March 2009

You are currently browsing the monthly archive for March 2009.

Storage Alignment Document

Tuesday, March 31, 2009 in Storage, Virtualization by slowe | 16 comments

NetApp has recently released TR-3747, Best Practices for File System Alignment in Virtual Environments. This document addresses the situations in which file system alignment is necessary in environments running VMware ESX/ESXi, Microsoft Hyper-V, and Citrix XenServer. The authors are Abhinav Joshi (he delivered the Hyper-V deep dive at Insight last year), Eric Forgette (wrote the Rapid Cloning Utility, I believe), and Peter Learmonth (a well-recognized name from the Toasters mailing list), so you know there’s quite a bit of knowledge and experience baked into this document.

There are a couple of nice tidbits of information in here. For example, I liked the information on using fdisk to set the alignment of a guest VMDK from the ESX Service Console; that’s a pretty handy trick! I also thought the tables which described the different levels at which misalignment could occur were quite useful. (To be honest, though, it took me a couple of times reading through that section to understand what information the authors were trying to deliver.)

Anyway, if you’re looking for more information on storage alignment, the different levels at which it may occur, and the methods used to fix it at each of these levels, this is an excellent resource that I strongly recommend reading. Does anyone have any pointers to similar documents from other storage vendors?

Tags: , , , , , , , , , ,

My Current Mac Applications

Friday, March 27, 2009 in Macintosh by slowe | 8 comments

A colleague recently bought a MacBook Pro. As a switcher, I figured he would need some recommendations on applications to use on his new Mac, and I know it had been quite some time (3 years!) since I’d discussed what Mac applications I use on a day-to-day basis. To kill two birds with one stone, I figured I would post a quick list about some of my recommended Macintosh applications.

Free or Open Source Applications

We’ll start with free and/or open source applications. (I break out “free” and “open source” because there are applications that may be available at no charge, but whose source is not available.)

Adium: This multi-service IM client is, in my opinion, the best Mac OS X IM client available, hands down. Aside from not supporting video chat—the only reason I can come up with to use iChat instead of Adium—this client does pretty much everything you need. Adium supports AppleScript and Growl notifications. Support for OTR (Off The Record) chat encryption is built in. Adium is available for download from the Adium web site.

Camino: Camino is a Mac OS X-native web browser from Mozilla. Unlike Firefox, Camino was built from the ground up to be a Mac application. It uses the same rendering engine as Firefox, but doesn’t support Firefox extensions. If you’re big on Firefox extensions, stick with the Mac build of Firefox. Visit the Camino web site for more information. If I had one complaint about Camino, it would be the fairly limited AppleScript support in the current release.

Colloquy: Into IRC? This is an excellent IRC application for Mac OS X. It supports AppleScript, Growl notifications, and can connect to multiple servers. I especially like Colloquy’s Smart Transcripts feature, which let me filter out conversations in busy chat rooms so that I can see the ones I’m most interested in joining. That’s pretty handy at times. Colloquy’s web site has more information.

Cyberduck: Cyberduck is an FTP/SFTP application. It supports AppleScript and Spotlight, Growl notifications, and Bonjour. It’s not the fastest FTP/SFTP application out there (last time I checked, that honor went to Interarchy), but it’s pretty slick. Visit the Cyberduck web site for downloads.

Growl: Growl isn’t an application per se; it’s a way for applications to supply notifications to the user in a consistent yet highly customizable fashion. Growl support is quickly becoming a “must have” for Mac applications, and you’ll see that almost all the applications I use support Growl. Surf on over to the Growl web site to download the latest version.

NetNewsWire: I’m into RSS feeds, and my RSS reader of choice is NetNewsWire. NetNewsWire offers integration with various del.icio.us clients (like Pukka) , weblog editors (like ecto), and supports AppleScript and Growl notifications. You can get NetNewsWire from the Newsgator web site. NetNewsWire is free, but not open source (at least, not to my knowledge).

Quicksilver: How does one describe Quicksilver? To call it an application launcher doesn’t really do it justice. Yes, you can use it to quickly launch applications, but you can also use it to build ad-hoc workflows like finding a contact in Address Book and creating a new e-mail message to that contact. Or finding a document and attaching it to a new e-mail message. Or quickly opening a URL in your default web browser. Or initiating a Google search. Or…well, you get the idea. I believe you can still get Quicksilver from the Blacktree web site, as well as from a Google Code site. (Some people have reported problems getting Quicksilver to run, but it’s been rock solid for me.)

Paid Applications

There are a number of paid applications that I use on a daily basis as well.

ecto: This weblog editor allows me to compose all my blog entries offline and then post them later. It works with a number of different weblog systems. I’ve been using ecto since the very first days of this site and I can’t imagine doing it any other way. More information on ecto is available from their web site.

Microsoft Office 2008: Like it or not, compatibility with the rest of the professional world still remains a critical issue, so I use Microsoft Office 2008. Yes, I know that OpenOffice exists (and has a native Aqua port), and I know that iWork supports Office formats, but it’s easier for me to just use Office and not have to worry about it. At least in this version Microsoft has added Automator support for building workflows using Office applications.

OmniFocus: If you are a GTD fan, you’ll like OmniFocus. (You may also like OmniFocus for iPhone as well, which has the ability to synchronize with the Mac version.) Projects, contexts, next actions—it’s all there. And it supports AppleScript, comes with a plug-in of sorts for Apple Mail, and leverages Growl notifications. See the OmniGroup web site for information.

OmniGraffle Professional: Also by the same folks that make OmniFocus (as if you couldn’t tell by the name of the application) comes OmniGraffle. It’s the closest you’ll come to Visio on the Mac, and in fact has the ability to read Visio binary (.VSD) files. It can also export Visio XML (.VDX) files. The OmniGroup web site has more details.

TextMate: There are numerous free text editors out there, but something about TextMate makes me like it. UNIX die-hards like it, Mac fans like it, and it offers great integration with other applications (like your FTP/SFTP client, so that you can edit files directly on remote servers). Visit the Macromates web site for information on TextMate.

Well, that’s not all the applications I use, but these are the ones that I find myself using on a daily basis. I can’t think of a day that goes by that I’m not running Adium, Camino, NetNewsWire, OmniFocus, TextMate, and Office—typically all at the same time.

Some other applications that I also use include:

So there it is—my list of most commonly-used Macintosh applications. I hope it’s helpful to some of you switchers out there!

Tags: , , , , , ,

Next-Gen Stuff: Verifying the SHA-1 Fingerprint

Wednesday, March 25, 2009 in Security, Virtualization by slowe | 20 comments

This post is not necessarily specific to next-generation ESX/ESXi and vCenter Server, but it was prompted by behaviors in these products. (Besides, the truth is that I’m really just trying to be sensationalist and capitalize on interest in the next-generation products.)

When you add an ESX/ESXi host to vCenter Server in the next generation of products, you will receive a security warning that displays the SHA1 thumbprint (or fingerprint) of the ESX/ESXi host’s default SSL certificate. The fact that the dialog box displays the SHA1 fingerprint got me to thinking—how does one go about verifying the SHA1 fingerprint to ensure that the host to which you are connecting is really the host you think it is? I mean, that’s the idea behind displaying the fingerprint, isn’t it? Paranoid people will then go to the specific host in question, generate the fingerprint on the SSL certificate, and then compare the two fingerprints to make sure they are identical.

I haven’t figured out a way to do this for ESXi yet, but for ESX you can verify the SHA1 fingerprint of the SSL certificate using this command:

openssl x509 -sha1 -in /etc/vmware/ssl/rui.crt -noout
-fingerprint

This should all be on a single line; I’ve wrapped it here for readability. The command will then display the SHA1 fingerprint on the SSL certificate, which you can compare to the fingerprint displayed in the vCenter Server dialog box to ensure that the two values match. (If you’re really paranoid, you’ll run this command at the server’s physical console and not remotely. Unless, of course, you took the time to actually verify the SSH key fingerprints when you first connected via SSH, but that’s an entirely different post.)

So, here’s the real question: how does one verify the SHA1 fingerprint for an ESXi host? The ideal solution should not require the use of any unsupported hacks. (And yes, I know that you can view the SSL certificate, and thus the SHA1 fingerprint, by connecting to the ESXi host remotely using a web browser. But you still don’t know for sure that the host to which you connected is the host you thought it was, do you?)

UPDATE: At the ESXi console, logging in and selecting the “View Support Information” menu item will display the SSL fingerprint. Challenge solved!

Tags: , , , , , , ,

Viewing CDP Data on VMware ESX

Tuesday, March 24, 2009 in Networking, Virtualization by slowe | 9 comments

A couple of weeks ago I wrote about enabling Cisco Discovery Protocol (CDP) on next-gen ESX/ESXi and made the comment that I hadn’t yet found a way to view CDP data from the ESX side. One of the great things about writing a blog is that insightful and knowledgeable readers share some great information with you, and you learn a lot! That’s the situation here.

Viewing CDP data from the Cisco switch is easy. From the switch’s command prompt, use this command:

show cdp neighbors

This will display the CDP information that the switch has gathered. When CDP is enabled on ESX/ESXi, that will include information on which VMnics are attached to which switch ports.

From the ESX side, you can use this command:

esxcfg-info | more +/CDP\ Summary

This searches for the string “CDP Summary” in the output of the esxcfg-info command. The output from that command will include information about the switch to which the ESX host is connected, the ports to which the NICs are connected, and associated VLANs. The screenshot below shows some of the output from this command.

esxcfg-info-cdp.png

Thanks go to reader Larry for the information on this command. Other readers, feel free to continue to share information here. It is helpful!

Tags: , , , , ,

Welcome to Hyper9!

Monday, March 23, 2009 in General, Virtualization by slowe | No comments

I’d like to welcome our second sponsor, Hyper9! As you know, Hyper9 recently launched their flagship search-based administration product. I’m excited to be able to partner with them and I appreciate their sponsorship of the site.

If there are any other companies out there that may be interested in sponsoring the site, I have a few spots still remaining. Feel free to contact me if you want more information.

Tags: , , ,

Hyper9 Goes GA

Thursday, March 19, 2009 in Virtualization by slowe | No comments

OK, so I’m a bit slow with this one. (Sorry, folks—writing a book, preparing a presentation for Virtualization Congress, preparing a presentation for the local VMware Users’ Group here in the Raleigh-Durham area, preparing several presentations for my employer’s national sales meeting, and working my full-time day job has me just a bit busy.)

In any case, the search-based administration tool that David Marshall and crew have been laboring away on building has finally made it to general availability. Hyper9′s search-based interface makes it easy for VMware administrators to quickly and easily “slice and dice” their infrastructure to find the information they need. Think of it as data mining for your VMware Infrastructure.

For more information or a free trial, visit the Hyper9 web site. The full announcement is available here on the Hyper9 Community site. (By the way, kudos to fellow blogger Rich Brambley for getting a mention in the official announcement. Way to go, Rich!)

Additionally, Hyper9 is releasing the H9Labs Search Plugin for VI Client, a plug-in developed by Andrew Kutz. Andrew, as you’ll recall, was an early innovator in creating third-party plug-ins for the VI Client. The H9Labs Search Plug-in is available free of charge from the Hyper9 online store.

Congratulations to David, Andrew, and the rest of their team on finally reaching this milestone. Good work!

Tags: ,

Cisco UCS Virtualization-Optimized CNAs

Wednesday, March 18, 2009 in Networking, Virtualization by slowe | 14 comments

There’s some great information being shared in the comments to my “More on Cisco UCS” post. So good, in fact, that I thought it entirely and completely appropriate to bring that information into the limelight with a full-blown post.

If you look back at the diagram that’s included in that UCS post, toward the bottom you’ll see a very small blurb about some Cisco UCS Network Adapters that are optimized for efficiency and performance, compatibility, and virtualization. In a nutshell, the idea here is that there are three different CNA families targeted at different markets: high-performance Ethernet, compatibility with existing driver stacks, and virtualization. Users will choose the CNA that best suits their needs. For the purposes of this post, I’d like to discuss the virtualization-optimized CNA.

The idea here is that the virtualization-optimized CNA (what is being referred to as “Palo”) will leverage a number of different technologies in virtualized environments:

  • It will utilize SR-IOV (Single Root I/O Virtualization), a PCI SIG standard for allowing a physical network adapter to present multiple virtual adapters to upper-level software, in this case the hypervisor. This eliminates the need for the hypervisor to manage the physical network adapter and allows VMs to attach directly to one of the SR-IOV virtual adapters (or, as Brad Hedlund put it in this comment to my original article, an “SR-IOV slice of the adapter”).
  • It will utilize Intel I/O Acceleration Technology (Intel I/OAT) to minimize bottlenecks in the hardware and allow the server to better cope with massive dataflows like those generated by 10GbE adapters.
  • It will use Intel Virtual Machine Device Queues (VMDq) to improve traffic management within the server and decrease the processing burden on the VMM, i.e., the hypervisor.

Together, these technologies can be referred to as Intel VT-c. The virtualization-optimized drivers will also take advantage of Intel VT-d to provide hardware-assisted DMA remapping and better protection and performance of direct-assigned devices.

“OK,” you say. “But where is all this leading?” Good question! Let’s bring it all together.

Today, in the VMware space, virtual machines are connected to a vSwitch because connecting them directly to a physical adapter just isn’t practical. Yes, there is VMDirectPath, but for VMDirectPath to really work it needs more robust hardware support. Otherwise, you lose useful features like VMotion. (Refer back to my VMworld 2008 session notes from TA2644.) So, we have to manage physical switches and virtual switches—that’s two layers of management and two layers of switching. Along comes the Cisco Nexus 1000V. The 1000V helps to centralize management but we still have two layers of switching.

That’s where the “Palo” adapter comes in. Using VMDirectPath “Gen 2″ (again, refer to my TA2644 notes) and the various hardware technologies I listed and described above, we now gain the ability to attach VMs directly to the network adapter and eliminate the virtual switching layer entirely. Now we’ve both centralized the management and eliminated an entire layer of switching. And no matter how optimized the code may be, the fact that the hypervisor doesn’t have to handle packets means it has more cycles to do other things. In other words, there’s less hypervisor overhead. I think we can all agree that’s a good thing.

<aside>I’ve clashed with a couple of different people thus far because of differences on perspective with regard to UCS. OK, specifically, it’s been regarding people who insist that UCS isn’t a blade server. OK, UCS as an overall system is not a blade server, but the B-Series blades are a significant part of this overall system—so to say that Cisco’s isn’t building blade servers really isn’t accurate. They are building blade servers, but these are blade servers with an as-yet-unseen level of integration with other technologies. If there is one area in which UCS stands apart from any other blade server-related solution on the market, it would be this level of integration, especially the integration with virtualization technology.</aside>

Chad Sakac of EMC touches on this very lightly in his latest post. Being who I am, though, I much prefer digging a bit deeper to better understand exactly what’s going on.

UCS experts, feel free to correct me or clarify my statements in the comments. Thanks!

Tags: , , , ,

Site Maintenance

Wednesday, March 18, 2009 in General by slowe | No comments

The site will be going down for site maintenance on Monday, March 23, at approximately 11PM MST (GMT-7). The site could be unavailable for as much as 2 hours. According to my hosting company (Bluehost), the hardware on which the site is running is getting upgraded. We should see an improvement in performance as a result of the upgrade.

I apologize in advance for any inconvenience.

Tags: , ,

Linux VDI and Mobile VM Admin

Monday, March 16, 2009 in Linux, Virtualization by slowe | 2 comments

In all the noise surrounding Cisco UCS, a couple of other smaller news releases were drowned out.

Leostream has partnered with NoMachine that will see Leostream integrating NoMachine’s NX protocol into their connection broker in order to support Linux-based virtual hosted desktops. You can read the full news release is here or here. This will allow Leostream to try to gain ground on VMware View by supporting not only Windows-based hosted virtual desktops, but also virtual desktops running Linux. I think this is a good move by Leostream to further differentiate themselves from market leader VMware, but whether it will be enough to make a difference is another story.

Also today, Rove released version 4.2 of their Mobile Admin product, a product designed to allow administators to manage their infrastructure from the ever-present mobile device. The press release is available here. Rove offered to provide a trial for me to use, but as they don’t yet offer a native iPhone version of Mobile Admin, I had to decline. (Rove is quick to point out that you can use Mobile Safari on the iPhone to access the web version of their application, however. Personally, I prefer native applications.) Mobile Admin is available for the BlackBerry and for Windows Mobile. If you’re in need of some sort of mobile administration solution, this might fit the bill. I’d love to hear from some readers who have used this product—is it good?

Tags: , , , ,

More on Cisco UCS

Monday, March 16, 2009 in Networking, Virtualization by slowe | 19 comments

The entire IT world is abuzz with talk of Cisco’s Unified Computing System (UCS). I pointed out a few of the various UCS announcements in this earlier post, and now I’d like to just expand a little bit upon the solution.

UCS essentially consists of 4 major components:

  • The UCS 6100 Series Fabric Interconnect devices, running Cisco UCS Manager
  • The UCS 2100 Series Fabric Extender, with up to 2 of them running in each chassis
  • The UCS B-Series blades, either half-width (8 blades per chassis) or full-width (4 blades per chassis), and up to 40 chassis per system
  • UCS network adapters supporting DCE/CEE/DCB and FCoE, apparently coming in three different flavors (efficiency/performance, compatibility, and virtualization)

This diagram shows an overview of UCS:

cisco-ucs-components-overview.gif

With the exception of the UCS Manager software and the Converged Network Adapters (CNAs), everything else is pretty standard stuff:

  • The UCS 6100 is essentially a Nexus 5000, but with the ability to run the UCS Manager software.
  • The UCS 2100 is essentially the same as the Nexus 2000 Fabric Extender (FEX), but in a form factor that is intended to plug into the UCS chassis.
  • The B-Series blades are industry standard blades running Intel Nehalem CPUs, standard hot-plug hard drives, and 10Gb CNAs.

The CNAs appear to be one area in which there may be some innovation. In particular, the virtualization-optimized CNA appears to extend some new functionality into the virtualization layer itself, although it’s currently unclear exactly how, or how the virtualization layer will leverage that functionality. It sounds like SR-IOV to me, but others are indicating that it’s an offshoot of Intel’s VT-d technology. Speaking specifically with regard to VMware ESX/ESXi, I would guess that this will need to be combined with VMDirectPath, as it appears to replace the need for the vSwitch within the ESX/ESXi host. Personally, I’d rather not replace the vSwitch and instead allow the UCS 6100 and/or UCS Manager to manage Nexus 1000V VEMs on the ESX/ESXi hosts instead. This will truly bring unification without adding complexity.

The real wildcard here is UCS Manager. Although the Cisco webcast spoke frequently of the “open APIs” and “XML APIs” that other partners can leverage, but nothing substantial or significant was released regarding UCS Manager. Lots of questions have yet to be answered, but the one that really jumps out at me is this one:

How will an organization need to organize their storage in order to take advantage of UCS?

I’m guessing here that organizations will need to do boot-from-SAN in order to gain the true flexiblity and agility that UCS is supposed to provide. In that case, what Cisco is supplying is not that dramatically different from a multi-vendor solution that utilizes something like Scalent to provide automation. Of course, Cisco’s solution is from a single vendor and is supposedly more integrated.

So, there are my initial thoughts. What about you?

Tags: , , , ,

« Older entries