September 2010

You are currently browsing the monthly archive for September 2010.

Stretched Cluster Presentation from Denver VMUG

Thursday, September 30, 2010 in Networking, Storage, Virtualization by slowe | 10 comments

I had the honor of speaking in front of the Denver VMUG on Tuesday of this week. It was a blast, and I got to meet a great group of people. I received some positive feedback on the presentation that I gave at the VMUG, so I thought I’d share it here as well.

 

This is my first time using SlideShare, and I’ll probably go back and update the slide deck here since some of the builds and formatting get lost in the conversion. If it’s well-received by the readers, I’ll likely post some other presentations I’ve given as well. Let me know your thoughts—both on the idea of embedding more presentations here as well as any thoughts on this particular presentation—in the comments below. Thanks!

Tags: , , , , ,

A Collection of vCloud Director Links

Tuesday, September 28, 2010 in Virtualization by slowe | 6 comments

Since VMworld 2010, I’ve been collecting vCloud Director-related links—and there have been a bunch of them! I’m sure that the short collection I have here are only a subset of all the great material that’s been published on this new product. In any case, here’s my collection of vCloud Director links:

VMware: Uptime (Business Continuity) Blog: Backing up, and restoring, VMware vCloud Director provisioned virtual machines
VMware vCloud Director Evaluator’s Guide
VMware KB: Creating network pools in VMware vCloud Director
VMware KB: Installing VMware vCloud Director software on the first server
Video Guide: Taking VMware vCloud Director for a spin…and on the GO!
Diagram: The VMware vCloud Director Cell Architecture
Diagram: VMware vCloud Director Networking Architecture
vCD – Networking part 2 – Network Pools
Error during creation of NAT Routed network via VMware vCloud Director (vCD)
Creating a vCD Lab on your Mac/Laptop
VMware vCloud Director Building Block (Resource Group) design
How To: Configure vCD public console proxy address
vCD – Allocation Models
Provider vDC: cluster or resource pool?
RE: Migrating your VMs from vSphere to vCloud Director and vice versa
vCD – Networking part 3 – Use case
vCD – Networking part 1 – Intro
Creating a VMware vCloud Director Cluster
vCloud Director Architecture
vCloud Director Networking for Dummies
Automating vCloud Director and Oracle DB Installation

If anyone else has any links I should add to this list, let me know. Thanks!

UPDATE: I’ve added several new links from the comments. Thanks—keep the additional links coming!

Tags: , , ,

Technology Short Take #4

Tuesday, September 28, 2010 in Networking, Storage, Virtualization by slowe | No comments

Welcome to Technology Short Take #4, the latest collection of virtualization, storage, networking, and other data center-related links, news, thoughts, and views. As always, I hope you find something interesting here!

  • First up, we’ll revisit the idea of multi-hop FCoE. You might recall a couple of articles I wrote a while ago about Network Interface Virtualization (NIV) and the role of NIV in FCoE. One of my new favorite networking bloggers, Ivan Pepelnjak, picked up this same topic recently in this post on multi-hop FCoE. (Did I also link to his earlier multi-hop FCoE piece?) Anyway, it’s a good read and worth reviewing if you’re at all unclear about how these various technologies play together.
  • William Lam—whose Virtually Ghetto blog joined the Top 25 Virtualization Blogs in the last round of voting—has published a primer on VMware vsish, the VMkernel System Interface Shell. William has done an awesome job of providing a great level of detail and information about this previously undocumented utility. Great work, William, and congratulations on your top 25 blog position!
  • Frank Denneman has posted another great in-depth technical article on how the ESX/ESXi CPU scheduler handles NUMA nodes and wide VMs. This is seriously good stuff and should be on the must-read list for anyone wanting to better understand how ESX/ESXi works. Frank also had a post on resource pools and simultaneous vMotions that is worth reading. Yet another reason not to use resource pools as a folder structure!
  • Fellow co-worker Aaron Delp brought to light a key design consideration: how should a VMware architect handle 10GbE and vSphere 4.1′s increased vMotion throughput? His article (available here) triggered a number of other articles, such as this article on VMware QoS designs with Cisco UCS and Nexus by noted networking expert Brad Hedlund. I love it when a fellow blogger triggers a great conversation like this. Good stuff!
  • Noted VMware performance guru and (now) vSpecialist Scott Drummonds recently posted a great piece on optimizing vSphere for hyper-threading. In his article, Scott discusses the NUMA.preferHT configuration parameter and the potential implications of using that parameter. Also be sure to check out Scott’s article on databases, storage, and solid state disks. This is just another example of needing to take a holistic approach to performance and how new technologies (like EMC FAST in this article) are affecting designs.
  • Justin Guidroz had a good post with a script aimed at helping update the IPMI settings on ESX hosts with the settings from UCS Manager. Why is this important? IPMI is the mechanism whereby VMware vSphere can power servers down as part of VMware Distributed Power Management (DPM), and out-of-sync settings can prevent DPM from working properly.
  • If you’ve ever wanted to better understand mirror positions in EMC’s Symmetrix arrays, fellow vSpecialist Travers Nicholas has a good write-up here. Mirror positions are a key part of how the Symmetrix operates, and Travers does a good job of explaining the basics.
  • On the Hyper-V side of the blogging world, I’ve seen a few interesting posts come from Ben Armstrong (aka Virtual PC Guy), who appears to be on something of a scripting kick. First there’s this article on setting up non-administrative control of Hyper-V, followed up by creating a Hyper-V Administrators local group through PowerShell. Oh, and Ben continued his series on working with Hyper-V dynamic memory with this post on changing the minimum memory.
  • If you are using VM failure monitoring with VMware HA, this recent VMware KB article shows you how to determine if a VM reboot was caused by VMware HA.

I guess that’s about it for this time around. Before I go, though, here are a few miscellaneous links you might find interesting:

10 Networking Books to read before you die
EMC Replication Manager With vSphere 4 and LVM.EnableResignature
RecoverPoint in Vblock for SAP
Error Upgrading VMware Tools vSphere 4.1
Automating ESXi 4.1 Kickstart Tips & Tricks

As always, feel free to share other links or items in the comments below. Thanks for reading this far!

Tags: , , , , , , , , , ,

New User’s Guide to Symmetrix VMAX Auto Provisioning Groups via CLI, Part 1

Wednesday, September 22, 2010 in Storage by slowe | 7 comments

Readers who also follow me on Twitter have probably noticed that I’ve been in an EMC Symmetrix VMAX training class this week. As part of that class, we’ve been working with Auto-Provisioning Groups. For other users who might be new to SYMCLI (the Symmetrix CLI) and Auto-Provisioning Groups (APGs), I thought this “new user’s guide” to APGs via the CLI might be handy. Comments from experienced users are welcome! In future posts, I’ll provide some additional commands for modifying and viewing APGs via CLI.

Note that this guide doesn’t discuss the requirements for SYMCLI (such as Solutions Enabler) or other prerequisites. I’ll likely cover those pieces in future blog posts.

An APG, at its most basic level, consists of four items:

  1. A storage group containing one or more devices or device groups
  2. A port group containing one or more front-end director ports
  3. An initiator group containing one or more host initiator ports, denoted by their World Wide Port Name (WWPN)
  4. A masking view that combines a storage group, a port group, and an initiator group

OK, with that (very) basic introduction out of the way, here are some commands to create an APG from the command line.

To create a storage group, use this command:

symaccess -sid <Symmetrix ID> create -name <Storage group name> -type storage -devs <Device IDs>

The device IDs are the IDs of the Symmetrix Logical Volumes you created using SYMCLI or Symmetrix Management Console (SMC).

To create a port group containing one or more ports from one or more directors, use this command:

symaccess -sid <Symmetrix ID> create -name <Port group name> -type port -dirports <Director slice:Port number,Director slice:port number...>

The Director slice:Port number would look something like 7e:0 for port 0 on director slice 7e (which would be in enclosure 4).

To create an initiator group, I would first recommend that you create a text file containing a list of all the WWPNs for the initiators in the group, like this:

WWN:1234567890abcdef
WWN:abcdef0123456789
...

Once you have the text file created, you can then create an initiator group using this command:

symaccess -sid <Symmetrix ID> create -name <Initiator group name> -type inititator -file <Text file of initiators>

At this point, you can run symaccess -sid <Symmetrix ID> list and you’ll see the storage, port, and initiator groups you just created.

To combine these groups into a masking view, use this command:

symaccess -sid <Symmetrix ID> create view -name <Masking view name> -storgrp <Storage group name> -portgrp <Port group name> -initgrp <Initiator group name>

This creates the masking view that contains all three objects—the storage group, the port group, and the initiator group—and automatically performs the mapping (associating devices with directors) and masking (exposing devices to hosts) operations.

To get more details on the masking view once it is created, use this command:

symaccess -sid <Symmetrix ID> show view <Masking view name>

The output from this command will show you details on the devices in the storage group, the ports in the port group, and the initiators in the initiator group.

Tags: , , ,

Thinking Out Loud: OSPF Summary Routes

Monday, September 20, 2010 in Networking by slowe | 7 comments

While working through some OSPF configurations in preparation for my CCNA exam next week, I noticed something I thought was odd, and I don’t really understand why it’s behaving in this manner. I thought perhaps a networking expert can enlighten me.

First, a quick summary of what I have configured:

  • I have an OSPF area 0 with a single backbone router contained entirely in area 0 and two area border routers (ABRs). The ABRs span area 0 and areas 1 and 2: one router is connected to both area 0 and area 1, the other is connected to both area 0 and area 2.
  • I have an area X range command in the configuration of the routers. For example, area 0 contains only networks in the 192.168.0.0/19 range, so I used area 0 range 192.168.0.0 255.255.224.0 in the configuration of the area 0 router.
  • Similarly, the ABRs for areas 1 and 2 also contain area X range statements. Area 1 uses 192.168.32.0/19; area 2 uses 192.168.64.0/19. The area X range statements are configured appropriately for each ABR and each area.

The behavior I’m seeing is that the route summarization works; instead of showing different routes for all the subnetworks in area 1, the routers in areas 0 and 2 only show the summary route. That’s all as expected. Also expected is that the ABRs show the detailed routes within the areas to which they are connected.

What’s not expected, though, is that the ABRs also have a summary route for their own area that is connected to the Null0 interface. For example, the ABR that connects to both area 0 and area 1 shows detailed routes for areas 0 and 1, a summary route for area 2, and another summary route for area 1 connected to Null0.

The same is true for both ABRs, but not for the backbone router whose interfaces are contained entirely in area 0.

So what’s up with this Null0 interface and associated route?

Tags: ,

Reverting Project Behavior in OmniFocus

Monday, September 13, 2010 in Macintosh by slowe | 2 comments

I recently updated OmniFocus on my MacBook Pro to version 1.8, the latest version, and noticed something that was—to me, at least—quite disturbing. Projects that had no child actions were now displaying in my Contexts view! Besides running counter-intuitive to my (albeit limited) understanding of Getting Things Done (GTD), this new behavior just didn’t make sense to me.

A quick Google search turned up a forum discussion on the matter. Feelings were apparently running very strong about this matter, as individuals squared off on each side. Some people felt that having projects with no child actions appear in the Contexts view was perfectly natural. Their explanation was that completing child actions brought you ever closer to completing the project, and thus when all the child actions were complete you could then “complete” the project “action”. Others, like myself, felt that projects shouldn’t be included because you don’t “do” a project, and putting a project in the list of things you “do” didn’t make sense. After all, projects aren’t actions and actions aren’t projects.

Fortunately, there appears to be a fix. A hidden preference setting can be changed to prevent childless projects from appearing in Contexts view. The change is implemented as a URL, like this:

omnifocus:///change-setting?ContextModeShowsParents=false

This URL would then change it back:

omnifocus:///change-setting?ContextModeShowsParents=true

I searched for a way to change this setting using the more traditional defaults write technique, but couldn’t find any settings in the OmniFocus preferences file that changed when I issued these commands. I tried converting them to XML format using plutil and comparing them with diff, but that didn’t show any differences either. Searching the files using grep didn’t reveal any potential candidates either, so it appears that the only way to change this setting is to use the URL above. That implies to me that this setting is embedded inside the OmniFocus database, not in the preferences for the application.

In any case, if you’re using OmniFocus 1.8 and don’t want projects to show up in your Contexts view, you can change the behavior using the URL above.

UPDATE: It turns out that OmniFocus does have a menu command, on the View menu, to toggle this behavior. The Show/Hide Parent Items in Context View is the command you need. Thanks for all who pointed that out to me!

Tags: ,

Technology Short Take #3

Friday, September 10, 2010 in Microsoft, Networking, Storage, Virtualization by slowe | 4 comments

Welcome to Technology Short Take #3, a collection of links about key data center technologies like virtualization, networking, and storage. I’m still striving to broaden the scope of these posts to include even more storage and networking posts, so I’d love to hear feedback from readers on how well I’m doing and what other sources I should consider for inclusion here.

But enough of that for now; on with the content!

  • Priority Flow Control (PFC) is an as-yet-unratified IEEE standard (IEEE 802.1Qbb) that is often linked closely to Fibre Channel over Ethernet (FCoE). If you’re interested in getting a bit more information on PFC and you’re not (yet) a networking expert, this introduction to 802.1Qbb is pretty handy.
  • Didier Pironet recently documented some of vSphere 4.1′s advanced iSCSI settings. Good information, although what would be really handy was any recommendations around whether changing any of these settings should be considered and in what environments a change might be recommended. A future post, Didier?
  • Ben Armstrong (aka “The Virtual PC Guy”) has posted two articles so far dealing with how to script Hyper-V’s dynamic memory. Part 1 shows how to read the dynamic memory configuration; part 2 shows how to display the current usage information. Ben also recently published an article on parent memory reserve, which is how Hyper-V reserves money for the parent partition running Windows Server 2008.
  • This SearchTelecom.com article on Locator/ID Separation Protocol (LISP) gave me just the introduction I needed to LISP. After you read that article, you can continue your LISP education by visiting this brief blog post and checking out some of the other linked resources.
  • I’ve written before about multi-hop FCoE (here and here, for example), but this post on multi-hop FCoE 101 is a great read and highlights some of the differences in vendor implementations. Based on the article, it’s these differences in vendor implementations that often lead to disagreements between the vendors with regard to what’s required or not required. (It seems like I’m really digging some of Ivan’s stuff recently. I’m going to have to add him to my list of networking RSS feeds!)
  • Tried SLES 11 SP1 for VMware yet? Jase McCarty recently took it for a quick spin. Here are his thoughts.
  • Jason Boche recently posted a fix for an error with vCenter Service Status in vCenter Server 4.1.
  • For those readers who haven’t had the opportunity to work with Cisco’s Unified Compute System (UCS), there are lots of great bloggers out there writing about it—too many to name, in fact. Kevin Goodman captured a few of them in this list of Cisco UCS people and blogs. While you’re coming up to speed, though, this page from Cisco on upgrading the BIOS on a Cisco UCS server blade gives you an idea of how the system uses service profiles as the vehicle for almost everything. This similar post on Cisco’s web site breaks down the process of creating a service profile in UCS, a topic that I’ve tackled myself (with a four-part series that starts here).
  • This page listing the Cisco UCS B-series network adapters shows some “Gen 2″-type cards, such as the M72KR-E Emulex CNA. Did I miss an announcement? Unlike the “Gen 1″ cards, the “Gen 2″ cards aren’t hyperlinked for more information.
  • William Lam (@lamw on Twitter and elsewhere), whom I had the great pleasure of meeting personally last week while at VMworld 2010, has published what is likely to be the definitive primer on vsish, a largely undocumented utility. Check out the vsish write-up on William’s site. I also recently found an older article that William wrote on how to remove stale targets from vMA. vMA-related articles are almost like gold these days since all the geeks are needing a new command-line fix for ESXi.
  • Working on a VDI environment and want to disable some of the welcome stuff that Windows throws your way? Check this out.

There were a few other links that I collected as well but didn’t really have anything to say about them; still, in the event they might prove useful, here they are:

Krystaltek: What ESX Admins Group? – A Tale of RTSM and AD
vCenter SRM Automatic Failback Options Using EMC Storage
Support Insider: VMware Snapshots
Running the VMware vSphere Hypervisor stateless
Best practice in LUN design (VMware Communities)
VMware KB: Using a VNC Client to Connect to Virtual Machines
VMware KB: Do I choose the PVSCSI or LSI Logic virtual adapter on ESX 4.0 for non-IO intensive workloads?
VMware ESXi 4.1 does not use whole disk capacity for VMFS3

That should do it this time around. Thanks for reading, and feel free to suggest additional articles or links that you think other readers would find useful.

Tags: , , , ,

Keep Your Eyes on HyTrust

Thursday, September 9, 2010 in Security, Virtualization by slowe | No comments

I’m not a security expert (I’ll leave that to Ed or the Hoff), but if there’s a security company out there to keep your eyes on it is, in my opinion, HyTrust. Since releasing their security appliance in April of 2009, HyTrust has continued to expand their reach. Last week at VMworld 2010 in San Francisco, HyTrust made a few announcements to note:

  • On August 30, HyTrust announced HyTrust Cloud Control and out-of-the-box integration between the HyTrust Appliance and VMware vCloud Director. This combination brings HyTrust’s strong authentication, role-based access control, and visibility to vCloud Director environments. Other specific capabilities enabled by HyTrust Cloud Control include persistent zoning for multi-tenancy; detailed audit logging for compliance; and hardening and monitoring of the cloud services platform.
  • On August 31, HyTrust announced integration with RSA enVision (disclaimer: I work for EMC, RSA’s parent company). This means that HyTrust’s detailed logging and auditing information is passed to enVision for security information and event management purposes. The HyTrust Appliance offers granular role-based access controls, strong authentication, directory services integration, and command authorization, and with this integration passes all of its detailed logging information over to enVision to be rolled up into a broader set of logs that also include information from the VMware ESX/ESXi hosts, VMware vCenter Server, and VMware View connection servers for a holistic view of the entire virtualized environment. You can read the full press release here.
  • On September 1, HyTrust announced an update to the HyTrust Appliance that added new functionality. Significant new features in the update include support for smart card two-factor authentication; support for complex, multi-domain directories; single sign-on via Windows passthrough authentication; improvements to audit logs and new vCenter event archiving; application-level high availability for the HyTrust Appliance; support for VMware vSphere 4.1; and support for command-line management of the Cisco Nexus 1000V. This last item is particularly important; it enables the HyTrust Appliance to perform authorization of Nexus 1000V command line statements on a very granular basis. This functionality actually extends to the entire Nexus family, although the focus at this point is on the Nexus 1000V.

All in all, it looks to me like a pretty impressive set of updates. Based on a conversation between Eric Chiu (CEO of HyTrust), well-known analyst Chris Wolf, and me, I’d say that HyTrust has other impressive updates on the roadmap. Based on what they’ve delivered so far, I’m of the opinion that this is a company to watch. Keep up the great work, Eric and team!

Disclosure: I have no financial interest in HyTrust nor have I received any compensation from HyTrust. These views and opinions of HyTrust are mine and mine alone.

Tags: , , , ,

vSphere 4.1 Links

Wednesday, September 8, 2010 in Virtualization by slowe | 2 comments

I’d collected a long list of vSphere 4.1-related links as part of the process of revising Mastering VMware vSphere 4, a project that has since been shelved. Rather than just delete the links now that the book is no longer being revised, I thought I’d post them here (in no particular order) just in case someone else might find them useful.

vSphere 4.1 – The First Bug found (and how to resolve it) « Itzikr’s Blog
VMware KB: ESX/ESXi installations on HP systems require the HP NMI driver
VIDEO: New vSphere 4.1 Windows Active Directory Authentication
What’s New in vSphere 4.1
vSphere 4.1 Storage Networking Updates « Wikibon Blog
VMware Communities: VMware In SMB: ESXi Scripted Installation Via PXE and Kickstart!
Support Insider: Useful vSphere 4.1 Knowledgebase Articles
VMware: VMTN Blog: vSphere 4.1 and more
VMware: VMware vSphere Blog: vSphere 4.1 is Here! Tell Me Something About the Release I May Not Know
Welcome to vSphere-land! » Tidbits on the new vSphere 4.1 release
vSphere 4.1, VMware HA New maximums and DRS integration will make our life easier
VMware KB: Setting the number of cores per CPU in a virtual machine
VMware KB: Changes to Fault Tolerance in vSphere 4.1
A Few Gotchas With vSphere 4.1! | Daily Hypervisor
VMware: Uptime (VMware and Business Continuity): VDR and vSphere 4.1 compatibility
VMware KB: Changes to VMware High Availability in vSphere 4.1
Blue Gears » Blog Archive » vSphere Upgrade: Going to 4.1
Stuff: PAM changes in ESX 4.1
Krystaltek: DRS/Fault Tolerance Placement Restrictions
Don’t add resource pools for fun, they’re dangerous – NTPRO.NL – Eric Sloof
How to use vMA 4.1 installation, configuration « GeekSilver’s Blog
Two new HA Advanced Settings » Yellow Bricks
DRS 4.1 Adaptive MaxMovesPerHost | frankdenneman.nl
vSphere 4.1 to 4.0 differences
VMware vSphere 4.1: Not the Typical .1 Release
VMware KB: VMware ESX and ESXi 4.1 Comparison
Best practices KB on how-to install ESX 4.1 and vCenter | ESX Virtualization
VMware KB: Copy and Paste option is disabled in vSphere Client 4.1

I hope that you find something useful in this list. If anyone has any other vSphere 4.1-specific links that they feel other readers might find useful, I encourage you to post them in the comments below.

Tags: , , ,

Making Manual Edits to Dynamic DNS Zones

Tuesday, September 7, 2010 in Networking, UNIX by slowe | 2 comments

This is one of those posts that is as much for my own benefit as it is for others. For a few weeks now, I’ve been working on a dynamic DNS setup for my home/home office network involving BIND and the ISC DHCP daemon running on a pair of OpenBSD virtual machines. I finally got it to work (thanks in no small part to this article and this how-to post) and then found that I needed to make some manual edits to the DNS zones.

After a great deal of stumbling and fumbling, I found an obscure reference to a need to use rndc when making manual edits. After some testing, I learned that the “correct” way to make manual edits is as follows:

  1. Halt changes to the dynamic DNS zone with the command rndc freeze <zone name>.
  2. Make the manual edits to the zone file, being sure to increment the zone serial number.
  3. Use the command named-checkzone <zone name> <zone file> to verify the syntax in the zone file.
  4. Allow changes to the dynamic DNS zone with the command rndc thaw <zone name>.

If you monitor the appropriate log files (on my system I had to monitor /var/log/daemon), you’ll see zone transfers take place to any secondary name servers, a strong indicator that the change has successfully been accepted and propagated.

A very simple task, I know, but hopefully this post will help me next time I need to do this same task again and hopefully it will help someone else out there in the same situation.

Tags: , ,

« Older entries