August 2007

You are currently browsing the monthly archive for August 2007.

VLAN Interfaces with OpenBSD 4.1

Friday, August 31, 2007 in Networking, UNIX by slowe | 1 comment

I’ve been doing some interoperability testing with VMware ESX Server and VLANs (a separate article on that is in the works), and needed a guest OS that supported VLAN interfaces.  From my previous (but limited) experience with OpenBSD, I suspected that VLAN interfaces were indeed supported, and after setting up a quick VM running OpenBSD 4.1 I found that I was indeed correct.  Not only are they supported, they are incredibly easy to setup and configure.

The command to configure a VLAN interface is simply a variation of the standard ifconfig command (note that I’m using a backslash to denote a line continuation, so that I can wrap lines here for readability):

ifconfig <VLAN interface name> vlan <VLAN ID> \
vlandev <physical network device>

So, by example, the command I used to create a VLAN interface for VLAN ID 3 looked like this:

ifconfig vlan3 vlan 3 vlandev pcn0

I did find that I couldn’t name the VLAN interface (“vlan3”, in this case) anything other than vlanX, where X was a number.  I don’t know if this is an OpenBSD limitation, or just an error on my part.  The latter is certainly a distinct possibility.

Once the VLAN interface, is created, then I just followed the standard OpenBSD way of provisioning an interface—create /etc/hostname.ifname (where ifname is the name of the VLAN interface) for each VLAN interface and that should be that.

The ESX Server configuration to support these VLAN interfaces at the guest level was pretty easy, too.  I just had to create a port group with a VLAN ID of 4095 and attach the OpenBSD guest to that port group.  ESX Server automatically passed the VLAN tags up to the guest and everything worked as expected.  (Again, I’ll have a separate article on that published soon.)

Next, perhaps I’ll try this with Linux or Solaris…

Tags: , , , ,

SWsoft Disagrees with CNET Benchmarks

Wednesday, August 29, 2007 in Macintosh, Virtualization by slowe | No comments

Via David Marshall over at VMblog.com, I picked up this article about SWsoft disagreeing with some CNET benchmarks.  The benchmarks in question were comparing VMware Fusion, Parallels Desktop (keep in mind that SWsoft owns Parallels, if you didn’t already know that), CrossOver Mac, and Boot Camp.

Intrigued, I reviewed the referenced blog post by SWsoft.  Their disagreements basically boil down to these key points:

  • CNET should not have used an 8-core Mac Pro, citing that “people use laptops with 2 CPU cores and 2GB of RAM”.
  • CNET should have not provisioned the VMs (where possible) with multiple virtual CPUs.
  • CNET should not have used Vista inside the VMs.
  • CNET should not have used Windows applications inside the VMs when there are Macintosh equivalents.  Specifically, he mentions QuickTime and Photoshop.

As an aside, it appears that Ilya (the Director of Technology at SWsoft and the author of the article disagreeing with the CNET benchmarks) also has a problem with VMmark, stating that it is “designed to work best with ESX and not work at all with Virtuozzo”.  Well, yes, that is true, since as I understand it VMmark was designed to benchmark hardware performance on ESX Server not provide cross-vendor virtualization comparisons.  (If there are any VMmark team members reading, by chance, feel free to correct me there.)  Anyway, back to the CNET report…

My interest is now piqued; some of his concerns seem valid.  So I head over to have a look at the CNET article directly.  After reviewing the CNET article, I quickly came to the conclusion that Ilya’s concerns are mostly unfounded.  Here’s why.

  1. First, Ilya casts the CNET article as a direct performance comparison between VMware Fusion and Parallels Desktop.  It’s not.  The article is much more focused on comparing the performance of various virtualization solutions against native Mac applications themselves.  If the article were strictly focused on virtualization performance per se, why include native Mac results at all?
  2. Keeping #1 in mind, the use of applications such as QuickTime and Photoshop makes sense.  If you want to compare the performance of an aplication under a virtualized solution, you’ll need a baseline against which to compare it, i.e., a native version of the same application.
  3. At least one of the tests was specifically intended to test multi-CPU performance, hence the need to provision a VM with multiple virtual CPUs.

There are some valid concerns—the use of Vista vs. Windows XP, for example, is a valid complaint.  And yes, CNET probably should have chosen a better hardware platform that is more representative of the typical user of one of these virtualization solutions.  To be fair, though, I don’t think that choosing a different hardware platform would have made any real difference in the comparisons between Fusion and Parallels, instead impacting the comparison between native performance and virtualized performance.  If anything, the use of an 8-core Mac Pro unfairly skewed the results in favor of native application performance, casting both Fusion and Parallels in an unfair light.

Even given these concerns, though, I don’t think I would have said that “everything about this test is upside down”.  Could the test have been improved, made more relevant?  Yes, probably, but it’s important to keep this “comparison” in the context in which it appears it was intended, and that is trying to establish what kind of performance impact is introduced by the virtualization solutions when compared with native performance.

Tags: , ,

My VMworld Schedule

Monday, August 27, 2007 in Virtualization by slowe | 6 comments

Here’s my VMworld 2007 schedule so far.  I’ll update this as my schedule evolves.  If anyone has any suggestions for other sessions I should attend, please let me know in the comments.

Tuesday, September 11

8:00 AM to 9:30 AM: General Session
10:00 AM to 11:00 AM: BC40 - Cutting VMware Infrastructure Backup Time in Half (Symantec)
10:30 AM to 11:30 AM: Private meeting
11:30 AM to 12:30 PM: SL12 - VMware Lab Manager Technical Deep Dive (VMware)
1:30 PM to 2:00 PM: Private meeting
2:00 PM to 3:00 PM: BC23 - Bulletproof VirtualCenter - A Guide to Protecting VirtualCenter (VMware)
3:30 PM to 4:30 PM: VMotion Between Apples and Oranges - Understanding CPU Compatibility Constraints for VMware VMotion (VMware)
5:00 PM to 6:00 PM: DV18 - VDI with VMware’s Next Generation Connection Broker - Architecture, Security, and Deployment Scenarios (VMware)

Wednesday, September 12

8:00 AM to 9:30 AM: General Session
10:30 AM to 12:30 PM: LAB05 - Security Hardening and Monitoring of VMware Infrastructure 3
2:00 PM to 3:00 PM: IO40 - ESX Server 3 - Patch Management (VMware)
3:30 PM to 4:30 PM: IO46 - VMware Infrastructure 3 Advanced Diagnostics Logs Analysis (VMware)
5:00 PM to 6:00 PM: TA57 - Security Architecture Design and Hardening VMware Infrastructure 3 (VMware)

Thursday, September 13

8:30 AM to 9:30 AM: General Session
10:00 AM to 11:00 AM: TA49 - iSCSI on VMware Infrastructure 3 - Techniques, Configuration, and Best Practices (VMware)
2:00 PM to 3:00 PM: TA51 - NFS and iSCSI - Performance Characterization and Best Practices (VMware)
3:30 PM to 4:30 PM: BC32 - Best Practices for Architecting VMware Consolidated Backup Enabled Solutions (VMware)
5:00 PM to 6:00 PM: IO44 - Top Support Issues and How to Solve Them - Batch 2 (VMware)

I’m thinking of dropping the VMotion compatibility session, since I think I’m fairly clear on how that process works (refer to this article and this article), but I’m not really sure what to put in its place.

In any case, I’m sure that my schedule will change as the event draws closer and I’ll keep this post updated as it changes.  If you’re interested in meeting up with me in San Francisco, post in the comments below and let’s get together.  Thanks!

UPDATE:  If you’d like to meet up with me at VMworld, Tuesday is absolutely out of the question.  As you can see, I’m already overbooked, and my schedule above still doesn’t reflect a few other obligations I have on Tuesday.  Ugh!  In any case, you’ll be able to spot me at VMworld because I’ll be wearing personalized polo shirts that have my name on the right chest and my company’s logo (e+) on the left chest.  Feel free to come up to me and say hi!

Tags: , ,

SUNW to JAVA

Sunday, August 26, 2007 in UNIX by slowe | 1 comment

I’m not a Solaris expert, nor a SPARC expert, nor even a longtime user of their products.  But I do have a lot of respect for their recent engineering efforts in the x86 space, particularly those hardware products released since Andy Bechtolsheim’s return with the acquisition of Kealia a couple of years ago.  The move to open-source Solaris, the increasing visibility of OpenSolaris, the introduction of exciting new technologies such as ZFS…all these things have been building up the “tech cred” that Sun needs to win back (or continue to hold on to) the hearts and minds of technical leaders.  And then this happens—they announce they’re changing the stock ticker symbol from SUNW to JAVA.  Huh?

Is it just me, or does this not make sense?  I suppose I kind of see the reasoning behind the move, although I don’t agree with the reasoning.  It all smacks of rebranding all the products with Java, even though most of them didn’t (and don’t) have anything to do with Java.

It all just seems silly to me.

Tags: ,

User Profile Management in VDI Deployments

Saturday, August 25, 2007 in Microsoft, Virtualization by slowe | 1 comment

In a “traditional” (as if that word can really be applied to a new technology use-case like this) VDI deployments, we’d use roaming profiles to have users’ settings follow them from hosted desktop to hosted desktop.  In this article using the Flex Profile Kit (FPK) in a VDI deployment, I described an implementation in which roaming profiles couldn’t be used, and so we had to resort to the use of the FPK (which, incidentally, works well).  There is, however, one problem: leftover profiles.

Usually, the FPK is used in conjunction with a mandatory profile and folder redirection, so there isn’t any “stuff” leftover when a user logs in to a desktop.  The FPK pulls down the customized portions of the user’s settings, applies them to a mandatory profile, and off we go.  This is an advantage over roaming profiles, where a local copy of the profile remains even after the user logs off.  (Note that there are Group Policy settings to help control this behavior, if I recall correctly.)

Mandatory profiles, though, go hand-in-hand with roaming profiles; there doesn’t seem to be any way to use one without the other (but not necessarily conversely).  As a result, we settled for a compromise in the form of a few lines in the logout script that deletes certain files and settings that we don’t want to persist between sessions.

Even so, we’ve found that profiles are still accumulating across machines, and occupying more space on the hosted desktops than we’d really prefer.  So we had to come up with a way to get rid of these leftover profile remnants.  That’s where Delprof.exe came in.

Great utility, yes, but almost useless in the logout script because it won’t delete the current user’s profile (as it’s still loaded at that point).  We needed a different way of handling it, so I came up with this little batch file-wannabe that is scheduled to run from the VirtualCenter server on a nightly basis:

dsquery computer “ou=Hosted Desktops,dc=example,dc=com” \
-o rdn > vdi-list.txt
sed -f stripquotes.sed vdi-list.txt > vdi-list2.txt
for /f “tokens=1” %1 in (vdi-list2.txt) do \
delprof.exe /q /i /c:\%1 /d:1

(The lines above were wrapped for readability, with a backslash to indicate the continuation of a line.)  It’s pretty easy to see what this does, but let’s break it down.  First, it uses “dsquery computer” to list all the hosted desktops in the specified OU.  Then, because dsquery returns the computer names inside double quotes and Delprof doesn’t like computer names inside double quotes, we’ll use sed to strip the quotes from the text file.  The “stripquotes.sed” file is a simple regular expression to strip out double quotes.  Finally, we use “for /f” (not seen here on this blog for quite a while now!) to feed the entries of the resulting text file to Delprof.exe to delete all profiles that have been inactive for more than 1 day.

Of course, we could adjust the “/d:1” parameter to keep profiles around longer; that would help balance the disk space used and the time it takes to set up a new profile when a user logs in.  Depending upon the usage profile in your VDI deployment, this may need to be longer.

Tags: , , ,

Listing All Unique MailTags Keywords

Friday, August 24, 2007 in Macintosh by slowe | No comments

After figuring out yesterday how to list all the unique MailTags projects in use, today I worked out how to list all the unique MailTags keywords in use.  As it turns out, it wasn’t as hard as I had suspected that it would be.

(Note to experienced UNIX hackers:  I’m sure that I probably could have worked out a more elegant solution involving more pipes and redirection, but this works for a UNIX apprentice such as me.)

Here are the commands I used to parse down the list of unique keywords (this command is broken across two lines, but should be typed all on one line):

mdls <path to mailbox> | grep kMDItemKeywords |
awk ‘{print $3 $4 $5 $6 $7 $8 $9}’ >> outputfile.txt

This uses the mdls command to list all the metadata from the messages in the specified directory, pipes that through grep to pick out only the lines containing “kMDItemKeywords”, then uses awk to list all the keywords (which are in a comma-delimited list surrounded by parentheses.  You’ll want to repeat this command for every mailbox you use (I have different mailboxes to archive messages by year, so I had to repeat this for 2005, 2006, etc.)

Once we have the keywords list, then we munge it:

cat outputfile.txt | tr ‘,’ ‘\n’ > outputfile2.txt
sed s/\(//g < outputfile2.txt > outputfile3.txt
sed s/\)//g < outputfile2.txt > outputfile3.txt
sort outputfile3.txt > sorted-file.txt
uniq sorted-file.txt > unique-file.txt

This replaces commas with a newline (the tr command), strips out the parentheses (the next two sed commands), then sorts it and returns only the unique values.  The end result, stored in unique-file.txt, contains a list of unique MailTags keywords used in all your mailboxes.

Useful, eh?

Tags: , ,

Listing Unique Projects Used by MailTags

Thursday, August 23, 2007 in Macintosh by slowe | No comments

Spurred to see if I could become more efficient than I am currently, I’ve been experimenting with some GTD-style applications.  As a result of my experiments, I found that I needed a list of all the MailTags projects I’ve ever used in any of my mailboxes.  (To make a long story short, I want to use the same project names across all applications—Mail, GTD application, Spotlight comments for files, etc.)  While you can see a list of projects in the Preferences, that list does not include all projects that might ever have been used.

It only took a few minutes of experimentation in the Terminal to come across the mdls command, which lists metadata for a file (or group of files).  Perfect!  Using mdls, I listed the metadata for an e-mail message, and found that it was the kMDItemProjects attribute that was used by MailTags.  With that information in hand, I hacked together this quick process for listing all the projects in use across all my mailboxes (I’ve used a backslash to indicate line continuation; lines are wrapped here for readability):

mdls <mailbox path>/*.emlx | grep kMDItemProjects >> \
~/all-projects.txt

Repeat this command for each mailbox (for example, I have a separate archive mailbox for each year).  Once you’ve enumerated the information for all the mailboxes, then parse it down like this:

sort all-projects.txt > sorted-projects.txt
uniq sorted-projects.txt > unique-projects.txt

Now the file “unique-projects.txt” contains all the unique project names that are in use across all your mailboxes.  Very handy!  Now, if only obtaining a unique list of all the MailTags keywords were as easy…

Tags: , ,

Failed Disks with the Data ONTAP Simulator

Thursday, August 23, 2007 in Storage by slowe | No comments

Last year I wrote about using the Network Appliance Data ONTAP Simulator on ESX Server, and in the comments to that article a number of people indicated that they’d been having problems with adding disks to the Simulator.  The disks they added would show up as failed, and therefore couldn’t be added to any aggregates or volumes.

Readers Sdodson and Jacek provided workarounds in their comments here and here; as it turns out, this is the official workaround from NetApp, as described in this support article (login required).

So, if you’re using the Simulator and happen to run into this problem, the fix is simply to mark the disks as unfailed, zero them, and then you should be able to use the disks as you expect.

Tags: ,

Error Connecting to VM Console

Wednesday, August 22, 2007 in Virtualization by slowe | 5 comments

During an upgrade of a server running ESX Server 3.0.0 to ESX Server 3.0.2, we also moved the server to a new server room on a new subnet.  The upgrade itself was uneventful and took only a few minutes (as I had expected), but what happened afterward caught me a little off-guard, as did the eventual solution.

We needed to change the IP address of the service console, so after the upgrade was complete I simply edited the /etc/sysconfig/network-scripts/ifcfg-vswif0 file to include the new IP address, restarted networking, and went on about my way.  Everything seemed fine; the ESX host responded across the network, responded properly within VirtualCenter, powered on the VMs, etc.  In hindsight, I probably should have used the esxcfg-vswif command instead of editing the configuration file directly, but as they say, “Hindsight has 20/20 vision.”

It wasn’t until a few minutes later that we realized we were unable to connect to any VM’s console.  When we tried to open a VM’s console, we received an error message to the effect that the “host had responded incorrectly”.  Strangely enough, this problem only seemed to affect VI client installations; we were able to connect without any problems from the VirtualCenter server itself.

Thinking that perhaps we had run into an ACL on one of the network switches, I tried opening a telnet connection to TCP port 902 on the VirtualCenter server.  That worked just fine, so that eliminated the possibility of a router/switch ACL blocking the traffic, and also eliminated the possibility that a host-based firewall on the VirtualCenter server was causing the problem.  (A second review a couple minutes later verified again that Windows Firewall was not running and therefore could not be the problem.)  It wasn’t DNS name resolution; both the VC server and VI clients were able to resolve the hostnames of all the ESX servers as well as the individual guest VMs.

“Aha!” I thought.  “I need to restart mgmt-vmware because I didn’t restart that service after changing the IP address.”  Alas, that didn’t work either.

Finally, a Google search turned up this thread and this thread from the VMTN Community Forums, both of which referenced the /root/anaconda-ks.cfg file.  An Anaconda kickstart file causing the problem?  It didn’t make any sense to me, but just for kicks I made the following changes:

  • Edited the /root/anaconda-ks.cfg file to show the correct IP addressing information for the Service Console
  • Edited the /etc/sysconfig/network file to have the right gateway IP address (strangely enough, the Service Console seemed to be routing traffic correctly even with an incorrect gateway IP address)
  • Restarted networking and the mgmt-vmware services

Lo and behold, the VM consoles now worked perfectly.  I’m still not sure which of the changes actually corrected the problem; I hope to be able to try to recreate this problem in the lab and more closely determine what the exact cause and resolution were.  When I have some additional information, I’ll post it here.

Anyone else run into this problem?

Tags: , , ,

XenSource Bidding War

Tuesday, August 21, 2007 in Virtualization by slowe | No comments

Several virtualization-related blogs are commenting on this article by The Deal titled “Redmond to spoil XenSource buy?”.  Is Microsoft preparing to launch a bidding war for XenSource, or are they content to allow Citrix to gobble up the small virtualization company?

‘It is quite likely that Microsoft may put in a competing bid on XenSource to the level of $1 billion,’ said Trip Chowdhry, senior software analyst at Global Equities Research. ‘And I would say if Microsoft puts in a bid, IBM won’t stand still.’

But not everyone is convinced:

‘I see nearly zero possibility Microsoft steps in and bids,’ said Walter Pritchard, a financial analyst at Cowen and Co. LLC. ‘Microsoft is already too far down the road with its own technology in this area.

I have to say that I’m with the naysayers on this one.  Microsoft has already invested so much in Windows Server Virtualization (aka “Viridian”), their own hypervisor, that attempting to purchase XenSource would be tantamount to admitting their own hypervisor is somehow lacking.  And what would they get, anyway?  The Xen hypervisor itself is open sourced, so the purchase would only get them access to XenSource’s management products that run on top of the Xen hypervisor, providing functionality like XenMotion (live migration), hot-plug of resources, etc.  Would they fork the Xen hypervisor and make it their own?  That might prove to be a viable short-term strategy, but I suspect that it would come back to bite them in the long-term.

Besides, Citrix is already stating that their purchase of XenSource is not intended to help them compete directly against Microsoft.  Observe this quote from the official Citrix press release regarding the XenSource acquisition:

…XenSource has built a strategic relationship with Microsoft designed to ensure broad interoperability between XenSource products and the upcoming Microsoft Windows hypervisor, code named “Viridian”. This relationship complements and broadens the successful partnership between Citrix and Microsoft…

And this one:

Citrix currently intends to distribute the XenEnterprise product line through more than 5,000 channel partners with proven expertise in enterprise datacenter solutions built on the Windows Server platform.

Also, refer to this quote by Simon Crosby, CTO of XenSource, during an interview with virtualization.info:

Citrix has a long history of embracing the Microsoft Windows platform and adding value on top of it and will do the same with the upcoming Viridian platform.

I could go on, but that seems sufficient.  Citrix has far too much to lose, in my opinion, by alienating Microsoft; after building its business on the back of Microsoft’s product offerings for years, that would seem an awful lot like biting the hand that feeds you.  No, I think Citrix will take the Xen hypervisor and embed it into a future version of Presentation Server or Citrix Desktop Server, and then shape the XenEnterprise management software to work not only with the Xen hypervisor but also with Windows Server Virtualization, whenever Microsoft finally gets that into the market.  This reasonably safe strategy allows them to gain immediate value by enhancing their own product offerings and positions them to be a value-added provider once Microsoft’s virtualization solution finally reaches the masses.

Tags: , ,

« Older entries