The 9/11 Post

September 10th, 2011 by jason No comments »

Snagit CaptureMy memory isn’t what it used to be but there are a few experiences in the past which remain clear in my mind.  The first time I met the person who would eventually become my wife. The birth of my daughter. The first time I saw VMware ESXi at a Minneapolis VMUG meeting.  September 10th, 2001 and of course what followed the next morning.  A lot of people have a 9/11 story.  I have mine.  Tomorrow being the 10 year anniversary, I’ll share it here as requested.

In 2001 I worked as a Systems Engineer for a large bank based out of Minneapolis, MN.  One of our datacenters was located in Columbia, MD which is situated between Baltimore, MD and Washington D.C.  We were re-IP’ing the datacenter the weekend before 9/11 so I had spent the prior week on site making the final preparations for the long weekend ahead which I would also be involved in.

As I recall, it was a pretty long weekend working around the clock.  Par for the course when we had to deal with the finicky attitude of Microsoft SQL Server clusters.  We got through it and Monday morning arrived.  I would usually stick around through mid day Monday for this type of activity to make sure we were out of the woods, then fly out in the afternoon or early evening.  There were no issues to speak of but I hung out with my Maryland co-workers until the last possible minute I had to leave for the airport.  This was my normal routine.  At this point in time there was no reason to arrive at the airport two hours early.  There weren’t security checkpoints & the associated lines to deal with.  However, I had cut it way too close this time and was going to miss my flight.  I didn’t know it at the time but arriving late and missing my flight would allow me a brush with fame opportunity.

Snagit CaptureAt this time it’s probably 5:30pm EDT.  I worked with the ticketing agent to find a later flight out.  Fortunately there was a later flight, I believe it was the last out of BWI.  I checked my bag and made my way to the gate for the long wait.  The portion of the airport where my gate existed was fairly empty.  I was doing the long walk thing to one of the last gates.  As I’m walking, a young guy who had gotten off a plane is walking towards me from the opposite direction.  From a distance he’s tall and has a baseball cap on.  As we passed each other, I got a closer look.  One thought immediately entered my mind as he was walking away “He looks like Travis Pastrana (a pro motocross Suzuki rider).”  The DUH moment followed “Travis and his parents live in Maryland.”  When you eat, sleep, and breathe motocross, you follow motocross and pro riders closely. You know these things.  I spun around and called out his first name “Travis!” from 20 feet away.  We talked for about a minute.  He was a nice guy and autographed a full spread poster of him performing a lazy boy contained in a motocross magazine I happened to be carrying in my laptop bag.  Then we went on our respective ways.  I called my wife (girlfriend at the time) and told her she’d never guess who I just met.  I spent the rest of the evening smiling.  I would always remember that particular day (but not necessarily the date September 10th itself), as one of the best days in my life.  The following day would be one of the worst.

Tuesday morning I woke up and drove to work in downtown Minneapolis.  As I waited at the intersection of 11 Street to turn right onto Hennepin Avenue, the frantic reports started coming in over the radio.  For me, that’s where I was when 9/11 happened – at that intersection making a right turn, trying not to believe what I’m hearing on the radio.  The details of that event are known by all and don’t need repeating here.  I had a difficult time grasping what had happened, how they could have happened.  I thought about how close I had been to one of the sites the night before.

The following weekend I loaded up the truck to race at Mazeppa.  There was such a poor turnout due to the week’s events that the races were cancelled and for those that stuck around, we just practiced the entire day.  A small and inconsequential example of how the events 9/11 would impact the future.  By the grace of God, I didn’t lose any of my own loved ones, friends, or co-workers but when I see the faces of the innocent people who lost their lives, I can’t help but feel a connection to each of them.  I’ve watched interviews of so many who suffered the loss of family members and I absolutely cannot comprehend how they dealt with it.  I pray that those who passed on and their family members who remain receive love and comfort from God.  It will be an emotional morning at church tomorrow as we join together in a special service of remembrance.

My daughter started kindergarten last week.  I also have a three year old boy.  In time they will learn about 9/11 and will inevitably talk about it and/or ask my wife and I questions about it.  I hope that it is the type of event they will only have to learn about through history books.  Tomorrow I’ll pray for peace and hope that my children and my children’s children can grow up in a better world.

On a creepy side note, for the first part of my tenure at the bank, each time I traveled to the Columbia site, a national level tragedy occurred:

  • Columbine High School tragedy – 4/20/99
  • 9/11 tragedy – 9/11/01
  • Space Shuttle Columbia tragedy – 2/1/03

I no longer work for the bank and as such, no longer travel to this site.

Add some color to your ESXi shell

September 7th, 2011 by jason 2 comments »

A few days ago I wrote a piece about Tech Support Mode in ESXi 5.0 for those who prefer to use it.  I’m going to compliment it a bit with a small trick which may appeal to your visual senses.  Since the dawn of ESX and ESXi, we’ve been working inside a Service Console and ESXi Shell respectively which defaults to an off-white foreground character set on a black background.  This can be changed in the following file using vi as the editor:

/etc/profile

By adding the line shown below, the default shell prompt can be modified.  For the purposes of this writing, the goal is not to change the prompt itself (although this is where you’d do it), but rather to change the color of the prompt.  Normally, only the color of the prompt would change and all text that followed would default back to the stock foreground color.  The trick is to modify the prompt so that the color-set sequence is modified, and is not closed – rather it is left open so that that the foreground color of the prompt bleeds into all of the text the follows it.  The mechanics behind it as well as common color codes are described here.  I like the color Cyan.

Snagit Capture

In the example above, I’ve added the following new line to /etc/profile:

PS1=’\[\e[1;96m\][\u@\h \W]\$\[\e[1;96m\] ‘

Bold High Intensity Cyan comes from the string 1;96m which you’ll see defined in two spots in the line which I added.  After saving /etc/profile and re-establishing the ESXi shell connection, the change takes effect:

Snagit Capture

I’m a little happier at the command line now and sometimes it is the little things that help get me through the day.

New View Client for iPad Sneak Peak at VMworld 2011

September 3rd, 2011 by jason 4 comments »

Wednesday night I bumped into VMware Product Manager Tedd Fox at the Palazzo pool side party. You may remember Tedd as the man behind the VMware View Client for iPad. He invited me to stop by the VMware EUC booth for a look at “something”.  The following day I met up with him at the booth.  He grabbed his second generation iPad, I rolled camera, and he showed me some never before seen footage of the next release of the VMware View Client for iPad expected to be released within the next few weeks to both iPad generations.

This particular release sports security minded features as well as enhancements to improve ease of use.  Following are some notes on what Ted talked about during the demo of his production environment:

  • Blurred thumbnails of previously opened desktop connections
  • Certificate checking
  • Three native levels of security: High, Medium, and Low
  • Embedded RSA Soft Token
  • The above keyboard toolbar has been modified to display most of the commonly used function and arrow keys above the keyboard instead of on a separate “floater” which consumed valuable display real estate
  • Plugging in the video out dongle converts the iPad into a Macbook pro sized trackpad and keyboard
  • Release expected within the next few weeks in the App Store
  • Will be compatible with Apple IOS 5
  • An Android version (minus presentation mode) will be made available at the same time, in addition to Cisco Cius

Following is a video capture of the demo and below that a static image of presentation mode trackpad and keyboard:

Tedd didn’t have video dongle at the time of the interview but he did follow up with an email showing what presentation mode trackpad and keyboard looks like on the iPad:

SnagIt Capture

I’d like to thank Tedd and VMware for their time and the exclusive demo.  As a gen 1 iPad owner who already has gotten a lot of mileage out of the View Client for iPad + View 4.6 and now 5.0 beta, I’m pretty excited about this release and future developments.  The iPad and other comparable tablets are convenient for conferences such as VMworld because of apps like the one Tedd develops.  Just Enough Device to access email, access my calendar and schedule, access my home lab remotely while in a VMworld session.

Tech Support Mode Warnings Revisited In vSphere 5

September 2nd, 2011 by jason 9 comments »

A few months ago I authored a blog post titled Tech Support mode Warnings.  It dealt with the yellow balloon warnings attached to a host object in vCenter when Local Tech Support Mode was enabled (as well as Remote Tech Support via SSH).

Without surprise, the warnings are back in vSphere 5, albeit with the warning messages slightly changed.

Configuration Issues

ESXi Shell for the host has been enabled

SSH for the host has been enabled

Snagit Capture

In the previous blog post, I referenced VMware’s KB article which stated there was no way to hide the messages while the offending configuration was in place.  That may have been the official stance but it certainly wasn’t the case from a technical standpoint as there are a few workarounds to suppress the messages.

VMware has shown us a little love in vSphere 5.  Both messages can be suppressed with a modification of an Advanced Setting on each host.  Even better, there is no reboot of the host or recycle of a service required.  In my testing, Maintenance Mode was also not required and could be performed with running VMs on the host.  Although if you’re wondering if this is going to be safe to perform in a running production environment, be sure to take a step back and consider not only the immediate impact of the task, but also the longer term impact of the change because by this point you’ve already enabled or you’re thinking of enabling the Local ESXi Shell and/or remote SSH via the network.  Reference your security plan or hardening guidelines before proceeding.

Following is the tweak to suppress the warnings which I found in VMware KB 2003637:

Snagit Capture

Again, this is performed for each host during the time that it is built or after it is deployed.  In the figure above, the change is made via the vSphere Client, but it can also be scripted via command line with esxcfg-advcfg.

Somewhat related, in the same yellow balloon area you may also see a host warning message which states “This host currently has no management network redundancy” as shown below:

Snagit Capture

In production environment, you’ll want to resolve the issue by adding network redundancy for the Management Network.  However, in a lab or test environment, a single Management Network uplink may be acceptable but nonetheless you want the warning messages to disappear.  This warning is squelched by configuring an HA Advanced Option:  das.ignoreRedundantNetWarning with a value of true as shown below.  After that step is completed, Reconfigure for vSphere HA on the host and the warning will disappear.  Reconfigure for HA step will need to be applied separately for each host with a non-redundant Management Network configuration.

Snagit Capture

Update 9/5/11: Duncan Epping also has also written on this subject back in July. Be sure to bookmark his blog, subscribe to his RSS feed, and follow him on Twitter.  He is a nice guy and very approachable.

Update 10/15/12: Added section for “No Management Network Redundancy” which I should have included to begin with.

vCenter Server 5.0 and MS SQL Database Permissions

August 20th, 2011 by jason 21 comments »

It’s that time again (to bring up the age old topic of Microsoft SQL database permission requirements in order to install VMware vCenter Server).  This brief article focuses on vCenter 5.0.  Permissions on the SQL side haven’t changed at all based on what was required in vSphere 4.  However, the error displayed for lacking required permissions to the MSDB System database has.  In fact, in my opinion it’s a tad misleading.

To review, the vCenter database account being used to make the ODBC connection requires the db_owner role on the MSDB System database during the installation of vCenter Server.  This facilitates the installation of SQL Agent jobs for vCenter statistic rollups.

In the example below, I’m using SQL authentication with an account named vcenter.  I purposely left out its required role on MSDB and you can see below the resulting error:

The DB user entered does not have the required permissions needed to install and configure vCenter Server with the selected DB.  Please correct the following error(s):  The database user ‘vcenter’ does not have the following privileges on the ‘vc50’ database:

EXECUTE sp_add_category

EXECUTE sp_add_job

EXECUTE sp_add_jobschedule

EXECUTE sp_add_jobserver

EXECUTE sp_add_jobstep

EXECUTE sp_delete_job

EXECUTE sp_update_job

SELECT syscategories

SELECT sysjobs

SELECT sysjobsteps

Snagit Capture

Now what I think is misleading about the error thrown is that it’s pointing the finger at missing permissions on the vc50 database.  This is incorrect.  My vcenter SQL account has db_owner permissions on the vc50 vCenter database.  The problem is actually lacking the temporary db_owner permissions on the MSDB System database at vCenter installation time as described earlier.

The steps to rectify this situation are the same as before.  Grant the vcenter account the db_owner role for the MSDB System database, install vCenter, then revoke that role when vCenter installation is complete. While we’re on the subject, the installation of vCenter Update Manager 5.0 with a Microsoft SQL back end database also requires the ODBC connection account to temporarily have db_owner permissions on the MSDB System database.  I do believe this is a new requirement in vSphere 5.0.  If you’re going to install VUM, you might as well do that first before going through the process of revoking the db_owner role.

An example of where that role is added in SQL Server 2008 R2 Management Studio is shown below:

Snagit Capture

VMware Social Media Guy Leaks VMworld 2011 Backpack Details

August 17th, 2011 by jason 5 comments »

In a surprise move, VMware employee John Troyer flipped on his internet web camera and proceeded to lose his mind.  Troyer is normally a cool cat who knows how to play by the rules of social media and embargoed information.  He lives by these standard sets of commandments on a daily basis – and commonly conveys them to others.

We’re not sure what happened here. An isolated incident for sure.  He sent out a tweet asking followers to help him test a new webcam site.  That was the hook.  Shortly after gaining live viewers he reached down to the floor with his right hand and grabbed the prototype backpack which he claims will be distributed at VMworld 2011.  Patrons of a Lakeville, MN Caribou Coffee shop happened to be logged on to the internet when they witnessed the streaming video.  A Dutch guy on the internet responded “This guy is a vIdiot. He puts his name and company in the video & leaks intellectual property.”

A TMZ correspondent was anonymously logged into the Vokle.com chat room and captured these exclusive photos of the VMworld 2011 backpack – the holy grail of VMworld swag:

This is the first photo. We can see that the prototype is black and red with white emblem stitching.

8-17-2011 6-09-58 PM

Clearly this backpack says “VMworld 2011”

8-17-2011 6-10-01 PM

Inside the backpack will be a pocket designed to hold an iPad.  Not shown is a drink container on the side.

8-17-2011 6-10-28 PM

VMware is aware of the quality feedback on last year’s backpack stitching.  This year’s will be better and should hold up for the long haul.

8-17-2011 6-10-44 PM

The straps are padded for maximum comfort needed during a 4 day conference.  There was also some mention of headphones but those details are unclear.

8-17-2011 6-11-03 PM

This is the color red but we’re unsure of the final color until Mr. Troyer leaks more info.

8-17-2011 6-11-10 PM

** Of course I’m just having fun here.  John is a swell guy and I know he didn’t break any rules – I’m really looking forward to VMworld.  Thank you John for the impromptu preview of the VMworld 2011 backpack 🙂 **

Pulse Check and New Sponsor – Tintri

August 15th, 2011 by jason No comments »

Hello VMware virtualization enthusiasts!  The month of August has been intense as VMworld 2011 approaches.  I’ve been working on a few projects which need to get out the door before the the big event.  Unfortunately I’ve had no time to polish vCalendar 3.0 such that it’s ready by show time.  As usual, I’ve been collecting the new content throughout the past year but it’s nowhere near ready for presentation.  The good news is that it’s coming but it may not be until mid September or October.  AND… I’ll still plan on releasing the 2.0 PDF version at no cost.  If you’ve been counting on the new vCalendar, thank you in advance for your patience.

I’ve still got a lot of content in the queue to write about here on the blog.  A lot of it vSphere 5 related.  I’ve also been picking up a lot on SRM 5.  I’ll probably get back into the regular writing schedule after VMworld.  It’s a busy time for VMware and their partners.  I’ve always been busy around VMworld but now that I work for a partner, it’s a new level of busy.

Before I get back to it, I wanted to take this opportunity to introduce a new blog sponsor: Tintri.  They are in the business of providing VM-aware storage without complexity and performance bottlenecks.  Tintri offers 8.5TB of usable storage in a 4u single-datastore footprint.  You’ll find their banner on the right edge of this blog.  Check them out online or stop by their booth at VMworld 2011 in Las Vegas.  Last but not least, you can follow them on Twitter – @TintriInc.