April 2011

You are currently browsing the monthly archive for April 2011.

VMware ESXi Local Disks Showing as Remote

Wednesday, April 27, 2011 in Interoperability, Virtualization by slowe | 6 comments

A little over a month ago, I was installing VMware ESXi on a Cisco UCS blade and noticed something odd during the installation. I posted a tweet about the incident. Here’s the text of the tweet in case the link above stops working:

Interesting…this #UCS blade has local disks but all disks are showing as remote during #ESXi install. Odd…

Several people responded, indicating they’d run into similar situations. No one—at least, not that I recall—was able to tell me why this was occurring, only that they’d seen it happen before. And it wasn’t just limited to Cisco UCS blades; a few people posted that they’d seen the behavior with other hardware, too.

This morning, I think I found the answer. While reading this post about scratch partition best practices on VMware ESXi Chronicles, I clicked through to a VMware KB article referenced in the post. The KB article discussed all the various ways to set the persistent scratch location for ESXi. (Good article, by the way. Here’s a link.)

What really caught my attention, though, was a little blurb at the bottom of the KB article in reference to examples where scratch space may not be automatically defined on persistent storage. Check this out (emphasis mine):

2.  ESXi deployed in a Boot from SAN configuration or to a SAS device. A Boot from SAN or SAS LUN is considered Remote, and could potentially be shared among multiple ESXi hosts. Remote devices are not used for scratch to avoid collisions between multiple ESXi hosts.

There’s the answer: although these drives are physically inside the server and are local to the server, they are considered remote during the VMware ESXi installation because they are SAS drives. Mystery solved!

Tags: , , , , ,

Is the Pot Calling the Kettle Black?

Tuesday, April 26, 2011 in Microsoft, Virtualization by slowe | 15 comments

A recent post by Microsoft on the Windows Virtualization Team Blog titled “Hyper-V VM Density, VP:LP Ratio, Cores and Threads” caught my eye this morning as I was scanning my RSS feeds. In this post, the author (the anonymous WSV_GUY) works through the idea of cores vs. logical processors. The distinction here, in case you didn’t already know, is that many modern multi-core CPUs also support symmetric multi-threading (SMT, also referred to as hyperthreading), which means that an eight core CPU can actually process 16 threads simultaneously and would therefore be considered to have 16 logical processors.

<aside>I can see where this might be an area of some confusion; in fact, I was just discussing hyperthreading with a colleague last week. In my opinion, it’s far more accurate to refer to current-generation functionality as SMT than hyperthreading, but that’s another story for another day.</aside>

What really caught my eye was the part of the article where the author compares and contrasts Microsoft’s approach and others’ approaches. I’ve taken a screenshot here in case the original article changes. Keep in mind that the article is based on the discussion of maximum virtual CPUs (or VPs, as WSV_GUY calls them) per logical CPU:

Microsoft blog quote
Figure 1. Screenshot of Microsoft blog post

So, two things pop to mind immediately. Let’s take these in order.

First—since it’s fairly obvious that Microsoft is targeting VMware as the primary “other virtualization vendor”—it should be noted that VMware does not consistently use cores as their unit of measure. As a point of proof, I present to you this screenshot taken from VMware’s Configuration Maximums document for vSphere 4.1 (available in PDF here). I’ve taken the liberty of highlighting the two key takeaways:

VMware configuration maximums document
Figure 2. Screenshot of VMware configuration maximums document

As you can see from the documentation, VMware inconsistently switches back and forth from logical CPUs to cores. From that perspective, VMware has some work to do on presenting consistent messaging and consistent documentation. Point taken. VMware, are you listening?

But that’s not really my major beef with the article.

The second thing I noted was the statement in the Microsoft blog (see Figure 1) about “Vendor A” and statements about ratios. Remember that the entire blog post appears to be about maximum ratios: “Vendor A response 16:1 (with the qualifier that your mileage will vary)”. It seems to me that the author is referring to the statement at the bottom of the VMware configuration maximums document (see Figure 2) that discusses the achievable number of virtual processors per core. However, we’re not talking about achievable ratios, we’re talking about maximum ratios, right? Or are we?

Although the Microsoft author appears to ding VMware for making a statement about achievable ratios in an article discussing maximum supported ratios, later in the same article the author does the same thing (the emphasis is mine):

You can see that even with an 8:1 VP to LP ratio (or 16:1 VP: Core, if you prefer), Hyper-V supports very dense VM configurations. Even on a server with two physical processors, Hyper-V supports a staggering number of virtual machines (up to 256). The limiting factor won’t be Hyper-V. It will be how much memory you’ve populated the server with and how well the storage subsystem performs.

Sounds to me like Microsoft is saying that they have a maximum ratio of virtual CPUs to logical CPUs, but that the actual ratio can you achieve (the achievable ratio?) might be less than that. How is that any different from the statement in VMware’s configuration maximums document? How is Microsoft’s “approach” with regard to ratios any different, better, or clearer for the customer? Yes, VMware’s documentation is inconsistent. But when it comes to maximum ratios vs. achievable ratios, it seems to me that the pot is calling the kettle black.

If I’m off or I’m overlooking something, please let me know by speaking up in the comments. Please use full disclosure of your employer where that employment might affect your viewpoint. Thanks!

Tags: , , , ,

Connecting Cisco Catalyst 2960-S to Nexus 5010

Wednesday, April 20, 2011 in Networking by slowe | 10 comments

As part of the all-star team that is currently heads down in preparation for some cool stuff that will be at EMC World 2011 in just a couple of weeks, today I needed to connect a Cisco Catalyst 2960-S to a Nexus 5010 over a 10GbE connection. Simple enough, right?

And it was simple, too—configure each side as a VLAN trunk, make sure the port on each side is enabled (not administratively down), and plug in a Cisco-branded TwinAx cable. All set! Well…except for the fact that only certain “versions” of the TwinAx SFP+ cables are supported with the 2960-S (see this page). Fortunately, someone at Cisco was smart enough to include the version number in the part number on the SFPs on the end of the TwinAx cables, so it only took a few minutes to find the right version of the cable. Pull the old cable, put in the new cable.

Wait, it’s still not working. As it turns out, the port on the 2960-S was put into an “error-disabled” state because of the unsupported transceiver on the pre-v2 TwinAx cable (I believe the command I used to find this was show interfaces error-disabled). Fortunately, that’s a quick fix: simply use the shutdown command to put the port into an administratively down state, then use the no shut command to bring it back up again. It’s at that point that the switch checks the transceiver again and realizes that it’s supported.

Key takeaways?

  • There are different versions of TwinAx cables (and their associated transceivers). Who knew? (OK, no snarky comments out there.)
  • Certain switches only support certain versions of these TwinAx cables.
  • The only way (or is it?) to get a port out of err-disable state is to use shutdown and then no shutdown.

Every day is a learning experience. That’s what makes life fun!

Tags: , ,

Design Question from a Reader

Monday, April 18, 2011 in Microsoft, Virtualization by slowe | 21 comments

I had a reader contact me and ask if he could ask the rest of the readers a vSphere design question. I thought that it might start an engaging and interesting discussion around vSphere design, so here’s the reader’s scenario and question(s):

I am looking to design an ESXi environment to potentially deploy Microsoft SQL servers that require extreme high availability at a scale of 50+ MSCS/WFC clusters. We’d like to do this in an ESXi 4.1 environment using Windows Server 2008 R2, MSCS/WFC, and SQL Server 2008 with Fibre Channel storage. I’ve done this in the past on a smaller scale (3-4 total clusters) and know most of the caveats such as proper heartbeat requirements, no HA/DRS support, physical RDM compatibility mode requirements for shared disks, eageredzerothick OS disks, no round-robin multipathing, etc.

The issues I’ve run into in the past revolved around managing these virtual servers differently than other guests since they couldn’t readily be moved between hosts. We also found that the reboot time on these hosts with MSCS/WFC using RDMs was extremely slow (in excess of 45 minutes to fully reboot, we could speed this up by pulling the fibre cables).

Some of the design considerations I’m curious about would include:

  • Where do people put the VMFS/RDM file links?
  • Do people put the guests in different clusters? Is this even possible?
  • How do people separate active/passive nodes? Do people use host based affinity rules to accomplish this?
  • Do reboot times on hosts with lots of RDMs get linearly slower as more MSCS/WFC RDMs are presented to a host?
  • Do people really push back and try to get database mirroring instead of clustering? If so, what caveats around this have people encountered?

I’m just curious how others are handling situations like this or if anyone is really doing it at scale.

Thoughts? What do you guys think about this reader’s situation? I’d love for this to jump start a conversation here with recommendations, experiences, additional questions, etc. vSphere design is a topic that lots of readers are tackling, either for certification or just because that’s their job, and the discussion around this scenario could end up exposing some useful resources and information.

So jump in with your thoughts in the comments below! I only ask that you provide full disclosure with regards to vendor affiliations, where applicable. Thanks, and I look forward to seeing some of the responses.

Tags: , , , , ,

Some Technical Books I’m Reading

Thursday, April 14, 2011 in Security, Virtualization by slowe | 3 comments

My book reading queue has expanded tremendously over the past few weeks as a flurry of new books—some virtualization-related, some not—have landed in my laptop. I really appreciate the authors and publishers giving me the opportunity to review these books, and I wanted to give you a quick rundown of what I’ve been doing on this front.

NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures

This book was a gift from one of the authors, Ron Fuller (aka @ccie5851 on Twitter). Like all the other books in this list, I’m not done reading it yet, but I have skimmed a couple of the chapters. I don’t know why, but networking fascinates me (almost as much as virtualization). So far, this book has been very informative and well-written, and I’m looking forward to finishing the whole book. Check it out here on Amazon.

VMware ESX and ESXi in the Enterprise, 2nd Edition

Author Edward Haletky is a well-known and recognized figure in the VMware virtualization space, and the first edition of this book was very good (read my book review of the first edition from April 2008). This book is now in its the second edition and includes content for vSphere 4.1. I haven’t finished reading it yet—my reading backlog is enormous—so I can’t say anything definitively, but I fully expect that it will be as complete and thorough as the first book. As I said in April 2008 about the first edition, readers seeking good reference material for vSphere should consider adding this to their bookshelf (after adding Mastering VMware vSphere 4 first, of course!). Here’s the book’s Amazon listing.

VMware vSphere PowerCLI Reference

This is a much-anticipated title by an all-star collection of PowerCLI experts: Alan Renouf, Luc Dekens, Glenn Sizemore, Arnim van Lieshout, and Jonathan Medd. I expect this book will be a huge best-seller for PowerCLI. Just from the limited reading that I’ve been able to do so far, it’s looking like this book will be the definitive reference guide for using PowerCLI with VMware vSphere. Order the book via Amazon here.

VMware vSphere 4.1 HA and DRS Technical Deep Dive

What more can be said about this book that hasn’t already been said? The authors, Duncan Epping and Frank Denneman, are considered among the top experts on VMware HA and VMware DRS, so having them write a deep dive on these topics is like the ideal opportunity. They definitely deliver a true “deep dive”; there is a wealth of in-depth technical information here. As with all the other titles in this post, I haven’t yet finished reading the whole thing yet, but this is one to keep on your list of virtualization books. Like most of the other books, VMware vSphere 4.1 HA and DRS Technical Deep Dive is available on Amazon.

OpenVPN 2 Cookbook

I’ve written about OpenVPN, the open source SSL VPN software, a couple of times before (I wrote about a Mac OS X OpenVPN client named Viscosity and about an issue with OpenVPN and mt-daapd). To be perfectly honest, I’m really impressed with OpenVPN and how well it works, and both Viscosity as well as Shimo are good, Mac OS X-native VPN clients (I generally prefer Viscosity, but Shimo is more versatile). So when Packt Publishing contacted me about reviewing a copy of a book titled OpenVPN 2 Cookbook, I was definitely interested. I’m just getting started looking over the book, but it looks like it is a good resource for users interested in getting to know more about OpenVPN. This title is available via Amazon, and the publisher has a sample chapter available online as well.

VMware vSphere Design

I would be remiss if I didn’t at least mention that a book to which I contributed was also recently published. VMware vSphere Design, which I helped author along with Forbes Guthrie and Maish Saidel-Keesing, hit the shelves in mid-March. So far, the reviews have been generally positive, although when the topic is design there are always a few who disagree (and that’s OK). You can pick up VMware vSphere Design via Amazon.

UPDATE: I forgot to add one other book, a networking book, that I’m also working on reading. Sorry Ron, and thanks for the reminder Andy!

Disclaimer: Where applicable, the publishers and/or authors of all of the books listed here provided me with free copies, either physical or electronic.

Tags: , , , , ,

Have You Registered Yet?

Monday, April 11, 2011 in General, Storage by slowe | No comments

This is a very short blog post. In fact, it’s probably less of a blog post and more of just a question:

Have you registered for Spousetivities at EMC World 2011 yet?

If you haven’t yet, I encourage you to surf over to the registration page and sign up now!

For more information on some of the planned activities, have a look at Crystal’s Spousetivities post here.

Tags: ,

Revisiting Snow Leopard and Time Machine on an Iomega ix4-200d

Saturday, April 9, 2011 in Macintosh, Storage by slowe | 5 comments

In late 2009, I posted a how-to on making Snow Leopard work with an Iomega ix4-200d for Time Machine backups. I’ll recommend you refer back to that article for full details, but the basic steps are as follows:

  1. Use the hdiutil command to create the sparse disk image with the correct name (a concatenation of the computer’s name and the MAC address for the Ethernet interface).
  2. Create a special file inside the sparse disk image (the com.apple.TimeMachine.MachineID.plist file).
  3. Put the sparse disk image on the TimeMachine share on the ix4-200d (if you didn’t create it there).
  4. Set up Time Machine as normal.

In the comments to the original article, a few people suggested that newer firmware revisions to the Iomega ix4-200d eliminated the need for this process. However, in setting up my wife’s new 13″ MacBook Pro, I found that this process is still necessary. Even though my Iomega ix4-200d is now running the latest available firmware (the 2.1.38.xxx revision), her MacBook Pro—running Mac OS X 10.6.7 with all latest updates—would not work with the Iomega until I manually created the sparse disk image and populated it with the com.apple.TimeMachine.MachineID.plist file. Once I followed those steps, the laptop immediately started backing up.

So, it would seem that even with the latest available firmware on the ix4-200d, it’s still necessary to follow the steps I outlined in my previous article in order to make Time Machine work.

Tags: , , ,

2011 Carolina VMware User Summit Coming Up

Saturday, April 9, 2011 in Virtualization by slowe | 7 comments

In just a few short weeks, VMware users throughout the Carolinas and surrounding areas will be gathering once more in Charlotte, NC, for the annual Carolina VMware Users Summit. As usual, friend and industry expert Mike Laverick will be on hand to speak.

<aside>You like how I dubbed Mike Laverick an industry expert? It turns out—based on the timeless wisdom of Twitter—that you only need an existing industry expert to refer to you as an industry expert and you’re good to go. And since others referred to me as an industry expert, I’m passing the favor along to Mike!</aside>

All joking aside, it is shaping up to be quite an event. I believe that in addition to Mike Laverick, we’re also expecting Mike DiPetrillo of VMware, Rich Brambley of Veeam (and of VM /ETC and Virtumania fame), and fellow VCDX Jason Nash of local reseller Varrow. I’ve also been invited to speak, so I’ll be on hand as well.

With a great lineup of breakout sessions, panel discussions, and keynotes, and a great lineup of speakers, this is an event you’ll want to attend if you’re in the Carolinas or surrounding areas. Click here to register to attend!

Tags: , ,

What Does it Take to Keep Windows Secure?

Monday, April 4, 2011 in Microsoft, Security by slowe | 74 comments

My son’s Windows 7 laptop was recently infected with some malware (adware/spyware). Mind you, I try to follow the generally-accepted recommendations for trying to prevent this sort of thing:

  • My son uses Mozilla Firefox (not Internet Explorer) with all updates installed.
  • I keep Windows 7 patched with updates from Microsoft.
  • He runs as a non-administrative user, and doesn’t know the administrator credentials.
  • The Windows 7 firewall is enabled and configured with a fairly strict set of rules.
  • The network has open source proxy server with content filters, so I can be reasonably confident he’s not visiting the really nasty sites. Obviously, content filters are never perfect and always in need to be updated, but they’re better than nothing.
  • The network itself is protected by a hardware firewall (not a simple NAT router, but a true stateful firewall), which requires that all web traffic go through the proxy (so he can’t bypass the proxy).
  • I installed Microsoft Security Essentials on his laptop to protect against malware, adware, etc., and I keep it updated.

Yet, despite all these layers of protection, I find that my son’s laptop was still infected with malware.

So I ask, in all seriousness—meaning I’m not trying to start some sort of flame war about how Mac OS X or Linux is better than Windows or vice versa—how does one protect their Windows installations against this sort of thing? I mean, what does it take, anyway? I feel like I am taking some pretty serious steps to protect Windows, and yet it still gets infected. What am I missing here?

Tags: , ,