October 2, 2008 4:16 PM
Posted by: Rick Vanover
, VMware ESX
Earlier this year, I posted a blog entry about the certificate configuration for VirtualCenter installations and the fact that the certificate does not get upgraded or renewed as you perform upgrades of VirtualCenter. The default certificate of a VirtualCenter installation is valid for two years.
Certificate management is not one of my areas of expertise. With that, I’m posting this series of blog posts with the hopes that it will help other admins complete this mundane task seamlessly. I am currently faced with upgrading the certificate configuration for my VirtualCenter 2.5 Update 2 system. The VirtualCenter default certificate is made up of three files: rui.cert, rui.key and rui.pfx. All are located in the C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL folder for default installations. Now these certificates are SSL certificates, or web certificates that manage the communication between elements of VI3. This includes ESX hosts, VMware Infrastructure Client connections, the database and VirtualCenter Server connections.
In the earlier post, I mentioned VMware’s PDF as a good starting point for the certificate renewal process. The PDF explains a lot of different things, but leaves a few key areas out about how to fix the immediate problem. Luckily, I came across a very handy blog that simplifies things and gave me easy steps to follow. Leo Raikhman’s Ramblings blog gives direct guidance for those of us who are a little fuzzy with certificates. Leo points out in three separate blogs a basic way to address the problem, a 1-2-3 approach, and some in-depth explanation for an occasional zero-length pfx file causing generation issues.
I have successfully followed Leo’s materials for a seamless upgrade in an isolated test environment with no workload. Soon, I will repeat the drill on the live environment and let you know how it goes in another blog post.
October 2, 2008 1:47 PM
Posted by: Bridget Botelho
, Microsoft Windows
, VMware ESX
VMware always has plenty of customers to vouch for their products, and their PR team certainly isn’t shy about sending journalists examples. I get so many emails touting the latest VMware success that I could publish new VMware Infrastructure case studies every week. (Hey VMware — if you’re reading this, we know people like your product and how they benefit from it. You don’t have to point it out every other day, but thanks.)
Speaking of virtualization case studies, I wish other software companies were as forthcoming about their customers. Most software companies send out product press releases that are riddled with marketing speak and not enough meat, with no customers to back up claims like “number one provider” of this or “the world’s best” that. Even Microsoft Corp. wouldn’t give me a Hyper-V customer to chat with after their virtualization product was released on the commercial market this summer. To be fair, however, there are virtualization companies that do offer up customers like Massachusetts-based Virtual Iron. But I digress.
Since I have a few VMware case studies from September cramming my Inbox, here they are in summary.
On September 30, VMware announced that Accountants Inc., an accounting and finance department staffing agency, deployed VMware’s virtualization and management suite VMware Infrastructure 3 to lower its overhead, meet its disaster-recovery requirements, and make its data center more flexible.
Accountants Inc. had been using a single physical server per application, and as the company approached a hardware refresh cycle, it found that virtualization would be more cost-effective, VMware reported.
Donald Wong, manager of IT operations and development at Accountants, Inc., stated that if the company continued deploying physical machines in a ‘one server to one application’ way, it would have cost to much. “Now, we’ve standardized on VMware and we have a strict virtualization-first policy. As a result, we can spend less time managing our IT infrastructure and more time focusing on bigger picture things, like growing the business,” Wong said in the VMware statement.
The company was also able to reduce its data center footprint by consolidating about 50 physical servers onto 10 VMware ESX Servers, which led to added savings in power and cooling costs.
Interfaith Medical Center
On September 23, VMware announced that Interfaith Medical Center (IMC) of Brooklyn, New York is using VMware Infrastructure 3 to create a virtualized environment for the Microsoft Windows-based applications.
The hospital began investigating virtualization when its server hardware requirements reached unsustainable levels; IMC faced power, space and budget constraints and needed a solution, VMware reported. After considering offerings from VMware, Microsoft and Citrix, IMC selected VMware Infrastructure and is now running nearly all of its critical applications in VMware virtual machines. The hospital also implemented a VMware-first policy for all new applications, VMware reported.
IMC has reportedly achieved consolidation ratios as high as 17:1 on its physical hosts and has virtualized approximately 95% of its Microsoft Windows-based applications, including IMC’s core Meditech health information system used for patient care and billing, BlackBerry Enterprise Server, Microsoft SharePoint, Kronos software for timekeeping and scheduling, and Lawson software for finance and accounting.
On September 3, VMware announced that Houston-based CITOC, an award-winning provider of managed and hosted IT solutions, standardized on VMware Infrastructure as its application environment for internal systems and client solutions.
CITOC, whose customers including Lockheed Martin, Mary Kay Cosmetics, Sysco Foods and Carriage Services, evaluated a number of virtualization platforms to incorporate into its IT operations, including VMware Infrastructure and Microsoft Hyper-V. CITOC opted to standardize on the VMware platform, mainly because they could run three times as many virtual machines on VMware Infrastructure as it could on Microsoft Hyper-V with identical hardware, VMware reported.
James Garrett, chief operating officer at CITOC, said in VMware’s statement that CITOC guarantees 99.999% application availability for clients, and is trusting VMware to help them stick to that guarantee.
Garrett estimates that CITOC is hosting nearly 5,000 virtual machines for its customers. About 85% of those virtual machines are running Microsoft Windows-based applications. Internally, CITOC is using VMware for applications like Microsoft Dynamics, Microsoft Exchange, Microsoft SharePoint, Microsoft SQL Server, and BlackBerry Enterprise Server.
Garrett reported that one customer was running 343 physical machines when it hired CITOC to streamline its IT operations. Today, the customer is supporting its entire application environment with 16 blade servers (32 including redundancy) running VMware Infrastructure.
September 30, 2008 11:52 PM
Posted by: Eric Siebert
, VMworld 2008
Most of the VMworld 2008 slides are currently available to attendees by going to the Schedule Builder on the VMworld website, logging in with your VMworld username/password and then clicking on the Session Catalog link on the left. If you look at all the sessions that are listed you will see a column called Session Files that you can click on to open up the link to the PDF file for the session.
VMware should be posting both the audio and slides later this week once they receive the hard drive containing them back from the vendor that recorded the audio and then put it together with the slides in Flash video format. Talking with Eric Nielsen at VMworld he mentioned that VMware would be selling a subscription to non-attendees so they could gain access to all the great presentations. I haven’t seen any official word from VMware on this yet; they are probably waiting until after the presentations have all been posted to the VMworld website to announce it.
Also now that VMworld 2008 is over, all of the slides from VMworld 2007 have been released for free for everyone to review. Previously only attendees could view them except for the dozen or so that VMware released for free each month. Even though they are a year old they still contain a lot of great, still relevant information.
Besides the VMworld presentations, there is a lot of good online coverage of the show in the form of audio, video, photos, blog postings and news articles. I’ve put together a pretty extensive list of all the links that are grouped by category on my website. Included in the links is Tech Target’s extensive coverage which you can check out here.
September 30, 2008 5:38 PM
Posted by: Eric Siebert
, VMware ESX
, VMworld 2008
There were many new product announcements made at VMworld, many of which were probably confusing. So many new “v-products” were introduced and it initially seems like the ESX infrastructure we know today will soon be completely different. So what does this mean to the average ESX system administrator today? Is everything going to drastically change… will we have to re-learn ESX?
In the short term, it will most likely be business as usual. ESX Update 3 is rumored to be released soon which will keep us busy updating our servers for a while. Beyond that we have ESX 4.0 to look forward to which promises to be a major upgrade with many exciting new features such as a new look and feel, distributed vSwitches, Fault Tolerance, Host Profiles, Storage vMotion GUI and much more.
In the long term, VMware will be leading us towards their Virtual Data Center OS vision. The migration itself, however, will be a work in progress. VMware will not be releasing it all at once and it is not really an actual product but a name for a complete framework of components and services. Some of these components are just some of the new features that have already been mentioned wrapped in new fancy V-words. For example one of the pieces of the VDC-OS is Infrastructure vServices which has several components under it:
vCompute – a V-word for the optimal usage of all server resources which includes many of the technologies that ESX uses today. Adding to this in 2009 and presumably in ESX 4.0 is Paravirtualized storage and their new VMDirect technology which will allow VM’s to directly access host hardware.
vNetwork – a V-word for their set of networking technologies that will help optimize I/O and provide better integrated networking. Today this is basically just their current network I/O optimization that they already do. To build on this in 2009 and presumably in ESX 4.0 is the Distributed vSwitch, Network vMotion and 3rd party vSwitches like the Cisco Nexus 1000 that was announced.
vStorage – a V-word for maximizing storage utilization and efficiency. Today this includes their VMFS technology. Expanding on this in 2009 and presumably in ESX 4.0 is Thin Provisioning (yes you can do this today but not easily unless you use NFS storage), Linked Clones (another feature that exists today in Workstation) and new storage APIs to enable array software to manage individual VMs.
Additionally there are other new features coming that are positioned under the Application vServices pillar, these features include vCenter (new name for VirtualCenter) Data Recovery, VMsafe integrated products, VM’s with 8-way vSMP and up to 256GB of RAM and hot plug virtual hardware.
I know I was initially pretty confused after hearing Paul Maritz’s keynote session, but afterwards I took some time to read through the details on everything that was announced and realized that it wasn’t as complicated as I initially thought. So don’t let the new V-words overwhelm you, they are basically just marketing terms that most systems administrators will not even need to know. All that will matter to us are the many exciting new features that are coming soon.
The release date of ESX 4.0 has not yet been announced, although it is currently in a private beta. My guess is around Feb-March 2009. I do know one thing for sure though, I’m definitely excited about all these new features and I can’t wait until VMware releases them.
September 25, 2008 6:25 PM
Posted by: HannahDrake
This post was written by contributor Sander van Vugt.
When consolidating from a physical infrastructure to a virtual infrastructure, you probably don’t want to perform a new installation of all of your servers. That’s where PlateSpin PowerConvert can be useful. This software allows you to convert physical servers to virtual and more, thus allowing you to save on implementation costs.
Imagine the burden, for example, of performing a manual physical-to-virtual conversion. Because it often involves important changes in the kernel of the source server’s OS, migrating from a physical server to a virtual server is a complex task that involves much more than just making a copy of the source server and installing it on the target server. It often involves a completely new installation of the target server, after which you have to copy data and applications from the source server to the target server. This is a lot of work if you only have to migrate one server, imagine the time it would take to do this for hundreds of servers.
Using software to automate this process makes managing migration scenarios much easier. Physical-to-virtual conversion is just one of the tasks that you can accomplish with PowerConvert’s Workload Portability technology. The capabilities go way beyond that. PowerConvert offers the following capabilities:
- Seamlessly move server workloads between servers
- Reconfiguration of resources assigned to server workloads
- Read data from various volumes to deploy new servers or recover servers
These three tasks are centered about the three infrastructures that PowerConvert works with: physical servers, virtual machines and image archives. Different combinations of the three allow you to move workloads among peer servers, capture images and deploy images to physical and/or virtual machines. They also perform various roles in a disaster recovery plan. The migration can be in any direction, physical-to-virtual, virtual-to-image and image-to-physical.
PowerConvert may prove useful in different scenarios. First, you can use it for server consolidation, where you accomplish large scale physical-to-virtual migration. You don’t need virtualization, however, to benefit from PowerConvert. You can do physical-to-physical miogrations as well, which is useful when migration server workloads from one physical server to another. Also, it makes building test labs easier, as you can use physical-to-virtual (P2V) to build a copy of your entire network on a test server. When working with PowerConvert, all of these are reflected in the following tasks:
- Copy Workload: This is where you create a duplicate of an existing server. The source server can be a physical server as well as a virtual server and that goes for the target server as well.
- Move Workload: This is where the configuration of the source server (which can be a virtual server as well as a physical server) is moved to a new server, with the intention of removing the source server from the network. This means, for example, that licenses from the old server can be used easily on the new server.
- Protect Workload: In this scenario you’ll create a standby virtual copy of a source server, which may again be a physical as well as a virtual server. In this scenario you can set up a schedule to synchronize the virtual copy in the image file with the original server, thus allowing you to keep the copy up-to-date. This scenario is ideal for disaster recovery setup.
- Work with Images: PowerConvert allows you to create, deploy as well as import images. That means that you can easily move data around between physical or virtual source servers to image files.
PlateSpin PowerConvert offers more than automated physical-to-virtual migrations. With PowerConvert you can easily migrate from a physical server to a virtual server, between physical servers and make automatically synchronized images.
September 25, 2008 2:17 PM
Posted by: Rick Vanover
, Rick Vanover
, VMware ESX
For VI3 environments with multiple VLANs, configuration accuracy is an important step in providing virtual machines with the correct connectivity. Using the esxcfg-vswitch ESX host commands can make life as a VMware admin easier, but there’s a lot to learn. Lucky for you, I have taken the time to familiarize myself with the esxcfg-vswitch ESX host series of commands and have documented them for quick network configuration recreation. A word of caution, however; esxcfg-vswitch is an interactive command and if you are experimenting, you should work with a host in maintenance mode to avoid causing an interruption to your live workload.
In describing how to use the esxcfg-vswitch command, I want to first explain some practice points that I use in my VI3 environment. Most importantly, I create a virtual switch exclusively for the service console and VMkernel (VMotion) roles, and a separate virtual switch for all of the guest virtual machine port groups. The port groups on this separate virtual switch will have 802.1Q VLAN tags applied. With that, let’s jump into the command.
One of the first things you can do is inspect the current virtual switch configuration. This is done with the following command:
The result will be something similar to what is shown below:
To recreate networks, we can use the esxcfg-vswitch to do this task. My preference is to remove the existing virtual switch, and re-create it to expected configuration. Here is a sample script that will first remove and then re-create the entire virtual switch and five port groups with their corresponding VLAN identifiers:
esxcfg-vswitch -d MainGuestVirtualSwitch
esxcfg-vswitch -a MainGuestVirtualSwitch
esxcfg-vswitch --link=vmnic3 MainGuestVirtualSwitch
esxcfg-vswitch --link=vmnic4 MainGuestVirtualSwitch
esxcfg-vswitch --add-pg=PrivateNetwork MainGuestVirtualSwitch
esxcfg-vswitch --add-pg=ShopFloor MainGuestVirtualSwitch
esxcfg-vswitch --add-pg=BackBuildingUpper MainGuestVirtualSwitch
esxcfg-vswitch --add-pg=BackBuildingLower MainGuestVirtualSwitch
esxcfg-vswitch --add-pg=CoreCorporate MainGuestVirtualSwitch
esxcfg-vswitch --vlan=334 --pg=PrivateNetwork MainGuestVirtualSwitch
esxcfg-vswitch --vlan=332 --pg=ShopFloor MainGuestVirtualSwitch
esxcfg-vswitch --vlan=236 --pg=BackBuildingUpper MainGuestVirtualSwitch
esxcfg-vswitch --vlan=237 --pg=BackBuildingLower MainGuestVirtualSwitch
esxcfg-vswitch --vlan=100 --pg=CoreCorporate MainGuestVirtualSwitch
A couple of notes on this: MainGuestVirtualSwitch is the name for the virtual switch instead off the default vSwitch1 (remember the first one – vSwitch0 – is for service console and VMkernel). There are two interfaces available to this virtual switch, vmnic3 and vmnic4. The port group names are the friendly names of the networks that are used in VI3. After running this script, the following will immediately appear in the networking configuration section of the host in the VMware Infrastructure Client:
I usually go into the virtual switch after it is created through script to make both interfaces active, instead of the default scripted result of one as active and subsequent vmnic interfaces as standby. Good information on esxcfg-vswitch is a little light, but VMworld 2006 had a couple of mentions of it and virtualization expert Mike Laverick makes some mentions of esxcfg-vswitch on the RTFM site.
Like many administrators, I do not backup the ESX host in a traditional sense. Using these configuration scripts in a post-installation fashion can make host re-provisioning quick and painless, but more importantly get the configuration consistent.
September 23, 2008 2:56 PM
Posted by: Eric Siebert
, VMworld 2008
I’m a little late in posting this as I had so much to do and see and it seemed like very little time to do it in (plus limited Internet connectivity). For me, Tuesday started with the judging for TechTarget’s Best of VMworld awards. I was judging the security category and was looking forward to finding out more about the great security products that had been nominated.
I spent most of the morning and part of the afternoon visiting the nominees and spending time learning about their products. When judging, we are looking for products that are innovative and stand out against competing products so I asked plenty of questions to each vendor to get a good understanding of their product.
Some notable products I saw in the security category included Altor Networks Virtual Network Security Analyzer, Catbird’s V-Security and the one that really stood out to me was Reflex Security’s Virtual Security Center. Once we were done meeting the vendors we all met up in a conference room to talk about each category and pick the winner for each and the two runner-up finalists. After we reviewed each category we had to choose a single Best of Show winner amongst all the category winners which ended up being the product I had picked as the winner from the security category; Reflex Security.
After the judging was over it was off to a dinner hosted by the folks from Hyper9 where we had a great meal and received copies of the recently released book, VMware ESX Essentials in the Data Center by David Marshall, Steve Beaver and Jase McCarty.
Wednesday was the day of the panel session (PO1861 – VMTN Community Experts Live) that I was speaking at along with other VMTN community notables which included Ken Cline, Tom Howarth, Steve Beaver, Edward Haletky and Thomas Bryant. Our session was at 11:30 am, I arrived around 11:15 am and met up with the other panel speakers and prepared for the session to begin.
Our session was in a question and answer format, audience members could ask questions and we would do our best to provide answers. I’m pleased to report that we were able to provide answers to every question that was asked including one that the VMware Genuis Bar could not answer. Afterwards we picked up a box lunch and went over to the Communities and Blogger lounge with John Troyer from VMware to do a live recording of our weekly podcast along with Tom Howarth, Edward Haletky and Jason Boche. This week we talked about our thoughts and experiences at VMworld. Next it was off to the Best of VMworld award presentation, you can read more about all the winners and finalists here. After that I was scheduled to do a few video interviews with TechTarget; one on security and the other on I/O virtualization which will be published on SearchVMware.com.
Finally it was off to the races, as in the Las Vegas Motor Speedway for the big VMworld party. I was able to get in early thanks to Jason Boche who had one of the limited pit passes that provided early admittance to the party. We hopped on the bus and headed over to the track, once we arrived our first stop was to the cars that they had waiting in Pit Row that would take you for a 90-mph ride around the race track. The cars were a variety of new model production cars from a variety of manufacturers. Our car was an Infinity. Riding around the track was a lot of fun, not as fun as driving a Nascar car but enjoyable none the less. Next stop was to wait in the long line to get our picture taken with Indy car driver Danica Patrick. Afterwards it was off to try some of the numerous food choices that were provided and to check out the entertainment.
There were lots of neon glow tubes being passed out to everyone which party goers promptly took advantage of to do all sorts of wacky things with. A few people tried to see how many they could wear on themselves which provided some good entertainment, many others used them to pelt the DJ drummer with which seemed to greatly annoy him (a note to VMworld party planners, you might want to re-think providing neon glow tubes to people in the future). I took a lot of pictures of the party which I will be posting on my website in a few days.
Thursday was the final day, I spent the morning checking out vendors in the Solutions Expo and saying goodbye to everyone I had met. I can truly say that I had a thoroughly enjoyable time and wish it could have lasted longer. There was just an overwhelming amount of things to see and do, it was so busy I hardly had any time to gamble in the casino. Finally meeting in person all the people I deal with electronically was the highlight of the show to me. I had many great experiences and learned a great deal from the show. Now it’s time to try and catch up, there was a lot of online coverage of the show that I want to review and to also try and digest everything that VMworld had to offer.
September 23, 2008 2:51 PM
Posted by: Eric Siebert
, VMworld 2008
Monday was kind of a lazy day for many as it is geared towards partners who get exclusive briefings from VMware on strategies, technologies and road-maps. I can now navigate around the Venetian hotel with some confidence as I have started to figure out how everything is laid out. There are also many labs that attendees can sign up for on Monday, which provide hands-on experience in a variety of areas (i.e. performance, security) and are a great way for users to learn while actually using the product.
The Welcome Reception in the Solutions Expo opened at 5:30 for all attendees to meet with the two hundred-plus vendors who are at VMworld to show off their products and services. My first stop was the VMTN community lounge where I finally met John Troyer from VMware in person. John manages the Planet V12n and Planet VMware blog aggregator sites which are central feeds for all the great virtualization websites. I also had the chance to meet many of my fellow blogger and community members like Andrew Kutz, Bob Plankers, Richard Brambley, Eric Sloof and Rick Vanover.
I took a few laps around the Solutions Expo taking in the many vendors. My main objective for the night was to find and meet in person some of the many people I deal with electronically, like the folks from TechTarget. Tomorrow (Tuesday) I’ll be spending a lot of time in the Solutions Expo as I am one of the judges for TechTarget’s Best of VMworld awards. I stopped by to visit the folks from Hyper9 to see how their product was evolving since the last time I met them about 6 weeks ago. They’ve added some impressive features to the product like the ability to do a visual comparison of a virtual machine over a period of time. This technique is similar to how a text comparison application like Beyond Compare takes two files and lists all the differences between them. They are scheduled to release a public Beta of the product soon and are still on track to release it before the end of the year.
After the Welcome Reception is was off to the v-Bar (an appropriate name) in the Venetian for an informal VMTN communities party to socialize with some of the many users that frequent the VMTN forums. I spoke with John Troyer about the 3.5 Upgrade 2 SNAFU with the time-bomb code. He mentioned that VMware was making big changes to ensure that it would not happen again, including not using time-bomb code in future Beta releases. I also talked with Eric (who works with John in the communities and is very involved with the VMworld.com website). I asked about the availability of the recorded sessions from VMworld, and Eric responded that they would hopefully be released to attendees a week or two after the show ends. He also said they were still looking to sell subscriptions to the recorded sessions to non-attendees that would grant access to both the VMworld USA and VMworld Europe sessions. He wasn’t sure what the plan was to release the sessions for free to the general public. They may repeat what they did last year by releasing them at the rate of a dozen or so a month.
Tomorrow promises to be a busy day, walking the Solutions Expo, judging products for the Best of VMworld awards. I’m judging the Security category and am looking forward to checking some of the great security products that have been nominated. Also the general session keynote from Paul Maritz is tomorrow morning, which should be interesting.
September 23, 2008 2:44 PM
Posted by: Akutz
, VMworld 2008
I am sure by now that I am getting a reputation as a downer or naysayer at this VMworld, but as one of my colleagues pointed out, we look around and wonder how many of these products and features we see are simply solutions searching for problems. That said, I look at something like VMware View, a new product in their vClient initiative, designed to help offer offline desktop images, and I wonder, why?
Jan Stafford and I were discussing that fact that if we do not have access to the Internet we really can not do that much in the way of our jobs. She is a journalist and I am a programmer. She uses the ‘Net for research, and I use it for avoiding my job by way of YouTube :). VMware View is not the only product that promotes offline desktop use, take a look at any of the VDI solutions and four out of five of them will tout their ability to download the virtual desktop to your laptop for when you are out of the office. What does having your familiar environment provide you with, however, when you are no longer connected to the Internet?
There are three prevailing thoughts on the matter that I would like to discuss:
- Offline desktops are a cure for network latency
- Users demand a familiar environment
- Offline desktops provide better application management
Curing Network Latency
The argument is that sometimes you do have an Internet connection, but it is not strong enough to access a remote desktop, so having an offline desktop will provide you with your familiar environment without the need for the fat pipe. An offline desktop, however, is not necessary to the result, as we shall see in a minute.
Users only think they need a familiar environment because they have never experienced any alternatives. What users really need is a way to access their information when they want to, how they want to, and in a secure fashion. I think offline virtual desktops are a little overkill for that (there are exceptions, for example, Windows on a Mac for a Visual Studio developer).
Better Application Management
No, no, no. Offline desktop images do not provide better application management. At that point I have to maintain an entire OS image to maintain a set of applications. Application virtualization software such as VMware’s ThinApp or InstallFree provide application management.
A Simpler Solution
As I said, offline desktops are a way to provide a way for users to access the information they want and how they want it, and in a secure fashion. Ultimately though I think that this is using an atom bomb to control the Alaskan wolf population when a single governor in a helicopter with a high powered rifle will do. I kid, I kid. But offline desktops are overkill. To me the solution is much simpler — synchronizing files and settings. Although Apple’s MobileMe has not had the best launch in the history of services, it certainly has the right intentions. I use it and it successfully keeps my files and preferences in sync across many computers. I don’t need the overhead of a local hypervisor to run my virtual image, I can access my files when I need to, how I need to, and securely. And perhaps most importantly I am not beholden to an OC-12 line. It’s a win-win.
Offline desktops… They’re a great idea, and they have their purpose. I just think people are using a wind tunnel to dry off their hair after a really long shower.