VMware has issued a patch to fix a problem where ESXi 5.5 Update 1 randomly disconnects from NFS storage.
The VMware NFS bug popped up in April, causing VMs to appear frozen and affecting connections to datastores from multiple storage vendors. With no official fix available, VMware pros warned each other against upgrading to ESXi 5.5 Update 1 — or to roll back to the previous version if they’d already migrated.
Security updates are now available for VMware products affected by the Heartbleed flaw.
The OpenSSL security vulnerability, which could allow someone to access the memory of systems secured with the susceptible version of the OpenSSL software, affected 27 VMware products. VMware made patches for all 27 products available yesterday, 12 days after the OpenSSL vulnerability came to light.
Among the list of affected products are the latest versions of VMware’s most popular, including vCenter Server 5.5, ESXi 5.5 and vCloud Automation Center 6. Earlier versions that didn’t rely on OpenSSL 1.0.1 were not affected.
VMware recommends customers patch affected products, then replace security certificates and reset passwords. More information and links to patch downloads can be found in this VMware Security Advisory.
VMware vSphere 5.5 Update 1 users are having problems connecting to NFS storage.
The new VMware NFS bug causes random disconnects to storage, and it affects products from multiple vendors. The main symptoms of the problem are VMs that appear frozen and NFS datastores that are grayed out, according to blogger Michael Webster, an engineer at Nutanix.
The prevailing advice is to avoid migrating to vSphere 5.5 Update 1 — or roll back to the original vSphere 5.5 — until VMware issues a fix, which it has yet to do. The company has not yet warned customers about the problem, either.
“It is remarkable VMware customers have until now not been publicly informed by VMware about this issue,” wrote Marcel van den Berg, a virtualization consultant in the Netherlands. “Even though there is not a fix available yet, the issue seems bad enough to warn customers intending to upgrade.”
Nick Howell, an architect at NetApp (one of the affected storage vendors), first reported the VMware NFS bug yesterday.
“VMware has confirmed the issue in vSphere and is working closely with NetApp to determine [the] root cause,” he wrote.
The troubling Heartbleed SSL vulnerability that’s causing a stir this week also affects many VMware products.
The weakness in the OpenSSL protocol revealed this week affects 66% of Web servers and allows anyone to read the memory of systems secured with the problematic OpenSSL software. The problem had gone undetected for two years and analysts are confirming it’s as bad as advertised, potentially putting millions of passwords and other secure information at risk.
In a KnowledgeBase article, VMware listed its products that have shipped with the vulnerable OpenSSL 1.0.1. They include ESXi 5.5, vCenter Server 5.5 and vCloud Automation Center 5.1.x and 5.2.x. Earlier versions of ESXi and vCenter Server are not affected.
Microsoft supporters are having a field day with the news, quick to point out that Hyper-V and Azure aren’t affected and poking fun at VMware’s prior claims of being more secure. So just how big of a deal is this for shops running VMware?
“It’s both a fantastically world-ending, huge deal that we should consider turning the Internet off for — and not a big deal at all,” said Trevor Pott, IT consultant for eGeek Consulting.
The potential vulnerability is scary, but not necessarily because VMware’s products are affected.
“The thing is, vSphere is rarely open to the outside world,” Pott said. “So, theoretically I could crack your SSL if I was sitting on your network sniffing your traffic. But if I’m behind your firewall sniffing your network traffic, you’ve got bigger problems than this.
“VMware and everybody who was vulnerable to this had the code to fix it in hours. So that means, if there isn’t a patch out for VMware’s products yet, there will be in a matter of days.”
Any Internet-facing device, including the dozens or hundreds found on a corporate network, are potentially at risk, but virtualized workloads may actually be easier to protect, Pott added.
“In a virtual environment, I can easily stand up a firewall in front of systems that I can’t patch, and I can essentially create an SSL proxy where the proxy facing the Internet is, in fact, patched,” he said. “The fact that I’m in a virtual environment means I could stand up a solution to this in minutes.”
Hot on the heels of its AirWatch acquisition and end-user computing group shakeup, VMware has made another big-name move.
The company has hired Chris Wolf, one of the most well-known virtualization analysts in the industry, as its chief technology officer (CTO) for the Americas. Wolf joins VMware after four years at Gartner, where he was a research vice president focused on private cloud computing and virtualization. He previously worked as an analyst for the Burton Group, which Gartner acquired in 2010, and as an independent consultant.
In a blog post announcing his move, Wolf said he wants to continue to advocate for VMware users as he did at Gartner.
“In a world of growing technological complexities and rich automation, the last thing you need is a vendor selling you something,” he wrote. “You need a partner that wants to be there with you and share in your successes.”
Wolf’s hiring is the latest in a series of major changes at VMware, as the server virtualization market leader now tries to move into the cloud and end-user computing (EUC) markets. Let’s take a look at the moves made in just the past three weeks:
- Jan. 6: VMware replaces EUC CTO Scott Davis with Kit Colbert, a rising star within the company, and hires two veteran execs away from rival Citrix.
- Jan. 8: VMware promotes Ben Fathi, senior vice president for research and development, to its primary CTO position. That seat had been vacant since Steve Herrod left the company a year ago.
- Jan. 22: VMware acquires AirWatch, one of the leading enterprise mobility management vendors, for $1.5 billion.
As someone who has never worked for a vendor, Wolf should provide a fresh perspective at VMware. He has not been afraid to criticize the company in the past, especially when it comes to branching out into new areas. Before VMworld 2013, he asked if VMware was more focused on its hardware partners than its customers in its push to build software-defined data centers.
“Ten years ago VMware didn’t care who it offended,” he wrote. “Along the way server hardware vendors had no choice but to partner with them. … In the process of becoming a ‘big company,’ VMware lost its inner voice.”
And during the conference, Wolf told us that VMware didn’t do a good enough job explaining what software-defined data centers are and how customers can build them.
“They started to paint a picture that we have to start defining data centers in software, but I don’t think VMware went far enough,” he said.
What do you think about VMware hiring Chris Wolf? Let us know in the comments.
VMware will offer a commercial version of Project Serengeti, its open source initiative to run Hadoop workloads in virtual infrastructures.
The new Big Data Extensions plug into vSphere and allow administrators to deploy, monitor and manage Hadoop clusters on VMs directly from vCenter. The extensions are also designed to improve the performance of Hadoop, the popular open source big data analytics platform.
“We’re making Hadoop a first-class citizen on vSphere,” said Fausto Ibarra, a senior director of product management at VMware. “It’ll be just like any other workload.”
Hadoop and other big data platforms typically require dedicated hardware, which can be cost-prohibitive for smaller organizations and also raises concerns around reliability. VMware released Project Serengeti last year to address these problems, and the Big Data Extensions further that cause by adding full enterprise support.
In preparation for today’s public beta release of the Big Data Extensions, VMware earlier contributed code to the Hadoop community that optimizes Hadoop’s placement of data when running on virtual infrastructure, Ibarra said. The vendor also worked with the makers of the leading Hadoop distributions to share virtualization best practices.
The Big Data Extensions support the following Hadoop distributions:
- Apache Hadoop 1.2
- Cloudera 3 Update 6
- Cloudera 4.2
- Hortonworks Data Platform 1.3
- Mapr 2.1.3
- Pivotal HD 1.0
The Big Data Extensions will be generally available by the end of the year. VMware also announced that Pivotal HD, its parent company EMC’s Hadoop distribution, has received VMware Ready certification.
VMware will cut 900 jobs as it rationalizes its product portfolio in the course of the coming year, executives said on the company’s earnings call Monday night.
VMware has added 6700 employees in the last three years, and the overall headcount by the end of fiscal 2013 is still expected to be up by 1000 despite the job cuts, officials said. The company ended 2012 with 13,800 employees.
VMware CEO Pat Gelsinger said at the beginning of the call that VMware would realign itself around three “growth priorities,” the software-defined data center, the hybrid cloud, and end user computing. Product expansion is expected in management, networking, security, storage and high availability.
VMware has made a $30 million investment in IT automation software maker Puppet Labs, the better to develop new integration between Puppet and its virtualization and cloud management software.
Puppet can already manage VMware’s vSphere virtual machines, as well as its Application Director. The goal of the new investment is to create direct provisioning hooks between Puppet and VMware’s management products this year, which include vCloud Automation Center, vCenter Operations, and vCenter Configuration Manager, according to Puppet Labs CEO Luke Kanies.
“They’re good at managing the VM as a unit, and we’re good at looking at the VM and making sure it’s going to do what it’s supposed to do,” Kanies said.
Puppet, available in open source and Enterprise editions, allows systems administrators to determine how they want their infrastructure to look and then carries out the necessary steps automatically, allowing for fast, repeatable systems provisioning, configuration and management.
This is VMware’s second investment in Puppet Labs in the last 18 months; in November 2011 it joined Google and Cisco in an $8.5 million round of financing for the company.
Puppet does work with other kinds of hypervisors and cloud management systems, including Citrix’s CloudStack, OpenStack, Red Hat Enterprise Virtualization, and Amazon Machine Images. Recently, the company talked with Microsoft as well, Kanies said, but 90% of Puppet’s customers are VMware users.
That said, Kanies dismissed the idea of Puppet becoming a VMware company.
“The fact that we integrated with OpenStack doesn’t mean we’re becoming a cloud company,” he said.
A new online calculator says VMware’s server virtualization software is more expensive than Microsoft’s. The surprising source behind the calculator is VMware.
The new calculator’s results, highlighted by Microsoft in a gloating blog post, show vSphere 5.1 Enterprise Plus as 19% more expensive than Hyper-V 3.0 with System Center 2012 when running 100 virtual machines (VMs) with an iSCSI SAN. Other configurations, such as running 150 VMs on NAS, also show VMware to be more expensive (by 6% in that particular case).
While embarrassing for VMware, this development is just one tiny part of bickering that has been going on for quite a while. And even these favorable calculator results are not good enough for Microsoft. In last week’s blog post, VMware’s rival insisted the findings are still off, particularly when the full vCloud Suite is taken into account.
Has anything really changed?
This summer’s SearchServerVirtualization.com special report on VMware and Hyper-V pricing and licensing found that the actual overall cost for the two platforms depends heavily on the size of the IT shop and the type of workload being virtualized.
It also found that the story doesn’t end there. For one thing, public-facing cost calculators are based on list prices, which enterprises rarely pay, thanks to Microsoft and VMware’s deep discounts.
Some shops may find the cost savings enticing enough to swap out one hypervisor for another, but VMware also remains the incumbent vendor in most enterprise shops, and the costs of switching have many users saying Microsoft’s savings aren’t worth it.
It’s also important to remember that VMware and Hyper-V don’t match feature for feature, especially with several of Windows Server 2012’s Hyper-V advanced features still waiting on System Center Virtual Machine Manager 2012 Service Pack 1 to be put to the test.
VMware has not responded to multiple requests for comment about its online calculator.
Update: VMware published a blog post yesterday called “Flawed Logic Behind Microsoft’s Virtualization and Private Cloud Cost Comparisons” which says that in the more common configuration of 128 GB memory server hardware, VMware vSphere remains on par with or cheaper than Hyper-V, and concludes that the Microsoft blog post pointing out the calculator’s findings “is yet another attempt to artificially inflate VMware’s prices and distract customers from the shortcomings of their own products.”
VMware has issued yet another patch – the fourth in the last week — to correct problems in vSphere 5.1. This time, it’s for vSphere Replication.
The fix in vSphere Replication 220.127.116.11 is twofold, according to a VMware blog post: correcting installation problems, and allowing the software to actually recover virtual machines at a secondary site when the primary machine is down, disconnected from the network or loses access to storage.
The fix for the recovery feature addresses syncing recent changes to a VM over to the secondary site in the event of a failure. When vSphere Replication 5.1 is used as a standalone product, outside of VMware Site Recovery Manager (SRM) deployments, the sync fails, and so the entire recovery fails, according to a VMware Knowledge Base article.
This fix follows patches issued last Monday that finally allowed compatibility between vSphere 5.1 and VMware View 5.1, as well as compatibility between vCenter Converter Standalone and vSphere 5.1, and then another issued last Thursday which addressed widespread issues with single sign on and custom SSL certificates in vCenter Server.
VMware pros say the number of patches required for this release is unusual.
“5.1 was hugely rushed. Quality was non-existent,” said Derek Seaman, a vExpert working for a major telecom, whose blog has been a source for corrections to SSL certificate documentation.
Some partners say the serial nature of these patch releases has only aggravated users’ frustration.
“I realize that these were important patches and updates, but a few days’ delay and simultaneous release would have been viewed in a better light,” said Tim Antonowicz, senior architect at VMware partner Mosaic Technology in Salem, NH. “A coordinated effort, where the patches were bundled into a single release event covering several products, would make much more sense to customers.”