Posted by: Eric Siebert
Eric Siebert, vCenter Server, VMware, vSphere
Although vSphere’s vCenter Server offers many useful new features, there are three small ones in particular that were sorely needed in VMware Infrastructure 3 that I’m glad to see in this release.
The first deals with the problem of too much data in the vCenter Server database. The majority of the data in the vCenter Server database is from both guest OS and host historical performance statistics and also Task and Event data. The statistic data is archived per your interval settings so there are limits to its growth, but Task and Event data is retained in the database forever, even for guest OSes and hosts that have been removed from vCenter Server’s inventory.
There has never been in easy way to purge this old data from the database. VMware has provided SQL scripts for VI3 that you can modify and run to accomplish this task, but that method can be tricky and complicated. VMware has now added the ability to purge old Task and Event data directly from the vSphere Client, eliminating the need to use scripts.
This option can be accessed by navigating to Administration, vCenter Server Settings, and then Database Retention Policy link. Here you can define retention periods for both Tasks and Events data so older data is automatically purged from the database.
The next feature has to do with snapshot management. While VMware did not add a centralized management component for snapshots, they did add an indirect way to view all snapshots in your environment. In VI3 the only way to see all running snapshots was to use third-party scripts and utilities. Now, in vSphere, there is a new Storage view that shows snapshot and other VM file information.
This new view is accessible on any object (i.e. VM, host, cluster) and can show a variety of information about data stores, VM files, SCSI paths, NAS mounts and more. When selecting the virtual machine file option, you can customize the column display to show various information, including total space used by all files, snapshot space used, virtual disk space (shows true thin-disk size), swap-file space and other VM space, which includes things like log files. By appropriately sorting the columnns, you can easily see which VMs have running snapshots as VMs without snapshots will display as 0 bytes. This provides a very easy way to find out about any snapshots that are running in your environment so you can be aware of them and delete them.
The last feature has to do with vSwitches. In VI3 there were no available permissions that could prevent someone from moving a VM from one vSwitch to another. There were indirect permissions that could prevent this, but using those meant restricting other activities as well.
The ability to prevent someone from moving a VM from one vSwith to another is very important for hosts that are connected to both an internal and external demilitarized zone (DMZ) network. Having a VM bridge the internal and external networks or having an improperly secured VM moved to a DMZ is a big security concern.
In vSphere there are now more granular permissions for network control, including Assign Network, Configure and Move Network. Previously, Remove was the only available permission under Network. Additionally there are many new permissions under Distributed Virtual Port Group and Distributed vSwitch. These new permissions will greatly enhance the network security and provide much better control of the network component of your virtual environment.
While there are many more new features in the vSphere release, these are just a few of the smaller ones that I am excited about as an administrator.