boche.net – VMware vEvangelist

OVF? OVA? WTF?

July 2nd, 2010 by jason No comments »

If you’ve worked with recent versions of VMware virtual infrastructure, Converter, or Workstation, you may be familiar with the fact that these products have the native ability to work with virtual machines in the Open Virtualization Format, or OVF for short. OVF is a Specification governed by the DMTF (Distributed Management Task Force) which to me sounds a lot like RFCs which provide standards for protocols and communication across compute platforms – basically SOPs for how content is delivered on the internet as we know it today.

So if there’s one standard, why is it that when I choose to create an OVF (Export OVF Template in the vSphere Client), I’m prompted to create either an OVF or an OVA? If the OVF is an OVF, then what’s an OVA?

Personally, I’ve seen both formats, typically when deploying packaged appliances. The answer is simple: Both the OVF and the OVA formats roll up into the Specification defined by the DMTF. The difference between the two is in the presentation and encapsulation. The OVF is a construct of a few files, all of which are essential to its definition and deployment. The OVA on the other hand is a single file with all of the necessary information encapsulated inside of it. Think of the OVA as an archive file. The single file format provides ease in portability. From a size or bandwidth perspective, there is no advantage between one format or the other as they each tend to be the same size when all is said and done.

The DMTF explains the two formats on pages 12 through 13 in the PDF linked above:

An OVF package may be stored as a single file using the TAR format. The extension of that file shall be .ova (open virtual appliance or application).

An OVF package can be made available as a set of files, for example on a standard Web server.

Do keep in mind that which ever file type you choose to work with, if you plan on hosting them on a web server, MIME types will need to be set up for .OVF, OVA, or both, in order for a client to download them for deployment onto your hypervisor.

At 41 pages, the OVF Specification contains a surprising amount of detail. There’s more to it than you might think, and for good reason:

The Open Virtualization Format (OVF) Specification describes an open, secure, portable, efficient and extensible format for the packaging and distribution of software to be run in virtual machines.

Open, meaning cross platform (bring your own hypervisor). Combined with Secure and Portable attributes, OVF may be one of the key technologies for intracloud and intercloud mobility. The format is a collaborative effort spawned from a variety of contributors:

Simon Crosby, XenSource
Ron Doyle, IBM
Mike Gering, IBM
Michael Gionfriddo, Sun Microsystems
Steffen Grarup, VMware (Co-Editor)
Steve Hand, Symantec
Mark Hapner, Sun Microsystems
Daniel Hiltgen, VMware
Michael Johanssen, IBM
Lawrence J. Lamers, VMware (Chair)
John Leung, Intel Corporation
Fumio Machida, NEC Corporation
Andreas Maier, IBM
Ewan Mellor, XenSource
John Parchem, Microsoft
Shishir Pardikar, XenSource
Stephen J. Schmidt, IBM
René W. Schmidt, VMware (Co-Editor)
Andrew Warfield, XenSource
Mark D. Weitzel, IBM
John Wilson, Dell

Take a look at the OVF Specifications document as well as some of the other work going on at DTMF.

Have a great and safe July 4th weeekend, and congratulations to the Dutch on their win today in World Cup Soccer. I for one will be glad when it’s all over with and our Twitter APIs can return to normal again.

No comments »

Posted in Virtualization

Tags: Cloud ESX ESXi vCenter Server Virtualization VMware Workstation

A piece of my VMware history

July 1st, 2010 by jason No comments »

Much of what I do revolves around Email, or at least is at some point recorded in Email. Just about every day I process email that has entered my inbox both at home and at work. And just about every day I’m reminded what an Email pack rat I am. I keep all Email, or at least I attempt to. Yeah, I’m kinda that guy who sometimes uses email as a file server. At one point I was so bad, I used to keep SPAM messages as well but fortunately I came to the realization that:

I had gone too far and was one step away from being clinically insane.
As my volume of mail to process grew, including SPAM, I honestly never had any intention to go back and read SPAM, not even from a humor or posterity point of view.

So tonight I’m processing some items in my inbox at home. In the back of my mind, I’m again reminded of the fact that I’ve got loads of old mail saved in my .PST file. As a result, my curiosity suggests taking a break and locating the oldest piece of Email. Since I have several folder catagories for Email I receive and in the interest of time, I decide not to bother searching each folder containing Email I which I have received. The best bang for the buck here is to choose the folder which contains sent items, and then choose the oldest piece of Email based on sent date. Who did I write to? What was the subject? When did I send it?

Would you believe this?

The oldest recorded Email in my possession was sent in August 2003 to my friend Dawn in California, with the subject of VMWARE. Well, I’ve provided the screenshot above; you can read it for yourself.

I couldn’t have staged the results any better. I guess this constitutes my first recorded act of VMware evangelism. Mind you, it’s about a year before my account creation and first post on the VMTN forums, and two years before I started using ESX, sat the ICM class, and became VCP 2712 on VI2. There had never been a VMworld yet, and John Troyer was still a self employed consultant in the computer software industry (I would later meet John for the first time in 2006 at a bar in Los Angeles, but I digress). In this particular point in time I’m still using VMware Workstation and probably experimenting with VMware GSX in the lab and formulating a plan for using GSX at the DR/BCP recovery site.

In case you’re curious, I received a reply from Dawn less than an hour afterwards:

You have told me about it and we have it here at work. If I ever add another machine at hole I’ll get it from you, but I don’t see that happening too soon, I just don’t have room for more computers…

Dawn

To which I replied five minutes later:

With VMWARE, you add more virtual computers on your existing machine. It doesn’t mean you have to go buy more computers. That’s what VMWARE is all about, doing more with what you have. Only thing is that the computer you run you VMs on should have lots of memory and hopefully a decent CPU (P3 or better)

Jas

If I get real ambitious, I could add a second post to this later where I mount my .PST files from my previous job which go back to 1998. Sometime in the 2000/2001 timeframe is when I was introduced to VMware by a former co-worker Paul. Some of my earliest conversations could be great fun to look at. I remember having extreme curiosity about how this VMware could possibly work. In addition, I was totally nervous about installing Windows as a VM as I thought it would wipe out the boot record on my workstation.

And there you have it. A little history about VMware and my early beginnings with it. I’m sure everyone has a story to tell. I’d like to hear yours in the comments below.

No comments »

Posted in Virtualization

Tags: VMware

Make an ESX Firewall Rule Manageable in the vSphere Client

June 25th, 2010 by jason 4 comments »

Make an ESX Firewall Rule Manageable in the vSphere Client. To do so, you essentially need to create a new service in the firewall configuration XML file.

Open the file /etc/vmware/firewall/services.xml
Scroll to the bottom & note the last Service ID #
Copy an existing service section as a template (ie. faultTolerance)
Paste as new following proper XML formatting
Increment the Service ID # by 1 ensuring it’s unique
Customize to fit your new inbound/outbound port rule
Save and exit
Services do not need to be restarted

As an example, I took :

<service id=’0031′>
    <id>faultTolerance</id>
    <rule id=’0000′>
      <direction>outbound</direction>
      <protocol>tcp</protocol>
      <port type=’dst’>80</port>
    </rule>
</service>

and created a new service like so:

<service id=’0033′>
    <id>CoolFirewallRule</id>
    <rule id=’0000′>
      <direction>outbound</direction>
      <protocol>tcp</protocol>
      <port type=’dst’>12345</port>
    </rule>
</service>

The result is a firewall rule named CoolFirewallRule which can be toggled via the vSphere Client:

4 comments »

Posted in Virtualization

Tags: ESX Security VMware

vSphere Cluster Showing Noncompliant on the Profile Compliance Tab

June 24th, 2010 by jason No comments »

To troubleshoot a vSphere cluster showing Noncompliant on the Profile Compliance tab, check the following:

FT logging NIC speed is at least 1000 Mbps
At least one shared datastore exists
FT logging is enabled
VMotion NIC speed is at least 1000 Mbps
All the hosts in the cluster have the same build for Fault Tolerance
The host hardware supports Fault Tolerance
VMotion is enabled

Read more at: http://kb.vmware.com/kb/1017471

No comments »

Posted in Virtualization

Tags: ESX ESXi VMware vSphere

Disable Copy and Paste for a VM

June 23rd, 2010 by jason No comments »

Security Tip: Disable Copy and Paste operations between the guest VM operating system and remote console by providing the following advanced parameters for the VM’s configuration (stored in the .vmx file):

isolation.tools.copy.disable = true
isolation.tools.paste.disable = true
isolation.tools.setGUIOptions.enable = false

Update 11/30/10: The disabling of copy/paste via the remote console is now the default out of box behavior as of vSphere 4.1 as a security hardening measure.

Update 8/18/15: VMware KB describing VM and host level configuration Clipboard Copy and Paste does not work in vSphere Client 4.1 and later (1026437)

No comments »

Posted in Virtualization

Tags: ESX ESXi VMware

vCalendar 2.0

June 23rd, 2010 by jason No comments »

vCalendar was launched in 2009 at VMworld. I think it was a success and my sincere hope is that everyone who acquired one got some practical use out of it. I know I have, which is why I created it. Each new day is a pleasant surprise. Some might be curious about what’s next for vCalendar. The truth is that I began development of vCalendar 2.0 shortly after the 1.0 launch. This was easy to do because I followed the same development methodology which was incorporated into version 1.0, essentially harvesting useful data from the trenches on an almost daily basis and then formatting that data into a vCalendar form factor.

So the good news is that there will be a vCalendar 2.0 and I’m planning on an anniversary launch around VMworld 2010 San Francisco. Some data which is not so relevant any longer will be pruned. Some of the data which is still currently relevant or of historic value will be carried over from the previous version. Then there will be quite a bit of new content added which I have been working on since the fall of last year. The next few blog posts you see from me will provide examples of upcoming vCalendar 2.0 content. The posts will be rather short and to the point – because for the most part they are in vCalendar format which is limited to a finite number of rows and 425 characters total.

The not so good news surrounding vCalendar 2.0 is that it will only be available for purchase by continental U.S. peeps online at The Printed Owl. I will do my best to get some vCalendars into the VMworld store as I did last year but I cannot make any promises as it is quite expensive to do so and the budget is tight this year. Veeam did a fantastic job of distributing vCalendars over the past year, however, they will not be carrying the vCalendar this year. I wish to extend my thanks to Veeam for their partnership.

I’d like the vCalendar tradition to continue, be successful, and maybe leave its mark in VMware lore. I’m excited for the upcoming launch and I hope you’re able to get your hands on one.

No comments »

Posted in Virtualization

Tags: VMware

Windows 7 Launch Multiple Program Instances Shortcut

June 22nd, 2010 by jason 5 comments »

I don’t pretend to know all of the Windows keyboard shortcuts but I do maintain an arsenal of frequently used aka useful ones. Here’s one that I discovered by accident which is helpful for applications which multiple instances can typically be spawned simultaneously. Applications like the vSphere Client, PuTTY, Remote Desktop Connection, Command Prompt, maybe a web browser if you dislike browser tabs.

The shortcut:

With one instance of the desired application already launched (and visible on the Windows 7 taskbar), SHIFT + LEFT MOUSE CLICK on the application on the taskbar:

VIOLA! An additional instance is spawned:

I’ve found immediate use for this with launching multiple vSphere Client instances. Sure I have these frequently used applications pinned to my taskbar for one click launch efficiency but when the application already has one instance launched, the target to click on is ergonomically larger and thus easier to find.

This UI enhancement may also work with Vista. I didn’t use that OS long enough to find out. I’m not sure if Microsoft has an official name for this technology – surely there must be an acronym for it. I’ll pay attention during the “Windows 7 was my idea” commercials as this was obviously someone’s idea and this trick could surface there.

ps. On the subject of Windows 7 enhancements. While I do like and use the feature where an application is snapped to one of the four edges of the screen, at the same time I’ve developed a phobia about carefully navigating my mouse while dragging an application where I DO NOT want it to snap and take up a huge chunk of display real estate. I’m passive aggressive particular about the dimensions of my application windows relative to everything else in the shared area. The four edges of a Windows 7 display have tractor beams and when your mouse comes close to the edge, it sucks you the rest of the way in and before you know it, an app is maximized. I’d bet *nix people don’t have these types of issues.