Thursday, October 23, 2008

VMware EVC - incompatible ?

When installing some brand spanking new DL585 Quad Core systems I was unable to initially enable EVC for the new servers.   Both new servers were showing as having incompatible hardware.
The answer was the No Execute Page Protection being disabled by default.  I was also surprised to find that the AMD Virtualization support was also disabled by default.   I also saw some posting in the VMware forum that other newer HP models have the same default setting.  Once the settings were adjusted,  EVC was no longer reporting incompatible hardware. 

Friday, September 26, 2008

VMware 3.5u2 Hardware Monitoring

In the ESX 3.5u2 release notes there is a brief blurb about the display of system health information:

"Display of System Health Information – More system health information is displayed in the VI Client for both ESX Server 3.5 and VMware ESX Server 3i."

I don't think that blurb did this feature justice.  


Expanding some of the nodes shows a surprising level of detail.



I think VMware definitely undersold this feature in the release notes.  

Thursday, September 25, 2008

VMware Upgrade Manager - Using Baselines to Check Patch Compliance and Perform Remediation

Patching servers or guests using VUM is based on application of baselines.  You can apply baselines at any level in the hierarchy of  Hosts & Clusters for Host based updates or at any level of the hierarchy of Virtual Machines and Templates for Guest based updates.   Baselines can either be static or dynamic,  and can be manipulated via the baseline tab of VUM.  In the screen shot below it shows the default baselines created by VUM,  which are all dynamically updated baselines.  


If you choose to create a new baseline you can customize it for Host or Guest Updates,  whether the baseline is  Fixed or Dynamic.  After selecting these criteria, this is where creating a baseline gets interesting.  You can select products, update severity, language, date range criteria, and which vendor updates your baseline will include.   Currently vendors include VMware, Microsoft, Apple, Mozilla, and Adobe.  That is a much larger list than I expected.     You can also choose specific updates to include or exclude on subsequent screens.  


You can also check patch details from the subsequent inclusion/exclusion screen  (or from the update repository tab).  I chose this update in particular to display, because I was surprised to find in among the included updates. 


Now that we have created baselines or used the default baselines,  now it is time to attach them.   If you want to applying a baseline to an ESX host,  you would apply them in the Hosts and Clusters view of the inventory.   If you are choosing to apply guest based baselines then you would apply them in the Virtual Machines and Templates.   You can apply them at any container level within the hierarchy.   I chose to deploy our host based baselines at the datacenter level.


when you attach the baseline you will be asked to select which applicable baseline you wish to apply to the selected container.   Once the baseline is applied you will get a view that shows the number of hosts that are compliant with the baseline, the number that are not compliant,  and the unknown servers (which have not yet been scanned)


Now from each host (or guest) you will now have additional options in the context menu, Scan for Updates and Remediate.


before you scan for updates,  make sure that your update repository has already been populated.  When I scanned without a populated repository,  I received and error stating that  the scan could not be completed.  You can scan from any level in the hierarchy that has an applied baseline.  For the purposes of this blog, I scanned at an individual host level.  Once the scan has been completed, you will now see an updated screen showing you the updates compliance status based on your scan.


Now it's time to remediate.   clicking remediate will bring up a wizard, asking you to select the baselines that you will be applying.  and allows you to select include or exclude updates contained within the baselines. baseline11

Now you are asked for when you will apply the updates, and you can have an opportunity to adjust the default failure options.


Normally I wouldn't publish a confirmation screen,  but there is one specific thing I would like to point out.   This is the only place in this wizard where you can see the scope of the update remediation.   Since this tool will try to force your servers into maintenance mode, including rebooting servers that are unable to enter maintenance mode (if you have selected that option),  it is good to confirm that the scope is limited to what you have intended to patch.  


You will now see a task for remediation on the selected hosts, and after it is completed, you will be able to see an event for each patch applied as well as events for entering maintenance mode, and rebooting the server.   

In my opinion the time spent configuring VMware Update Manager is time well spent, as it will save much more time in the long run.  It's very nice to see VMware follow in the footsteps of Microsoft SUS and WSUS in making a free patch management tool, as opposed to going in the direction of "paid updates" model.       

Tuesday, September 23, 2008

Configuring VMware Update Manager

As mentioned yesterday, in this post I will discuss how I have configured VMware Update Manager, and even show some of the options that I chose not to configure.  

First configuration option that I set, and possibly the most important, depending on your network design was the proxy configuration.   Instead of redacting the server names, I will be replacing them with fake names.  One thing to take note of -  VUM does not support proxy auto-detection.  If you have a proxy, you will need to configure it here.


Once you have configured your proxy, you can go to the update downloads to configure what will be downloaded and when.


If you click on the Edit Update Downloads object, it will present you with a wizard for configuring which updates you want , and when it will retrieve them.   In our environment we already have a very good solution for patching all of our servers, so we will be only downloading ESX host updates. 


At this point you can set your schedule,  you can setup one time updates, at server startup, hourly, daily, weekly, and monthly.  At this time it appears that you can only have one update job per implementation of VUM, so plan accordingly.


Now you can enter email addresses for people that you would like to be notified of new updates.


You can also configure options around guest and host updates.    You have the option to snapshot the virtual machines before applying the updates, allowing an easy fallback in the case of an virtual machine having issues from a patch update.   You can also choose to keep that snapshot for up to 100 hours, or to not automatically delete it.  


In the ESX Host Settings, VUM reminds you that host patches are only installed when an ESX server is in maintenance mode and prompts you for how to react to not being able to place the server in maintenance mode.   It can Fail the Task (writing an event),  Retry the job, Power Off and Retry, and Suspend and Retry. All the retry options include the   ability to limit the number of retries and insert a delay between retries.


One last configuration screen is Port Settings.   If you had any need to change the ports that VUM is using to communicate, here is where it would be done.   I wouldn't recommend changing them unless you have a specific security requirement.


Now that you have VUM configured, you can check the Events tab for information on update downloads, scanning and updates to VUM configuration


One other support tool that is included on the server where you installed VUM is the Generate Update Manager log bundle tool.   This tool creates a zip file on your desktop with all the logs and configuration files for VMware Update Manager that you can either examine or forward on to your VMware support.   By default this icon is in the root of VMware folder under Program Files.

In my next post I will go over the VMware Update Manager repository and the information available there, as well as creating, editing, and using baselines.  

Monday, September 22, 2008

Installing VMware Update Manager

So I was installing VMware Update Manager on my existing Virtual Center server, so I thought I would share the installation experience.   Before installing,  make sure to check out VMware's Release Notes.   It also can't hurt to read through the Administrator's Guide

I used the zip file for Vmware-VIMSetup2.5.0-104263.

First you run VMware-Update-Manager.exe from the \updatemanager directory to start the installation.vum

After thoroughly reading the legal notice and accepting it, you are prompted to select your installation folder and your folder for downloaded patches.  


The directory for downloading patches needs to have at least 18GB of space, or you will be forced to choose another location.


Now you will be prompted for a Virtual Center login. 


Now you will be asked for which type of database you will use.   You can use either locally installed SQL Express, SQL (via ODBC), or Oracle.


We chose SQL server, so at this point you are prompted to create a DSN. 


confirm or change the default ports and server name.   You can also setup a proxy in this stage if you need one.


If you have the VI toolkit for PowerShell installed you get a bonus of the Update Manager toolkit being installed as well.


Now you can install the plugin via the Virtual Center client's Plugin Manager to install VMware Update Manager Extension version 1.0u2


After selecting your language preference you are presented with another installer.


Thoroughly read the legal notice and accept it.


The install will now continue and exit normally. 

To enable the plugin,  you need to check the Enabled checkbox on the Plugin Manager's installed plugins tab. vum12

Now you will see a button for Update Manager in the toolbar.  



In my next post I will go into the configuration of VMware Update Manager, such as setting update frequency, and controlling what updates are downloaded.

In case you need to change the location where your updates are being stored.  Gabe over at Gabe's Virtual World has an article on how to change the location of the updates :

Wednesday, September 17, 2008

Coming Attractions - PowerShell for XenServer

Citrix continues their announcements this week with the announcement of their very own PowerShell SnapIn for managing XenServer environments.  

"Now that XenServer and XenCenter 5.0 have been released, we turn our attention to other things. One of those new projects is a PowerShell SnapIn for XenServer, which I'm pleased to announce today.

The new SnapIn is with private beta testers now, and will be available through this site very soon. "

It seems most of the Citrix announcements are getting lost in all the great announcements from VMworld.   Unfortunately I couldn't make it to VMworld this year, but luckily fellow virtualization bloggers like Rich Bramley at VM/ETC and Scott Lowe at his self-titled blog are keeping the rest of us up to date on the latest happenings.  

One "off beat" story coming out of VMworld is about a reported  guerilla marketing campaign , that either is either a surprisingly aggressive attack focused on VMware at their own conference, or a great big hoax.   Personally my bet is on big hoax,  but only Microsoft and the individual that registered the website know for sure at this point in time. 

Monday, September 15, 2008

XenServer 5 - Initial Impressions

You have to love VMworld,  it seems to bring out the best in the virtualization industry.   Last week was Microsoft's big announcement, and today Citrix had a big announcement of their own.   Unfortunately I couldn't make it to VMworld this year,  but that did afford me an opportunity to take a look at XenServer's new release.   I will be using XenServer 5.0 Express for the purposes of my testing.

I started with the "check for upgrades" I praised in a previous blog, expecting to be informed that there was a new version.   Using XenCenter 4.1 it did not see any new updates.  Since it was just released today,  I can cut them a break on that.

When I downloaded the XenCenter upgrade,  I noticed the filename contained "RC4".   That is not enough to worry me, yet. 

My first step was updating the client,  as I have learned from VMware.. always update the management tools first.   On launching the new version of XenCenter I received a dialog letting me know that checking for updates could now be scheduled.   A very nice addition to an already convenient feature.


After upgrading XenCenter to version 5.0.0 the upgrade tool was even more confused about available versions.  Not being able to recognize 5.0.  Hopefully this will be taken care of shortly.  


The server upgrade process is much like the initial installation process.  When performing the upgrade the installer creates a backup of the current installation on the backup partition, which you can restore with the host-restore function.  a very nice safety net.  Dmitry Kushak expands on this process on the Citrix forum

At this point - my installation ceases to function at this point, informing me that a base installation could not be found when using the cdrom installation source.   Another user indicated that he downloaded the ISO again,  and did not have the same issue.   I tried that but it didn't help.   So I copied the CD up to my webserver, and attempted to do use the http install method instead of the cd based installation.   This installation worked.  Very odd that it worked, considering I used the same media that wouldn't boot for the webserver source.

On reboot the new bootloader and xsconsole feature are very apparent.  Now after a XenServer splash screen it boots to the xsconsole menu.xencenter5-3

This is a very nice interface that allows you to perform administrative tasks without memorizing commands.   For example - start a VM.


Interact with your storage repositories


Configure and test your network connections:


Overall it looks like XenServer is making some moves to be more competitive with VMware, as their HA solution is starting to look quite a bit like VMware's version.   I also see in the release notes some new guest support and a fair amount of new hardware support, such as 8GB HBAs and 10G NICs.   For a more complete list of features download the release notes or check out Peter Levine's blog entry

One new guest note stood out for me :

"Windows Server 2008 32-bit and 64-bit support, with WHQL signed para-virtual drivers and initial enlightenment

I think that is the first time I have seen the use of enlightenment optimizations outside of Microsoft's Hyper-V materials.    A search  on Windows paravirtualization turns up an interesting article about the importance of installing the guest tools.  

All in all, the update experience was pretty good, outside of the CDROM installation media issue.   Now the download experience,  that was not not pleasant.   I would expect Citrix to want to keep track of who downloaded their software, as it could lead to future sales.   I also don't mind filling out a short survey... once.   During the process of writing this article,  I had to fill out the survey 6 times.  It wasn't just for downloading XenServer or XenCenter itself,   it was also for downloading the documentation.   If you closed the browser - you have to fill out the survey again.   Even if you login to your MyCitrix account, you still have to fill out the survey again.   There's a fine line between collecting valuable marketing information and driving off customers - and I would hate to see Citrix on the wrong side of that line. 



Jonathan Thorpe of Citrix jumped on the problem with the CDROM installation method (I guess I'm not the only person not at VMworld today) and pointed me toward a workaround that will allow me to install from CD media.   it is simply to drop to a shell during the installation (press F2) and type "lsmod ide-generic".   It appears that this module needed to be loaded for the installer to recognize my particular combination of Motherboard and IDE DVD drive.    you can read about it here:

Thank Jonathan! 

Monday, September 8, 2008

Microsoft Shakes Up the Virtualization World Yet Again

Today was a big day full of announcements for Microsoft, as most of these announcements have been covered in detail by other bloggers, I am going to link to their stories and give my own analysis and commentary instead of asking everyone to read the same press releases.

First up - Microsoft Hyper-V Server 2008 

One thing I have heard consistently when discussing Hyper-V is that "You still have to buy an operating system license.  So ESX3i and XenServer Express are still cheaper. "

Pretty soon that will not be true anymore,  as Microsoft announced that not only will their new bare metal, designed from the ground up hypervisor be released with 30 days,  it will be free, which happens to be my favorite price. has an excellent article on the Virtual Server 2008 announcement today. Release : Microsoft Hyper-V 1.0

Next up : System Center Virtual Machine Manager 2008

This will be released within 30 days.   One thing I found surprising about this announcement is that they will support management of VMware VI3, they will not be supporting XenServer.  I would not have expected this, considering how close Citrix and Microsoft are these days.

Lastly on the server virtualization side was Live Migration. 

Microsoft seems to have realized that the lack of Live Migration was holding them back from competing directly with VMware, especially when it comes to Enterprise class environments.  the good news is that it will be released with Windows 2008 R2.  The bad will likely not be in our hands until 2010.  

I think this is a great announcement for all the consumers of virtualization technology,  as VMware, Microsoft, and Citrix will all be pushing to achieve the be the leader in the virtualization market of the future.   To use a boxing metaphor, VMware is still the undisputed champion today, but they will need to fight hard to stay there. 

Read's scoop on the subject : FYI: Microsoft’s live migration

There were many other announcements including :

Definitely a big day for press releases.

Friday, September 5, 2008

A Hands On Review of SearchMyVM

In my last post I discussed the OVF import process, so after some hands on experience with the SearchMyVM appliance, I'm ready to give my impressions.

Let me apologize in advance for where I have edited the screenshots.  I have removed anywhere that it referenced our server names or IP addresses. 

Starting with initial bootup you are presented with a text based menu to setup your network configuration
After confirming your IP information, your DNS, and an NTP server you are directed to connect to the IP address of the server where you are presented with a "google-like" screen that presents you with some sample queries. 
First you will need to point to your Virtual Center.   You will need to use the FQDN for your server, and provide a user id that has the ability to read objects.  
So now it SearchMyVM will index your VMware Environment.   In our environment it only took about 15 minutes until all the information showed up.   You may receive incomplete query responses until the index is built.  
So If you need a function that is not on the common list there is a visual query editor that allows you to build simple or complex queries from a series of drop down lists.  They fully explain all objects, including the type of parameter
Additionally if you would like to read additional information about each parameter you can access the detailed help files from the main interface screen.
The results returned are static, you can't click on them or export them from within the interface (although there are some PowerShell techniques for exporting web data)
In summation, here's my impressions of the appliance.
Key strengths :
  • Extremely easy configuration.  You can have this appliance up and running within 15 minutes.
  • Support for the OVF format.   This cuts down the provisioning time dramatically.
  • Fast Indexing - Our indexing appeared to cover 500 guests and 25 hosts within 15 minutes of connecting to virtual center.  Although I was only searching for base objects like virtual machines and hosts at that time, other objects like VMware Tools status may have taken longer. 
  • Very well written help files and examples  - I don't see any written documentation available on their website yet, but the help files contained within the appliance are more than enough to get started.

Thing I would like to see in future releases:

  • The ability to export query results to remote shares.  Being able to view query results is good, but being able to *use* query results would make this product a must have.
  • The ability to drill down into search results.   Search results are currently static. 
  • Plain English queries.   Currently the query format is very structured, it would be nice to be able to use commands like "show vms with attached cdrom". 
  • Support for SCVMM and XenCenter.  

Vkernel has setup up a section of their forum for discussing the product at .   If you would like to contribute, you will need to register with their forum.     I will be watching future releases of the appliance as it appears to have potential, especially for large environments that lack PowerShell scripting talent.