boche.net – VMware Virtualization Evangelist

Posts Tagged ‘Windows’

Windows 7 Launch Multiple Program Instances Shortcut

June 22nd, 2010

I don’t pretend to know all of the Windows keyboard shortcuts but I do maintain an arsenal of frequently used aka useful ones. Here’s one that I discovered by accident which is helpful for applications which multiple instances can typically be spawned simultaneously. Applications like the vSphere Client, PuTTY, Remote Desktop Connection, Command Prompt, maybe a web browser if you dislike browser tabs.

The shortcut:

With one instance of the desired application already launched (and visible on the Windows 7 taskbar), SHIFT + LEFT MOUSE CLICK on the application on the taskbar:

VIOLA! An additional instance is spawned:

I’ve found immediate use for this with launching multiple vSphere Client instances. Sure I have these frequently used applications pinned to my taskbar for one click launch efficiency but when the application already has one instance launched, the target to click on is ergonomically larger and thus easier to find.

This UI enhancement may also work with Vista. I didn’t use that OS long enough to find out. I’m not sure if Microsoft has an official name for this technology – surely there must be an acronym for it. I’ll pay attention during the “Windows 7 was my idea” commercials as this was obviously someone’s idea and this trick could surface there.

ps. On the subject of Windows 7 enhancements. While I do like and use the feature where an application is snapped to one of the four edges of the screen, at the same time I’ve developed a phobia about carefully navigating my mouse while dragging an application where I DO NOT want it to snap and take up a huge chunk of display real estate. I’m passive aggressive particular about the dimensions of my application windows relative to everything else in the shared area. The four edges of a Windows 7 display have tractor beams and when your mouse comes close to the edge, it sucks you the rest of the way in and before you know it, an app is maximized. I’d bet *nix people don’t have these types of issues.

5 comments »

Posted in General, Virtualization

Tags: Microsoft vSphere Client Windows

Active Directory Problems

June 13th, 2010

I’ll borrow an introduction from a blog post I wrote a few days ago titled NFS and Name Resolution because it pretty much applies to this blog post as well:

Sometimes I take things for granted. For instance, the health and integrity of the lab environment. Although it is “lab”, I do run some workloads which are key to keep online on a regular basis. Primarily the web server which this blog is served from, the email server which is where I do a lot of collaboration, and the Active Directory Domain Controllers/DNS Servers which provide the authentication mechanisms, mailbox access, external host name resolution to fetch resources on the internet, and internal host name resolution.

The workloads and infrastructure in my lab are 100% virtualized. The only “physical” items I have are type 1 hypervisor hosts, storage, and network. By this point I’ll assume most are familiar with the benefits of consolidation. The downside is that when the wheels come off in a highly consolidated environment, the impacts can be severe as they fan out and tip over down stream dependencies like dominos.

Due to my focus on VMware virtualization, the Microsoft Active Directory Domain Controllers hadn’t been getting the care and feeding they needed. Quite honestly, there have several “lights out” situations in the lab due to one reason or another. The lab infrastructure VMs and their underlying operating systems have taken quite a beating but continued running. Occassionally a Windows VM would detect a need for a CHKDSK . Similarly, Linux VMs wanted an FSCK. But they would faithfully return to a login prompt.

A week ago today, the DCs succumbed to the long term abuse. Symptoms were immediately apparent in that I could not connect to the Exchange 2010 server to access my email and calendar. In addtion, I had lost access to the network drives on the file server. Given the symptoms, I knew the issue was Active Diriectory related, however, I quickly found out the typcal short term remedies weren’t working. I looked at the Event Logs for both DCs. Both were a disaster and looking at the history, they had been ill for quite a long time. I was going to have to really dig in to resolve this problem.

I spent several of the following evenings trying to resolve the problem. As each day passed, anxiety was building because I was lacking email which is where I do a lot of work out of. I had cleaned up AD meta data on both DCs, I had removed DCs to narrow the problem down, I examined DNS checking the integrity of AD integrated SRV records. I had restored the DCs to an isolated network from prior backups to no avail. Although AD was performing some base authentication, there were a handful of symptoms remaining which would indicate AD was still not happy. A few of the big ones were:

Exchange Services would either not start or would hang on starting
SYSVOL and NETLOGON shares were not online on the DCs
NETDIAG and DCDIAG tests on the DCs both had major failures, primarily inability to locate any DCs, Global Catalog Servers, time servers, or domain names

All of these problems utlimately tied to an error in the File Replication Service log on the DCs:

Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13566
Date: 6/10/2010
Time: 9:15:56 PM
User: N/A
Computer: OBIWAN
Description:
File Replication Service is scanning the data in the system volume. Computer OBIWAN cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.

To check for the SYSVOL share, at the command prompt, type:
net share

When File Replication Service completes the scanning process, the SYSVOL share will appear.

The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume.

I had waited a long period of time for the scan to complete, but it had become apprent that the scan was never going to complete on its own. After quite a bit of searching, I came up with Microsoft KB Article 263532 How to perform a disaster recovery restoration of Active Directory on a computer with a different hardware configuration. Specifically, step 3j provided the answer to solving the root cause of the problem. There is a registry value called BurFlags located in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\
Backup/Restore\Process at Startup\. The value needs to be set to d4 to allow SYSVOL to be shared out.

Once this registry value was set, all of the problems I was experiencing went away. Exchange services started and I had access to my Email after a four day inbox vacation. I had been through a few instances of AD meta data cleanup but this turned out to be a more complex problem than that. I am thankful for internet search engines because I probably would have never solved this problem without the MS KB Article. I was actually coming close to wiping my current AD and starting over, although I knew that would be pretty painful considering the integration of other components like Exchange, SQL, Certificate Services, DNS, Citrix, etc. that was tied to it.

2 comments »

Posted in Virtualization

Tags: Microsoft VMware Windows

New Microsoft .NET Framework Update Breaks vSphere Client

June 10th, 2010

Just a quick heads up to bring attention to an issue which I caught on Twitter. VMware published KB 1022611 today which describes a new issue that is introduced by a recent Microsoft .NET Framework 2.0 SP2 & 3.5 SP1 update. Upon installing the update, the vSphere Client stops working. According to the article, the issue impacts ESX(i)3.5, 4.0, and vCenter 4.0. Contrary to the topic of this blog post, I am not placing blame on Microsoft. It remains unclear to me which company’s development staff is responsible for the software incompatibility. Microsoft obviously issued the udpate which revealed the problem, but VMware has some skin in this as well in that they need to make sure they are following Microsoft .NET Framework development standards and best practices for their enterprise hypervisor management.

Key details from the VMware KB article:

The vSphere Clients, prior to the Update 1 release, cannot be used to access the vCenter Server or ESX hosts. A Microsoft update that targets the .NET Framework, released on June 9th 2010 is causing this issue. The update http://support.microsoft.com/kb/980773 causes the vSphere Client to stop working. To correct the issue there are two options that can be performed:

Download and install the latest version of the vSphere Client. To download the latest version, visit our website at http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4.OR

Remove the MS update from your Windows operating system. The vSphere Client works after the update is removed.

Note: This affects Windows XP, Windows 2003, Windows 2008, Windows Vista, and Windows 7.

No comments »

Posted in Virtualization

Tags: Microsoft VMware vSphere Client Windows

VMware Workstation Upgrade to 7.1

May 26th, 2010

Microsoft Windows 7 Professional 64-bit
VMware Workstation 7.0.1 build-227600

I had heard VMware Workstation 7.1 was released. Unfortunately, the VMware Workstation “check for updates” feature doesn’t seem to be serving its intended purpose as it told me no updates were available.

I downloaded the installation package manually and performed the upgrade. Two reboots were required:

After the uninstall of my previous version of Workstation
After the install of Workstation 7.1

I hope the usability experience is better than my upgrade experience. I realize some of the reboot business is on the Microsoft Windows 7 operating system but come on, would someone please figure this out? Is there no way to perform an in place upgrade of Workstation to minimize the reboots to one?

What’s New in VMware Workstation 7.1

•Support for 8 virtual processors (or 8 virtual cores) and 2 TB virtual disks.

•Support for OpenGL 2.1 for Windows Vista and Windows 7 guests.

•Greatly improved DirectX 9.0 graphics performance for Windows Vista and Windows 7 guests. Up to 2x faster than Workstation 7.

•Launch virtualized applications directly from the Windows 7 taskbar to create a seamless experience between applications in your virtual machines and the desktop.

•Optimized performance for Intel’s Core i3, i5, i7 processor family for faster virtual machine encryption and decryption.

•Support for more Host and Guest Operating Systems, including: Hosts: Windows 2008 R2, Ubuntu 10.04, RHEL 5.4, and more Guests: Fedora 12, Ubuntu 10.04, RHEL 5.4, SEL 11 SP1, and more.

•Now includes built in Automatic Updates feature to check, download, and install VMware Workstation updates.

•Ability to import and export Open Virtualization Format (OVF 1.0) packaged virtual machines and upload directly to VMware vSphere, the industry’s best platform for building cloud infrastructures.

1 comment »

Posted in Virtualization

Tags: Microsoft Rant VMware Windows Workstation

Windows 2008 R2 and Windows 7 on vSphere

March 28th, 2010

If you run Windows Server 2008 R2 or Windows 7 as a guest VM on vSphere, you may be aware that it was advised in VMware KB Article 1011709 that the SVGA driver should not be installed during VMware Tools installation. If I recall correctly, this was due to a stability issue which was seen in specific, but not all, scenarios:

If you plan to use Windows 7 or Windows 2008 R2 as a guest operating system on ESX 4.0, do not use the SVGA drivers included with VMware Tools. Use the standard SVGA driver instead.

Since the SVGA driver is installed by default in a typical installation, it was necessary to perform a custom installation (or scripted perhaps) to exclude the SVGA driver for these guest OS types. Alternatively, perform a typical VMware Tools installation and remove the SVGA driver from the Device Manager afterwards. What you ended up with, of course, is a VM using the Microsoft Windows supplied SVGA driver and not the VMware Tools version shown in the first screenshot. The Microsoft Windows supplied SVGA driver worked and provided stability as well, however one side effect was that mouse movement via VMware Remote Console felt a bit sluggish.

Beginning with ESX(i) 4.0 Update 1 (released 11/19/09), VMware changed the behavior and revised the above KB article in February, letting us know that they now package a new version of the SVGA driver in VMware Tools in which the bits are populated during a typical installation but not actually enabled:

The most effective solution is to update to ESX 4.0 Update 1, which provides a new WDDM driver that is installed with VMware Tools and is fully supported. After VMware Tools upgrade you can find it in C:\Program Files\Common Files\VMware\Drivers\wddm_video.

After a typical VMware Tools installation, you’ll still see a standard SVGA driver installed. Following the KB article, head to Windows Device Manager and update the driver to the bits located in C:\Program Files\Common Files\VMware\Drivers\wddm_video:

The result is the new wddm driver, which ships with the newer version of VMware Tools, is installed:

After a reboot, the crisp and precise mouse movement I’ve become accustomed to over the years with VMware has returned. The bummer here is that while the appropriate VMware SVGA drivers get installed in previous versions of Windows guest operating systems, Windows Server 2008 R2 and Windows 7 require manual installation steps, much like VMware Tools installation on Linux guest VMs. Add to this the fact that the automated installation/upgrade of VMware Tools via VMware Update Manager (VUM) does not enable the wddm driver. In short, getting the appropriate wddm driver installed for many VMs will require manual intervention or scripting. One thing you can do is to get the wddm driver installed in your Windows Server 2008 R2 and Windows 7 VM templates. This will ensure VMs deployed from the templates have the wddm driver installed and enabled.

The wddm driver install method from VMware is helpful for the short term, however, it’s not the scalable and robust long term solution. We need an automated solution from VMware to get the wddm driver installed. It needs to be integrated with VUM. I’m interested in finding out what happens with the next VMware Tools upgrade – will the wddm driver persist, or will the VMware Tools upgrade replace the wddm version with the standard version? Stay tuned.

9 comments »

Posted in Virtualization

Tags: ESX ESXi Microsoft Update Manager VMware VMware Tools vSphere Windows

Virtual Infrastructure Client and the Windows Registry

June 17th, 2009

Hello gang. I apologize for the frequency slowdown in blog posts but I’ve been _insert lame excuse everyone has heard before here_. Truth be told, I am busy working on a project which I hope to have available the virtualization community on or before VMworld 2009.

This post is a no brainer, maybe you’ve seen it before on another blog or maybe you’ve figured it out for yourself. For me, I can honestly say it was the latter, but with some minimal registry skills, it’s not so difficult.

In short, my Virtual Infrastructure Client (VIC) cached list of host connection entries (at the login prompt) had gotten much too polluted over time with many stale entries that I wanted to get rid of. This can happen over the course of time if you use your VIC to connect to many different vCenter servers or explicit hosts in various environments. Particularly, I would think this can happen quickly to consultants who travel from site to site supporting virtual infrastructures.

There is a way to manipulate the cached list you see in the pulldown box. And by manipulate, I don’t just mean delete. In addition to deleting entries, you can also modify entries (perhaps for a DNS suffix migration), re-order entries (VMware doesn’t maintain this list in alpha order necessarily or perhaps you’d like a custom sort order), or add entries (consider a scenario where you have a packaged VIC that you want to roll out to your new VMware admin – instead of presenting the new admin, who has no knowledge of the environment, with a blank VIC, help them hit the ground running with a pre-populated list of vCenter servers or ESX hosts to connect to).

As the title of this post indicates, the cached entries are stored in the Windows registry and are tied to each individual user profile (HKU). You’ll find the comma delimited list of entries in the following registry key:

HKU\<User SID>\Software\VMware\VMware Infrastructure Client\Preferences\

The value name is RecentConnections and the type is REG_SZ

There’s one more value nearby that sticks out like a sore thumb:

HKU\<User SID>\Software\VMware\Virtual Infrastructure Client\Preferences\UI\SSLIgnore\

The value names vary by connection name or IP address and the type is REG_SZ. These represent each connection where you’ve checked the little box telling the VIC that you want to ignore SSL certificate warnings which you will receive in an “out of the box” configuration. I can’t think of a great use case scenario why someone who has chosen to ignore SSL warnings would want to re-enable them, other than a situation where they’ve now enabled legitimate SSL.

To find out why disabling SSL warnings might not be such a great idea, see my previous blog post titled SSL Integration With VirtualCenter.

As they say in the ARMY, or at least on M*A*S*H… “That is all”.

No comments »

Posted in Virtualization

Tags: Virtual Infrastructure Client VMware Windows

vSphere Memory Hot Add/CPU Hot Plug

May 10th, 2009

I’ve been experimenting with vSphere’s memory hot add and CPU hot plug features to determine its usefulness with Windows Server operating systems. I came up with mixed results depending on the version and architecture of the OS.

A few notes about the results:

Memory hot remove is not supported at all by vSphere. It’s not an option no matter what the guest OS.
Although virtual hardware can be hot added depending on the OS, there are caveats in certain cases
1. A guest reboot may be required (this is outlined in the table below).
2. Memory that is hot added to guests that support the hot add without a reboot will result in 100% sustained CPU utilization in the guest OS for a variable period of time that is dependent on the amount of of memory that is added. In my testing (and keep in mind your mileage may vary on different hardware):
  1. 1GB of RAM hot added resulted in 100% CPU for 1-3 seconds.
  2. 3GB of RAM hot added resulted in 100% CPU for about 10 seconds.
CPU hot unplug is supported by vSphere but was not supported by any of the Windows operating systems that I tested.
Going from 1vCPU to 2vCPUs in Windows 2008 guest operating systems did not result in a HAL change. From what I can tell, Windows 2008 uses the same HAL for uniprocessor and SMP. When a vCPU is hot added, it does show up right away in the Device Manager, however, it’s not seen in Task Manager or Computer Properties therefore my assumption is that processes are not being scheduled on the added vCPU until after the reboot at which time the additional vCPU shows up in all places that it should (ie. Task Manager, Computer Properties, etc.)
I certainly like the innovation and flexibility here but I’m not sure hot add technology is going to mesh well with planned change management systems. The most important thing to recognize though is that VMware offers this technology to us as our choice to use or not use. It’s not a feature VMware held back drawing their own conclusion that nobody on the planet could ever use it. Microsoft does this today with Hyper-V memory over commit. Or rather they don’t offer memory over commit in Hyper-V because they made the decision on behalf of all their customers that nobody could or should use memory over commit. Instead you should pad your hosts with more physical memory at additional cost to you.

Here is the table of results I came up with:

	Memory hot add	Memory hot remove	CPU hot plug	CPU hot unplug
Windows Server 2003 STD x86
Windows Server 2003 STD x64
Windows Server 2003 ENT x86
Windows Server 2003 ENT x64
Windows Server 2008 STD x86	*
Windows Server 2008 STD x64	*		*
Windows Server 2008 ENT x86
Windows Server 2008 ENT x64			*
Windows Server 2008 DC x86
Windows Server 2008 DC x64
Windows Server 2008 R2 DC x64 (experimental support only)
* Reboot of guest OS required to recognize added hardware

25 comments »

Posted in Virtualization

Tags: Hardware vSphere Windows

MobilePress caused 55,000+ files in c:\windows\temp

March 19th, 2009

A while after installing the MobilePress 1.0.3 plugin for WordPress, my IIS server locked up. I rebooted it and all was well. A while later, it locked up again. Upon further investigation, I found 55,000+ files in the c:\windows\temp\ folder and new files were popping in there at a rate of a few per minute.

Each of the 55,000 files looked like:

sess_1dq5436rb4m9b399cojhnmitd1

sess_3meinb58v9oqra5ia0869pqig6

sess_5hbicsnrt0hn1qj9lc5q9n7g30

where the prefix of sess_ is common but the rest is random.

Using Sysinternals procmon.exe, I was able to identify right away that the process responsible for creating the files was w3wp.exe which pointed me to IIS. However, I wasn’t sure why IIS would begin doing this after being stable for a long time.

Searches on the internet said the files were being generated by PHP and indicated new user sessions as visitors hit my blog. That helped confirm the fact that these were coming from IIS and the blog but still no tell tale reason as to why all of the sudden.

Then I opened up one of the files and it showed:
SESS_MOBILE_BROWSER|s:6:”mobile”;SESS_MOBILE_ACTIVE|b:0;SESS_MOBILE_THEME|s:7:”default”;

That was enough to jog my memory that I had recently installed the MobilePress plugin.

Removing the plugin immediately resolved the issues and the temp files are no longer created.

7 comments »

Posted in General

Tags: Blog IIS PHP Windows WordPress

How to install Windows 7 on VMware Fusion

January 25th, 2009

The VMware Fusion team has put together a great “how to” guide for installing Microsoft Windows 7 (beta) on VMware Fusion on Mac. Complete with screenshots and detailed explanations, this resource should have you up and running Windows 7 in no time.

I’m hearing from various people in the trenches that Windows 7 on a VM runs very well, better than Vista, and one report says with as little as 512MB RAM. Sometimes it’s hard to tell if people are more excited about running the new Windows OS as a VM, or the fact that the Windows promise land that Vista never provided may be right around the corner.

Check it out!

5 comments »

Posted in Virtualization

Tags: 7 Fusion Microsoft Vista VMware Windows

Windows on multicore processors

January 22nd, 2009

Great article by Randall C. Kennedy comparing Windows XP, Windows Vista, and Windows 7 and their multicore efficiencies (or lack thereof). If you want to know which Windows OS is going to take most efficient advantage of AMD and Intel multicore technology, this article is worth a read. You may be surprised at the results.

Excerpt:

“In order to test the limits of Windows multicore support, I constructed a comprehensive, multiprocess workload test package using the ADO (database), MAPI (workflow), and WMP (media playback) Stress objects from the DMS Clarity Studio; see “How I tested” for the details. I then executed the package across representative dual- and quad-core systems in an effort to document the scalability, the execution efficiency, and the raw performance of the workloads when running against each of the available Windows incarnations.”

Read the full article here.

1 comment »

Posted in General

Tags: 7 Microsoft Vista Windows XP

Three VirtualCenter security tips Windows administrators should know

January 15th, 2009

Good morning! I’d like to take the opportunity to talk a bit about something that has been somewhat of a rock in my shoe as a seasoned Windows administrator from the NT 3.5 era: The VirtualCenter (vCenter Server, VirtualCenter Management Server, VCMS, VC, etc.) security model, or more accurately, its unfamiliar mechanics that can catch Windows administrators off guard and leave them scratching their heads.

Tip #1: The VCMS security model revolves around privileges, roles, and objects. The more than 100 privileges define rights, roles are a collection of privileges, and roles are assigned to objects which are entities in the virtual infrastructure as shown in the diagram borrowed below:

Windows administrators will be used to the concept of assigning NTFS permissions to files, folders, and other objects in Active Directory. It is very common for Windows objects to contain more than one Access Control Entry (ACE) which can be a group (such as “Accounting”, “Marketing”, etc.) or an explicit user (such as “Bob”, Sally”, etc.) The same holds true for assigning roles to object in VC.

In some instances, which are not uncommon at all, a user may be granted permission to an object by way of more than one ACE. For example, if both the Accounting and Marketing groups were assigned rights, and Sally was a member of both those groups, Sally would have rights to the object through both of those groups. Using this same example, if the two ACEs defined different permissions to an object, the end result is a cumulative, so long as the ACE doesn’t contain “deny” which is special: Sally would have the combined set of permissions. The same holds true in VC.

Let’s take the above example a step further. In addition to the two groups, which Sally is a member of, being ACLd to an object, now let’s say Sally’s user account object itself is an explicit ACE in the ACL list. In the Windows world, the effect is Sally’s rights are still cumulative combining the three ACEs. This is where the fork in the road lies in the VirtualCenter security model. Roles explicitly assigned to a user object trump all other assigned or inherited permissions to the same object. If the explicit ACE defines less permissions, the effective result is Sally will have less permissions than what her group membership would have provided. If the explicit ACE defines more permissions, the effective result is Sally will have more permissions than what her group membership would have provided. This is where Windows based VC administrators will be dumbfounded when a user suddenly calls with tales of things gray’d out in VirtualCenter, not enough permissions, etc. Of course the flip side of the coin is a junior administrator suddenly finds themselves with cool new options in VC. “Let’s see what this datastore button does”

Moral of the story from a real world perspective: Assigning explicit permissions to user accounts in VC without careful planning will yield somewhat unpredictable results when inheritance is enabled (which is typical). To take this to extremes, assigning explicit permissions to user accounts in VC, especially where inheritance in the VC hierarchy is involved, is a security and uptime risk when a user ends up with the wrong permissions accidentally. For security and consistency purposes, I would avoid assigning permissions explicitly to user accounts unless you have a very clear understanding of the impacts currently and down the road.

Tip #2: Beware the use of the built in role Virtual Machine Administrator. It’s name is misleading and the permissions it has are downright scary and not much different than the built in Administrator role. For instance, the Virtual Machine Administrator role: can modify VC and ESX host licensing, has complete control over the VC folder structure, has complete control over Datacenter objects, has complete control over datastores (short of file management), can remove networks, has complete control over inventory items such as hosts and clusters. This list goes on and on. I have three words: What The Hell?! I don’t know – the way my brain works is those permissions stretch well beyond the boundaries of what I would delegate for a Virtual Machine Administrator.

Moral of the story from a real world perspective: Use the Virtual Machine Administrator role with extreme caution. There is little disparity between the Administrator role and the Virtual Machine Administrator role, minus some items for Update Manager and changing VC permissions themselves. Therefore, any user who has the Virtual Machine Administrator role is practically an administrator. The Virtual Machine Administrator role should not be used unless you have delegations that would fit this role precisely. Another option would be clone the role and strip some of the more datacenter impactful permissions out of it.

Tip #3: Audit your effective VirtualCenter permissions on a regular basis, especially if you have large implementation with many administrators “having their hands in the cookie jar” so to speak. If you use groups to assign roles in VC, then that means you should be auditing these groups as well (above and beyond virtualization conversations, administrative level groups should be audited anyway as a best practice). This whitepaper has a nice Perl script for dumping VirtualCenter roles and permissions using the VMware Infrastructure Perl Toolkit. Use of the script will automate the auditing process quite a bit and help transform a lengthy mundane task into a quicker one. While you’re at it, it wouldn’t be a bad idea to periodically check tasks and events to see who is doing what. There should be no surprises there.

Moral of the story from a real world perspective: Audit your VirtualCenter roles and permissions. When an unexpected datacenter disaster occurs from users having elevated privileges, one of the first questions to be asked in the post mortem meeting will be what your audit process is. Have a good answer prepared. Even better, avoid the disaster and down time through the due diligence of auditing your virtual infrastructure security.

For more information about VirtualCenter security, check out this great white paper or download the .pdf version from this link. Some of the information I posted above I gathered from this document. The white paper was written by Charu Chaubal, a technical marketing manager at VMware and Ph.D. in numerical modeling of complex fluids, with contributions from Doug Clark, and Karl Rummelhart.

If VirtualCenter security talk really gets your juices flowing, you should check out a new podcast launched by well known and respected VMTN community member/moderator and book author Edward Haletky that starts today called Virtualization Security Round Table. It is sure to be good!

3 comments »

Posted in Virtualization

Tags: Documentation Microsoft Rant Security vCenter Server VirtualCenter VMware Windows

Introducing: IT Knowledge Exchange/TechTarget

December 18th, 2008

Have you seen TechTarget’s IT Knowledge Exchange? If you are an IT staff member in search of answers or excellent technical blogs, ITKE is one site you’ll want to bookmark. Their award winning editorial staff include virtualization bloggers such as Eric Siebert, David Davis, prolific VirtualCenter plugin writer Andrew Kutz, Rick Vanover, Edward Haletky, and many more.

Search or browse by hundreds of tags covering hot IT topics such as Database, Exchange, Lotus Domino, Microsoft Windows, Security, Virtualization, etc.

Their value proposition is simple: provide IT professionals and executives with the information they need to perform their jobs—from developing strategy, to making cost-effective IT purchase decisions and managing their organizations’ IT projects.

One month ago, brianmadden.com was purchased by TechTarget. I think this addition will be a nice shot in the arm for ITKE. In one transaction they integrate an established rich Citrix/Terminal Services/Virtualization knowledgebase and talented staff of bloggers that it can in turn use to help its readers and advertising clientele.

TechTarget has over 600 employees, was founded in 1999, and went public in May 2007 via a $100M IPO.

4 comments »

Posted in Virtualization

Tags: Blog Citrix Documentation Microsoft Terminal Services VDI Virtualization VMware Windows

Access a CD/DVD from the ESX console

December 17th, 2008

If by chance you need to access the CD/DVD ROM tray on your ESX host from the service console (COS), it is not as straight forward as clicking on the cup holder icon under “My Computer”. The media needs to be mounted in the RHEL based service console operating system first. This blog entry explains how.

1. Determine which device represents the tray holding the media you want to mount using the command ll /dev |grep cdrom. In this case on a Dell PER900, I see two CD/DVD ROM instances. /dev/hda represents the physical tray on the ESX host. /dev/scd0 represents the virtual .iso media connected via the DRAC:

2. I want to mount the virtual .iso media represented by /dev/scd0. The command is mount /dev/scd0 /mnt/cdrom. As seen in the following example, once I have mounted the device, the CD/DVD media is now accessible at the /mnt/cdrom location. In this case, it’s a Windows Server 2003 CD. Why would I want to stick a Windows CD in an ESX host? Perhaps I’d like to create an .iso image to be stored on a VMFS volume using the dd if=/mnt/cdrom of=/vmfs/volumes/vmfs_storage1/win2k3.iso command:

3. When finished, don’t forget to unmount the media. The command for this is umount /mnt/cdrom. Notice the media cannot be unmounted when someone or something is presently accessing the media directory structure (as indicated by the “device is busy” error message on the first unmount attempt):

5 comments »

Posted in Virtualization

Tags: ESX Hardware Linux Microsoft VMware Windows

WordPress 2.7 has been released

December 11th, 2008

It’s finally here. Don’t get me wrong, I haven’t been waiting on pins and needles for this release. I’m happy with the WordPress 2.6.5 version I’m on now but maybe once I see the new features in 2.7 I’ll get more excited about it. At any rate, I’ll be proceeding with much caution. Probably not for at least a few weeks. Much like a Microsoft Windows service pack, I’ll let other early adopters find out the joys first, then I’ll stand on the shoulders of their learning and success and avoid the pitfalls myself. My concerns are with the dozen or more plugins/widgets I use in addition to my blog theme. If you have any experience or hear any sort of news good/bad/ugly, please share the knowledge. Comments always welcome here (as long as they are not spam).

5 comments »

Posted in General

Tags: Blog Microsoft Windows

Confused about Citrix XenServer 5 support for Windows Server 2008

November 25th, 2008

I read a news item here stating Citrix XenServer 5 lacks support for Windows Server 2008 as a guest operating system. I decided to check it out for myself.

Citrix reveals here that indeed Windows Server 2008 guests are not supported in XenServer 5. However, the What’s new in Citrix XenServer 5 page explains that XenServer 5 is tuned for Windows and Windows Server 2008 guest support has been added through the all important Microsoft Server Virtualization Validation Program (SVVP).

Confused? I am.

VMware supports Windows Server 2008 for many of its products and VMware is very clear about it. VMware’s guest OS support for all VMware products can be found in the Guest Operating System Installation Guide.