December, 2007

Layer-2 network security with .NET and Perl

I’ve written several articles on SearchServerVirtualization about the VI3 SDK and how to make the most of it with .NET. There is an as-yet unpublished article on how to implement Layer-2 network security with .NET using a program I wrote called gnicmod. Consider it part 4 in my series of leveraging the SDK with .NET. I will update this blog entry with a link to the article once it has been published. In the meantime, I wrote the same program again, but using Perl and the VI Perl Toolkit. I am going to start providing both .NET and Perl examples for all the programs and SDK articles I write in order to attempt to reach the widest audience (Java fans please forgive me).

Many information security and networking offices implement security at a Layer-2 level: they will shut networking ports off if they suspect abuse or have evidence of a compromised system. Like oil and water, Layer-2 security does not mix with virtualization, particularly with ESX and 802.1q and port groups. Shutting a single port off will simply result in VMs rearping on a new port, causing another port to be shut off, and so on. What is needed is the ability to shut off a VM’s virtual port. This blog details my Perl script, vmgnicmod.pl — a VI Perl utility designed to modify a VM’s virtual networking device’s connected and connectOnStart properties. The command is pretty simple. Per its documentation, here are some examples:

       Disconnect a VM’s guest’s NIC and do not allow it to be connnected on
       start.

       vmgnicmod.pl  −−server vcms.lostcreations.local −−username akutz
       −−password mypassword −−ipAddress 192.168.0.111

       Connect a VM’s guest’s NIC whose IP address has changed.

       vmgnicmod.pl  −−server vcms.lostcreations.local −−username akutz
       −−password mypassword −−name purple.lostcreations.local  −−connected

For a complete set of documentation you can take a look at the command’s man page. But enough of stuff documentation, let’s take a look at the script!

#!/usr/bin/perl -w
#
# Schley Andrew Kutz
#

use strict;
use warnings;

use FindBin;
use lib "$FindBin::Bin/../";

use VMware::VIM2Runtime;
use VMware::VILib;
use XML::LibXML;
use AppUtil::XMLInputUtil;
use AppUtil::HostUtil;
use AppUtil::VMUtil;

# Get the necessary files from lostcreations.com
#
# I recommend that you download these files and edit this portion
# of the script so that you do not have to pull them from mys server
# every time.
my $str_vmreconfig_xml = '/tmp/vmreconfig.xml';
my $str_vmreconfig_xsd = '/tmp/vmreconfig.xsd';
my $str_vmreconfig_xml_url = 'http://www.lostcreations.com/~akutz/vmware/vmreconfig.xml';
my $str_vmreconfig_xsd_url = 'http://www.lostcreations.com/~akutz/vmware/vmreconfig.xsd';
if ( ! -e $str_vmreconfig_xml ) { system( "wget -qO $str_vmreconfig_xml $str_vmreconfig_xml_url" ); }
if ( ! -e $str_vmreconfig_xsd ) { system( "wget -qO $str_vmreconfig_xsd $str_vmreconfig_xsd_url" ); }

$Util::script_version = "1.0";

my %opts = (
        ipAddress => {
        type => "=s",
        help => "The IP address of VM.",
        required => 1,
    },
        name => {
        type => "=s",
        help => "The name of the VM.",
    },
        connected => {
        type => "",
        help => "This flag indicates that the network card should be in a connected state.",
    },
        connectOnStart => {
        type => "",
        help => "This flag indicate that the network card should be connected when the VM boots.",
    },
);

Opts::add_options(%opts);
Opts::parse();
Opts::validate();

# Logon and save the session token to a file.
Util::connect();
my $str_session_file = ".vipersession" . rand(1000);
Vim::save_session ( session_file => $str_session_file );

# Don't let prying eyes have access to your session token!
system( "chmod 0400 $str_session_file" );

my $str_entity_type = 'VirtualMachine';
my $str_ip_address = Opts::get_option( 'ipAddress' );
my $str_vm_name = Opts::get_option( 'name' );
my $int_connected = Opts::option_is_set( 'connected' );
my $int_connect_on_start = Opts::option_is_set( 'connectOnStart' );

# Find the VM by its IP address
my $o_entity_view = Vim::find_entity_view( view_type => $str_entity_type, filter => { 'guest.ipAddress' => $str_ip_address });

# If the VM could not be found at all then let the user know
if ( !$o_entity_view )
{
        Util::trace(0, "Could not find VM by IP address: $str_ip_addressn" );
        if ( $str_vm_name )
        {
                Util::trace(0, "Finding VM by name: $str_vm_namen" );
                $o_entity_view = Vim::find_entity_view( view_type => $str_entity_type, filter => { 'config.name' => $str_vm_name });
                if ( !$o_entity_view ) { Util::trace(0, "Could not find VM by name: $str_vm_namen" ); }
        }
}

# If the VM was found then let's configure its guest's NIC!
if ( $o_entity_view )
{
        # Get the name of the VM.
        my $str_vm_name = $o_entity_view->name;
        Util::trace(0, "Found $str_entity_type: $str_vm_namen");

        # Get the name of the ESX host that is running this VM.
        my $o_esx_host = Vim::get_view( mo_ref=>$o_entity_view->summary->runtime->host );
        my $str_esx_host_name = $o_esx_host->name;

        # Report what this command is going to do.
        Util::trace(0, "Setting NIC properties to connected=$int_connected and connectOnStart=$int_connect_on_startn");

        # Loop through the VM guest's NICs in order to find
        # the device ID of the NIC that has the IP address
        # we want to turn off/on. Store a reference to that
        # NIC's deviceConfigId so we can use it later to
        # compare it to the VM guest's virtual devices.
        my $arr_guest_nic_info = $o_entity_view->guest->net;

        # If no IP address was found that matched then use the
        # first IP address. This happens when the VM is already
        # disconnected and has a private address that is not
        # what the user specified from the command line, but
        # the VM was discoveredy anyway because the user used
        # the 'name' option.
        my $int_device_id = @$arr_guest_nic_info[ 0 ]->deviceConfigId;
        foreach ( @$arr_guest_nic_info )
        {
                if ( $_->ipAddress->[ 0 ] eq $str_ip_address )
                {
                        $int_device_id = $_->deviceConfigId;
                }
        }

        # Find the virtual device that has the same key value
        # as that of the NIC which has the IP address we are
        # looking for.
        my $arr_vm_hardware_devices = $o_entity_view->config->hardware->device;
        my $str_vm_guest_nic_name;
        foreach ( @$arr_vm_hardware_devices )
        {
                if ( $_->key eq $int_device_id )
                {
                        $str_vm_guest_nic_name = $_->deviceInfo->label;
                        last;
                }
        }

        # Prepare the vmreconfig.xml file that will be used to change
        # the VM guest's NIC proeprties.
        my $str_vm_guest_nic_name_connect = $int_connected ? $str_vm_guest_nic_name : "";
        my $str_vm_guest_nic_name_disconnect = $int_connected ? "" : $str_vm_guest_nic_name;
        my $str_vm_guest_nic_name_power_on = $int_connect_on_start ? $str_vm_guest_nic_name : "";
        my $str_vm_guest_nic_power_on_flag = $str_vm_guest_nic_name_power_on ? ( $int_connect_on_start ? "true" : "false" ) : "";
        my $str_vmreconfig_xml_tmp = "/tmp/vmreconfig.xml" . rand(1000);
        system( "sed " .
                "-e 's/\$str_vm_name/$str_vm_name/g' " .
                "-e 's/\$str_host_name/$str_esx_host_name/g' " .
                "-e 's/\$str_vm_guest_nic_name_connect/$str_vm_guest_nic_name_connect/g' " .
                "-e 's/\$str_vm_guest_nic_name_disconnect/$str_vm_guest_nic_name_disconnect/g' " .
                "-e 's/\$str_vm_guest_nic_name_power_on/$str_vm_guest_nic_name_power_on/g' " .
                "-e 's/\$str_vm_guest_nic_power_on_flag/$str_vm_guest_nic_power_on_flag/g' " .
                "$str_vmreconfig_xml > $str_vmreconfig_xml_tmp" );

        # Reconfigure the VM
        system( "vmreconfig.pl " .
                "--server " . Opts::get_option( 'server' ) . " " .
                "--sessionfile $str_session_file " .
                "--filename $str_vmreconfig_xml_tmp " .
                "--schema $str_vmreconfig_xsd" );

        # Delete the temporary XML config file.
        unlink $str_vmreconfig_xml_tmp;
}

# Delete the session token file.
unlink $str_session_file;

# Logout of the session. This also invalidates the VM session token, FYI.
Util::disconnect();

If you have any questions about the script feel free to e-mail me. Hope this helps!

VMware ESX resource usage: Check out esxtop

I came across another nice tool in ESX 3.02 that gives a quick view of the resources in use - and the virtual machines position within the usage. If you have used much Unix or Linux, you have probably come across the top package. While top is not a very fancy package, it is available in ESX - and it does not really provide much useful information. ESX, however, provides a utility called esxtop that shows summary information on resources and the virtual machine inventory on the host. Take the following image example:

This gives a nice view of the resources being used by the ESX host - in VMware’s talk. One nice feature is that esxtop gives a nice safeguard in that the refresh interval minimum is two seconds. Old school top could have a refresh interval of 0 seconds by typing “s” to specify seconds, and entering zero. Then top would be the highest offender and quickly chew up resources. Interpreting this screen takes some pre-reading. For example, at the top of the screen, there is a value for CPU load average. The value of .25 indicates that this system averages only 25% utilization. If I were to see this system with a value of 1 - it would be fully utilized on average. Dig into the ESX Resource Management Guide online for some more options and configuration variables. Exiting esxtop is simple enough by entering “q” to return to the x shell.

Virtual Center 2.5 - An IT pro’s first look

So I had the chance to install VMware Virtual Center 2.5, or VC 2.5 from the release of the series of updates, last week. I expected the VC upgrade to be rather uneventful. The upgrade was uneventful, but there are some new key differences that you should be aware of with the new interface and what things may look life after the install.

New safegaurds and upgrade process

The default configuration after the VC upgrade has put in some safeguards that accompany you in tasks you may be familiar using. One example within the VMware Infrastructure Client is putting a server into maintenance mode. You will get some more questions related to the virtual machines that are off or suspended if you want them migrated to another host, (That is a good idea should another person or automatic process want to power on a virtual machine when it is in maintenance mode). This appears via a new tab and process called DRS Recommendations for most configurations of a VMware cluster. From there you can follow the recommendations of migrating guests to another host.

During the upgrade, all of my virtual machines ran fine and were not effected by the configuration. The only issue I had was that one ESX host, a 3.01 host, would not re-add back into the Virtual Infrastructure client. The message I had was something about the virtual center agent service failing to install. I did some poking around and found that I could bounce the existing management service on the ESX host to allow the new VC agent to install. I did the following:

[root@vm-esxdev0001 root]# service mgmt-vmware stop[root@vm-esxdev0001 root]# service mgmt-vmware stop

This had my heart stop for a bit as I stopped the service, but there were no availability issues to my virtual machines running on this host, vm-esxdev001.

Resource Pools, Clusters, Datacenters, and VMware Host Inventory

Depending on your upgrade type, you may need to recreate these elements after the VC upgrade. So it would be a good idea to have your current configuration documented so that you can re-add them if necessary. And yet another reminder to make sure your ESX resource pools are configured correctly. And this would be the time to reconfigure any of the configuration parameters should that be required.

VMware Resources

VMware provides a consolidated upgrade guide for ESX 3.5 and Virtual Center 2.5 and a good compatibility matrix for versions of ESX and Virtual Center. Be sure to read the compatiblity matrix before doing anything. Depending on your configuration - an ESX upgrade may do you no good with certain versions of Virtual Center. This is why I started with the Virtual Center upgrade.

Reconfiguring vmreconfig

The Perl script, vmreconfig.pl, is designed to reconfigure a virtual machine (VM). You can read more about it here. The tool can be used to make changes to the state of the VM. For example, you want to turn off a VM’s guest network interface card (NIC). You would use the command vmreconfig.pl in conjunction with an XML file that contains the necessary options to turn off the NIC.

The command might look like:

vmreconfig.pl –username akutz –password mypassword –server vcms.lostcreations.local –filename vmgnicoff.xml


And the XML file might look like:

<?xml version="1.0"?>
<Reconfigure-Virtual-Machine>
  <Name>purple.lostcreations.local</Name>
  <Host>morning.lostcreations.local</Host>
  <Disconnect-Device>
        <Network-Adapter>
          <Name>VM Network</Name>
        </Network-Adapter>
  </Disconnect-Device>
  <PowerOn-Flag>
        <Network-Adapter>
          <Name>VM Network</Name>
          <PowerOn>False</PowerOn>
        </Network-Adapter>
  </PowerOn-Flag>
</Reconfigure-Virtual-Machine>

This is where the trouble begins. The are a few problems with vmreconfig.pl (and I suspect with the other VI Perl tools as well; I will be documenting their issues as I use them):

- Poor error messages
- Schema is poorly designed
- Incomplete Perl modules
- Documentation is misleading

Poor Error Messages

When you execute the above command here is the error you will receive


Error in ‘vmgnicoff.xml’:
Element ‘Reconfigure-Virtual-Machine’ [CT local]: The element content is not valid.


This doesn’t really tell us all that much, does it? This is common with the VI Perl scripts. After some digging we are able to figure out that this problem has something to do with the XML schema file.

Poorly Designed Schema

The vmreconfig.xsd XML schema document (XSD) file included with the VI Perl Toolkit is poorly designed. It requires that every element be present in the file even when not in use. If you were to open the XML file in an XML editor and link the provided schema file you get a warning that the “AddDevice” node is not present? Well, we are not trying to add a device, so why should we need it? It turns out that the schema file does not implement the “minOccurs” attribute on its node definitions (even though the Perl script can cope with the absence of these elements). The solution is to go through the schema file and add a “minOccurs=’0′” attribute to the appropriate locations. You can download a copy of the schema I’ve already marked up for this purpose here.

Now you can use the simpler, easier-to-read XML that is printed above.

Incomplete Perl Modules

However, the next time you run the command you will possibly receive yet another error:


Can’t locate object method “new” via package “XML::LibXML::XPathContext” (perhaps you forgot to load “XML::LibXML::XPathContext”?)


This error occurs because some OSs do not have the XPathContext Perl module installed by default. To install this module from CPAN simply type:


sudo cpan XML::LibXML::XPathContext


That solves that problem.

Misleading Documentation

The last issue you can run into is the VMware documentation itself. The online documentation for vmreconfig.pl clearly implies that the name that should be used with a network adapter is the name of the network it is associated with. The documentation uses the example “VM Network”. This is the default name of a port group created for use by VMs in ESX. In fact, if you use this name when attempting to make changes to a network device you will receive this message:


No reconfiguration performed as there is no device config spec created.


You must specify the name of the network adapter, not the network it belongs to.

In Summary

To make vmreconfig.pl turn off and disconnect a VMs network adapter download my updated vmreconfig.xsd schema file and use the following XML:

<?xml version="1.0"?>
<Reconfigure-Virtual-Machine>
  <Name>purple.lostcreations.local</Name>
  <Host>morning.lostcreations.local</Host>
  <Disconnect-Device>
        <Network-Adapter>
          <Name>Network Adapter 1</Name>
        </Network-Adapter>
  </Disconnect-Device>
  <PowerOn-Flag>
        <Network-Adapter>
          <Name>Network Adapter 1</Name>
          <PowerOn>False</PowerOn>
        </Network-Adapter>
  </PowerOn-Flag>
</Reconfigure-Virtual-Machine>

Hope this helps!

Generating the XML necessary to create VMs with the VI Perl Toolkit

It is a pain in the rear to generate XML on the fly. There just is not a fun way of doing it. Unfortunately this is what is required when creating, cloning, and altering VMs with the VI Perl toolkit. I went ahead and creating a very simple Perl script that will take HTML GET variables from the query string and build the necessary HTML. I also created an extremely simple HTML form to try out the script. Alternatively, you could call the script from Perl using the command wget. For example:

wget -O vmcreate.xml "http://www.lostcreations.com/cgi-bin/vmcreate2xml.pl?name=www.lostcreations.com&host=esx01.lostcreations.local&datacenter=red&guestId=Windows+2003&datastore=storage-san-vms03&disksize=10240&memory=10240&numberOfProcessor=1&nicNetwork=p-vlan-104&nicPoweron=1"

This command will turn your input into a properly formatted XML file called vmcreate.xml that can be used with the VI Perl Toolkit command, vmcreate.pl, in order to create a VM.

The vmcreate2xml.pl script takes the following input variables:

name: The name of the VM to create.
host: The host to initially create the VM on.
datacenter: The datacenter to create the VM in.
guestId: The guest ID of the VM. E.g. Windows 2003
datastore: The datastore to place the VM’s files in.
disksize: The size of the VM’s hard disk in megabytes.
memory: The amount of memory to allocate to the VM in megabytes.
numberOfProcessor: The number of processors to allocate to the VM.
nicNetwork: The name of the port group to assign the VM to.
nicPoweron: Whether or not the NIC is powered on (0=off,1=on)

Hope this helps!

Can’t See Multiple Processors? Check Hardware Defaults.

Sometimes ESX messages are limited to be nice. Today, in normal virtualization tasks, I received the following error message:

Virtual machine has 2 virtual CPUs, but the host software only supports 1

Now, that sounds like an easy enough description and the knee jerk reaction is check the licensing configuration. A couple of dabbles around the VMWare Communities pionted me in some different directions but then I remembered: Some server systems have virtualization technology disabled in the processor options, namely some of the Dell PowerEdge servers in the CPU Information - Virtualization Technology - Enable. The default value is disabled for this configuration element.

Take a refresher on putting a host in maintenance mode, then a quick trip to the BIOS to enable the configuration and be back on the highway to virtualization happiness. Be aware of the default values for your host hardware and keep in mind that should you have a motherboard change or BIOS update these values may change or revert to a default.

Using Hyperic to Manage VMware Environments, part 1

At the risk of sounding like a commercial, Hyperic HQ is my leading-choice for agent-based systems management tools to handle both VMware and non-VMware systems. Personally I tend to prefer non-agent-based systems, but the Hyperic tools work, and work especially well for VMware environments. I like them because I’m an open-source nut - first attracted to it because of the price; I found I had a zero-dollar a day addiction to the LAMPP stack, MySQL, and Dia. Like all GPL junkies, I kept looking for more, and after a few years I found Nagios, then Groundwork, then Hyperic while doing some research for a presentation at Data Center Decisions 2006. I’ve been hooked on them since. I particularly like Hyperic’s rewards program for contributors who find bugs, fix bugs, and make the software better.

From 50,000 feet, Hyperic’s monitoring architecture looks like this:

You may be wondering why I use anything to monitor my VMware environment aside from VirtualCenter - number one is that I do use VC, but I prefer not to use multiple tools. I’ve been in a Fortune 100 company where there were so many 32″ LCD screens on the wall that you didn’t really know what was happening because you were getting so many different results from so many different tools. It was about as useful as having nothing at all except for a user’s phone call to tell you something was down. I have physical and virtual systems that I need to monitor, and until the day comes that my company goes 100% virtualized, I need one tool to monitor them all (please feel free to insert your own LotR joke here).

I’ll bypass the non-VMware material and get to the relevant point - using Hyperic to monitor VMware products - after this brief warning:

Reading the install manual is generally a must - there are several caveats to getting Hyperic fully functional, notably around graphing and charting and deprecated libraries that may need to be installed. Or, you can skip all that by downloading the pre-made Virtual Appliance. If you opt for that option, install the VMware Tools, or else time drift will cause a problem with reporting.

For this run I’m using the prebuilt virtual machine. If you need to install your own server, you need the following:

• 1 GHz or higher Pentium 4, or equivalent (2 x 2.4GHz Pentium Xeon or equivalent recommended)
• 1 GB RAM (4 or more GB recommended)
• 1-5 GB Free Disk Space

On Linux systems, you’ll also need an X server running (or at least the libraries).

To install, you need to run the command setup.sh -full and answer the prompted questions. Overall, it’s a straightforward installation. On a Linux system, execute w/ hq-server.sh start. At another point in the series, I’ll go into using datbases other than the default. You can use Oracle or Postgres, but not MySQL. I’m a big MySQL fan, so I would like to see support for it added later. EnterpriseDB, being a Postgres database engine, is supported.

Now, onto the agent part of the installation… it requires touching the guests, and this can be easily forgotten when you’re of the mindset that you can manage so much through VC. Some preparatory work is needed in order for proper operations on the ESX host. First amongst these is the creation of a user account (hqadmin is the default used by the agent) on the local machine. This account needs to have the admin-level role in ESX.

To install the agent:

agent-x.x.x/hq-agent.sh start

(where x = the version number of the agent you’re installing)

You will get some prompts, most of them self-explanatory, about what sort of install you want to perform. I recommend saying yes to secure communications and using port 7443 instead of 7080 as the default port. When you are prompted for the user name, use the account you created earlier.

Configuring ESX3 to report to the HQ server requires some modification of the firewall. It’s easily accomplished with a couple of commands:

esxcfg-firewall –openPort 7443,tcp,out,HypericHQAgent
esxcfg-firewall –openPort 2144,tcp,in,HypericHQAgent

Note that if you selected the default port (7080) when you set up the agent, rather than the SSL port of 7443, you will have to use that port number. Again, I recommend using 7443 for secure communications.

Once the host has the agent installed, you can install agents on the guests (virtual machines) in the same fashion. When these agents are installed, their descriptor the Hyperic management console will indicate to which host they belong.

The VMware-specific monitoring information covers a lot of VM- and Host-specific functions on ESX hosts. The following, taken straight off Hyperic’s documentation, lists them:

Vmware Monitoring Specification

1. General Server Metrics (CPU used, Total Memory Used, etc.)
2. Availability
3. Memory Available for VMs
4. Memory Used by VMs

VMware ESX 2.x and 3.x VM NIC Metrics

1. Availability
2. Packets Transmitted
3. Packets Transmitted per Minute
4. Packets Received
5. Packets Received per Minute
6. Bytes Transmitted
7. Bytes Transmitted per Minute
8. Bytes Received
9. Bytes Received per Minute

VMware ESX 2.x and 3.x VM Disk Metrics

1. Availability
2. Reads
3. Reads per Minute
4. Writes
5. Writes per Minute
6. Bytes Read
7. Bytes Read per Minute
8. Bytes Written
9. Bytes Written per Minute

VMware ESX 2.x and 3.x VM Metrics

1. Availability
2. Process Virtual Memory Size
3. Process Resident Memory Size
4. Process Page Faults
5. Process Page Faults per Minute
6. Process Cpu System Time
7. Process Cpu System Time per Minute
8. Process Cpu User Time
9. Process Cpu User Time per Minute
10. Process Uptime
11. Process Cpu Total Time
12. Process Cpu Total Time per Minute
13. Process Cpu Usage
14. VM Cpu Wait
15. VM Cpu Wait per Minute
16. VM Cpu Used
17. VM Cpu Used per Minute
18. VM Cpu Sys
19. VM Memory Shares
20. VM Memory Minimum
21. VM Memory Maximum
22. VM Memory Size
23. VM Memory Ctl
24. VM Memory Swapped
25. VM Memory Shared
26. VM Memory Active
27. VM Memory Overhead
28. VM Uptime

Most of these have a default report time of ten minutes, though some of the more critical and/or volatile report every five minutes. Most of the ESX host reporting and all of the VM Disk and NIC reporting are on ten-minute report timers.

This has some unique operational opportunities in managing virtual desktops as well as servers - namely being able to proactively monitor individual workstations and prevent system faults from becoming productivity-impacting problems for users and generating helpdesk tickets on desktops the way it’s done on servers in most enterprises.

That should be enough for now… more in later posts in this series, complete with some screenshots.

Can VMware HA give 100% uptime for a database?

Systems admin Michael Gildersleeve is evaluating VMware for High Availability (VMware HA); but he’s not sure if that product is going to work well with his legacy software. He’s not sure, either, if HA is as mature and robust as other products on the market.

I’m answering his call for more information. I hope that you will, too, either by commenting on this post or emailing me a jstafford@techtarget.com.

Gildersleeve works for a company that has a Progress database running on a UNIX server. Hundreds of Windows clients and Web applications are attached to that database and server through Progress Brokers via service file ports.

“I need to provide 365 by 24 by 7 up time,” Gildersleeve said. “With our new web business, East and West coast facilities, and vendors managing our stock and replenishment, we need to be available all of the time.”

He wants to run his database across at least two servers, in a setup like an Oracle Real Application Cluster.

“This would allow me to upgrade the OS (operating system), reboot a server or take a server down for maintenance without affecting the database or the users. So far I have only found solutions that will give me a two-to-five minute downtime between switching from one server to another.”

Gildersleeve has looked a little at server virtualization. He’s evaluating server virtualization options and VMware HA to see if he can cut the downtime to nil. It seems to him, however, that virtualization options only cover one server at a time. He wants 100% uptime across several servers used for database activities.

“What if I need to do an OS update or patch, or what if some critical hardware fails? What I have seen so far is that if I upgrade my Progress app to v10 (Progress OpenEdge), and then move to two Integrity servers running (VMware) High Availibility; if one server fails or if we need to do maintenance on a server, we can manually switch to the second server. But the problem with this is that my users will feel the switch because I will need to bring one server down. They will need to log out and in again to the app, or whatever needs to be done to bring the ready server into production mode.”

Gildersleeve is willing to evaluate Sun Microsystems options, if they are truly viable for running Progress. Microsoft operating systems are out of the question, however.

In his evaluations, Gildersleeve has come up with a lot of questions, and he’s looking for advice from HA experts. Could you provide some advice and share your experiences by commenting on this post or emailing me a jstafford@techtarget.com?

Mid-Sized Acceleration Kit SKU… Finally Here?

After much hoopla and fanfare, VMware spent a month and a half without issuing a SKU for it’s new small-to-mid-sized business edition of VI3.5. Happily, and with thanks to a couple of vendors who took the time to email me, I’ve learned that the new SKUs are out. While the pricing has been available since just after the announcement, the lack of a SKU means that no quotes or orders could be placed. I don’t know if the kits are actually shipping, but that at least gives me something to follow-up on in a subsequent post.

This is good news to the many SMBs that stand to benefit from virtualization, and good for VMware as having a real product to order is better than vaporware in the growing SMB battle between VMware, Citrix, and Virtual Iron.

ESX Resource Pools Revisited

How many times have you gone back to your resource pools and wondered why your performance is not what you were expecting? Here is a quick tip on your configuration that may help understand your situation. For small- to medium-sized ESX implementations, have a uniform value for the shares for CPU and RAM on your resource pools. Modifications of the shares values can lead to issues throughout your ESX implementation if not done cautiously.

Fair Playing Field

In my experiences, when the shares are equally set - at the default values for ‘normal’ - your configurations for reservations and limits can be more correctly enforced. I’ve many times tried to grasp the concept of the shares, and this description seems to describe it best: “Consider the shares as bandwidth to use the resource reservations and limits you have set forth.” In this fashion, the limits and reservations can have the behavior you are expecting.

Do not Have Anything Set to Unlimited

While we are talking about the resource pools we should definitely mention that if you have anything set to ‘unlimited’ - you are bypassing all management of the pool. This will go for the virtual machine host resources in an unlimited fashion, and can negatively effect other guests.