Furoris News

This is one of those posts that is as much for my own benefit as it is for others. For a few weeks now, I’ve been working on a dynamic DNS setup for my home/home office network involving BIND and the ISC DHCP daemon running on a pair of OpenBSD virtual machines. I finally got it to work (thanks in no small part to this article and this how-to post) and then found that I needed to make some manual edits to the DNS zones.

After a great deal of stumbling and fumbling, I found an obscure reference to a need to use rndc when making manual edits. After some testing, I learned that the “correct” way to make manual edits is as follows:

1. Halt changes to the dynamic DNS zone with the command rndc freeze <zone name>.
2. Make the manual edits to the zone file, being sure to increment the zone serial number.
3. Use the command named-checkzone <zone name> <zone file> to verify the syntax in the zone file.
4. Allow changes to the dynamic DNS zone with the command rndc thaw <zone name>.

If you monitor the appropriate log files (on my system I had to monitor /var/log/daemon), you’ll see zone transfers take place to any secondary name servers, a strong indicator that the change has successfully been accepted and propagated.

A very simple task, I know, but hopefully this post will help me next time I need to do this same task again and hopefully it will help someone else out there in the same situation.

This article was originally posted on blog.scottlowe.org. Visit the site for more information on virtualization, servers, storage, and other enterprise technologies.

Making Manual Edits to Dynamic DNS Zones

Similar Posts:

• Bulk Adding Entries in DNS
• New User’s Guide to Managing Cisco MDS Zones via CLI
• New User’s Guide to Configuring Cisco MDS Zones via CLI
• Using vmware-vim-cmd to Modify a Portgroup
• Client-Specific DHCP Options with Linux DHCP Server

The VMworld 2010 general session on Thursday, September 2, gets kicked off by pictures of the party last night and opening remarks by Rick Jackson around innovation and the definition of innovation. It was nice to see VMware “tip their hat” to IBM for the creation of virtualization.

The first guest speaker to come up and discuss innovation is Pranav Mistry, who spends some time discussing some of the various next-generation interfaces that he’s created and worked with—things like a virtual mouse, a pen that allows designers to draw on the screen, or a paper interface to computing devices. His ultimate goal is to integrate digital information into the real world. He wants to stop having different interactions with digital and physical and have only a single set of interactions. He shows off a few very interesting demonstrations of an experimental project that involves a device integrating a small projector, a camera, and devices that track hand movement to integrate digital information into the real world. It’s pretty interesting and shows off some exciting integrations that lie ahead.

The next guest is Natan Linder, an Intel fellow and member of the MIT Media Lab. He focuses his discussion around adding I/O to the real world and creating new interfaces. The key project is the LuminAR, which is a robotic lamp that provides a natural interface to the digital world. It’s a pretty interesting project that “breaks pixels free of the screen” and allows you to interact with the digital world wherever an whenever you need. The project is different from Pranav’s in that Natan’s project is focused around augmented reality; Pranav’s work focuses on removing the barriers between digital and physical.

The third and final speaker is Tan Lee, founder of Emotiv Systems, who focuses on a new remote control that uses brain waves to control digital devices. Emotiv is working on “brain computer interface technology”. After discussing what Emotiv has been working on, she invites Steve Herrod, CTO of VMware, who will help demonstrate the Emotiv technology in action. Tan walks Steve through some training actions, and then demonstrates how the system actually works. The demonstration is very impressive, and truly does look like some sort of science fiction technology. It’s quite amazing.

At the completion of Tan’s demonstration, all three speakers join Rick Jackson on the screen for a brief panel discussion.

After the panel discussion concludes, Rick Jackson finally answers the question: what do the Golden Tickets mean? Each Golden Ticket holder will receive their own Emotiv headset. Awesome!

This article was originally posted on blog.scottlowe.org. Visit the site for more information on virtualization, servers, storage, and other enterprise technologies.

VMworld 2010 General Session, Day 4

Similar Posts:

• VMworld 2010 Keynote, Day 2
• VMware vCloud Event with Paul Maritz
• VMworld 2009 Day 1 Keynote
• VMware vSphere Pro Video Training
• Citrix Synergy Day 2 Keynote

This is session TA8233, titled “Prioritizing Storage Resource Allocation in ESX Based Virtual Environments Using Storage I/O Control.” The presenters are Ajay Gulati and Chethan Kumar, both of whom are R&D Engineers with VMware.

Storage I/O Control (SIOC) is intended to help even out storage resource allocation to prevent some VMs from using up storage resources and negatively impacting other workloads. SIOC implements I/O shares and I/O limits on datastore objects; reservations are not implemented currently.

To enable SIOC for a datastore, simply open the Properties dialog box for the datastore and check the Enabled setting for SIOC. Once it is enabled, you can adjust the default assignments for I/O shares and/or I/O limits on a per-virtual disk basis. When discussing shares, be sure to remember that shares assign relative priority. To help make working with SIOC easier, VMware has included columns for I/O Shares and I/O Limits on the Virtual Machines tab for a selected datastore.

The presenter next shows an example of using SIOC with IOMeter; the example shows that SIOC does actually implement the 2:1 ratio that was configured on the VMs. The next few slides reinforce this behavior as the presenters walk through examples of environments both without SIOC and with SIOC.

SIOC activates when it detects latency above a threshold for an enabled datastore. When the latency exceeds the threshold value, SIOC kicks in and begins to enforce relative priority based on share assignment. The latency is set to a default value, but it is configurable. Lower values enforce stronger isolation; higher values are better for overall throughput. VMware doesn’t use only IOPS or only bandwidth for enforcing SIOC; instead, they use the idea of an array queue slot. Some VMs will re-use slots more quickly (sequential I/Os, for example), others will re-use slots more slowly. This is an area I’m going to explore in more detail.

SIOC checks latency every 4 seconds and adjusts host queue depth accordingly. SIOC also detects when VMs are not using their array queue slots and dynamically redistributes those slots to VMs that are actively issuing I/O requests.

The session ends up with a few recommendations:

• Avoid using different settings on datastores that share the same underlying resources. (I wonder how this impacts the use of disk pools in many modern storage arrays?)
• Avoid external access for SIOC-enabled datastores. Do not share across multiple vCenter Server instances, do not access using older hosts or non-ESX hosts, and don’t share across datacenters.
• For SSDs, use 10-15 ms as the suggested congestion threshold. For FC and SAS disks, 20-30 ms is appropriate; use 30-50 ms for SATA disks. For auto-tiered datastores, use the vendor-recommended value or use the value from the slowest storage in the pool.

At this point, the session wrapped up. This was a very interesting session and SIOC is a topic that I definitely plan on exploring in much greater detail in the very near future.

This article was originally posted on blog.scottlowe.org. Visit the site for more information on virtualization, servers, storage, and other enterprise technologies.

TA8233: Prioritizing Storage Resource Allocation Using Storage I/O Control

Similar Posts:

• Moving Lab Manager Datastores
• Follow Up on Access-Based Enumeration
• Storage vMotion with RDMs
• NetApp RCU and VSC
• Interesting New VMware Storage Product

This is MA6580, titled “Bridge the ESX/ESXi Management Gap with the vSphere Management Assistant (vMA), Tips and Tricks Included”. The presenters are Chris Monfet and Tim Murnane. This is my first session of Day 3 of VMworld 2010 in San Francisco. Following this is a whirlwind of vendor meetings, video interviews, a book signing, and more sessions this afternoon.

The focus on the vMA is due to the shift in focus from VMware from VMware ESX (vSphere 4.1 will be the last version with VMware ESX) to VMware ESXi. vMA is based on CentOS (will they switch to SuSE like they are for all other virtual appliances?) and supports VMware ESX/ESXi 3.5 Update 2 or later. The vMA uses 512MB of RAM and has a 5GB VMDK. It does use hardware version 4 in order to provide support for VI3 environments. You can deploy the vMA directly from the vSphere Client or by downloading the OVF and then deploying it.

The /opt/vmware/vima/bin/vmware-vma-netconf.pl script allows you to reconfigure vMA network settings if necessary.

The vma-update command (with the parameters info, update, or scan) allows you to patch or update the vMA. If you have a proxy server, you’ll want to update /etc/vmware/esxupdate/vmaupdate.conf file accordingly.

By default, vMA does not run the NTP daemon, although it is preconfigured to use the pool.ntp.org servers. You can use chkconfig to enable the NTP daemon. You’ll also want to update the time zone configuration.

The preferred target for vMA is vCenter Server, and you can also use it as a remote log host for VMware ESX/ESXi. You can also run vMA outside of the actual vSphere environment; for example, you can run it under VMware Workstation.

With regard to authentication, vMA uses interactive logon (prompted for username and password for every command), FastPass (stores credentials locally in a file), or Active Directory (using Likewise Open integration).

When using FastPass, you’ll use the vifp addserver, vifp removeserver, vifp listservers commands. There’s also a vifp rotatepassword option to automatically rotate passwords between the vMA and the VMware ESX/ESXi hosts.

With Active Directory integration, you only need to use the domainjoin-cli command to join the Active Directory domain. From there, authentication will happen automatically.

As I mentioned earlier, you can also use the vMA as a remote loghost. The vi-logger command is what you use to set this up. This is particularly important for VMware ESXi. Note that vxpa logs are not sent to syslog (see VMware KB 1017658). All log files go to /var/log/vmware/<hostname>.

The presenters now move into some use case/operational discussions. There are lots of examples provided; a bit more detail is provided for using the vMA to configure storage with the esxcli command. Examples are also provided for setting the MTU size on a vSwitch (using vicfg-vswitch), setting up log collection with vi-logger, and customizing management services. New to vMA 4.1 is the vicfg-hostops command, which you can use to put hosts into (and out of?) maintenance mode.

Now the session moves into a few best practices for vMA:

• One vMA per 100 VMware ESX/ESXi hosts when using vi-logger.
• Place vMA on your management LAN/VLAN.
• Use a static IP address, a fully qualified domain name, and correct DNS settings. This is especially important for AD integration.
• Configure the vMA as a remote log host.
• Enable NTP and configure it for UTC (VMware ESXi uses UTC).
• The recommended target for vMA/vCLI is vCenter Server (much in the same way vCenter Server is the recommended target for the vSphere Client).
• You might need to leave a VMware ESX host for tools like mbralign; this functionality still hasn’t been migrated over to VMware ESXi or the vMA.
• Cleanup local accounts on your VMware ESX/ESXi when using a new VMA or destroying one.
• Try to limit the use of resxtop, and use it for real-time troubleshooting not monitoring.

The session wraps up with a few pre-recorded demos of bulk adding servers, bulk adding users, and running resxtop.

This article was originally posted on blog.scottlowe.org. Visit the site for more information on virtualization, servers, storage, and other enterprise technologies.

MA6580: Bridge the ESX/ESXi Management Gap with vMA

Similar Posts:

• New User’s Guide to Configuring VMware ESXi Networking via CLI
• Next-Gen Stuff: Verifying the SHA-1 Fingerprint
• TA2659: Managing ESX in a COS-less World
• SVVP Certifications for VMware vSphere
• Quick Note on ESX and ESXi Storage Multipathing

This is a liveblog of VMworld 2010 session DV7706, titled “View Composer Technical Deep Dive and Best Practices,” in Moscone West 2004. The presenter(s) are Jeff Whitman and Jim Yanik, both with VMware.

We start out the session with a quick review of some limitations. View Composer has a limit of eight ESX/ESXi hosts in a cluster. This is a VMFS limit involving the number of hosts that are accessing a read-only file at the same time. I wonder if VAAI hardware-assisted locking will affect this limit. As for the total number of VMs, you are limited by the usual suspects—HA failover time, vMotion time to put a host in maintenance most, HA limits, etc.

View Composer is installed as a service on the vCenter Server computer. You can connect View Manager to the View Composer service inside the View Manager configuration dialog box. The presenters do recommend using the fully qualified domain name (FQDN) when configuring the connection between the View Manager and the View Composer service on a vCenter Server instance.

The start of every linked clone is the parent VM. Follow the usual best practices for building the parent VM as included in the documentation from VMware. I couldn’t record any of their recommendations because they didn’t leave on the screen long enough.

The parent VM needs a snapshot before you can create linked clones. Be sure to shut down the VM so that memory state isn’t included. View 4.5 has a new checkbox that allows you to show incompatible images; this was added as a way to help administrators troubleshoot potential problems with incorrectly-taken snapshots. (As an example, a snapshot taken while the VM is running would be incompatible.)

Linked clones can be stored on local or shared storage. You can have multiple linked clones per storage pool, and replica and linked clones can be on the same datastore or different datastores. This is new to View 4.5 and it allows you to store the replica on SSD/EFD for maximum performance but place the linked clone on slower-performing storage. Be aware that this is a potential single point of failure.

View terminology appears to be changing again; what was once the user data disk is now called the persistent disk. In my opinion, VMware needs to settle into some consistent terminology.

Some datastore recommendations include using similarly-sized datastores so that View can load balance the linked clones across the datastores (using round robin) fairly evenly. The number of VMs per datastore is really driven by IOPS; best practices run around “50-64 or maybe 128″ (exact verbiage from the presentation).

Quick definition: A replica consists of a clone of the parent VM plus the selected snapshot. Replicas are thin provisioned. Persistent disks (aka user data disks) are also thin provisioned. View 4.5 also introduces a “disposable” or temporary disk that allows View 4.5 to destroy the temporary disk and reclaim that space on a regular basis. The presenters think that the temporary disk is destroyed every time the user logs off. How does it handle the Windows swapfile then? Finally, View 4.5 also stored the Windows machine password in a separate “internal disk” that simplifies the process of refreshing linked clones when they are member of an Active Directory domain.

The presenter next walks through a comparison of storage utilization both without and with linked clones. It’s a comparison that most people have seen multiple times, nothing terribly new or surprising here.

QuickPrep is included with View Composer, and 4.5 also includes Sysprep. You should use Sysprep only in those instances where you specifically need a new SID; in most cases, having a unique SID isn’t as big of a deal as many people suspect that it is. Sysprep is a lot slower than QuickPrep, so be aware. The selection of QuickPrep/Sysprep on a pool is permanent for the life of that pool; you can’t switch it later.

VDMAdmin.exe is a tool provided with View Manager; it was necessary with previous versions of View to attach/detach user data disks. Persistent disks (the equivalent in View 4.5) can be managed directly inside the View Manager GUI. You can also script the interaction with the persistent disks for greater automation.

The speakers just confirmed, as I already knew, that centralized profile management is not included in VMware View 4.5.

Some troubleshooting tips:

• All machines have same name and hang on customization - typically caused by a missing agent.
• If customization fails, check the QuickPrep domain setup in View Manager, Also be sure user has permissions to add and remove computers in Active Directory.
• DNS, DNS, DNS—name reoslution is critical!
• Be sure that you have adequate host resources for large refresh or recompose operations.
• Use View Manager to manipulate View desktops, not vCenter!
• Don’t use static IP addressing in the parent VM.
• Use SVIConfig to help troubleshoot View database issues.

You can’t use Storage vMotion with linked clones; it’s not supported.

What’s the best way to handle Patch Tuesday? You can manually apply the patches, test, snapshot, and then recompose. You can also use automatic updates, test, power down and snapshot, and then recompose. Finally, if you are using a third-party agent, remove the agent before snapshotting and recomposing (you don’t want the agent included in the linked clones).

What about antivirus? The traditional method was to install the A/V engine and update definitions only; you would use a recompose to roll out a new engine. You could also not use A/V. Because linked clones are disposable, the impact of not using A/V isn’t as great as you might initially think. With vSphere 4.1 you could use vShield Endpoint, which is an extension of the VMsafe APIs that allow the A/V vendors to completely pull their agents out of the guest VMs.

When planning for business continuity, don’t forget to plan for the View Manager database. For DR, be sure to replicate the View Server and install View Composer on the DR vCenter Server.

That’s it!

This article was originally posted on blog.scottlowe.org. Visit the site for more information on virtualization, servers, storage, and other enterprise technologies.

DV7706: View Composer Technical Deep Dive and Best Practices

Similar Posts:

• VMware Lab Manager Design Considerations
• Partner Exchange 2010 Session TECHDV0721
• LUN Clones vs. FlexClones
• Recovering Data Inside VMs Using NetApp Snapshots
• Moving Lab Manager Datastores

I’m going to try to liveblog the VMworld 2010 keynote this morning. Hopefully I’ll be able to keep up with the pace, and hopefully the site won’t melt down from additional traffic. Check back regularly and I’ll update this post as the keynote progresses.

As usual, the general session is opening with a video. This time, it’s a mock documentary discussing “What is the cloud?” The video compares “cloud computing” to pizza. The next reference is to The Matrix, where the narrator of the documentary goes to visit the Oracle and is told his mind is a dumb terminal. Pretty funny!

After the video concludes, VMware Chief Marketing Officer Rick Jackson takes the stage. He shares a few interesting statistics: VMworld 2004 was the first conference with about 1400 guests. Last year, there were about 12,500 guests. This year, now in its seventh year, with about 85 countries represented, there are approximately 17,000 attendees this year. Wow—this is a huge increase over last year! Of those, 4,000 new attendees (first time to the VMworld conference). Fifty-five people have attended every single conference; they are the Alumni Elite.

Rick next discussed the hybrid cloud architecture used to power VMworld 2010. The conference uses two data centers on the East Coast along with a private cloud infrastructure here on site.

Next Rick transitions into a discussion of the phases of virtualization. First there’s IT Production, and that gives customers cost savings. Next comes business production, where “applications run better virtualized”. Rick says that most VMware customers are currently in the business production phase. The third phase is business agility, driven by IT agility and enabled by operational savings and efficiency. This is IT as a Service (ITaaS). Rick stressed the “open” nature of VMware’s solutions, harps on VMware’s broad hardware support. He announces that OVF (Open Virtualization Format) is now an ANSI standard. He also reminds the attendees that VMware is working on standardizing the vCloud API as an open standard.

Rick next introduces Paul Maritz, who comes out on stage to take over the presentation. Paul spends a few minutes discussing the breadth of VMware’s adoption across industries and across geographies. He then transitions into a discussion of the role of the virtualization layer, it’s central role in innovation (and being the focus of innovation), it’s impact on operations, resource allocation, and the consumption of infrastructure. As he moves into the discussion of virtual data centers, it’s pretty clear (to me, at least) where he’s headed—he’s laying some foundations and defining some terms for a product announcement, and wants to be sure that the audience is at the same place he is in their thought processes.

After a lengthy discussion of the three layers that need innovation—new infrastructure, new application platform, and new end user access—he now moves out of the theoretical into the practical by inviting Steve Herrod, VMware’s CTO, out onto the stage.

Steve starts out with a discussion of vSphere and the vSphere 4.1 release. He reviews a few maximums and covers some basic functionality like vMotion, and reminds the audience of increases in the performance of technologies like vMotion (faster individual vMotion migrations and more concurrent vMotion migrations). Steve also discusses the solution to the “noisy neighbor” problem where individual VMs take up too many resources; the fix, of course, is Storage I/O Control and Network I/O Control. He also discusses the vStorage APIs for Array Integration (VAAI). As most readers of this site probably already know, VAAI allows the hypervisor to offload storage operations onto the storage arrays themselves.

Steve Herrod announces the acquisition of Integrien by VMware for their proactive analytics functionality. The product looks quite interesting, but I’m unclear how Integrien will integrate with existing products like AppSense.

Steve moves through a discussion of producers, consumers, their different needs, SLAs, service catalogs (App Stores), “pay as you go” models, and virtual data centers. The focus is on the gap between producers who provision hardware and consumers who request services. And finally, after all the build-up, Herrod announces VMware vCloud Director (aka Project Redwood). VMware sees vCD as the enabling technology that helps address the disconnect between producers and consumers, and enables companies to create virtual data centers.

To help address security in the virtual data center, VMware announces VMware vShield Endpoint, VMware vShield App, and VMware vShield Edge. These products provide offloaded virus protection, hypervisor-level firewalling, and a “traditional” stateful firewall, respectively. It will be interesting to see how these products play with VMware’s security partners. Competitor or partner now?

Unfortunately, I have to now leave the General Session to prepare for my 11AM session on EMC Virtual Storage with VMware vSphere. If you’re attending, please feel free to tweet (use the hashtag #TA8101) or blog during the session. See you there!

This article was originally posted on blog.scottlowe.org. Visit the site for more information on virtualization, servers, storage, and other enterprise technologies.

VMworld 2010 Keynote, Day 2

Similar Posts:

• Cleaning Out Some VMworld Info
• For Me, VMworld Begins Today
• VMworld 2009 Day 1 Keynote
• VMworld 2010 General Session, Day 4
• Submit a Question for VMworld 2009 Ask the Experts Session

A flurry of virtualization-related product announcements flew into my Inbox today, thoroughly disrupting the empty Inbox I’d cultivated before the show. Anyway, I thought readers might be interested in some of the announcements, so here they are:

• Akorri announced they’ve achieved VMware Ready status with their BalancePoint product. If you’re at VMworld and want to talk to Akorri, stop by booth 1331.
• Similarly, Avere Systems has also been awarded VMware Ready status for its FXT 2700 appliance. Avere is also at VMworld in San Francisco, but I don’t have their booth number available to me.
• Start-up company DeskStream has launched a product called Dynamic Virtual Desktop (yes, the acronym is DVD). It’s a “Desktop as a Service” product, according to their information. No word on whether DeskStream is at the VMworld conference. Follow this link for the full launch announcement.
• Yet another company, CompuWare, has gotten VMware Ready status for CompuWare Vantage. As with DeskStream, I don’t have any indication as to whether CompuWare is at the VMworld conference.
• I continue to be impressed by security startup HyTrust. Their latest announcement, HyTrust Cloud Control, brings strong authentication, role-based access control, and integration between HyTrust Appliance and VMware vCloud Director.
• BLADE has announced VMready 3.0 with Virtual Vision, which allows physical networks to “see” virtual machines as they migrate (or are migrated) around the data center. At first glance, it kind of sounds like Arista’s VM Tracer, but I have a meeting with BLADE later this week and intend to find out more about the product. I’ll post more after that meeting.
• EMC’s RSA division is also announcing the RSA Solution for Cloud Security and Compliance. This solution integrates technologies from Archer into a solution that is intended to help customers have greater confidence that their environments are properly secured and audited according to standards and policies. The full press release is also available here.

I think that’s about it for now. More VMworld 2010 coverage to come, so stay tuned!

This article was originally posted on blog.scottlowe.org. Visit the site for more information on virtualization, servers, storage, and other enterprise technologies.

VMworld Announcements, Day 1

Similar Posts:

• Congrats to HyTrust
• HyTrust Appliance Community Edition
• HyTrust Launches Security Appliance
• HyTrust Appliance 1.5
• Some Pre-VMworld Product Announcements

I managed to score a seat in the vApps/OVF/Advanced VM Templates session. Unfortunately, I arrived late, so I don’t know the presenter’s names (apparently the location of the session was changed from the time I put it on my calendar to today).

The OVF XML descriptor file contains package meta-data and has 10 core sections for describing virtual hardware, EULA, product information, upgrade instructions, etc. The actual software in an OVF is installed in one more more virtual disks, and any public specified virtual disk format is supported. OVF also supports signing, compression, and internationalization.

The presenters showed a quick demonstration of deploying an OVF template using the vSphere Client. (They showed off deploying the SugarCRM vApp.) In particular, they pointed out the product information, version, size, description, etc., stored in the OVF XML meta-data, and mentioned that this can help users avoid downloading the wrong virtual appliance. The presenters also showed deployment options in the OVF XML; this allows the vendor to show recommended configurations for evaluation, production, enterprise, etc.; this is all driven by the vendors and is all stored in the OVF XML package descriptor.

The presenters showed IP address allocation parameters using data stored in the OVF. This functionality simplifies the configuration of the virtual appliance or vApp.

vApps have power commands just like VMs, but they contain multiple VMs. Even though vApps contain multiple VMs, when deploying a vApp via OVF, it doesn’t ask you questions about multiple VMs or such. In general, this is handled by the author of the OVF XML package descriptor for the vApp. In the Inventory view, a vApp can be expanded to show the individual VMs contained within the vApp.

Next the presenters discussed creating a vApp from scratch. To create a new vApp, you just right-click on a host and select Create New vApp. Then you just drag existing VMs into/onto the new vApp. Once the new vApp is created, you can populate additional information like product name, product version, VM startup order, timing sequences, and shutdown actions. The presenter showed shutting down a vApp so that we could see how the shutdown order was enforced.

You can also export a vApp as an OVF template. This is a simple command from within the vSphere Client, and it exports the VMDKs and creates the XML descriptor file.

We also saw how to add vApp information to existing VMs without creating a vApp.

The presenters now moved into a discussion of VM templates and how VM templates can be enhanced and extended with vApp properties. There are two primary roles when it comes to templates: the author, who creates it once, validates it, and certifies it, but this occurs rarely. The user, on the other hand, uses these templates frequently to deploy new VMs.

Behind the scenes during a “normal” VM template deployment, it first makes a clone of the existing template. Then it powers it on and installs an agent into the guest OS. The agent is responsible for modifying the guest OS according to the customization specification settings selected during the deployment process. At the end, the new VM is powered off and the deployment is done.

To avoid some of the common limitations of the “normal” way of deploying VM templates, we can incorporate vApp functionality. In the vApp style of deployment, the author is responsible for creating and providing the agent that will customize the guest OS. This might be a shell script or a PowerCLI script. This agent or tool then responds based on parameters passed to it based on information supplied by the user during the deployment process. (Refer back to the description of vApp deployment.) This makes the authoring process harder (but this occurs rarely) and makes the deployment process easier (this occurs more often).

The presenters next moved into a demonstration of using vApp properties and OVF to enhance standard VM template deployment.

The VMware OVF Tool 2.0 is available with Fusion 3.1 and Workstation 7.1 or can be downloaded from http://www.vmware.com/go/ovf. OVF Tool can convert OVF to OVA and a variety of other tasks. Another tool is called vAppRun, which integrates with OVFTool and lets you work with vApps and OVF Properties while using Fusion and Workstation. It can be downloaded from http://labs.vmware.com/flings/vapprun. The presenters showed a demo of using OVF Tool to deploy OVF templates. They also showed using OVF Tool to deploy from Workstation to vSphere, and finally they demonstrated a more complex deployment like SugarCRM. This showed how to deploy complex vApps from the command line using OVF Tool. (Pretty cool, in my opinion, even if it did include a very long and very complex command line instruction.)

VMware Studio 2.1 is a free application that can help in the creation of virtual appliances/vApps and supports full OVF 1.1 support and integration. It’s available from http://www.vmware.com/go/studio.

After this the session wrapped up and went into a question-and-answer session.

SUMMARY: I like the continued development of OVF and vApps, but I’m not so sure just how useful the idea of using vApp/OVF technologies for VM template deployment will actually be. The primary roadblock is the fact that the author would have to create the customization agent. Otherwise, OVF Tool looks quite handy and is very likely something I will be exploring in more detail.

This article was originally posted on blog.scottlowe.org. Visit the site for more information on virtualization, servers, storage, and other enterprise technologies.

TA8037: vApps, OVF, and Advanced VM Templates

Similar Posts:

• Creating UCS Service Profiles Part 1: Networking Elements
• Republished: FlexClones or Deduplication?
• Thinking Out Loud: Why Deploy FCoE?
• TA2259 Ask the Experts at VMworld 2009
• TA2659: Managing ESX in a COS-less World

Welcome to Technology Short Take #2, a collection of links, thoughts, ideas, and items pertaining to data center technologies—virtualization, networking, storage, and security. I hope you find something useful or interesting!

• The release of FLARE 30 and DART 6 by EMC (formally announced last week) introduces some new concepts and new functionality. Matt Hensley recently did a write-up on some of the new functionality in this post on virtual provisioning, storage pools, and FLARE 30. It’s worth a read if you aren’t already familiar with these technologies and need a primer.
• If you are looking for the definitive guide on connectivity between various VMware vSphere components and the TCP/UDP ports required, you need only look here. Great information!
• Here’s a great guide from Cisco on deployment options when deploying 10 Gigabit Ethernet on VMware vSphere 4.0 with the Nexus 1000V or the VMware vNetwork Distributed Switch. I’ve read through it, but I’ve added it to my list of documents to go back and study more carefully; there’s lots of useful information in here.
• Way back in March Dave Convery posted this article on limitations with VMware vShield Zones. While re-reading that article today, I noted in the comments that the Nexus 1000V has a feature called Virtual Service Domains that help address some of the limitations of vShield Zones (at that time). As pointed out in the comments, this makes vShield Zones usable in two NIC scenarios such as with Cisco UCS. If anyone has any additional links on Virtual Service Domains, please share them in the comments. This is a topic that I think needs some additional attention.
• This article is a good breakdown of the differences in storage identifiers between ESX 3.x and ESX 4.1.
• Jeff Woolsey at Microsoft finally wraps up his series of articles on Hyper-V Dynamic Memory with Part 6. I’ve been reading this series pretty faithfully as Jeff systematically lays out the various ways in which memory is handled in a virtualization scenario, and I’ve been consistently struck by the impression that Jeff was working really hard to distinguish what Microsoft was doing with Hyper-V from what VMware does with ESX/ESXi. In the end, though, I can’t help but see all the similarities between the two. Dynamic Memory allocates additional memory to a VM as it needs it (much the same way ESX/ESXi does by allocating memory only as requested by the VM) and reclaims free pages from the VMs (just like ESX/ESXi reclaims idle pages via idle page reclamation). When under memory pressure, Hyper-V might force the guests to page out to disk; ESX/ESXi’s memory balloon driver achieves the same effect. What’s missing, obviously, is that with Hyper-V the hypervisor itself won’t swap pages out to disk (ESX/ESXi will do this under extreme circumstances). Am I missing something, or is Microsoft’s Dynamic Memory a lot more like VMware’s memory management technologies than Microsoft wants to admit? Feel free to enlighten me (courteously and with full disclosure) in the comments if I’m missing something.
• Via Geert Verbist’s site, I found this article on application consistent quiescing via VMware’s VSS integration in VMware Tools. (For more information on VSS support within VMware Tools, check out my liveblog from Partner Exchange earlier this year.) This is good to hear, but what’s still not clear is whether the application consistent snapshots will truncate transaction logs. If anyone has more information, speak up in the comments.
• I think I pointed this out a week or two ago on Twitter, but I thought I’d mention here at well. If you ever need to help decode which WWPNs map to which ports on an EMC CLARiiON array, this article is quite helpful. Anyone have matching articles for EMC Symmetrix, NetApp, HP, HDS, or other arrays?
• With the formal announcement by VMware that vSphere 4.1 will be the last major release that includes ESX, ESXi is naturally getting much more attention. With that, there’s been a flurry of ESXi-related articles:
  Using vMA As Your ESXi Syslog Server
  The Migration From ESX to ESXi is Happening: Moving Configurations, Part 1
  The Migration from ESX to ESXi is Happening: Moving Configurations, Part II
  My VMware ESXi Installation Checklist
  Virtually Ghetto: ESXi 4.1 - Major Security Issue (also documented here in the VMware KB)
  ESXi 4.1 - Major Security Issue - The Sequel and the Workaround
  ESXi 4.1 Active Directory Integration
• If you’re into Cisco UCS but like Hyper-V instead of VMware vSphere, Cisco has a white paper on Cisco UCS with Hyper-V for delivery of virtualized Exchange 2010.
• I’m a command-line junkie, so I liked this article on how to put an ESX host into maintenance mode from the CLI.
• For those seeking to get up to speed on the Nexus 7000 switches, “Fryguy” posted some training documents on his site. I haven’t read them (yet), but they’re on my list of documents to read (a list that grows ever longer…)

I guess that will do it for this time around. I hope that you’ve found something useful and, as always, feel free to add more useful links or tidbits in the comments. Thanks for reading!

This article was originally posted on blog.scottlowe.org. Visit the site for more information on virtualization, servers, storage, and other enterprise technologies.

Technology Short Take #2

Similar Posts:

• Virtualization Short Take #39
• Virtualization Short Take #37
• Virtualization Short Take #33
• Virtualization Short Take #32
• Virtualization Short Take #28

I posted a tweet earlier today that asked this question:

If I shouldn’t use “ip default-network” because it’s classful, then should I redistribute a static default route?

What prompted this question was some work I was doing earlier today in preparation for my CCNA exam. I had a five-site hub-and-spoke network in GNS3 running EIGRP, with lightweight OpenBSD VMs attached behind each router so that I could test end-to-end connectivity (i.e., ping a host behind one router from a host behind another router). This configuration is working fine.

Then I decided I’d take this setup and hide it behind a Vyatta VM performing NAT and see if I could connect it to the rest of my home network. The Vyatta stuff works fine, but now I’m faced with the prospect of configuring this self-contained little environment with a default route that points to the Vyatta. The Vyatta, in turn, points to the physical firewall protecting the home network from the nasty Internet. This configuration doesn’t seem at all too far-fetched from a realistic deployment where an enterprise network would need a default route out to the Internet, presumably through a firewall performing network address translation.

So what’s the best way to do it? I’ve read a couple of articles (older ones, since that’s all that seems to be available) saying that the ip default-network shouldn’t be used because it’s classful. To be honest, I’m not sure I fully understand the behavior of that command anyway, but if I’m not supposed to use that then do I just set a static route and redistribute that into EIGRP for distribution to the rest of the routers?

Sorry, I’m still learning here…

This article was originally posted on blog.scottlowe.org. Visit the site for more information on virtualization, servers, storage, and other enterprise technologies.

Twitter Follow-Up: How to Manage a Default Route?

Similar Posts:

• Configuring Inter-VLAN Routing
• Windows 7, Microsoft Security Essentials, and Proxy Servers
• This Pretty Much Answers That Question
• More on VMware ESX NIC Utilization
• ESX Server, NIC Teaming, and VLAN Trunking

Over the last couple months I’ve been working on a revision to Mastering VMware vSphere 4 that incorporated new content for the VMware vSphere 4.1 release. Unfortunately, due to production timelines and some other constraints, Sybex has decided not to proceed with this revision. Bummer! I understand the publisher’s reasons for not proceeding with the project, but it is a shame nevertheless.

I like to try to stay positive, though, so here are some upsides:

• I have more time to spend with my family. That’s always a good thing!
• I have more time to work on my professional certifications, which had taken a back seat to the writing.
• I have more time to blog, which (hopefully) you agree is a good thing too!

However, with the closing of that door, who knows what other doors might open?

This article was originally posted on blog.scottlowe.org. Visit the site for more information on virtualization, servers, storage, and other enterprise technologies.

My Book Project Has Been Canceled

Similar Posts:

• Mastering VMware vSphere 4.0
• VMware vSphere 4 Administration Instant Reference Now Available
• Changing RDP Settings in VMware View Open Client for Mac
• Finally Back From Vacation
• vSphere 4.0 Quick Start Guide

There were several new product announcements that hit the wire today. I don’t have time to go in-depth on any of these, but I did want to point them out very briefly. If time permits, I’ll try to provide a bit more detail in the near future.

• VKernel today announced their new Capacity Management Suite 2.0, which is a bundling of existing VKernel products along with new integration points between the products. CMS rolls together VKernel’s capacity analysis, inventory, VM optimization, and chargeback tools into a single product, and more tightly integrates them. I had the opportunity (thank you VKernel!) to get a preview of CMS 2.0 last week, and it’s pretty nice. There are lots of little touches here and there to help make easier to find the specific information you need to see. For more information, see VKernel’s web site.
• Arista Networks today announced Arista VM Tracer (read the full press release). Doug Gourlay of Arista has been showing me previews of some of the functionality of VM Tracer. It’s a different approach than Cisco has taken to providing a greater level of integration between virtualization and networking. No less valid, but certainly different. VM Tracer provides visibility into the virtualization environment from the physical network, making it easier to see which VMs are on which ESX/ESXi host, where these hosts are connected, what the current status of the VM is (i.e., is it in the middle of a vMotion event, or is it protected by Fault Tolerance). It will be interesting to see how Arista moves forward from here.
• EMC also announced Unified Storage today (read the full press release). Many of the technologies that are included in this announcement were discussed at EMC World earlier this year, including Sub-LUN FAST, FAST Cache, Block Data Compression, full support for VMware’s vStorage APIs for Array Integration (VAAI), and Unisphere, the single management interface for the Unified Storage line. However, also in this announcement today were a few new items: native FCoE support for the Unified storage systems; new, less expensive 100GB and 200GB Enterprise Flash Drives (EFDs); and new models of Celerra gateways, the VG2 and VG8, which boast significantly improved performance over earlier models. All in all, there’s quite a bit of stuff in today’s announcement.
• FalconStor announced Network Storage Server (NSS) SAN Accelerator for VMware View this morning. This one just popped in my inbox this morning, so I haven’t even had time to dive into and understand what exactly they’re announcing. It appears to be a solution intended to leverage high-performance flash with low-cost SATA drives and geared specifically for virtual desktop infrastructure (VDI) deployments. The product page for this product doesn’t offer too much more information.

That’s all I have for now. If anyone has additional information they’d like to share about these announcements, please speak up in the comments. As always, if you are a vendor, you must provide full disclosure. This is not to discount your comments—everyone’s comments are valuable—but simply to provide the readers with some context of why you’re saying what you’re saying. Thanks!

This article was originally posted on blog.scottlowe.org. Visit the site for more information on virtualization, servers, storage, and other enterprise technologies.

Some Pre-VMworld Product Announcements

Similar Posts:

• VMworld Announcements, Day 1
• Some EMC Data Domain Announcements Today
• Sanbolic Now Providing Shared LUN Access for Hyper-V Guests
• A Couple of Product Announcements
• Live Migration and VM Failover for Oracle VM?

On the recommendation of a number of Twitter users, I decided to install Microsoft Security Essentials (MSE) on a couple of laptops running 64-bit Windows 7. These laptops are used by my kids for their school work (they are home-schooled), and I just wanted to make sure that the laptops don’t get infected with some nasty bug. More than a few Twitter users recommended MSE, so I figured it couldn’t be all bad, right?

The install was quick and painless. And that’s where the fun started. MSE wanted to do an update immediately; OK, that’s fine. The problem is, it won’t connect. I use a Squid proxy server to control outbound web access, so I figured that somewhere was a setting that told MSE to use a proxy server. There’s nothing within MSE itself. Could it be that I had forgotten to configure Internet Explorer? I did make Firefox the default browser, after all. Nope, a quick check shows that the Internet Explorer settings are configured for the right outbound proxy as well. Both Internet Explorer and Firefox are working fine, so I know it’s not the network, the proxy, or the firewall. It must be MSE itself.

Google turns up the first part of the puzzle; even though your proxy support might be configured correctly for Internet Explorer (and thus most of the rest of Windows), MSE won’t take those settings. Instead, you have to use netsh, like this:

netsh winhttp import proxy source=ie

Unfortunately, in its efforts to be “helpful,” Windows 7 won’t allow you to run that command without elevated privileges. All you get when you try is a nondescript error message that vaguely implies that you don’t have permission. However, instead of being able to elevate that one command (a la sudo in the UNIX/Linux/BSD world), you have to run the entire command prompt with administrative privileges, like explained here (and probably countless other places on the ‘Net).

Once you get a command prompt running with administrative credentials, then you can run the netsh command and it will successfully import the IE proxy configuration. Once the IE proxy configuration is successfully imported, then MSE will fetch updates from the Internet and function properly. Wasn’t that fun?

This little episode brings up a couple questions/thoughts:

1. Why in the world wouldn’t MSE use IE’s proxy configuration? Most of the rest of Windows does.
2. Even if Microsoft wanted MSE to have its own proxy settings, why force users down a rathole of command prompts and administrative privileges? Why not put it in the GUI?
3. Windows 7 has made great strides in making Windows more secure, but does this enhanced security posture come at the price of decreased flexibility for the power user?
4. If so, does Microsoft even care? After all, the default settings are probably fine for most users.

Anyway, there you have it. If you use a proxy server on your network and you also want to use MSE, you’ll need to use netsh (with administrative privileges) to configure your proxy settings properly.

This article was originally posted on blog.scottlowe.org. Visit the site for more information on virtualization, servers, storage, and other enterprise technologies.

Windows 7, Microsoft Security Essentials, and Proxy Servers

Similar Posts:

• New IE Flaws
• New Theme!
• WMF Flaw Exploit Grows Worse
• Extending Group Policy
• Firefox Updates and Roadmap

This is one article in a series of articles focused toward new users. Some other New User’s Guide articles include:

• New User’s Guide to Configuring VMware ESX Networking via CLI
• New User’s Guide to Configuring Cisco MDS Zones via CLI
• New User’s Guide to Managing Cisco MDS Zones via CLI

This particular article is a follow-up of sorts to the first article listed above. While that article focused on virtual networking with VMware ESX, this article focuses on virtual networking with VMware ESXi. Given that VMware’s stated focus is on VMware ESXi moving forward, I thought this article would be helpful and timely.

For new users who are seeking a thorough explanation of how VMware ESX/ESXi networking functions, I’ll recommend a series of articles by Ken Cline titled The Great vSwitch Debate. Ken goes into a great level of detail. Go read that, then you can come back here.

All of the commands presented in this article were testing using VMware vSphere 4.1. The environment consisted of hosts running VMware ESXi 4.1 being managed by VMware vCenter Server 4.1. For CLI access, I used the vSphere Management Assistant (vMA) virtual appliance, deployed via OVF.

The majority of all the networking configuration you will need to perform on VMware ESXi boils down to just a few commands:

• vicfg-vswitch: You will use this command to manipulate virtual switches (vSwitches) and port groups.
• vicfg-vmknic: You will use this command to create, modify, or delete VMkernel NICs on the VMware ESXi hosts.
• vicfg-nics: You will use this command to view (and potentially manipulate) the physical network interface cards (NICs) in a VMware ESXi host.

The tasks that you’ll actually perform using this commands are pretty straightforward:

1. Creating, configuring, and deleting vSwitches
2. Creating, configuring, and deleting port groups
3. Creating, configuring, and deleting VMkernel NICs

I’ll start with a few prerequisites that are necessary due to the fact that you are using a remote CLI to access the VMware ESXi hosts.

As you can see from the list above, all the commands you’re going to use are the vicfg-* commands. All of these commands have some standard parameters they require in addition to the task-specific parameters. To make things a bit simpler for you, I’ll recommend that you set persistent values (persistent for the current vMA session, at least) to simplify the commands later. Here are the values I recommend you establish:

• First, set the value of the VI_SERVER variable to be the fully qualified domain name of the vCenter Server computer. Use the bash export command to set this variable, like this:
   
  export VI_SERVER=vcenter-server.domain.com
   
  Setting this variable now means that none of the vicfg-* commands will need to have this parameter specified. Since it’s likely that you’ll consistently work with one specific instance of vCenter Server, then this is a pretty safe variable to set.
• In the absence of using Active Directory integration (which is a far cleaner choice, but one which we’ll reserve for a future article), set the VI_USERNAME variable to the name of the user account you’ll use to authenticate against vCenter Server. Again, use the export command as outlined in the previous bullet.

Now that you have some basics established, I’ll move on to creating, configuring, and deleting vSwitches.

Creating, Configuring, and Deleting vSwitches

You’ll use the vicfg-vswitch command for the majority of these tasks. Unless I specifically indicate otherwise, all the commands, parameters, and arguments are case-sensitive. For all these vicfg-* commands, you will get prompted for the password to the user account you defined when you set the value of the VI_USERNAME variable.

To create a vSwitch, use this command:

vicfg-vswitch -h <ESXi hostname> -a <vSwitch Name>

To link a physical NIC to a vSwitch—which is necessary in order for the vSwitch to pass traffic onto the physical network or to receive traffic from the physical network—use this command:

vicfg-vswitch -h <ESXi hostname> -L <Physical NIC> <vSwitch Name>

In the event you don’t have information on the physical NICs, you can use this command to list the physical NICs:

vicfg-nics -h <ESXi hostname> -l (lowercase L)

Conversely, if you need to unlink (remove) a physical NIC from a vSwitch, use this command:

vicfg-vswitch -h <ESXi hostname> -U <Physical NIC> <vSwitch Name>

To change the Maximum Transmission Unit (MTU) size on a vSwitch, use this command:

vicfg-vswitch -h <ESXi hostname> -m <MTU size> <vSwitch Name>

To delete a vSwitch, use this command:

vicfg-vswitch -h <ESXi hostname> -d <vSwitch Name>

Creating, Configuring, and Deleting Port Groups

As with virtual switches, the vicfg-vswitch is the command you will use to work with port groups. Once again, unless I specifically indicate otherwise, all the commands, parameters, and arguments are case-sensitive.

To create a port group, use this command:

vicfg-vswitch -h <ESXi hostname> -A <Port Group Name> <vSwitch Name>

To set the VLAN ID for a port group, use this command:

vicfg-vswitch -h <ESXi hostname> -v <VLAN ID> -p <Port Group Name> <vSwitch Name>

To delete a port group, use this command:

vicfg-vswitch -h <ESXi hostname> -D <Port Group Name> <vSwitch Name>

To view the current list of vSwitches, port groups, and uplinks, use this command:

vicfg-vswitch -h <ESXi hostname> -l (lowercase L)

Creating, Configuring, and Deleting VMkernel NICs

To work with ESXi’s VMkernel NICs, you’ll primarily use the vicfg-vmknic command. As in the previous sections, all commands are case-sensitive unless I specifically indicate otherwise, and all commands assume you’ve defined the VI_SERVER and VI_USERNAME variables.

To create a new VMkernel NIC, use this command:

vicfg-vmknic -h <ESXi hostname> -a -i <VMkernel NIC IP address> -n <Subnet mask> <Port group>

To delete a VMkernel NIC, use this command:

vicfg-vmknic -h <ESXi hostname> -d <Port group>

To enable vMotion on an already-created VMkernel NIC:

vicfg-vmknic -h <ESXi hostname> -E <Port group>

There are more networking-related tasks that you can perform from the CLI, but for a new user these commands should handle the lion’s share of all the networking configuration. Good luck with your ESXi environment!

This article was originally posted on blog.scottlowe.org. Visit the site for more information on virtualization, servers, storage, and other enterprise technologies.

New User’s Guide to Configuring VMware ESXi Networking via CLI

Similar Posts:

• New User’s Guide to Configuring VMware ESX Networking via CLI
• VMware vSphere vDS, VMkernel Ports, and Jumbo Frames
• ESX Server, IP Storage, and Jumbo Frames
• Next-Gen Stuff: Enabling CDP in ESX/ESXi
• Using vmware-vim-cmd to Modify a Portgroup

As many of you already know, this year is the third year that my wife, Crystal, is planning activities for spouses (i.e., “spousetivites”) who are in San Francisco with their VMworld-attending significant others. Crystal has even launched her own site, Spousetivities.com, where you can find more information as well.

While this information is already available on Crystal’s site, in an effort to help promote awareness of some of the stuff that Crystal has put together I’m posting a calendar (of sorts) here that lists all the activities that are available for non-attending spouses.

Note that registration is required for all of these events, including the free “Get to Know You” breakfast. You can register for the events at the Spousetivities Registration page. Where there is a fee/cost to participate, I’ve noted that with an asterisk (*) at the end of the line. Visit the registration page to sign up and pay for activities.

Here’s the list of activities that are available:

8/29: Monterey/Carmel tour, 8:00AM-6:30PM *

8/30: Free “Get to Know You” Breakfast at Jillians, 8:00AM-10:00AM - Registration required!
Spouses who register for this free breakfast also get a free Spousetivities T-shirt (please specify your size on the Spousetivities Registration page) and a gift bag full of cool stuff.

8/30: Wine Country tour, 10:00AM-6:00PM * (Optional private lunch)
If you use the discount code “winetime” when registering you get a $25 discount. Use the discount code “winetimelunch” to get $10 off the private lunch. Limited discount quantities are available!

8/30: Photographic tour, 10:00AM-2:00PM *

8/31: Sausalito Houseboat tour, 9:15AM -3:00 PM * (Optional private lunch)
Use the discount code “houseboatlunch” to get a free private lunch on this tour—a $55 value! Limited discounts available!

9/1: Photographic tour, 9:00 AM - 1:00 PM *

9/1: Muir Woods/Sausalito tour, 9:00AM-2:45PM * (Optional private lunch)

9/2: Wine Country tour, 9:00AM-5:00PM * (Optional private lunch)

9/2: Muir Woods/Sausalito tour, 9:00AM-2:45PM * (Optional private lunch)

9/3: Monterey/Carmel tour, 8:00 AM-6:30 PM *

A quick note on the “Optional private lunch”: these are gourmet lunches reserved only for Spousetivities attendees. In addition, all these events sport private motorcoach transportation. These aren’t your typical tours!

If you are at all interested in any of these activities, please sign up ASAP—if there aren’t enough attendees, some of these tours will have to be canceled. In particular, Crystal is trying very hard to get attendees signed up for the Monday Wine Country tour and the Tuesday Sausalito houseboat tour, so take a look at those and use the discounts that are available. (If you’re interested in hanging out with Crystal, she’ll be attending those two tours.)

If you need additional information, Crystal can help you out. She’s available on Twitter (follow @Spousetivities), you can visit the Spousetivities Registration page for more details on the tours and register, you can visit the Spousetivities site and interact with Crystal there, or you can drop Crystal an e-mail (address is available on the About page of her site).

This article was originally posted on blog.scottlowe.org. Visit the site for more information on virtualization, servers, storage, and other enterprise technologies.

VMworld 2010 Spouse Activities Calendar

Similar Posts:

• Spouse Activities Update
• Spouse Activities: Back for Another Year!
• VMworld 2009 Spouse Activities Update
• VMworld 2009 Spouse Activities
• VMworld 2009 Spouse Activities FAQs and Updates

Most of my virtualization focus centers on VMware and its product portfolio, but VMware isn’t the only virtualization solution in town. I’m sure they (VMware) probably wish they were the only solution in town, but competition keeps everyone on their toes. (Consider Proverbs 27:17.)

With that thought in mind, I wanted to bring everyone’s attention to a new Hyper-V plug-in from EMC: the Virtual Storage Integrator (VSI) for Hyper-V. Much like VSI for vSphere, the VSI for Hyper-V provides additional visibility from System Center Virtual Machine Manager (SCVMM) into the storage layer. The VSI for Hyper-V has two components: Storage Viewer and Disaster Restart:

• The Storage Viewer component provides mappings from NTFS volumes to the underlying CLARiiON or Symmetrix devices, mappings from LUNs to VMs, and mappings from storage array to Hyper-V hosts, including array target ports. In this regard, it is quite similar to the Storage Viewer component of VSI for vSphere.
• The Disaster Restart component displays disaster recovery sites, groups of VMs online at each site, and enables live migration/quick migration of individual VMs or the ability to migrate cluster groups.

PowerShell cmdlets are available to automate the complete functionality of the VSI for Hyper-V.

If you’re interested, you can download the VSI for Hyper-V for free from PowerLink (login needed). Here’s a link to the download on PowerLink.

This article was originally posted on blog.scottlowe.org. Visit the site for more information on virtualization, servers, storage, and other enterprise technologies.

Virtual Storage Integrator for Hyper-V

Similar Posts:

• Storage Array Snapshots with VMware
• Announcement: Double-Take’s Hyper-V Product Support
• Hyper-V Server Released
• VM6 VMex 2.1 Release
• Live Migration with Hyper-V

I ran into an issue in the lab today with some VMware ESX 4.0 hosts and some older CLARiiON CX3 arrays. I’d been working to fix up the lab so that it more properly reflects a “best practices” configuration with dual SAN fabrics, dual-homed HBAs and CNAs, network connections spread across multiple physical switches, etc.—you know, all the wonderful things that we recommend to our customers.

As a result of cross-connecting both the HBAs and the CLARiiON’s storage processors to both SAN fabrics, I ended up with more paths to the LUNs than I had previously. This was, of course, fully expected. Upon browsing the properties for the datastore in the vSphere Client, however, I still saw only four paths—two target ports on each storage processor—when I expected to see more. Upon closer inspection, I determined that I wasn’t seeing the ports on the array that I had recently connected to the second fabric.

My first thought was that the SAN zoning incorrect. I went back and double-checked the SAN zoning to ensure that all the initiators were, in fact, zoned to see all the targets. OK, so the zoning is correct. Why didn’t the extra paths show up?

I double-checked the physical layer; everything was fine there.

That left only the array itself. Logging into Navisphere, I saw in the Connectivity Status window that all the initiators were logged in and registered. (It turns out there is something else in the Connectivity Status window that I should have noticed, but didn’t. Read on to find out what I missed.) Hmmm…so that’s not it. I manually edited the initiators in the Connectivity Status window so that all the paths were linked to the same host, thinking perhaps that would resolve the problem, but it didn’t help. So, thinking that perhaps de-registering and re-registering the initiators might help, I enabled engineering mode in Navisphere so I could do just that. After enabling engineering mode but before I de-registered the initiators, I poked around to see if anything else stuck out at me.

(If you’re not familiar with engineering mode on a CLARiiON, just look at the results from a Google search like this. It should give you all the information you need.)

While browsing through Navisphere with engineering mode enabled, I noticed something I hadn’t noticed before: the VMware ESX host I was troubleshooting was showing up in two different storage groups. This is an error, as a host is only allowed to be in a single storage group at a time. In this case, some of the initiators were showing up in the desired storage group, but two of the initiators were showing up in the ~management storage group. Ah ha! Those initiators were my missing paths. But how to fix it?

It turns out that by looking at the properties of the storage group and then looking at the Hosts tab, there is now (with engineering mode enabled) an Advanced button that allows you to select the specific paths for each host that should be enabled for that storage group. When I opened the Advanced Properties dialog box for the storage group, there’s a separate tab for each host in the storage group that lists all the connection paths that should be included. And, sure enough, my two missing paths were there, unchecked! When I checked them and then went back to review the paths from the VMware ESX host, all six expected paths were now present and accounted for.

Now, I’m told that removing the host from the storage group and then re-adding it to the storage group would accomplish the same effect. That, however, is a disruptive process; this method is non-disruptive (as far as I can tell). I’m also told that the Reconnect button—found in the Host Connectivity status window, accessible by right-clicking a specific host and selecting Connectivity Status—will accomplish the same result as well. I can’t speak for either of these two options, but I do know that entering engineering mode and enabling all the paths works and works without disruption.

Oh, and remember how I mentioned that there was something I overlooked in the Connectivity Status window? I learned after the fact—after I’d already fixed the problem—that initiators that are blue in the Connectivity Status window are initiators that are not in a storage group. I don’t think knowing that up front would have helped all that much, but it’s still handy to know.

So there you have it: if you enable new paths from a host to a storage array and the paths don’t show up, use engineering mode to ensure that all the paths are enabled for the host in the storage group.

I encourage you to speak up in the comments if you have additional information or other tips/tricks pertaining to this issue. Thanks for reading!

UPDATE: A reader has posted in the comments that the Reconnect option will reestablish all paths to the host without disruption. Thanks, Tim!

This article was originally posted on blog.scottlowe.org. Visit the site for more information on virtualization, servers, storage, and other enterprise technologies.

Fixing Inactive New Paths on an EMC CLARiiON

Similar Posts:

• VMware ESX, EMC CLARiiON Arrays, and Multiple Protocols
• EMC World 2010: Symmetrix VMAX Auto-Provisioning Groups
• No Such Thing as an End-to-End FCoE Solution
• NetApp iGroup Strategies for VMware ESX
• Potential UCS Issue: Northbound FCoE Connectivity

• RFC1925 - The Twelve Networking Truths
  This RFC is about the basic truths of networking and is quite funny.

The topic of vMotion, it’s practicality, and Layer 2 adjacency for vMotion has been a topic I’ve visited a few times over the last several months. The trend got kicked off with a post on vMotion reality, in which I attempted to debunk an article claiming vMotion was only a myth. The series continued with a discussion of the practicality of vMotion, where I again discussed the various Layer 2 requirements for vMotion.

In the vMotion practicality article, reader Paul Pindell, an employee of F5 Networks, discusses the networking requirements for vMotion. To quote from his comment:

Notice that there is no requirement for the vMotion VMkernel interfaces of the ESX(i) hosts to have what was termed Layer 2 adjacency. The vMotion VMkernel interfaces are not required to be on the same subnet, VLAN, nor on the same L2 broadcast domain. The vMotion traffic on VMkernel interfaces is routable. IP-based storage traffic on VMkernel interfaces is also routable. Thus there are no L2 adjacency requirements for vMotion to succeed.

I was intrigued by this statement, so I contacted Duncan Epping (of Yellow Bricks fame) and discussed the matter with him. Duncan has also posted on this topic on his site as well; both his post and my post are the result of our discussion and collaboration around this matter.

So is Layer 2 adjacency for vMotion a requirement, or not? In the end, the answer is that Layer 2 adjacency for VMkernel interfaces configured for vMotion is not required; vMotion over a Layer 3 interface will work. The caveat is that routed vMotion, as it has sometimes been called, hasn’t been through the extensive VMware QA process and therefore is not yet supported. (Please don’t mistake my use of the word “yet” as any sort of commitment by VMware to actually support it.)

In summary, then: vMotion across two different subnets will, in fact, work, but it’s not yet supported by VMware. As additional information becomes available—as Duncan indicated, the VMware KB article is going to be updated to avoid misunderstanding—I’ll update this post accordingly.

This article was originally posted on blog.scottlowe.org. Visit the site for more information on virtualization, servers, storage, and other enterprise technologies.

vMotion Layer 2 Adjacency Requirement

Similar Posts:

• vMotion Practicality
• The vMotion Reality
• Virtualization Short Take #16
• The Return of Virtualization Short Takes
• A Quick Look at VPLEX and VMware SRM

I recently had a colleague contact me with a question about raw device mappings (RDMs) and Storage vMotion. This colleague was trying to perform a Storage vMotion operation on a VM that also had a RDM attached and was running into a problem where the operation was failing because the destination datastore did not have sufficient space. In this case, the free space was less than the size of the mapped raw LUN, and this colleague couldn’t perform a Storage vMotion as a result. The colleague was surprised; he didn’t expect that behavior.

This behavior struck me as odd and unexpected, so I started digging in and doing some testing. I did all my testing on vSphere 4.0 GA code (no updates), thinking that this was probably “worst case”; if anything, the updates would likely resolve any potential issues with RDMs and Storage vMotion. I used a VM with a 20GB VMDK and a 50GB mapped raw LUN, using a virtual mode RDM.

I performed a few Storage vMotion operations and everything seemed fine; I couldn’t recreate the same behavior. Sure, the Datastore Browser shows the VMDK pointer file for the RDM to be the same size as the backing LUN (50GB, in my case), but I couldn’t seem to make vCenter Server balk when migrating the VMDK. I tried several times with datastores of various sizes, including a datastore that had less free space than the size of the mapped raw LUN. Then I noticed something: my 20GB VMDK was thin provisioned. Ah, perhaps that was causing part of the problem. So I performed a Storage vMotion to a larger datastore, selecting “Thick Format” during the process to inflate the VMDK to full size.

Now, had I gone back and carefully re-read the table on page 197 of the vSphere Basic Administration Guide (available in PDF here), I would have remembered that selecting “Thick Format” with a virtual mode RDM automatically converts the RDM to a virtual disk. But I didn’t, and so the RDM was converted into a virtual disk. Subsequent Storage vMotion attempts with the newly-converted virtual disk now produced warnings and errors about available disk space, just as my colleague had seen. Fortunately, this was just a lab environment, so no harm was done. But what if this had been production data?

So here’s the key message I want to convey with this blog post: when you are performing Storage vMotion operations on a VM with at least one RDM and you want/need to convert your virtual disks from thick to thin (or vice versa) during the migration, you need to perform two (2) separate Storage vMotion operations:

1. First, you’ll migrate only the virtual disks attached to the VM. You’ll use the Advanced button when selecting the datastore so that you can leave the RDM alone for this migration. You’ll then select the appropriate format (”Thin Provisioned Format” or “Thick Format”) for the virtual disks on the target datastore and proceed with the Storage vMotion operation.
2. When the first Storage vMotion concludes, you’ll then perform a second Storage vMotion operation to migrate only the RDMs. Again, you’ll use the Advanced button when selecting the datastore and choose to move only the RDM. For format, select “Same Format as Source”, as this is the only option that preserves the RDM as an RDM. If you are migrating a virtual mode RDM and choose either of the other two options, your RDM is converted to a virtual disk and cannot be converted back.

At this point, your RDM-equipped VM has been migrated to a new datastore, the virtual disks have been converted from thick to thin (or vice versa), and your RDMs have been preserved as RDMs.

Anyone have any other little gotchas like this about RDMs or Storage vMotion they want to share? The comments are open and I’d love to hear any other suggestions or tips from the readers.

This article was originally posted on blog.scottlowe.org. Visit the site for more information on virtualization, servers, storage, and other enterprise technologies.

Storage vMotion with RDMs

Similar Posts:

• Keeping Thin VMDKs Using NetApp SnapRestore
• Only Thin Provisioned in the Beginning
• Republished: Dispelling Some VMware over NFS Myths
• Graphical Front-End for Storage VMotion
• Open Virtual Disk Formats