Uncategorized

There are 109 posts filed in Uncategorized (this is page 7 of 11).

PXE Manager for vCenter

VMware Labs has again released a fine piece of work which should make installing ESXi a lot easier : PXE manager for vCenter. I’m a fan of automation. Especially when it comes down to the installation of ESXi. First installation is fun, second is nice, but from that point on it gets boring.

Until now you always had to revert to a third party tool to do the auto installation for you. Ok, VMware provided the automated installation through kickstart, but you still needed a third party to do the PXE boot, install and configure your ESX(i) server.

VMware now introduced the PXE Manager for vCenter as a fling (so do not use in your production environment 😉 ). The rumors were already there that this would be implemented in vSphere 4.1, but unfortunately it didn’t make the cut. Good to see that it wasn’t a rumor after all and VMware does indeed have a install / management solution for deploying ESXi onto your servers.

PXE Manager for vCenter enables ESXi host state (firmware) management and provisioning. Specifically, it allows:

* Automated provisioning of new ESXi hosts stateless and stateful (no ESX)
* ESXi host state (firmware) backup, restore, and archiving with retention
* ESXi builds repository management (stateless and statefull)
* ESXi Patch management
* Multi vCenter support
* Multi network support with agents (Linux CentOS virtual appliance will be available later)
* Wake on Lan
* Hosts memtest
* vCenter plugin
* Deploy directly to VMware Cloud Director
* Deploy to Cisco UCS blades

See for yourself on the VMware Labs page over here.

Security : VMware Compliance Checker

One thing to always take into account while designing and managing your vSphere infrastructure is security. VMware also recognizes this and has several resources available to help you in securing your vSphere infrastructure.

VMware now released a tool to check your security compliancy against the VMware vSphere Hardening Guide. This guide is a set of best practices to harden your vSphere infrastructure. The VMware Compliance Checker checks and reports these settings in easy and simple manner.

VMware Compliance Checker for vSphere lets you:

  • Check compliance for multiple VMware ESX and ESXi servers concurrently
    • Run compliance check on up to 5 ESX or ESXi servers at a time and produce reports.
  • Supports VMware vSphere hardening guidelines
    • Perform checks on VMware ESX and ESXi servers to conform with the latest VMware vSphere hardening guidelines.
  • Analyze compliance assessment results
    • After a compliance run, you can view the assessments by ESX/ESXi hosts, plus guests.
  • Save and Print assessment results
    • You can save and print the compliance assessment reports to your team for review and they can be saved for archival needs.

Download your copy of the VMware Compliance Checker here.

This is a free tool and can be used in small and mid-size companies. This tool isn’t a replacement for the security auditing tools out there. If security really is a big deal within your infrastructure take a look at the compliance center by VMware

VMware vCloud Reference Architecture

Cloud here, cloud there, cloud is everywhere at the moment and private VMware vClouds are being deployed at customers all over the world. But with all great things the start with a design. And before you can design a nice solution to fit your need, you need to understand what vCloud is and what it’s capable of.

For this reason VMware created the vCloud Reference Architecture. A document that helps you design a private vCloud and understand all of it’s components. It will help you in the creation process, building your vCloud, size it for the needs of your organization and give you pointers on how to manage it.

You can download “Architecting a vCloud” over here.

Troubleshoot VMware issues with mindmapping

I always love to learn new things to optimize my personal skills. One of those skills is mindmapping. Apparently VMware shares that point of view and has created various mindmaps for troubleshooting various issues.


Each mindmap starts with a central theme, Troubleshoot Network Issues for example. You can then select your area where you have a problem by expanding (hit the +). This will result in more specific areas with regards to your selected problem area. Eventually this will result in a set of KB articles which can possibly solve your problem.

For examples have a look at the following articles :

Mindmap – vSphere Troubleshooting Network Issues

Mindmap – vSphere Troubleshooting Management Issues

For more mindmaps, now and in the future, have a look at VMware Support Insider blog here.

In general VMware created a nice way to approach troubleshooting issues with stuff that’s already there : mindmapping & KB articles. I must say I like this lifehack!

Release : Security Hardening Guide for vSphere 4.1

This guide is the official security hardening guide by VMware. It will help you configure your VMware vSphere 4.1 Infrastructure in such a way that your infrastructure will be protected against all kinds of security risks.

I find these security hardening guides very handy in helping me to understand all the areas that I need to look into to protect my vSphere Infrastructure. I’m not a security expert and most security experts I talk to don’t have enough knowledge of vSphere to give good advice on the best way to protect your vSphere Infrastructure. This document fills the knowledge gap between both areas of expertise.

Notice that this document is a best practice document. Please read the document carefully before implementing all the security configuration items into your vSphere infrastructure. My advice is to use the security guide as the standard and document all the security configuration items that you do not implement into your vSphere infrastructure. Also document why you didn’t implement the recommended security settings into your vSphere infrastructure. There can be a valid reason for it, but this way you have documented the reason and can always explain your security configuration settings to the security team in the future.

Scope

This set of documents provides guidance on how to securely deploy VMware® vSphere™ 4.1 (“vSphere”) in a production environment. The focus is on initial configuration of the virtualization infrastructure layer, which covers the following:

-­‐ The virtualization hosts (both VMware ESX® 4 and VMware ESXi™ 4)
-­‐ Configuration of the virtual machine container (NOT hardening of the guest operating system (OS) or any applications running within)
-­‐ Configuration of the virtual networking infrastructure, including the management and storage networks as well as the virtual switch (but NOT security of the virtual machine’s network)
-­‐ VMware vCenter™ Server, its database and client components
-­‐ VMware Update Manager (included because the regular update and patching of the ESX/ESXi hosts and the virtual machine containers are essential to maintaining the security of the environment)

You can download the Security Hardening Guide for vSphere 4.1 over here.

VMware SRM and EMC Symmetrix

Lately I’ve been working on a VMware Site Recovery Manager (SRM) 4.1 implementation in combination with a the Symmetrix storage arrays by EMC. Designing and figuring out how to get SRM working in combination with the storage arrays is the hard part of the job.

It requires knowledge of SRM, the EMC storage arrays and the vSphere infrastructure that you are implementing SRM into. The hard part is in the connection between SRM and the storage arrays. EMC providers a Storage Replication Adapter (SRA) , the EMC SRDF adapter, to integrate SRM with the Symmetrix storage arrays.

You need to understand how the SRA works, how to get it to working in combination with the Solutions Enabler software and how to present the replicated LUNs to your SRM.

EMC has written a document, “Using EMC SRDF Adapter for VMware vCenter Site Recovery Manager”, to fully understand all the software tooling and components involved in setting up a SRM implementation in combination with Symmetrix storage arrays.

The document is divided into four chapters and two appendices:

Chapter 1, “Introduction to VMware Technology,” introduces the reader to VMware and its technologies.

Chapter 2, “Installation and Configuration,” discusses the installation, setup and configuration of the EMC SRDF Storage Replication Adapter for VMware vCenter Site Recovery Manager version 4. This chapter also presents detailed best practices for installing and configuring Solutions Enabler for management of Symmetrix storage arrays.

Chapter 3, “Testing Recovery Plans with SRDF Adapter version 2.2,” presents how to configure and execute recovery plans with SRM version 4 and EMC SRDF Adapter version 2.2.

Chapter 4, “Failover and Failback with SRDF Adapter version 2.2,” discusses how to configure and execute failover and failback operations with SRM version 4 and EMC SRDF Adapter version 2.2.

Appendix A, “Symmetrix Access Controls with EMC SRDF Adapter,” discusses how to use Symmetrix Access Controls to manage access and control of the Symmetrix storage arrays visible to the VMware vCenter Site Recovery Manager server.

Appendix B, “Solutions Enabler Licensing,” discusses how to license Solutions Enabler to make use of the EMC SRDF SRA features. This section includes pre-Solutions Enabler 7.2 host-based licenses as well as Solutions Enabler 7.2 Symmetrix-based eLicensing.

Hopefully this document will help others understand SRM better and to successfully implement SRM with EMC Symmetrix storage arrays. It helped me in getting the job done! Thanks EMC.

Get vSphere network info using PowerCLI & CDP

PowerCLI is powerfull stuff. It can be used to set specific configuration for your vSphere environment, but it can also be used to collect information. This post will go into detail how to get network information using VMware PowerCLI and Cisco Discovery Protocol (CDP).

Cisco Discovery Protocol (CDP)

CDP is used to share information about other directly-connected Cisco networking equipment, such as upstream physical switches. CDP allows ESX and ESXi administrators to determine which Cisco switch port is connected to a given vSwitch. When CDP is enabled for a particular vSwitch, properties of the Cisco switch, such as device ID, software version, and timeout, may be viewed from the vSphere Client. This information is useful when troubleshooting network connectivity issues related to VLAN tagging methods on virtual and physical port settings.

CDP under VMware vSphere

By default ESX(i) has the CDP protocol on the vSwitch configured to the mode Listen. This enables you to view all relevant information with regards to your Cisco network.

To show this information under the vSphere client you have to enable CDP on the ESX(i) host and the Cisco switch. This KB article by VMware is a good reference on how to enable CDP. You can also view the configuration guide of ESX or ESXi.

If all works fine you can view the network information by clicking the info icon next to the vSwitch :

For more information on CDP under vSphere see this KB article.

PowerCLI & CDP

When CDP is enabled you can use PowerCLI to generate network information output for your vSphere environment. This is very usefull information which you can use for troubleshooting or in my case to prepare for a migration.

The KB article by VMware already gives a good PowerCLI script to get network information of all the connected NICs on a specific ESX(i) host.

Get-VMHost | Where-Object {$_.State -eq “Connected”} |
%{Get-View $_.ID} |
%{$esxname = $_.Name; Get-View $_.ConfigManager.NetworkSystem} |
%{ foreach($physnic in $_.NetworkInfo.Pnic){
$pnicInfo = $_.QueryNetworkHint($physnic.Device)
foreach($hint in $pnicInfo){
Write-Host $esxname $physnic.Device
if( $hint.ConnectedSwitchPort ) {
$hint.ConnectedSwitchPort
} else {
Write-Host “No CDP information available.”; Write-Host } } } }

If your not a scriptkiddie, you can also use PowerGUI and import the VMware Community PowerPack to do the work for you. This will, when you are connected to a vCenter host, provide you with a list of all the NICs in your ESX(i) hosts and their network information.

Relevant links

More information on CDP & ESXi: VirtualClouds.info – Configure Cisco CDP on ESX(i)

Best practices for XenApp on VMware

VMware released a best practices guide for XenApp on VMware. I have been looking forward to a best practices guide by VMware for a while, since more and more companies are deploying their XenApp infrastructure on VMware vSphere.

This guide describes the best practices for implementing an XenApp infrastructure on VMware vSphere by focussing on the following topics :

 Citrix XenApp Architecture on vSphere – Provides background on Citrix XenApp architecture and the
rationale for deploying on VMware vSphere.

 VMware ESX™ Host Best Practices for Citrix XenApp –Provides proven VMware best practices for
vSphere hosts running XenApp workloads. Includes guidance in the areas of CPU, memory, storage,
and networking.

 Citrix XenApp on vSphere Best Practices – Deploying Citrix XenApp on vSphere requires that proven
best practices for the XenApp application continue to be followed. The focus in this section is on
configuring virtual machines for XenApp.

 Monitoring Performance – When migrating XenApp to a vSphere infrastructure, maintaining
performance levels that are equal or better than those achieved in physical deployments is essential.
Monitoring before and after a migration helps validate whether the migration was a success, and can
also help establish a baseline understanding of the performance characteristics. This section takes a
look at the vSphere tools available to help monitor the vSphere environment.

 vSphere Enhancements for Deployment and Operations – Provides a brief look at vSphere features
and add-ons that can enhance the deployment and management of XenApp.

You can download the guide over here.

vCenter XVP Manager and Converter

The battle for the hypervisor continues. VMware still is ahead of it’s competitors, but Microsoft and Citrix are gaining market share in the hypervisor area. From the start these vendors have had tools to convert virtual machines from VMware ESX / ESXi to one of the hypervisors by the competitors and to manage VMware ESX machines.

VMware has it’s own VMware Labs. Here flings are presented to the public for beta testing. These are applications that you can download and tested within your own environment. Flings are applications that may one day be incorporated into vSphere. Till that time flings are not supported by VMware. So use at you own risk within your environment.

VMware now also created a tool to manage third-party hypervisors and convert VMs from a third-party competitive hypervisor platform to VMware ESX / ESXi :

VMware XVP Manager and Converter

VMware vCenter XVP Manager and Converter provides basic virtualization management capabilities for non-vSphere hypervisor platforms towards enabling centralized visibility and control across heterogeneous virtual infrastructures. It also simplifies and enables easy migrations of virtual machines from non-vSphere virtualization platforms to VMware vSphere.

Features

Management of the following Microsoft Hyper-V platforms:

  • Microsoft Hyper-V Server 2008
  • Microsoft Windows Server 2008 (64-bit) with Hyper-V role enabled
  • Microsoft Hyper-V Server 2008 R2
  • Microsoft Windows Server 2008 R2 with Hyper-V role enabled

Familiar vCenter Server graphical user interface for navigating through and managing non-vSphere inventory

Ease of virtual machine migrations from non-vSphere hosts to vSphere inventory

Compatible with VMware vCenter Server 4.0 & 4.1

Scalable up to management of 50 non-vSphere hosts

You can get your own copy at http://labs.vmware.com/flings/xvp

 

Guest VM Operations inside Hyper-V

 

VMware vCenter Update Manager Utility

Today I was looking into the replacement of SSL certificates for vSphere 4.1 U1. I came across the blog post by Derek Seaman about VMware VUM 4.1 U1 SSL Certificate Replacement. His post mentions a new tool for replacing the SSL certificate : the VMware vCenter Update Manager Utility.

I’ve looked it up in the VMware Update Manager 4.1 U1 release notes here and there it was :

The Update Manager 4.1 Update 1 release includes the VMware vCenter Update Manager Utility that helps users reconfigure the setup of Update Manager, change the database password and proxy authentication, re-register Update Manager with vCenter Server, and replace the SSL certificates for Update Manager

With this utility you can reconfigure the following settings in VMWare Update Manager :

Proxy settings

When you install the Update Manager server or the UMDS, you specify the proxy settings. If these settings change after installation, you must reconfigure Update Manager or UMDS to use the newly configured proxy.

Database user name and password

If the database user name and password change after you install the Update Manager server or UMDS, you can reconfigure Update Manager and UMDS without the need to reinstall them.

vCenter Server IP address

When you install the Update Manager server, you register it with the vCenter Server system with which Update Manager will work. Every time the vCenter Server IP is requested, you must provide the IP of the
vCenter Server system with which Update Manager is registered. If the IP of the vCenter Server system or Update Manager changes, you must be able to re-register the Update Manager server with the vCenter Server system.

SSL certificate

You can replace the default Update Manager SSL certificates with either selfsigned certificates or certificates signed by a commercial Certificate Authority (CA). You can replace only the SSL certificates that Update Manager uses for communication between the Update Manager server and client components. You cannot replace the SSL certificates that Update Manager uses when you
are importing offline bundles or upgrade release files.

So a useful tool when you want to reconfigure your VMware Update Manager installation after you’ve installed it. For the complete guide by VMware click here.