI provides additional interfaces to enable advanced capabilities developed by VMware vSphere workflows to integrate advanced storage capabilities from NetApp and other vendors.

http://media.netapp.com/documents/wp-7106.pdf

VSC consists of three distinct capabilities:

  • Storage Console is the foundation capability, providing storage discovery, health monitoring, capacity management, and storage configuration according to best practices.
  • Provisioning and Cloning (formerly NetApp Rapid Cloning Utility) provides end-to-end datastore management-provisioning, resizing, and deletion-and rapid, space-efficient VM server and desktop cloning, patching, and updating utilizing NetApp FlexClone technology.
  • Backup and Recovery (formerly NetApp SnapManager for Virtual Infrastructure) automates data protection processes by enabling VMware admins to centrally manage backup and recovery of datastores and VMs without impacting guest performance, and to rapidly recover from backups at any level of granularity-datastore, VM, VMDK, or guest file.

Provisioning and Cloning

The provisioning and cloning capability of VSC 2.0 includes all the capabilities of previous versions of RCU, including the ability to efficiently clone new virtual machines from a baseline using NetApp FlexClone technology, manage and secure storage paths, configure deduplication and thin provisioining for storage efficiency, and resize datastores.

Another significant feature is the ability to redeploy existing virtual machines to bring them up to date with the latest patches and so on. Working from a baseline virtual machine that contains the same OS and applications as your deployed virtual machines plus the desired updates, this feature allows you to quickly reconstruct your existing VMDK files while keeping the unique configuration files for each VM intact. You can also choose to maintain current customization settings or apply new settings.

baselines_902x646.jpg

Figure – Redeploying your existing virtual machines from an updated baseline.

VMFS Versions – Drivers and Formats

Filed under: virtualization — Tags: , , , , — iben @ 15:14

There are no significant on-disk format changes going from version 3.33 to 3.46. However, there is a significant change between VMFS driver version 3.46 and driver version 3.33. In particular, 3.46 contains VAAI extensions, which leads VMFS to use hardware accelerated locking and the hardware accelerated data mover on VAAI compliant hardware.

So the short answer is that you do not need to upgrade to a new on-disk vmfs 3.46 but instead the new 3.46 driver on ESX 4.1 will bring you the benefit even with vmfs 3.33 on-disk filesystem, if these are on array whose firmware is upgraded that provides such VAAI extensions.

VMware ESX 3 – VMFS ver 3.21
VMware ESX 3.5 – VMFS ver 3.31
VMware vSphere 4 – VMFS ver 3.33
VMware vSphere 4.1 – VMFS ver 3.46
VMware vSphere 5 – VMFS ver 5

HyTrust Appliance 2.1 Available

Filed under: virtualization — Tags: , , , , , , , , , , , , — iben @ 14:36

HyTrust recently celebrated its 3-year birthday.  HyTrust was founded in October 2007 to bring secure access control and policy to virtual infrastructure, enabling wider adoption of virtualization throughout the enterprise — exactly the same focus that we have today.

It’s amazing to see what we have achieved in the last three years: great enterprise customers; solid partnerships with the major players in virtualization (VMware, Cisco, RSA, Intel and Symantec); numerous accolades, including Best of Show at VMworld; and, of course, several significant releases of HyTrust Appliance…

So we’re excited to let you know that HyTrust Appliance 2.1 is now generally available. It is chock-full of exciting new enterprise features, including protection for the control of Cisco Nexus 1000V, application-level high availability, and smart card support.  As always, we have also made 2.1 available in the Community Edition form, which can be downloaded for free here: 
http://info.hytrust.com/appliance.html

New HyTrust Appliance Capabilities At a Glance

  • Support for VMware vSphere 4.1
  • Integrated access control, policy and audit logging for Cisco Nexus 1000V CLI management (NX-OS command set)
  • Support for complex, multi-domain Active Directory environments
  • Single sign-on via Windows pass-through authentication with smart card integration
  • New ESX hardening templates including VMware Hardening Guide 4.0 and (Sarbanes Oxley) SOX hardening template
  • Application-level high availability (in addition to VMware HA/FT and federation)

If you would like to take a look at the new functionality, we have recorded demos of the new version available for your viewing pleasure.
http://info.hytrust.com/recorded_product_demo.html

For those of you currently evaluating HyTrust Appliance, we’d like to extend an added incentive to make your purchase in Q4: for a limited time, HyTrust is offering a free “jump-start” professional services package to help you get up and running quickly. Contact sales (sales@hytrust.com) for more information.

2010/10/23

Vyatta router upgrade procedure

Filed under: Uncategorized — Tags: , , , — iben @ 12:36

Upgrading in a Virtual Environment

Upgrading in a virtual environment involves two steps:
1 Install the new appliance to a fresh virtualized environment.
2 Migrate your configuration from old to new Vyatta appliances.

Migrate the configuration

1 In configuration mode on the old system, use the save command to save the
current configuration.
2 For all Ethernet interfaces, remove the hardware ID values using the delete
interfaces ethernet ethx hw-id command to remove the hardware ID values, then
commit and save the configuration to a name other than config.boot (for
example, save oldconfig).
3 Use the load command to return the original configuration to the old system.
4 Use the set service ssh command and then the commit command to configure the
system to allow for SCP file transfer.
5 In configuration mode on the new system, assign an IP address to an interface
residing on the same subnet as one on the old system (for example, set interfaces
ethernet eth0 address 192.168.1.99/24), and then commit the change.
6 Copy the saved configuration (the one with the hardware UDs removed) from the
old system to the new system. For example, if the old system is at 192.168.1.20,
the saved configuration file is name oldconfig, and the username vyatta is
available on the old system, issue the scp command as follows:
scp vyatta@192.168.1.20:/opt/vyatta/etc/config/oldconfig
/opt/vyatta/etc/config/oldconfig
7 Load the copied configuration using the load command (for example, load
oldconfig). At this point, the configuration on the new system should match that
on the old system (except for the hardware IDs).
8 Shut down the old system using the shutdown command.

Reference:

http://www.vrouter.net/solutions/branch_virtualization.php

2010/09/17

Hypervisor Density

Filed under: Uncategorized — Tags: , , , — iben @ 22:17

Testing using a workload that mimics real world SQL Server workloads better than ever before, suggests that ESX today has a VM density ratio well in excess of 1.5:1.

VMware’s ESXi 4.1 continues to lead the pack, delivering a density advantage of at least 2:1 and up to almost 3:1 versus Hyper-V R2 and between 1.7:1 and 2.3:1 vs. KVM.

XenServer has closed the density gap in terms of number of concurrent VMs that can be run on a given host, coming to par with ESXi, but that this comes with a significant and unacceptable performance penalty. XenServer consistently delivers far less performance across the board (penalty ranging from 25% to 69%), and in our view gives ESXi as much as a 2:1 density advantage over XenServer, once we consider the ability of the hypervisor to access the full performance of the underlying hardware.

http://www.tanejagroup.com/chkwhitepapers.aspx?lstpro=1&fname=VMware%20Hypervisor%20Density%20TVS%20August%202010.pdf

2010/09/10

vsphere security best practices

Filed under: Uncategorized — Tags: , , , , , , — iben @ 07:54

VMware ESX 4.1 and vCenter Server 4.1

Background:

Follow the security principles of:
– separation of duties
– least privilege

Harden the hypervisor: upgrade to vSphere ESXi 4.1

Give the LAN back to the Network Team

Implement the Cisco Nexus 1000v and only assign ports to active systems.

Audit and control access

Use a tool like HyTrust to eliminate configuration drift and track and control system access.

Using Roles to Assign Privileges

A role is a predefined set of privileges. Privileges define individual rights that a user requires to perform actions and read properties.
When you assign a user or group permissions, you pair the user or group with a role and associate that pairing with an inventory object. A single user might have different roles for different objects in the inventory. For example, if you have two resource pools in your inventory, Pool A and Pool B, you might assign a particular user the Virtual Machine User role on Pool A and the Read Only role on Pool B. These assignments would allow that user to turn on virtual machines in Pool A, but not those in Pool B. The user would still be able to view the status of the virtual machines in Pool B.
The roles created on an ESX/ESXi host are separate from the roles created on a vCenter Server system. When you manage a host using vCenter Server, the roles created through vCenter Server are available. If you connect directly to the host using the vSphere Client, the roles created directly on the host are available.
vCenter Server and ESX/ESXi hosts provide default roles:

  • System roles
    • System roles are permanent. You cannot edit the privileges associated with these roles.
  • Sample roles
    • VMware provides sample roles for convenience as guidelines and suggestions. You can modify or remove these roles.

You can also create roles.
All roles permit the user to schedule tasks by default. Users can schedule only tasks they have permission to perform at the time the tasks are created.
Note: Changes to permissions and roles take effect immediately, even if the users involved are logged in. The exception is searches, where permission changes take effect after the user has logged out and logged back in.

Details:

Best Practices for vCenter Roles and Permissions

Use best practices for roles and permissions to maximize the security and manageability of your vCenter Server environment.
VMware recommends the following best practices when configuring roles and permissions in your vCenter Server environment:

  • Use folders to group objects to correspond to the differing permissions you want to grant for them.
  • Grant permissions to groups rather than individual users.
  • Grant permissions only where needed. Using the minimum number of permissions makes it easier to understand and manage your permissions structure.
  • If you assign a restrictive role to a group, check that the group does not contain the Administrator user or other users with administrative privileges. Otherwise, you could unintentionally restrict administrators’ privileges in parts of the inventory hierarchy where you have assigned that group the restrictive role.
  • Use caution when granting a permission at the root vCenter Server level. Users with permissions at the root level have access to global data on vCenter Server, such as roles, custom attributes, vCenter Server settings, and licenses. Changes to licenses and roles propagate to all vCenter Server systems in a Linked Mode group, even if the user does not have permissions on all of the vCenter Server systems in the group.
  • In most cases, enable propagation on permissions. This ensures that when new objects are inserted in to the inventory hierarchy, they inherit permissions and are accessible to users.
  • Use the No Access role to masks specific areas of the hierarchy that you don’t want particular users to have access to.

Use Host Profiles to Apply Permissions to Hosts

When you join a host to an Active Directory domain, you must define roles on the host for a user or group in that domain. Otherwise, the host is not accessible to Active Directory users or groups. You can use host profiles to set a required role for a user or group and to apply the change to one or more hosts.
It is recommended that you follow this procedure for System Administrators (Admin) and Auditors (ReadOnly).

Prerequisites

You must have an existing host profile. See Creating a Host Profile.
Verify that the hosts to which you apply a profile are in maintenance mode.

Procedure

  1. Using the vSphere Client, select View > Management > Host Profiles.
  2. Right-click an existing host profile and select Edit Profile.
  3. Expand the profile tree, and then expand Security configuration.
  4. Right-click the Permission rules folder and select Add Profile.
  5. Expand Permission rules and select Permission.
  6. On the Configuration Details tab in the right pane, click the Configure a permission drop-down menu and select Require a Permission Rule.
  7. Enter the name of the group that should have the role assigned to it.
    1. Use the format DOMAIN\name, where DOMAIN is the name of the Active Directory domain and name is the user name or group name.
  8. Select the Name refers to a group of users check box.
  9. Enter the assigned role name for the user or group (usually Admin or ReadOnly).
    1. The role name is case-sensitive. If this is a system role, you must use the nonlocalized role name. For example, for the Administrator role, enter Admin. For the Read-only role, enter ReadOnly.
  10. Select the Propagate permission check box and click OK.

Reference:

vSphere Datacenter Administration Guide : Setting Up Your Virtual Infrastructure : Managing Users, Groups, Roles, and Permissions : Best Practices for Roles and Permissions
http://pubs.vmware.com/vsphere-esx-4-1/wwhelp/wwhimpl/js/html/wwhelp.htm

2010/04/20

vSphere Network Isolation Addresses

Filed under: virtualization — Tags: , , , , , , — iben @ 14:45

http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_availability.pdf

Network Isolation Addresses

A network isolation address is an IP address that is pinged to determine if a host is isolated from the network. This address is pinged only when a host has stopped receiving heartbeats from all other hosts in the cluster. If a host can ping its network isolation address, the host is not network isolated, and the other hosts in the cluster have failed. However, if the host cannot ping its isolation address, it is likely that the host has become isolated from the network and no failover action is taken.

By default, the network isolation address is the default gateway for the host. There is only one default gateway specified, regardless of how many service console networks have been defined, so you should use the das.isolationaddress[…] advanced attribute to add isolation addresses for additional networks. For example,  das.isolationAddress2 to add an isolation address for your second network, das.isolationAddress3 for the third, up to a maximum of das.isolationAddress9 for the ninth.

When you specify additional isolation address, VMware recommends that you increase the setting for the das.failuredetectiontime advanced attribute to 20000 milliseconds (20 seconds) or greater. A node that is isolated from the network needs time to release its virtual machine’s VMFS locks if the host isolation response is to fail over the virtual machines (not to leave them powered on.) This must happen before the other nodes declare the node as failed, so that they can power on the virtual machines, without getting an error that the virtual machines are still locked by the isolated node.

For more information on VMware HA advanced attributes, see “Customizing VMware HA Behavior,” on page 26.

das.isolationaddress
Sets the address to ping to determine if a host is isolated from the network. This address is pinged only when heartbeats are not received from any other host in the cluster. If not specified, the default gateway of the console network is used. This default gateway has to be a reliable address that is available, so that the host can determine if it is isolated from the network. You can specify multiple isolation addresses (up to 10) for the cluster: das.isolationaddressX, where X = 1-10. Typically you should specify one per service console. Specifying too many addresses makes isolation detection take too long and can affect VMware HA behavior.

das.usedefaultisolationaddress
By default, VMware HA uses the default gateway of the console network as an isolation address. This attribute specifies whether or not this default is used (true|false).

2010/03/30

Application Performance Testing Method

Filed under: virtualization — Tags: , , , , , , , , , — iben @ 12:46

Are certain applications running slowly occasionally? Sometimes things are superfast and then they slow to a crawl. What’s going on?

First of all – do all you can to ensure the environment is configured according to established Best Practices. One of the benefits of VMware’s acquisition of the Zimbra email / collaboration server software is that they need to ensure users optimize the deployments on their Hypervisor. This document here covers the main settings to check on a Virtual Machine that needs to perform well under load: http://iben.users.sonic.net/wp//2011/05/performance-recommendations-for-virtualizing-anything-with-vmware-vsphere-4/

Any tool that uses SNMP to gather performance metrics can be used to baseline and stress test infrastructure and determine where the bottle necks are.

Basic methodology could go something like this…

1 – identify end to end system components from end user terminal through network to virtual machines, esx hosts, and storage.

2 – configure SNMP for all devices (keep in mind that the latest ESX/ESXi vSphere versions don’t have many performance counters exposed via SNMP and you’ll need to use their APIs)

3 – verify use patterns and confirm data collection over time (1 week or month). Tune alerts for normal use.

4 – schedule stress test for each component to determine performance ceiling and baseline throughput capacity.

5 – make changes as needed to improve end user experience.

6 – verify changes had desired effect.

Performance Troubleshooting for VMware vSphere

vsphere4-performance-troubleshooting.pdf (2.1 MB)

http://communities.vmware.com/docs/DOC-10352

Possible tools that could be used to poll for performance metrics include:

http://www.scriptlogic.com/Products/perspective/

http://www.vizioncore.com/products/vFoglight/features.php

http://www.whatsupgold.com/technology/network-management/monitoring-technologies/index.aspx

http://www.quest.com/Quest_Site_Assets/PDF/DSA-FoglightNetworkDevice-US-VC.pdf

http://network-optimisation.com/technology/network_monitoring/snmp_monitoring.php

http://www.microsoft.com/systemcenter/operationsmanager/en/us/default.aspx

http://www.manageengine.com/products/opmanager/index.html

http://www.managementsoftware.hp.com

http://www.solarwinds.com/products/orion/modules.aspx

http://www.veeam.com/vmware-esx-monitoring.html

http://www.monitorsnmp.com/

http://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a008011fde2.shtml

http://www.sage.org/lists/sage-members-archive/2002/msg01878.html

Do you know of a tool that should be added to this list? Please send it to me.

 

Older Posts »

Powered by WordPress