Archive for June, 2010

Make an ESX Firewall Rule Manageable in the vSphere Client

June 25th, 2010

Make an ESX Firewall Rule Manageable in the vSphere Client.  To do so, you essentially need to create a new service in the firewall configuration XML file.

Open the file /etc/vmware/firewall/services.xml
Scroll to the bottom & note the last Service ID #
Copy an existing service section as a template (ie. faultTolerance)
Paste as new following proper XML formatting
Increment the Service ID # by 1 ensuring it’s unique
Customize to fit your new inbound/outbound port rule
Save and exit
Services do not need to be restarted

As an example, I took :


    faultTolerance
   
      outbound
      tcp
      80
   

 

and created a new service like so:


    CoolFirewallRule
   
      outbound
      tcp
      12345
   

 

The result is a firewall rule named CoolFirewallRule which can be toggled via the vSphere Client:

 6-22-2010 11-13-39 PM

vSphere Cluster Showing Noncompliant on the Profile Compliance Tab

June 24th, 2010

To troubleshoot a vSphere cluster showing Noncompliant on the Profile Compliance tab, check the following:

FT logging NIC speed is at least 1000 Mbps
At least one shared datastore exists
FT logging is enabled
VMotion NIC speed is at least 1000 Mbps
All the hosts in the cluster have the same build for Fault Tolerance
The host hardware supports Fault Tolerance
VMotion is enabled

Read more at: http://kb.vmware.com/kb/1017471

Disable Copy and Paste for a VM

June 23rd, 2010

Security Tip: Disable Copy and Paste operations between the guest VM operating system and remote console by providing the following advanced parameters for the VM’s configuration (stored in the .vmx file):

isolation.tools.copy.disable = true
isolation.tools.paste.disable = true
isolation.tools.setGUIOptions.enable = false

Read more at: http://www.vmware.com/files/pdf/vi35_security_hardening_wp.pdf

Update 11/30/10:  The disabling of copy/paste via the remote console is now the default out of box behavior as of vSphere 4.1 as a security hardening measure.

Update 8/18/15: VMware KB describing VM and host level configuration Clipboard Copy and Paste does not work in vSphere Client 4.1 and later (1026437)

vCalendar 2.0

June 23rd, 2010

vCalendar was launched in 2009 at VMworld.  I think it was a success and my sincere hope is that everyone who acquired one got some practical use out of it.  I know I have, which is why I created it.  Each new day is a pleasant surprise.  Some might be curious about what’s next for vCalendar.  The truth is that I began development of vCalendar 2.0 shortly after the 1.0 launch.  This was easy to do because I followed the same development methodology which was incorporated into version 1.0, essentially harvesting useful data from the trenches on an almost daily basis and then formatting that data into a vCalendar form factor. 

So the good news is that there will be a vCalendar 2.0 and I’m planning on an anniversary launch around VMworld 2010 San Francisco.  Some data which is not so relevant any longer will be pruned.  Some of the data which is still currently relevant or of historic value will be carried over from the previous version.  Then there will be quite a bit of new content added which I have been working on since the fall of last year.  The next few blog posts you see from me will provide examples of upcoming vCalendar 2.0 content.  The posts will be rather short and to the point – because for the most part they are in vCalendar format which is limited to a finite number of rows and 425 characters total.

The not so good news surrounding vCalendar 2.0 is that it will only be available for purchase by continental U.S. peeps online at The Printed Owl. I will do my best to get some vCalendars into the VMworld store as I did last year but I cannot make any promises as it is quite expensive to do so and the budget is tight this year.  Veeam did a fantastic job of distributing vCalendars over the past year, however, they will not be carrying the vCalendar this year.  I wish to extend my thanks to Veeam for their partnership.

I’d like the vCalendar tradition to continue, be successful, and maybe leave its mark in VMware lore.  I’m excited for the upcoming launch and I hope you’re able to get your hands on one.

Windows 7 Launch Multiple Program Instances Shortcut

June 22nd, 2010

I don’t pretend to know all of the Windows keyboard shortcuts but I do maintain an arsenal of frequently used aka useful ones.  Here’s one that I discovered by accident which is helpful for applications which multiple instances can typically be spawned simultaneously.  Applications like the vSphere Client, PuTTY, Remote Desktop Connection, Command Prompt, maybe a web browser if you dislike browser tabs.

The shortcut:

With one instance of the desired application already launched (and visible on the Windows 7 taskbar), SHIFT + LEFT MOUSE CLICK on the application on the taskbar:

6-21-2010 10-05-36 PM

VIOLA!  An additional instance is spawned:

6-21-2010 10-06-36 PM

I’ve found immediate use for this with launching multiple vSphere Client instances.  Sure I have these frequently used applications pinned to my taskbar for one click launch efficiency but when the application already has one instance launched, the target to click on is ergonomically larger and thus easier to find.

This UI enhancement may also work with Vista.  I didn’t use that OS long enough to find out.  I’m not sure if Microsoft has an official name for this technology – surely there must be an acronym for it.  I’ll pay attention during the “Windows 7 was my idea” commercials as this was obviously someone’s idea and this trick could surface there.

ps. On the subject of Windows 7 enhancements.  While I do like and use the feature where an application is snapped to one of the four edges of the screen, at the same time I’ve developed a phobia about carefully navigating my mouse while dragging an application where I DO NOT want it to snap and take up a huge chunk of display real estate.  I’m passive aggressive particular about the dimensions of my application windows relative to everything else in the shared area.  The four edges of a Windows 7 display have tractor beams and when your mouse comes close to the edge, it sucks you the rest of the way in and before you know it, an app is maximized.  I’d bet *nix people don’t have these types of issues.

VMware VCAP4-DCA BETA Exam Experience

June 21st, 2010

6-21-2010 7-09-54 PMThis morning, I sat the VMware VCAP4-DCA BETA exam at a VUE testing facility in Eau Claire, WI – a 110 mile drive from my normal area.  Today was the last day to take the exam and the Wisconsin location was the only available facility as of last week when I scheduled the exam.  This is the first time I had traveled extensively to take an exam.  Although it was not my first preference, I did so for the following reasons:

  1. The exam price was discounted $300 off since it was beta.  For this price it was worth a shot to pass.
  2. Declining the location would have meant declining the exam since today was the deadline; hence I’d have to wait a few months when the exam went live.
  3. I wanted to get the exam out of the way (hopefully) and help others prep once I had the experience.
  4. I’d never written a beta exam before.
  5. This was my 1st beta invitation from VMware.  I probably wouldn’t receive a 2nd if I had refused the 1st.  <– Godfather reference

I used the exam blueprint as a guide for what to study.  I was a bothered by a few of the technologies on the exam blueprint which I didn’t have much experience with:  vShield Zones, Orchestrator, and vCenter Heartbeat.  Might as well add PVLANs to the list too.  I was also a bit bothered by lack of study time.  VMware had just scheduled this exam for me late last week.  Thursday or Friday.

The VCAP is an Advanced Professional certification.  As such, I came into the exam expecting it to be similar to the VI3 Enterprise Administration exam and tougher than the VCP exam.  From a challenge aspect, the VCAP-DCA exam did not disappoint.  It covered several features which were new to vSphere leaving little room for overlap from previous exams.  Obviously, I cannot go into details on specific questions due to the standard NDA policy around certification exams.  Suffice to say, the exam blueprint mentioned earlier is a good resource.  The blueprint covers broad objectives.  Expect to dig deeper for each objective listed.  Those who complain about the VCP exam being “too easy” should enjoy the VCAP series of exams if the beta exam is a relevant indicator.

Like the Enterprise Administration exam, the VCAP4-DCA exam has a live lab environment which is used to accumulate points for questions asked.  Unlike the EA exam which had 11 lab questions and the remainder written/multiple choice, the DCA exam is 100% lab and no multiple choice.  The exam tests working knowledge of the products and not as much memorization.  The beta exam was 41 questions in length with an alotted time of 4 1/2 hours.  I liked the EA exam from the perspective that the lab questions quickly made sense to me and I think I scored a lot of points in the lab.  For this reason, I felt the DCA exam would be right up my alley, being 100% lab.  I was half right.  The DCA exam is very challenging.  If there is something in the lab you don’t understand or did not study for, there’s no multiple choice correct answer staring you in the face so you at least have a statistical chance of getting the answer correct.  To use a made up example, you either know how to enable root SSH access on a Service Console, or you don’t.  If you had to guess, you’d never get it right, thus you lose points on the question.  Working in the lab was a fun approach, but the flip side is not knowing enough of the content will kill you for lack of multiple choice guess.  Some of the community laughed at the VCP exam.  VMware has answered with the VCAP.

Now for the bad news.  The lab testing environment, in my experience, was riddled with issues.  Most notably, “glyphs” painted randomly about the screen due to screen refresh/repaint issues.  They are an incredible distraction and in many cases, they covered up buttons and hyperlinks in the vSphere client such that if you didn’t know the buttons were supposed to be there, you’d never find them to complete your task.  Since I know the vSphere Client fairly well, I knew where to blindly click in an area to force a repaint of the screen.  I had other issues as well which prohibited me from answering questions.  I notified the proctor who called support while I continued with the exam.  About 30 minutes later, someone rudely took remote control over my screen and logged me out while I was in the middle of a lab.  I was then logged back in and told to continue, problem solved.  Problem was not solved as it had nothing to do with the VUE equipment, rather it was internal to the remote lab.  I had the proctors open an incident case with VMware.  At one point later I was pulled out of the testing room and put on the phone with VMware support.  Suffice to say, the problem didn’t get resolved and several questions will have been impacted.  In addition, for the time spent troubleshooting the lab, the clock was ticking.  I’m not sure if I was losing time while on the phone with VMware.

The combination of struggling with the previously mentioned issues, coupled with poor time management on some other questions, resulted in me running out of exam time before completing the last question. I wasn’t even close to finishing.  I needed about another hour.  Part of the key to this exam, other than obviously knowing the content, is to be able to digest the information in the questions quickly and accurately.  This is good because it’s a fundamental core competency in the VCDX process as well as in the life of an Architect.  The anal person that I am, I found myself going back and forth between test question and lab to be sure I was doing everything PERFECTLY.  In the long run, I think it cost me.  I noted in a few of my previous exam blog posts that I found myself struggling with time issues on certification exams lately.  This was no exception.  I need to move faster, but not at the expense of accuracy.

I left the exam facility in a stunned zombie state.  I wasn’t pissed.  I was disappointed in my own self on several questions – like any exam, it revealed my weaknesses.  The exam was a lot more challenging than I expected.  Lab issues aside, I think VMware did a good job with the difficulty of the questions.  Now I just need to wait a few weeks for the results.  Nothing I’ve experienced compares to the drama and anxiety created by the VCDX defense process and grading period.  If by chance I do not pass the DCA exam, it will be an ego crush but I will survive, retake, and the result will be a sharper skillset – which is my primary reason for certification in the first place.  Retaking an electronic exam after a 10 day wait is not a big deal compared to the consequence, wait, and expense of not passing the VCDX defense process.  Knowing this consoles me.  Now that the beta period is over for the DCA exam, others will get their chance at this exam hopefully in a month or two, and perhaps I will  again as well.  I haven’t felt positive about my last few exams and I passed.  We’ll see about this one.

Update 6/22/10:  I failed to mention William Lam and Chris Dearden also have great summaries of their VCAP4-DCA BETA exam experiences.  Be sure to check them out.

Update 10/14/10:  I passed.

vEXPERT 2010

June 20th, 2010

Friday June 4th, 2010

Hello Jason,

I am pleased to announce that you have been designated as a VMware vExpert 2010 and I invite you to participate in our program this year. This award is based on your advocacy of VMware solutions, your contributions to the community of VMware users, and your willingness to share your expertise with others.

On behalf of everyone here at VMware, thank you.

The excerpt above says it all.  Thank you for this award VMware.  For vEXPERT last year I received a very nice vEXPERT pen, folder, and lapel pin. 

This year, I would like to once again add VMware NFR licenses to the wish list for vEXPERTs.  Access to products such as vSphere, SRM, vCenter Heartbeat, Chargeback, Lab Manager, View, etc. without having to request new licenses and rebuild every 30-60 days would be much appreciated.

Thanks again and I look forward to another great year working with VMware’s products and excellent staff.