Archive for the ‘VMWare’ Category

Older Entries »
h1

VMware vCenter5: Revenge of Y2K, aka Worst Host Import Fail Ever!

January 6, 2012

I was recently involved in a process of migrating from vSphere 4 to vSphere 5 for an enterprise client leapfrogging from vSphere 4.0 to vSphere 5.0. Their platform is and AMD service farm with modern, socket G34 CPU blades and 10G Ethernet connectivity – all moving parts on VMware’s Hardware Compatibility List for all versions of vSphere involved in the process.

Supermicro AS-2022TG Platform Compatibility

Intel 10G Ethernet, i82599EB Chipset based NIC

Although VMware lists the 2022TG-HIBQRF as ESXi 5.0 compatible and not the 2022TG-HTRF, it is necessary to note the only difference between the two is the presence of a Mellanox ConnectX-2 QDR infiniband controller on-board: the motherboards and BIOS are exactly the same, the Mellanox SMT components are just mission on the HTRF version.

It is key to note that VMware also distinguishes the ESXi compatible platform by supported BIOS version 2.0a (Supermicro’s current version) versus 1.0b for the HTRF version. The current version is also required for AMD Opteron 6200 series CPUs which is not a factor in this current upgrade process (i.e. only 6100-series CPUs are in use). For this client, the hardware support level of the current BIOS (1.0c) was sufficient.

Safe Assumptions

So is it safe to assume that a BIOS update is not necessary when migrating to a newer version of vSphere? In the past, it’s been feature driven. For instance, proper use new hardware features like Intel EPT, AMD RVI or VMDirectPath (pci pass-through) have required BIOS updates in the past. All of these features were supported by the “legacy” version of vSphere and existing BIOS – so sounds safe to assume a direct import into vCenter 5 will work and then we can let vCenter manage the ESXi update, right?

Well, not entirely: when importing the host to vCenter5 the process gets all the way through inventory import and the fails abruptly with a terse message “A general system error occurred: internal error.” Looking at the error details in vCenter5 is of no real help.

Import of ESXi 4 host fails in vCenter5 for unknow reason.

A search of the term in VMware Communities is of no help either (returns non-relevant issues). However, digging down to the vCenter5 VPXD log (typically found in the hidden directory structure “C:\ProgramData\VMware\VMware VirtualCenter\Logs\”) does return a nugget that is both helpful and obscure.

Reviewing the vCenter VPXD log for evidence of the import problem.

If you’ve read through these logs before, you’ll note that the SSL certificate check has been disabled. This was defeated in vCenter Server Settings to rule-out potentially stale SSL certificates on the “legacy” ESXi nodes – it was not helpful in mitigating the error. The section highlighted was, however, helpful in uncovering a relevant VMware Knowledgebase article – the key language, “Alert:false@ D:/build/ob/bora-455964/bora/vim/lib/vdb/vdb.cpp:3253″ turns up only one KB article – and it’s a winner.

Knowledge Base article search for cryptic VPXD error code.

It is important – if not helpful – to note that searching KB for “import fail internal error” does return nine different (and unrelated) articles, but it does NOT return this KB (we’ve made a request to VMware to make this KB easier to find in a simpler search). VMware’s KB2008366 illuminates the real reason why the host import fails: non-Y2K compliant BIOS date is rejected as NULL data by vCenter5.

Y2K Date Requirement, Really?

Yes, the spectre of Y2K strikes 12 years later and stands as the sole roadblock to importing your perfectly functioning ESXi 4 host into vCenter5. According the the KB article, you can tell if you’re on the hook for a BIOS update by checking the “Hardware/Processors” information pane in the “Host Configuration” tab inside vCenter4.

ESXi 4.x host BIOS version/date exposed in vCenter4

According to vCenter date policy, this platform was minted in 1910. The KB makes it clear that any two-digit year will be imported as 19XX, where XX is the two digit year. Seeing as how not even a precursor of ESX existed in 1999, this choice is just dead stupid. Even so, the x86 PC wasn’t even invented until 1978, so a simple “date check” inequality (i.e. if “two_digit_date” < 78 then “four_digit_date” = 2000 + “two_digit_date”) would have resolved the problem for the next 65 years.

Instead, VMware will have you go through the process of upgrading and testing a new (and, as 6200 Opterons are just now available to the upgrade market, a likely unnecessary) BIOS version on your otherwise “trusty” platform.

Non-Y2K compliant BIOS date

Y2K-compliant BIOS date, post upgrade

Just to add insult to injury with this upgrade process, the BIOS upgrade for this platform comes with an added frustration: the IPMI/BMC firmware must also be updated to accommodate the new hardware monitoring capabilities of the new BIOS. Without the BMC update, vCenter will complain of Northbridge chipset overheat warnings from the platform until the BMC firmware is updated.

So, after the BIOS update, BMC update and painstaking hours (to days) of “new” product testing, we arrive at the following benefit: vCenter gets the BIOS version date correctly.

vCenter5 only wants Y2K compliant BIOS release dates for imported hosts

Bar Unnecessarily High

VMware actually says, “if the BIOS release date of the host is in the MM/DD/YY format, contact the hardware vendor to obtain the current MM/DD/YYYY format.” Really? So my platform is not vCenter5 worthy unless the BIOS date is four-digit year formatted? Put another way, VMware’s coders can create the premier cloud platform but they can’t handle a simple Y2K date inequality. #FAIL

Forget “the vRAM tax”, this obstacle is just dead stupid and unnecessary; and it will stand in the way of many more vSphere 5 upgrades. Relying on a BIOS update for a platform that was previously supported (remember 1.0b BIOS above?) just to account for the BIOS date is arbitrary at best, and it does not pose a compelling argument to your vendor’s support wing when dealing with an otherwise flawless BIOS.

SOLORI’s Take:

We’ve submitted a vCenter feature request to remove this exclusion for hundreds of vSphere 4.x hosts, maybe you should too…

Posted in Quick Take, Servers, Virtualization, VMWare | Tagged , , , , , , , , , , , , , | 3 Comments »

h1

Quick-Take: VMworld 2011, Thoughts on the Airplane

August 28, 2011

On the way to VMworld this morning this morning I started-out by listening to @Scott_lowe, @mike_laverick and @duncanyp about stretched clusters and some esoteric storage considerations. Then i was off reading @sakacc blogging about his take on stretch clusters and the black hole of node failure when I stumbled on a retweet @bgracely via @andreliebovici about the spectre of change in our industry. Suddenly these things seemed very well related within the context of my destination: VMworld 2011.

Back about a month ago when vSphere 5 was announced the buzz about the “upgrade” was consumed by discussions about licensing and vRAM. Naturally, this was not the focus VMware was hoping for, especially considering how much of a step forward vSphere 5 is over VS4. Rather, VMware – by all deserved rights – wanted to hear “excited” conversations about how VS5 was closing the gap on vCloud architecture problems and pain-points.

Personally, I managed to keep the vRAM licensing issue out of SOLORI’s blog for two reasons: 1) the initial vRAM targets were so off that VMware had to make a change, and 2) significant avenues for the discussion were available elsewhere. That does not mean I wasn’t outspoken about my thoughts on vRAM – made obvious by contributions to some community discussions on the topic – or VMware’s reasoning for moving to vRAM. Suffice to say VMware did “the right thing” – as I had confidence they would – and the current vRAM targets capture 100% of my clients without additional licenses.

I hinted that VS5 answers a lot of the hanging questions from VS4 in terms of facilitating how cloud confederations are architected, but the question is: in the distraction, did VS5′s “goodness” get lost in the scuffle? If so, can they get back the mind share they may have lost to Chicken Little reactionaries?

First, if VMware’s lost ground to anyone, it’s VMware. The vast majority of cool-headed admins I talked to were either not affected by vRAM or were willing to take a wait-and-see outlook on vSphere 5 with continued use of vSphere 4.1. Some did evaluate Hyper-V’s “readiness” but most didn’t blink. By comparison, vSphere 4.1 still had more to offer private cloud than anything else.

Secondly, vSphere 5 “goodness” did get lost in the scuffle, and that’s okay! It may be somewhat counter intuitive but I believe VMware will actually come out well ahead of their “would be” position in the market, and it is precisely because of these things, not just in spite of them. Here’s my reasoning:

1) In the way the vSphere 5 launch announcement and vRAM licensing debacle unfolded, lot of the “hot air” about vRAM was vented along the way. Subsequently, VMware gained some service cred by actually listening to their client base and making a significant change to their platform pricing model. VMware got more bang-for-their-buck out of that move as the effect on stock price may never be known here, given the timing of the S&P ratings splash, but I would have expected to see a slight hit. Fortunately, 20-30% sector slides trump vRAM, and only Microsoft is talking about vRAM now (that is until they adopt something similar.)

On that topic, anytime you can get your competitor talking about your product instead of theirs, it usually turns out to be a good thing. Even in this case, where the topic has nothing to do with the needs of most businesses, negative marketing against vRAM will ultimately do more to establish VMware as an innovator than an “already too expensive alternative to XYZ.”

2) SOLORI’s law of conservation of marketing momentum: goodness preserved, not destroyed. VMworld 2011 turns out to be perfectly timed to generate excitement in all of the “goodness” that vSphere 5 has to offer. More importantly, it can now do so with increased vigor and without a lot of energy siphoned-off discussing vRAM, utilization models and what have you: been there done that, on to the meat and away with the garnish.

3) Again it’s odd timing, but the market slide has more folks looking at cloud than ever before. Confidence in cloud offerings has been a deterrent for private cloud users, partly because of the “no clear choices” scenario and partly because concerns about data migration in and around the public cloud. Instability and weak growth in the world economy have people reevaluating CAPEX-heavy initiatives as well as priorities. The bar for cloud offerings has never been lower.

In vSphere 5, VMware hints at the ability for more cloud providers to be transparent to the subscriber: if they adopt vSphere. Ultimately, this will facilitate vendor agnosticism much like the early days of the Internet. Back then, operators discovered that common protocols allowed for dial-up vendors to share resources in a reciprocal and transparent manner. This allowed the resources of provider A to be utilized by a subscriber of provider B: the end user was completely unaware of the difference. For those that don’t have strict requirements on where their data “lives” and/or are more interested in adherence to availability and SLA requirements, this can actually induce a broader market instead of a narrower one.

If you’ve looked past vRAM, you may have noticed for yourself that vSphere has more to deliver cloud offerings than ever before. VMware will try to convince you that whether cloud bursting, migrating to cloud or expanding hybrid cloud options, having a common underlying architecture promotes better flexibility and reduces overall cost and complexity. They want you to conclude that vSphere 5 is the basis for that architecture. Many will come away from Las Vegas – having seen it – believing it too.

So, as I – and an estimated 20K+ other virtualization junkies – head off to Las Vegas for a week of geek overload, parties and social networking, my thoughts turn to @duncanyp‘s 140+ improvements, enhancements and advances waiting back home in my vSphere 5 lab. Last week he challenged his “followers” to be the first to post examples of all of them; with the myriad of hands-on labs and expert sessions just over the horizon, I hope to do it one better and actually experience them first hand.

These things all add up to a win-win for VMware and a strong showing for VMworld. It’s going to be an exciting and – tip of the hat to @bgracely - industry changing week! Now off to the fray…

References:

See Mike Laverick’s chinwag podcasts

See Chad’s Sakacc’s VirtualGeek blog on stretched cluster issues to overcome

(excuse typos today, wordpress iPad…)

Posted in New Products, Quick Take, VMWare | Tagged , , , , , | Leave a Comment »

h1

Short-Take: Nexenta 3.1 Adds VAAI Support, Auto-Sync Resume

August 3, 2011

Nexneta Systems Inc released version 3.1 of its open storage software yesterday with a couple of VMware vSphere-specific feature enhancements. These enhancements are specifically targets at VMware’s vStorage API for Array Integration (VAAI) which promises to accelerate certain “costly” storage operations by pushing their implementation to the storage array instead of the ESX host.

From NexentaStor 3.1 Release Notes, the primitives implemented in 3.1 that contribute to VAAI support include:

  • SCSI Write Same: Supported in vSphere 4.1 and later
    Example. Accelerates zero block writes when creating new virtual disks.
  • SCSI ATS (Atomic Test & Set): Supported in vSphere 4.1 and later.
    Example. Enables specific LUN “region” to be locked instead of entire LUN when cloning a VM.
  • SCSI Block Copy: Supported in vSphere 4.1 and later.
    Example. Avoids reading and writing of block data “through” the ESX host during a block copy operation by allowing VMware to instruct the SAN to do so.
  • SCSI Unmap: Supported in vSphere 5 and later. Enables freed blocks to be returned to the zpool for new allocation when no longer used for VM storage.

Additional “optimizations” and improvements from Nexenta in 3.1 include:

  • In-flight deduplication
  • ARC performance enhancements
  • multiple connections per session for iSCSI
  • DMU fast path for iSCSI (i.e. no extra copy)
  • Auto-sync “resume” with progress bar in GUI/NMV and ability to change source/destination paths OTF
  • Parallel tasks in NMV (i.e. no more busy process “hangs”)
  • Improved CIFS performance
  • Support for multiple DC/DC fail-over for CIFS
  • Better cross-forrest trusts with CIFS
  • Configuration monitoring/reporting via “ConfGuard” plug-in
  • Multiple VIP per service for HA Cluster, fail-over of local users and elimination of separate heartbeat device
  • JBOD management for select devices from within the NMV

Given the addition of VAAI features, the upgrade offers some compelling reasons to make the move to NexentaStor 3.1 and at the same time removes obstacles from choosing NexentaStor as a VMware iSCSI platform for SMB/SME (versus low-end EMC VNXE, which at last look was still waiting on VAAI support.) However, for existing vSphere 4.1+ environments, a word of caution: you will want to “test, test, test” before upgrading to (or enabling) VAAI (fortunately, there’s a NexentaStor VSA available).

Auto-Sync Resume

In the past, NexentaStor’s auto-sync plug-in has been the only integrated means of block replication from one storage pool (or array) to another. In the past, the plug-in allowed for periodic replication events to be scheduled which drew from a marker snapshot until the replication was complete. Upon extended error (where the replication fails), the failure of the replication causes a roll-back to the marker point, eliminating any data that has transferred between the pools. For WAN replication, this can be costly as no check-points are created along the way.

More problematically, there has been no way to recreate a replication service in the event it has been either deleted or missing (i.e. zpool moved to a new host.) This creates a requirement for the replication to start over from scratch – a problem for very large datasets. With Auto-Sync 3.1, later problem is resolved, and provided NexentaStor can find at least one pair of identical snapshots for the file system.

Where I find this new “feature” particularly helpful is in seed replications to external storage devices (i.e. USB2.0 arrays, JBODs, etc.). This allows for a replication to external, removable storage to (1) be completed locally, (2) shipped to a central repository, and (3) a remote replication service created to continue the replication updates over the WAN.

Additionally, consider the case where the above local-to-WAN replication seeding takes place over the course of several months and the hardware at the central repository fails, requiring the replication pool to be moved to another NexentaStor instance. In the past, the limitation on auto-sync would have required a brand new replication set, regardless of the consistency of the replicated data on the relocated pool. Now, a new (replacement) service can be created pointing to the new destination, and auto-sync promises to find the data – intact – and resume the replication updates starting with the last identical marker snapshot.

NexentaStor Native Transport

The default transport for replication in NexentaStor 3.1 is now NexentaStor’s TCP-based Remote Replication protocol (RR). While SSH is still an option for non-NexentaStor destinations, netcat is no longer supported for auto-sync replications. While no indication of performance benefits are available, two tunable parameters are available for RR auto-sync services (per service): TCP connection count (-n) and TCP package size (-P). Defaults for each of these are 4 and 1024, respectively, meaning 4 connections and 1024KB PDU size for the replication session.

Conclusions

For VMware vSphere deployments in SMB, SME and ROBO environments, NexentaStor 3.1 looks to be a good fit, offering high-performance CIFS, NFS, iSCSI and Fiber Channel options in a unified storage environment complete with VAAI support to accelerate vStorage applications. For VMware View installations using NexentaStor, the VAAI/ATS feature should resolve some iSCSI locking behavior issues that have made NFS more attractive but remove SCSI-based VAAI features. That said, with the storage provisioning changes in View 4.5 and upcoming View 5, the ability to pick from FC, iSCSI or NFS (especially at 10G) from within the same storage platform has definite advantages (if not complexity implications.) Suffice to say, NexentaStor’s update is adding more open storage tools to the VMware virtualization architect’s bag of tricks.

NexentaStor 3.1 is available for download now.

Update, 8/12/2011:

Nexenta has found some problems with 3.1 post Q/A. They’ve released this statement on the matter:

Nexenta places the highest importance on maintaining access to and integrity of customer data. The purpose of this Technical Bulletin is to make you aware of an issue with the process of upgrading to 3.1. Nexenta has discovered an issue with the software delivery mechanism we use. This issue can result in errors during the upgrade process and some functionality not being installed properly. Please postpone upgrading to v3.1 until our next Technical Bulletin update. We are actively working to get this corrected and get it back to 100 % service as fast as possible. Until the issue is resolved we have removed 3.1 from the website and suspended upgrades. Thanks for your patience.

- Nexenta Support, Aug. 6, 2011

According to sources from within Nexenta, the problems appear to be more related to APT repository/distribution issues “rather than the 3.1 codebase.” All ISO and repository distribution for 3.1 has been pulled until further notice and links to information about 3.1 on the corporate Nexenta site are no longer working…

Update, 8/17/2011:

Today, while working on a follow-up post, the lab systems (virtual storage appliances) were updated to NexentaStor 3.1.1 (both Enterprise and Community editions). Since a question was raised about the applicability of the VAAI enhancements to Community Edition (NexentaStor CE), I’ve got a teaser for you: see the following image of two identical LUNs mounted to an ESXi host from NexentaStor Enterprise Edition (NSEE) and NexentaStor Community Edition (NSCE). If you look closely, you’ll notice they BOTH show “supported” status.

vSphere VMFS5 Datastores provided by NexentaStor Community (VSA04) and Enterprise (VSA03) editions.

Update, 8/19/2011:

Nexenta officially re-released NexentaStor 3.1 today in the form of version 3.1.1 – it is available for download now.

Posted in New Products, Nexenta, Open Source Storage, Short Take, Virtualization, VMWare | Tagged , , , , , , , , , , , , , , | 9 Comments »

h1

Short-Take: VMware View PCoIP Client for Android

July 15, 2011

Today VMware released a “Tech Preview” version of VMware’s View Client for Android: a PCoIP-only client suitable for LAN and WAN (via PCoIP Secure Gateway). We’ve had a quick first look this evening when the application appeared on Android Market – a free download – and it looks great. On my NotionInk Adam tablet (NVidia 1GHz dual-core) running Honeycomb 3.0.1 the display updates where just as snappy as my iPad2 running View Client for iPad. The only problem I experienced in the hour or so of working with the client is the lack of three-finger support in the Adam/Honeycomb port to spawn the pop-up keyboard.

The View PCoIP Client for Android supports the same saved desktop icon paradigm as it's iPad predecessor for quick access.

The View PCoIP Client for Android allows for desktop connections to stay active even when the app is not in the foreground - a one-up on the iPad predecessor.

Android View PCoIP Client - Task switching to other Android application

Task switching in View PCoIP Client for Android works just like any other Android application.

Android View PCoIP Client - Retrieving a View desktop from background

View PCoIP Client for Android is easily restored from the background without reconnection delays.

And yes, that last screen shot shows 1-bar on AT&T’s 3G network and it’s totally useable just like on the iPad. If you’re waiting for a rocking View client before plunking down money on that 10.1″ ASUS EEpad Transformer (now with Honeycomb 3.1) and it’s keyboard/mousepad “docking” station (complete with additional run-time doubling battery) then wait no more: Android has arrived. Remember though, this is just a “Tech Preview” and the apple needs a bit more polishing before you go running to your CIO…

SOLORI’s Note: Although the View Client for Android was “optimized” for 1280×800 format, it still had no problem with the more limited 1024×600 Pixel Qi display on my NotionInk Adam. In fact, changes in rotation on the Android seemed faster than on iPad2 and multitasking on the Honeycomb system did no seemed to be affected to a backgrounded desktop.

As another test to compatibility, I tested small-screen PCoIP goodness on my Samsung Fascinate and it rocks! Beware, there is just enough display to be useful with the pop-up keyboard on-screen, however and the scroll-back on the screen with keyboard in foreground made for interesting URL entry while trying to get to Hulu, but audio was clear and frame rates at about 3-5 fps (visual est.) but very clear. Task switching on the single-core Android Froyo device worked flawlessly too.

How did Hulu fare on Honeycomb? Unfortunately it was not up to scratch in full screen, but I found it passable in the embedded mode (Mozilla 3.6). This kind of performance issue will likely be very platform dependent on Android version, CPU, display and vendor tweaks to the Google Android kernel – especially hacked kernels like the NI Adam (tested). Unlike the Apple-controlled IOS, Android leaves a lot of performance enhancements to platform providers and most just pass-on the reference kernel without significant improvement in performance. For a “preview” release, Team Fox at VMware has delivered the goods.

VMware’s official blog post has a quick walk-through video. A User Guide and Release Notes are also available from VMware.

Posted in Android, Mobile, New Products, Short Take, Virtual Desktop, Virtualization, VMWare | Tagged , , , , , , , , | Leave a Comment »

h1

Short-Take: Clock Ticking on VI 3.5 Updates, June 1 Deadline

May 26, 2011

If you’re still not quite ready to upgrade from VI 3.x to vSphere, time may be running out on your ESX hosts to stay “current” inside of VI3 unless you act before June 1, 2011. If your VMware VI3 hosts have not been patched since November of 2010, you are at risk for losing update/patching capabilities unless you apply ESX350-201012410-BG before the deadline. This patch ONLY addresses the expiring secure key on the ESX host which will otherwise become invalid on June 1, 2011.

If you need to bring your hosts current (without upgrading to vSphere) the last full patch release from VMware for VI 3.5 addresses the following issues:

Enablement of Intel Xeon Processor 3400 Series – Support for the Intel Xeon processor 3400 series has been added. Support includes Enhanced VMotion capabilities. For additional information on previous processor families supported by Enhanced VMotion, see Enhanced VMotion Compatibility (EVC) processor support (KB 1003212).

Driver Update for Broadcom bnx2 Network Controller – The driver for bnx2 controllers has been upgraded to version 1.6.9. This driver supports bootcode upgrade on bnx2 chipsets and requires bmapilnx and lnxfwnx2 tools upgrade from Broadcom. This driver also adds support for Network Controller – Sideband Interface (NC-SI) for SOL (serial over LAN) applicable to Broadcom NetXtreme 5709 and 5716 chipsets.

Driver Update for LSI SCSI and SAS Controllers – The driver for LSI SCSI and SAS controllers is updated to version 2.06.74. This version of the driver is required to provide a better support for shared SAS environments.

Newly Supported Guest Operating Systems – Support for the following guest operating systems has been added specifically for this release:

For more complete information about supported guests included in this release, see the VMware Compatibility Guide: http://www.vmware.com/resources/compatibility/search.php?deviceCategory=software.

  • Windows 7 Enterprise (32-bit and 64-bit)
  • Windows 7 Ultimate (32-bit and 64-bit)
  • Windows 7 Professional (32-bit and 64-bit)
  • Windows 7 Home Premium (32-bit and 64-bit)
  • Windows 2008 R2 Standard Edition (64-bit)
  • Windows 2008 R2 Enterprise Edition (64-bit)
  • Windows 2008 R2 Datacenter Edition (64-bit)
  • Windows 2008 R2 Web Server (64-bit)
  • Ubuntu Desktop 9.04 (32-bit and 64-bit)
  • Ubuntu Server 9.04 (32-bit and 64-bit)

Newly Supported Management Agents – See VMware ESX Server Supported Hardware Lifecycle Management Agents for current information on supported management agents.

Newly Supported Network Cards – This release of ESX Server supports HP NC375T (NetXen) PCI Express Quad Port Gigabit Server Adapter.

Newly Supported SATA Controllers – This release of ESX Server supports the Intel Ibex Peak SATA AHCI controller.

Note:
  • Some limitations apply in terms of support for SATA controllers. For more information, see SATA Controller Support in ESX 3.5. (KB 1008673)
  • Storing VMFS datastores on native SATA drives is not supported.

This patch comes with a roll-up approach that VMware describes this way:

Note: As part of the end of availability for some VMware Virtual Infrastructure product releases, the ESX 3.5 Update 5 upgrade package ESX350-Update05.zip has been replaced by ESX350-Update05a.zip in order to remove dependencies upon patches that will no longer be available for download. Hosts upgraded using ESX350-Update05a.zip are equivalent to those upgraded using the older package, but patch bundles released before ESX 3.5 Update 5 will not be required during the upgrade process.

Posted in Management, Short Take, Virtualization, VMWare | Tagged , , , , , , , , , | 1 Comment »

h1

Short-Take: vSphere 4.0 U3 Out Today, Drivers & Fixes

May 6, 2011

Today, VMware announces the release of vSphere 4.0 Update 3 (U3). Many, many fixes and enhancements – some rolled-in from (or influenced by) vSphere 4.1. Updates to ESX, ESXi, vCenter and vCenter Update Manager are available now (see below for links).

Don't forget to click the "View History" link to expose the vCenter and ESX updates available for older versions...

VMware ESX/ESXi

  • Enhanced APD handling with automatic failover
  • Inclusion of additional drivers
  • Bug and security fixes
  • Additional guest operating system support
  • Updated VM Tools (WDDM, XPDM and PVSCSI drivers)

Patch Release ESX400-Update03 contains the following individual bulletins:

ESX400-201105201-UG: Updates the VMware ESX 4.0 Core and CIM components
ESX400-201105202-UG: Updates the VMware-esx-remove-rpms
ESX400-201105203-UG: Updates the VMware ESX 4.0 EHCI HCD device driver
ESX400-201105204-UG: Updates the VMware ESX 4.0 USB core component
ESX400-201105205-UG: Updates the VMware ESX 4.0 SCSI qla4xxx driver
ESX400-201105206-UG: Updates the VMware ESX 4.0 USB storage component
ESX400-201105207-UG: Updates the VMware ESX 4.0 SCSI qla2xxx driver
ESX400-201105209-UG: Updates the VMware ESX 4.0 e1000e driver
ESX400-201105210-UG: Updates the VMware ESX 4.0 mptsas, mptspi device drivers
ESX400-201105212-UG: Updates the VMware ESX 4.0 nx-nic device driver
ESX400-201105215-UG: Updates the VMware ESX 4.0 scsi hpsa device driver
ESX400-201105216-UG: Updates the VMware ESX 4.0 bnx2x device driver
ESX400-201105217-UG: Updates the VMware ESX 4.0 Megaraid SAS device driver
ESX400-201105218-UG: Updates the VMware ESX 4.0 bnx2 device driver
ESX400-201105219-UG: Updates the VMware ESX 4.0 SCSI-AIC 79xx device driver

Patch Release ESXi400-Update03 contains the following individual bulletins:

ESXi400-201105201-UG: Updates Firmware
ESXi400-201105202-UG: Updates Tools
ESXi400-201105203-UG: Updates VI Client

VMware vCenter™

  • Windows 2008 R2 is now a supported platform
  • Additional guest operating system customization support
  • Additional vCenter Server database support
  • Bug and security fixes

VMware vCenter Server 4.0 Update 3 offers the following improvements:

Guest Operating System Customization Improvements: vCenter Server adds support for customization of the following guest operating systems:

  •         RHEL 6.0 (32-bit and 64-bit)
  •         SLES 11 SP1 (32-bit and 64-bit)
  •         Windows 7 SP1 (32-bit and 64-bit)
  •         Windows Server 2008 R2 SP1

Additional vCenter Server Database Support: vCenter Server now supports the following databases:

  •         Microsoft SQL Server 2008 R2 (32-bit and 64-bit)
  •         Oracle 11g R2 (32-bit and 64-bit)
  •         IBM DB2 9.7.2 (32-bit and 64-bit)

For more information about using IBM DB2 – 9.7.2 database with vCenter Server 4.0 Update 3, see KB 1037354.

Additional vCenter Server Operating System Support: You can install vCenter Server on Windows Server 2008 R2.
Resolved Issues:In addition, this release delivers a number of bug fixes that have been documented in the Resolved Issues section.

VMware vCenter Update Manager

  • Windows 2008 R2 is now a supported platform
  • Additional vCenter Server database support

Posted in Short Take, Virtualization, VMWare | Tagged , , , , , , | Leave a Comment »

h1

In-the-Lab: Tweak 2008R2 post-clone for View Transfer Server

April 4, 2011

View Transfer Server supports Server 2008 R2 but does not support the use of the “default” virtual LSI Logic SAS controller. If you’ve already carved-out a cloning template using the LSI Logic SAS template, it is not necessary to create a new template (or fresh installation) just to spool-up a Transfer Server. In fact, it will take you TWO re-boots from clone completion to LSI Logic Parallel replacement.

CAUTION: You must configure the virtual machine that hosts View Transfer Server with an LSI Logic Parallel SCSI controller. You cannot use a SAS or VMware paravirtual controller.

On Windows Server 2008 virtual machines, the LSI Logic SAS controller is selected by default. You must change this selection to an LSI Logic Parallel controller before you install the operating system.

- VMware View Upgrades (EN-000526-00), Page 13

Here’s the process to take you from completed Server 2008/R2 clone with LSI Logic SAS to LSI Logic Parallel – by-passing the Windows blue screen at boot:

  1. Clone your Server 2008/R2 server as normal,
  2. Shutdown clone and edit settings,
    1. Change Options>Advanced>Boot Options to “Force BIOS Setup” on next reboot;
    2. Hardware>Add…>Hard Disk>Create a new virtual disk>4GB, Thin Provisioning>SCSI(1:0)
    3. Hardware>SCSI Controller 1>Change Type…>LSI Logic Parallel
    4. Power-on

      Dropping-in a "dummy" LSI Logic Parallel disk to enable the drive controller for View Transfer Server.

  3. Boot the modified VM and (optionally) confirm new drive and controller
    1. Boot VM
    2. Modify boot order to insure SAS boot priority

      Modify boot order in BIOS to insure that the SAS controller is primary.

    3. (optional) Open Server Manager>Diagnostics>Device Manager
      1. View “Storage controllers”

        Confirming the operational status of both LSI controller types: Parallel and SAS.

    4. Shutdown
  4. Edit settings to modify boot and remove additional disk
    1. Hardware>SCSI Controller 0>Change Type…>LSI Logic Parallel
    2. Hard Disk 2>Remove>Remove from virtual machine and delete files from disk
      1. SCSI Controller 1 will automatically be removed
    3. Save and power-on
  5. Boot disk will now be LSI Logic Parallel

NOTE: In this example, the Server 2008/R2 VM is composed onto a single LSI Logic SAS disk (Hard Disk 1, SCSI controller 0). If your VM template is different, substitute your specific disk and/or controller numbers accordingly.

Nice, simple and now ready to install the View Transfer Server. Now on to the PCoIP Secure Gateway…

Posted in In-the-Lab, Virtual Desktop, VMWare, Windows Server 2008 | Tagged , , , , , , | 3 Comments »

h1

Short-Take: VMware View, What’s Up with PCoIP?

March 21, 2011

Isn’t it time you looked at what VMware View and PCoIP have to offer? Now that there is a server off-load card supporting View PCoIP virtual machines, the overhead of display processing opens-up opportunities for denser View servers (or does it?) Here’s what VMware says about PCoIP in the “VMware View Architecture Planning Guide, View 4.6″

VMware View with PCoIP
PCoIP is a new high-performance remote display protocol provided by VMware. This protocol is available for View desktops that are sourced from virtual machines, Teradici clients, and physical machines that have Teradici-enabled host cards.

PCoIP can compensate for an increase in latency or a reduction in bandwidth, to ensure that end users can remain productive regardless of network conditions. PCoIP is optimized for delivery of images, audio, and video content for a wide range of users on the LAN or across the WAN. PCoIP provides the following features:

  • You can use up to 4 monitors and adjust the resolution for each monitor separately, up to 2560 x 1600 resolution per display.
  • You can copy and paste text between the local system and the View desktop, but you cannot copy and paste system objects such as folders and files between systems.
  • PCoIP supports 32-bit color.
  • PCoIP supports 128-bit encryption.
  • PCoIP supports Advanced Encryption Standard (AES) encryption, which is turned on by default.
  • For users outside the corporate firewall, you can use this protocol with your company’s virtual private network or with View security servers.
  • MMR is not supported on Windows 7 clients or virtual desktops.
    • Although MMR is not supported on Windows 7 virtual desktops, if the Windows 7 desktop has 1GB of
      RAM and 2 virtual CPUs, you can use PCoIP to play 480p- and 720p-formatted videos at native resolutions.
      For 1080p, you might need to make the window smaller than full screen size.

If you use PCoIP, the display protocol from VMware, you can adjust the display resolution and rotation
separately for each monitor. PCoIP allows a true multiple-monitor session rather than a span mode session.

  • The maximum number of monitors that you can use to display a View desktop is 10 if you use the RDP display protocol and 4 if you use PCoIP.

RAM Sizing for Specific Monitor Configurations When Using PCoIP
If you use PCoIP, the display protocol from VMware, the amount of extra RAM that the ESX host requires depends in part on the number of monitors configured for end users and on the display resolution. Table 4-1 lists the amount of overhead RAM required for various configurations. The amounts of memory listed in the columns are in addition to the amount of memory required for other PCoIP functionality.

RAM sizing for Multi-Monitor PCoIP sessions

When you consider these requirements, note that virtual machine configuration of allocated RAM does not change. That is, you do not need to allocate 1GB of RAM for applications and another 31MB for dual 1080p monitors. Instead, consider the overhead RAM when calculating the total physical RAM required for each ESX server. Add the guest operating system RAM to the overhead RAM and multiply by the number of virtual machines.

  • Software developers or other power uses with high-performance needs might have much higher CPU requirements than knowledge workers and task workers. Dual virtual CPUs are recommended for compute-intensive tasks or for Windows 7 desktops that need to play 720p video using the PCoIP display protocol.

Maximum Connections for View Connection Server
Table 4-7 provides information about the tested limits regarding the number of simultaneous connections that a VMware View deployment can accommodate.

This example assumes that you are using VMware View with vSphere 4.1 and vCenter Server 4.1. It also assumes that View Connection Server is running on a 64-bit Windows Server 2008 R2 Enterprise operating system.

Maximum Connections for View Connection Server

PCoIP Secure Gateway connections are required if you use security servers for PCoIP connections from outside the corporate network. Tunnelled connections are required if you use security servers for RDP connections from outside the corporate network and for USB and multimedia redirection (MMR) acceleration with a PCoIP Secure Gateway connection.

Network Bandwidth Considerations
For display traffic, many elements can affect network bandwidth, such as protocol used, monitor resolution and configuration, and the amount of multimedia content in the workload. Concurrent launches of streamed applications can also cause usage spikes.

Read the rest of this entry ?

Posted in New Products, Short Take, Virtual Desktop, Virtualization, VMWare | Tagged , , , , , , , , , , , | 2 Comments »

h1

Short-Take: vSphere Client for iPad, Preview

March 18, 2011

I highlighted the installation and use of VMware’s vCenter Moble Access (vCMA) appliance in a post in late February. For the most part, vCMA has not changed much since our initial download back in April of 2009. If you downloaded the OVF early this February and looked at the updated instructions from the “fling” site, you may have noticed the following “curious” statements:

  • Once it powers on, you will need to configure your iPad by going into Settings, the vSphere client (usually bottom left corner of screen, in the Apps section), then you enter the IP address of your mobile appliance.
  • Finally, you can access your environment from the vSphere iPad app by entering your vCenter server info or ESX server info, with appropriate username and password.

vSphere Client for iPad

Having a heads-up from the vExpert team briefing by Srinivas Krishnamurti, Sr. Director for Mobile Solutions and Marketing at VMware, plus earlier press coverage from VMworld 2010 (see below), I knew what this “information leak” was hailing. Fortunately, the offending section (text above) was quickly redacted and VMware managed to avoid spoiling the surprise pending today’s [press release].

However, that was not the only source of “information leakage” prior to today’s announcement: you just had to know where to look. For instance, while looking deeper into the virtual appliance for our vCMA how-to, I found bread-crumbs pointing to more “curious” iPad wanderings. The following “Easter egg” was discovered in the “action-config.xml” file (which we held back under the spirit of the information embargo):

<!-- VCMA iPad Actions -->
 <action name="vcmaAbout" type="com.vmware.vcma.action.VcmaAboutAction"></action>
 <action name="vcmaLogin" type="com.vmware.vcma.action.VcmaLoginAction"></action>
 <action name="vcmaLogout" type="com.vmware.vcma.action.VcmaLogoutAction"></action>
 <action name="vcmaHome" type="com.vmware.vcma.action.VcmaHomeAction"></action>
 <action name="vcmaHostInfo" type="com.vmware.vcma.action.VcmaHostInfoAction"></action>
 <action name="vcmaHostOp" type="com.vmware.vcma.action.VcmaHostOperationAction"></action>
 <action name="vcmaVmInfo" type="com.vmware.vcma.action.VcmaVmInfoAction"></action>
 <action name="vcmaVmQuestion" type="com.vmware.vcma.action.VcmaVmQuestionAction"></action>
 <action name="vcmaVmAnswer" type="com.vmware.vcma.action.VcmaVmAnswerAction"></action>
 <action name="vcmaVmOp" type="com.vmware.vcma.action.VcmaVmOperationAction"></action>
 <action name="vcmaSnapshot" type="com.vmware.vcma.action.VcmaSnapshotAction"></action>
 <action name="vcmaPerf" type="com.vmware.vcma.action.VcmaPerfAction"></action>
 <action name="vcmaSearch" type="com.vmware.vcma.action.VcmaSearchAction"></action>
 <action name="vcmaPing" type="com.vmware.vcma.action.VcmaPingAction"></action>
 <action name="vcmaTracert" type="com.vmware.vcma.action.VcmaTraceRouteAction"></action>
 <action name="vcmaVmsList" type="com.vmware.vcma.action.VcmaVmListAction"></action>
 <action name="vcmaMonitorTask" type="com.vmware.vcma.action.VcmaMonitorTaskAction"></action>

This grouping of action/command definitions identify 17 of 23 vCMA action classes. These classes meant four things to me: (1) the actions are tuned specifically for a non-HTML-only client; (2) the limitations of vCMA’s web interface do not bind the iPad client; (3) there is significant potential for “capabilities drift” between the iPad client the “generic” mobile access client (i.e. HTML) as time goes by (read: richer feature set, user options); and (4) other “tablet” or “mobile” clients can’t be too far behind.

Since it is not feasible to have iPad software previews for vExperts (i.e. via iTunes) for pre-release products, this “pre-view” is based on exposure to product briefing and other pre-launch sources (direct and indirect). We’ll be following-up within the week with actual hands-on experience… That said, here’s what’s going on with VMware and iPad:

vSphere Client for iPad

Today, VMware CIO Steve Herrod announced the launch of version 1.0 of the vSphere Client for iPad (vCiP). The aptly named utility runs on Apple’s current generations of iPad and provides access to many of the basic administrative functions available to vCenter and the standard vSphere Client. This release must be seen as a quick, 1-2-3 punch of mobile and management-centric releases for VMware in the span of two weeks: vCenter Ops, View Client for iPad and now vSphere Client for iPad.

This iPad application is not truly a “native” or “fat” client for vSphere in the “conventional Windows sense.” Instead, VMware’s new app deploys as a web service reliant application (typical of its iPad ilk), and it is accordingly “small, light and elegant.” As you might guess from the [leading] introduction, the “heavy lifting” is actually performed by VMware’s vCenter Mobile Access (vCMA) appliance through the set of new classes (conveniently listed above).

VMware diagram showing (optional) placement of firewall, vCMA, vCenter and vSphere clusters. The use of a VPN connection to your firewall is strongly recommended as vCMA deploys with its web service without SSL enabled.

This illustration depicts the “best practice” recommended deployment for the iPad client by way of a trusted VPN connection. Again, this information was provided to us from Srinivas and his team “pre-launch” and hence was also prior to the recently released enhancements in vCMA (see below). In either case, the connection from iPad to vCenter is always translated through vCMA.

Like the standard Windows “fat” client (now conveniently available as a ThinApp’d zero-install package), the iPad client login requires the following credentials:

  1. The IP address or DNS host name for your vCenter;
  2. A valid user name with rights to access/manage the target vCenter;
  3. The password for the vSphere user.

Unlike the Windows variant, the following must be configured into the iPad’s “Settings” for the vSphere app prior to initial connection:

  1. The IP address or DNS host name for your vCMA appliance (displayed as “Web Server” in “Settings”).

vCMA’s web service is not SSL encrypted, and these credentials could be passed “in the clear.” (see updated post, SSL added to vCMA this Tuesday.) Given this client is targeted for mobile use, the risk of exposure to insecure networks (Internet, public WiFi, etc) without SSL would have created “special” opportunities for man-in-the-middle attacks. However, the use of a mobile VPN connection for the iPad client is strongly recommended, but no longer strictly necessary.

Read the rest of this entry ?

Posted in Applications, Cloud, iPad/iPhone, Mobile, New Products, Short Take, Virtualization, VMWare | Tagged , , , , , , , , , , , | 1 Comment »

h1

Quick-Take: vCMA Updated, SSL now Default

March 17, 2011
vCMA Login Screen, iPhone

vCMA Login Screen

In February, we detailed the installation and first use of the VMware vCenter Mobile Access appliance (version 1.0.41). In that write up, we pointed out that vCMA had some security issues and said the following:

Being HTTP-only, vCMA doesn’t lend itself to secure computing over the public Internet or untrusted intranet. Instead, it is designed to work with security layer(s) in front of it. While it IS possible to add HTTPS to the Apache/Tomcat server delivering its web application, vCMA is meant to be deployed as-is and updated as-is – it’s an appliance.

- SOLORI’s blog, 28-Feb-2011

Seems VMware is listening. Yesterday, VMware announced the release and immediate availability of vCMA v1.0.42 with HTTPS/SSL enabled by default. We got this from the “vSphere MicroClient Functional Specification Guide:”

SSL Connections
By default “https” (or SSL certificate) is enabled in the appliance for the vCMA for enhanced security. You can replace the out-of-the-box certificate with your own, if needed. However, http->https redirection is currently not supported.

Other deployment considerations

  1. The vCMA server comes with a default userid/password. For security reasons, we strongly recommended that you change root password.
  2. If you prefer, you can set a hostname or IP address for the appliance.
  3. Using standard Linux utilities, you can change the date and time in the appliance.
  4. You can also upgrade the hardware version and VMware Tools in the vCMA appliance following standard procedures.

SOLORI’s Take: This welcomed change circumvents any additional kludge work necessary to secure the appliance. Using an HTTPS proxy was cumbersome and kludgey in its own right and “hacking” the appliance was tricky and doomed to be reversed by the next appliance update. VMware’s move opens the door for more widespread use vCMA and (hopefully) more interesting applications of its use in the future.

Posted in Applications, Management, Mobile, Quick Take, Virtualization, VMWare | Tagged , , , , , | 2 Comments »

Older Entries »
Follow

Get every new post delivered to your Inbox.