Feb 17 2016

Another day, another blog hack – here’s how to scan and protect your WordPress blog

hackedIf you are running a WordPress blog chances are it will be hacked at some point due to the many vulnerabilities that are constantly being uncovered in both WordPress and plug-ins. I’ve had hacks several times over the years to this blog and recently just came across another. There was nothing obvious to this hack and I probably would never have noticed it except for google search results for my site returning the disclaimer “This site may be hacked”. Google can detect hacks when it crawls a site and does a fetch as if it detects anything potentially malicious it will flag that site in search results.

I’ve become pretty WordPress savvy, I know my way around the core files, themes and the database very well and can typically spot anything that looks hacked. This one was a bit tough and took me at least 4-5 hours to uncover. As I mentioned the site looked normal but if you looked in the page code I could see spam text and links in there. So determined to find the cause I went through my usual troubleshooting process.

  1. Get a ftp client like FileZilla and check the obvious files like index.php and .htaccess, I did find a few index.php’s scattered around which looked suspicious so I removed them all except for the one in the root directory but that didn’t fix it.
  2. Look for .php files that don’t belong, I know the core WordPress files well so I know what shouldn’t be there, didn’t really find anything.
  3. Check your wpconfig.php file, this one contains your database and other config info an dis a commonly hacked file, mine was OK.
  4. Check your WordPress tables, I use PHPMyAdmin to browse the db tables, the WP_OPTIONS table is the main config table and is another commonly hacked table. I’ve had malicious rows injected in this table in the past, this time mine was OK. An easy way to look through all your table data is just export it to a .sql file and open it in a text editor.
  5. Check your plug-ins, I disabled most of them and tested my site and the problem was still there. So that eliminated the plug-ins as the cause. One key thing to check though is to look for hidden plug-ins in the Active Plugins row in your WP_OPTIONS table.
  6. Replace WordPress core files, I downloaded a copy of 4.4.2 and manually ftp’d the files in the wpadmin and wpincludes to the server to overwrite them with fresh copies, also the wp*.php files in the root directory. That didn’t help in my case.
  7. Check your theme, I confirmed the theme was the culprit by switching to another theme and the hack disappeared. I didn’t want to replace my theme with a fresh copy as a I did some hacking and customization to it to get it exactly like I wanted it. I did examine all the files looking at date stamps and did notice one way newer then the other, it was a theme-search.php file, when I opened it there was a bunch of obfuscated text in it, definitely looked suspicious. I did have multiple backups so I compared the contents of them and that file was definitely not there before. So I deleted that file but the hack was still there. Next I copied all the theme files from the backup overwriting the current ones and that did the direct. I suspect some of the theme files were altered but in a way that preserved their data/time stamps.

Now that the hack was gone, I went to Google Webmaster Tools and requested a Fetch of my site which basically has the Google bots re-crawl it. A few hours later my hack message in Google search was gone. It’s a good idea to periodically check your blog for vulnerabilities, malicious code and hacks. Here’s some tools to help you with this by checking your site externally:

  • Aw Snap – has a good collection of tools and information to both check your blog for malicious code and recover from hacks. The File Viewer will check a website for malicious redirects, malicious scripts and other bad stuff.
  • Is It Hacked? -checks to see if your site is cloaked to GoogleBot, has spammy links, funny redirects, or otherwise appears to be hacked. They’ll fetch your site and analyze it for signs of an infection by doing multiple checks, from detecting spam links, hidden text, up to sophisticated cloaking.
  • Sucuri SiteCheck – will check the website for known malware, blacklisting status, website errors, and out-of-date software.
  • Google WebMaster Tools – add your site as a property and then you can see any security issues that Google has detected when they crawl your site, you can also request a re-crawl (fetch) of your site.

You should also check your site internally as well, external scanning can’t check your files and database so you need a security plug-in to scan internally. Here’s a couple good ones, I wouldn’t recommend having these all active simultaneously but sometimes one scanner will find something that another doesn’t so it’s good to activate and use them one by one and use the one that works best for you:

  • Wordfence Security – I liked this one the best, has tons of customization option for scanning and real-time protection. It does vulnerability scanning, user monitoring, anti-virus, firewall, high speed cache and much more. It does a deep server-side scan of your source code comparing it to the Official WordPress repository for core, themes and plugins, it also checks your WordPress database.
  • Theme Authenticity Checker (TAC) – searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code.
  • Exploit Scanner – searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.
  • Sucuri Security – a security suite meant to complement your existing security posture. It offers it’s users four key security features for their website, each designed to have a positive affect on their security posture.
  • Anti-Malware Security and Brute-Force Firewall – searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
  • All In One WP Security & Firewall – will take your website security to a whole new level. this plugin is designed and written by experts and is easy to use and understand.It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.

Feb 16 2016

EMC arrives to the VVols party fashionably late

VMware’s new storage architecture, Virtual Volumes (VVols) has been out for almost a year now but vendor support for it has been fairly sluggish. On Day 1 of the vSphere 6 launch only 4 vendors supported it (HPE, IBM, NEC & SanBlaze) with additional vendors slowly starting to support it after that. Most of the other big storage vendors (HDS, Dell, NetApp) supported it within a few months of launch but EMC stood out as the only big storage vendor that has really lagged behind on VVol support. That has changed as EMC finally has limited support for VVols only on their high end VMAX platform. I expect you’ll see it come to the VNX platform next as they already have a virtual appliance (vVNX) that supports VVols. As it stands today the vendors that support VVols are:

  • HPE
  • HDS
  • IBM
  • Dell
  • NetApp
  • EMC
  • NexGen
  • Tintri
  • NEC
  • SANBlaze
  • Huawei
  • Fujitsu
  • DataCore

Note the protocols supported and array family/model support varies by vendor, check the VVol HCL for more information on what exactly is supported by each vendor. Notably absent with VVol Support is:

  • Pure Storage
  • Nexenta
  • SolidFire
  • Simplivity
  • Nimble
  • Tegile
  • Nutanix

You’ll also note that there are no VSA’s that support VVols today, DataCore has support but they are not really a true VSA. Eventually you’ll see all the vendors come on board with VVol support, it certainly is no easy task to engineer this into arrays as evidenced by the slow trickle of supported vendors. If your vendor does not support it today check with them as I’m sure it’s on their roadmap and also ask about the important details such as which capabilities they will support, how they will scale (# of VVols) and how their VASA provider is implemented. For more information on VVol support in general and specific to each vendor check out my big VVol link collection.

Feb 15 2016

Last call for blog-o-hol before Top vBlog 2016 begins

last-call-sponsors-300x133I’ve added lots of new blogs to my vLaunchpad but I’m sure there are some that I’ve missed. Every year I get emails from bloggers after the voting starts wanting to be added but once it starts its too late as it messes up the ballot. I’ve also archived a bunch of blogs that have not blogged in over a year in a special section, those archived blogs still have good content so I haven’t removed them but since they are not active they will not be on the Top vBlog ballot. In addition for the first time blogs must have at least 10 posts last year to be included on the ballot.

So if you’re not listed on the vLaunchpad, here’s your last chance to get listed. Please use this form and give me your name, blog name, blog URL, twitter handle & RSS URL. So if you haven’t submitted your blog here’s your last chance to do it so you don’t miss out on the recognition and cool commemorative coin that the top 50 blogs will receive. So hurry on up so the voting can begin, the nominations for voting categories will be opening up very soon.

Feb 14 2016

HPE snatches up one of the last remaining small backup companies

There have been a number of small backup companies that were formed years ago to fill the data protection void that was created by virtualization. Over the years many of these companies have been snatched up by larger companies and now one of the last remaining small companies has been bought out. Trilead, the creators of a popular free tool, VM Explorer was recently purchased by Hewlett Packard  Enterprise for an undisclosed amount. Before I go into that let’s take a look at the original players in that SMB backup space and look at where they are at now.

  • Vizioncore vRanger – Founded in 2002 and one of the original big 3 SMB backup products for virtualization, they were acquired by Quest Software in 2008 and then by Dell in 2012.
  • PHD Virtual – Founded in 2005 and another of the original big 3 SMB backup products, they were acquired by Unitrends in 2013.
  • Veeam Backup & Replication – Founded in 2006 and the last member of the big 3 SMB backup products, Veeam was the most successful and has grown so large they rival the big players like Symantec.
  • AppAssure – Founded in 2006 and acquired by Dell in 2012.
  • vSphere Data Protection – VMware’s foray into data protection, started life as vSphere Data Recovery (VDR) in 2009 and was a pretty limited and basic solution. VMware killed it off and replaced it with vSphere Data Protection (VDP) in 2012, VDP is based on EMC Avamar technology to provide a more robust and mature solution then VDR.

And that leaves us with Trilead which was founded in 2007, their VM Explorer product allowed you to do VM file management as well as backup and recovery of VMs. Their product started out fairly basic but has evolved a bit over the years and is very affordable (Pro Edition $790/Enterprise Edition $1460). The licensing cost is per site for use with unlimited hosts and virtual machines. They also offer a limited free edition that has been very popular. Their latest version 6.0 release added automatic backup testing, cloud backup, a new web interface as well as support for Microsoft Hyper-V 3.0.

So why did HPE snatch them up when they already have a backup product in-house, Data Protector. That surprised me at first, but when I thought about it for a while it made sense. while Data Protector is a enterprise level, very robust and highly scalable backup product, it’s a bit too complex and costly for the low-end SMB market. So it seems like rather than trying to bring Data Protector down to the low end they opted to purchase a product that is already there.

As far as I know Trilead was one of the smallest players in the SMB backup space so I’m sure the move was more about getting the Trilead intellectual property than it is about getting their customer base. It will be interesting to see what HPE does with it, I imagine at some point they will roll it into the Data Protector family name. The product should definitely get a development boost which will be good for current customers but I rather doubt that they will keep the price as cheap as it is today. The official word from HPE is below:

Important!

As part of our strategic focus and investment in virtualization, HPE has acquired Trilead, a next-generation provider of VM backup software that supports both VMware vSphere and Microsoft Hyper-V. Trilead provides HPE with a virtualized environment backup platform that is highly complementary with HPE’s Data Protector suite. HPE customers can expect the same level of service and support with the enhanced capabilities that Trilead’s technology brings to our portfolio.

Feb 13 2016

Top 12 essential plug-ins every WordPress blog should have

I’ve been using WordPress to host this blog for over 5 years and I’ve found plug-ins to be an invaluable way to enhance and protect my blog. There are literally thousands of plug-ins that you can add to WordPress that cover just about any functionality that you can think of. Trying to sort through them all and find the good ones can be a challenge though. I thought I would share what I use with this blog and get feedback from other bloggers on the plug-ins that they use as well.

  • Wordfence Security – Must have plug-in to secure your WordPress blog and protect it from hackers. A Swiss army knife of plug-ins it does vulnerability scanning, user monitoring, anti-virus, firewall, high speed cache and much more. Wordfence starts by checking if your site is already infected. We do a deep server-side scan of your source code comparing it to the Official WordPress repository for core, themes and plugins. Then Wordfence secures your site and makes it up to 50 times faster
  • UpdraftPlus Backup and Restoration – Another must have plug-in to protect your valuable content via scheduled backups.UpdraftPlus simplifies backups (and restoration). Backup into the cloud (Amazon S3 (or compatible), Dropbox, Google Drive, Rackspace Cloud, DreamObjects, FTP, Openstack Swift, UpdraftPlus Vault and email) and restore with a single click. Backups of files and database can have separate schedules.
  • Ninja Forms – Ninja Forms is the easiest way to build any form you need for your WordPress website. No longer mess with code or worry about made-up limitations. Create the form you want, when you want with a simple drag and drop interface provided by the very powerful Ninja Forms framework.
  • TablePress – TablePress allows you to easily create and manage beautiful tables. You can embed the tables into posts, pages, or text widgets with a simple Shortcode. Table data can be edited in a speadsheet-like interface, so no coding is necessary. Tables can contain any type of data, even formulas that will be evaluated.
  • Page Links To – This plugin allows you to make a WordPress page or post link to a URL of your choosing, instead of its WordPress page or post URL. It also will redirect people who go to the old (or “normal”) URL to the new one you’ve chosen.
  • Contact Form 7 & Contact Form DB – Contact Form 7 can manage multiple contact forms, plus you can customize the form and the mail contents flexibly with simple markup. The form supports Ajax-powered submitting, CAPTCHA, Akismet spam filtering and so on. The “CFDB” plugin saves contact form submissions to your WordPress database and provides and administration page and short codes to view and display the data.
  • Captcha by BestWebSoft – The Captcha plugin adds a captcha form into web pages. This captcha can be used for login, registration, password recovery, comments forms. It protects your website from spammers by means of math logic, easily understandable by human beings. All you need is to do one of the three basic maths actions – add, subtract and multiply.
  • Jetpack by WordPress.com – Jetpack simplifies managing WordPress sites by giving you visitor stats, security services, speeding up images, and helping you get more traffic.
  • WP-Optimize – WP-Optimize is an extensive WordPress database cleanup and optimization tool. It doesn’t require PhpMyAdmin to clean and optimize your database tables.
  • WPTouch – WPtouch is a mobile plugin for WordPress that automatically adds a simple and elegant mobile theme for mobile visitors to your WordPress website. Recommended by Google, it will instantly enable a mobile-friendly version of your website that passes the Google Mobile test, and ensure your SEO rankings do not drop due to not having a mobile-friendly website.
  • W3 Total Cache – W3 Total Cache improves the user experience of your site by increasing server performance, reducing the download times and providing transparent content delivery network (CDN) integration.
  • Yoast SEO – This plugin is written from the ground up to improve your site’s SEO on all needed aspects. While this Yoast SEO plugin goes the extra mile to take care of all the technical optimization, it first and foremost helps you write better content. Yoast SEO forces you to choose a focus keyword when you’re writing your articles, and then makes sure you use that focus keyword everywhere.

Feb 12 2016

New VMware White Paper: What’s New with VMware Virtual SAN 6.2

VMware released a new technical white paper to coincide with the announcement of VSAN 6.2, it goes into more detail on some of the new architecture features such as dedepulication, compression, erasure coding and QoS. The paper is written by Jase McCarty and Jeff Hunter from VMware and provides the missing technical details on VSAN 6.2 that you won’t find in the VMware announcements. Be sure and read my complete overview of VSAN 6.2 first and then give the technical paper a read and you’ll know everything you need to know about VSAN 6.2.

Feb 11 2016

Top vBlog 2016 requirements finalized

Based on a lot of feedback from my last post about new requirements for blogs to participate in Top vBlog I’m going to set the minimum post count to be in the voting at 10 posts for the 12 month period of 2015. Almost everyone thought 6 was too low with most saying 10-12 was just about right. So if you only had 9 or fewer posts last year you won’t be in the running for Top vBlog. You can check the post counts for all the blogs over at Andreas’s site. Based on that requirement there will only be about 200 blogs in Top vBlog this year, last year there was over 400. If you are a new blog for 2015 and you didn’t get 10 posts in let me know for special consideration.

Why I am doing this is to make the voting more fair, if you didn’t put the time in and do at least 10 posts last year you probably shouldn’t be voted as one of the Top vBlogs among all the other bloggers that did put it in alot of hard work. What usually happens each year is people are voted based on name recognition regardless of what there contributions were for the year which isn’t fair. If you ever saw the Eddie Murphy movie Distinguished Gentleman it highlights a similar pattern, the synopsis for that movie is a con man get on the election ballot using a dead Congressman’s old campaign material and runs a low budget campaign that appeals to name recognition, figuring most people do not pay much attention and simply vote for the “name you know.” He wins a slim victory and is off to Washington.

I have the vLaunchpad mostly cleaned up, I archived almost 60 blogs that have not blogged in the last year, If your blog is not listed there use this form and I’ll get it up there in the next week. The new coin design is set and being made right now and I expect to kick things off with VMTurbo as the official sponsor of Top vBlog 2016 in the next few weeks.

Feb 10 2016

What’s New in VMware VSAN 6.2

vmware-virtual-san-VMware just announced a new release of  VSAN, version 6.2 and this post will provide you with an overview of what is new in this release. Before we jump into that lets like at a brief history of VSAN so you can see how it has evolved over it’s fairly short life cycle.

  • August 2011 – VMware officially becomes a storage vendor with the release of vSphere Storage Appliance 1.0
  • August 2012 – VMware CTO Steve Herrod announces new Virtual SAN initiative as part of his VMworld keynote (47:00 mark of this recording)
  • September 2012 – VMware releases version 5.1 of their vSphere Storage Appliance
  • August 2013 – VMware unveils VSAN as part of VMworld announcements
  • September 2013 – VMware releases VSAN public beta
  • March 2014 – GA of VSAN 1.0 as part of vSphere 5.5 Update 1
  • April 2014 – VMware announces EOA of vSphere Storage Appliance
  • Feburary 2015 – VMware releases version 6.0 of VSAN as part of vSphere 6 which includes the follow enhancements: All-flash deployment model, increased scalability to 64 hosts, new on disk format, JBOD support, new vsanSparse snapshot disk type, improved fault domains and improved health monitoring. Read all about it here.
  • August 2015 – VMware releases version 6.1 of VSAN which includes the following enhancements: stretched cluster support, vSMP support, enhanced replication and support for 2-node VSAN clusters. Read all about it here.

With this 6.2 release VSAN turns 2 years old and it has come a long way in those two years. Note while VMware has announced VSAN 6.2 it is not yet available, if VMware operates in their traditional manner I suspect you will see it GA sometime in March as part of vSphere 6.0 Update 2. Let’s now dive into what’s new in VSAN version 6.2. After reading this post you should also check out VMware’s What’s New with VMware Virtual SAN 6.2 white paper for more detailed information.

VMware continues to expand the Ecosystem and tweak licensing

VMware is continually trying to expand the market for VSAN and has put a lot of effort into working with hardware partners to expand the ecosystem. You’ll notice a couple key things here that has changed some things that have held them back in the past. The first is a more flexible licensing and support model. In addition VMware is now trying to get VSAN pre-installed on server hardware to make it even easier for customers to deploy it. You’ll see support from Fujitsu, Hitachi and SuperMicro right away on this, I suspect you’ll also see Dell and Cisco at some point, don’t hold your breath for HP Enterprise to do this though.
VSAN62-1In VSAN 6.1 licensing will split into Standard and Advanced with the Advanced license getting you the ability to use the All-Flash deployment model. In VSAN 6.2 a new licensing tier is added, Enterprise which provides the ability to use Stretched Clustering and QoS (IOPS Limits). Note the new de-dupe and compression features in VSAN 6.2 are included in Advanced, also current Advanced customers are entitled to get VSAN Enterprise.

VSAN62There are more VSAN customers then ever

You would sure hope so, VMware is now claiming 3,000 VSAN customers. Back in August with the release of VSAN 6.1 they claimed 2,000 customers, so if you do the math they have added 1,000 new VSAN customers in the past 6 months. Not too bad growth but I’m sure VMware would like to see that number a lot higher after 2 years of VSAN GA. VMware is also claiming “More Customers Enable HCI with VMware HCS than Competition”, I’m not sure if I believe that claim, I wonder where they got the numbers that prove it.

VSAN62-2What’s new the quick overview

We’ll dive into these areas deeper but this gives you the quick overview of what’s new in VSAN 6.2 if you want to do the TL:DR thing. The big things are deduplication and compression,  QoS and new RAID levels.

VSAN62-3Deduplication and Compression

If you’re going to play in the storage big leagues you have to have these key features and VSAN now has them, but only on the All-Flash VSAN deployment model. This is pretty much in line with what you see in the industry as de-dupe and compression and SSDs are a perfect match so you can make more efficient use of the limited capacity of SSD drives. VMware hasn’t provided a lot of detail on how their implementation works under the covers beyond this slide but I suspect you will see a technical white paper on it at some point.

Note this deduplication is enabled at the cluster level so you can’t pick and choose what VSAN hosts it will be enabled on. While it is inline, the de-dupe operation occurs after data is written to the write cache and before it is moved to the capacity tier, compression happens right after de-dupe. VMware refers to this method as “nearline” and it allows them to be able to not waste resources trying to de-dupe “hot” data that is frequently changing. The de-dupe block size is fixed at 4KB, the storage industry block size tends to range from 4KB to 32KB with many vendors choosing greater than 4KB block sizes, 4KB is definitely a lot more granular which can result in higher de-dupe ratios.

VSAN62-dedupeDeduplication and compression are tied together with VSAN meaning they work together and you can’t just enable one or the other. Of course enabling deduplication and compression will add resource overhead to your hosts, as they are both CPU intensive operations. VMware claims it is minimal (around 5%) as they are using LZ4 compression which is designed to be extremely fast with minimal CPU overhead, but I’d like to see comparisons with this enabled and disabled to see how much impact it will be.

VSAN62-4New RAID levels

VSAN has never required the use of any hardware RAID configured on the server side, you essentially use RAID-0 (no RAID) when configuring your disks and then VSAN handles redundancy by doing it’s own RAID at the VM-level. Prior to 6.2 there was only one option for this which was essentially RAID-1 (mirroring) where whole copies of a VM are written to additional hosts for redundancy in case of a host failure. While that worked OK it consumed a lot of extra disk capacity on hosts as well as more host overhead.

With 6.2 VMware has introduced two new RAID levels, RAID-5 and RAID-6 which improves efficiency and reduces the required capacity requirements. These new RAID levels are only available on the All-Flash deployment model and can be enabled on a per VM-level. They refer to these methods as “Erasure Coding” which is different from traditional RAID in the way that data is broken up and written. Erasure coding is supposed to be more efficient than RAID when re-constructing data and has a downside that it can be more CPU intensive than RAID. These new RAID levels work much like their equivalent traditional disk RAID levels where parity data is striped across multiple hosts. In 6.2 these new RAID levels do not support stretch clustering but VMware expects to support that later on.

RAID-5 requires a minimum of 4 hosts to enable and is configured as 3+1 where parity data is written across 3 other hosts. Using RAID-5 the parity data only requires 1.33 times the additional space where as RAID-1 always consumed double additional space (2x). As a result a VM that is 20GB in size will only consume an additional 7GB on other hosts with RAID-5, with RAID-1 it would consume 20GB as you are writing an entire copy of the entire VM to other hosts.

VSAN62-5With RAID-6 you are providing additional protection by writing an additional parity block and as a result there is a 6 host minimum (4+2) and the parity data consumes only 1.5 times the additional space. This provides better protection to allow you to survive up to 2 host failures. Using RAID-6 a 20GB VM would only consume an additional 10GB of disk on other hosts, if you did this with RAID-1 it would consume an additional 40GB as you are writing two copies of the entire VM to other hosts.

VSAN62-6These RAID levels are tied to the Failures To Tolerate (FTT) setting in the VSAN configuration which specifies how many failures VSAN can tolerate before data loss occurs. When FTT is set to 1 RAID-5 is utilized and you can tolerate one host failure and not lose any data. When FTT is set to 2 RAID-6 is utilized, and you can tolerate two host failures and not lose any data. While there is a minimum  number of hosts required to use these RAID levels once you meet that number any number of hosts is supported with them. If you have less than 4 hosts in a VSAN cluster than the old RAID-1 is used.

New Software Checksum

A new software checksum has been introduced for increased resiliency that is designed to provide even better data integrity and complement hardware checksums. This will help in case data corruption occurs because of disk errors. A checksum is a calculation using a hash function that essentially takes a block of data and assigns a value to it.  A background process will use checksums to validate the integrity of data at rest by looking at disk blocks and comparing the current checksum of that block to it’s last know value which is stored in a table. If an error or mismatch occurs it will replace that block with another copy that is stored in parity on other hosts. While enabled by default at the cluster level and it can disabled on a per VM basis if needed.

VSAN62-7New Quality of Service (QoS) controls

VSAN has some new QoS controls designed to regulate storage performance within a host to protect against noisy neighbors or for anyone looking to set and manage performance SLAs on a per VM basis. The new QoS controls work via vSphere Storage Policies and allow you to set IOPS limits on VMs and virtual disks. These limits will be initially based on a 32KB block size but that will be adjustable as needed. VMware didn’t go into a lot of detail on how this all works but it seems fairly straightforward as you are just capping the amount of IOPS that a VM can consume.

VSAN62-8VSAN6.2-IOPSIPv6 Support

This one is pretty straightforward, vSphere has had IPv6 support for years, VMware has had requests for IPv6 support with VSAN and now they have it. There is support for a mixed IPv4 and IPv6 environment for migration purposes.

VSAN62-9Improved Application Support

VSAN already has pretty good application support with key apps such as Oracle and Exchange, they have extended that in 6.2 with new support for SAP and tighter integration with Horizon View. VMware is working hard to make VSAN capable of running just about any application workload.

VSAN62-10Enhanced Management and Monitoring

It’s even easier to manage and monitor VSAN in 6.2 from directly within vCenter, prior to 6.2 you had to leverage external tools such as vSAN Observer or vRealize Operations Manager to get detailed health, capacity and performance metrics. This new performance management capability is built directly into vCenter but it’s separate from the traditional performance metrics that vCenter collects and stores in it’s database. The new VSAN performance service will have it’s own separate database contained with the VSAN object store. The size of this database will be around 255GB and you can choose to protect it with either traditional mirroring (RAID 1) or using the new erasure coding methods (RAID-5 or RAID-6). By default this is not enabled to conserve host space but can be enabled if needed in the settings for VSAN.

VSAN62-11VSAN6.2-PERFNative Health Check

You no longer need to use a special Health Check Plug-in to monitor the health of VSAN. This allows you to have end to end monitoring of VSAN to quickly recognize problems and issues and resolve them. They have also improved the ability to detect and identify faults to enable better health reporting with VSAN.

VSAN62-12VSAN6.2-HEALTHAdditional Improvements

Finally there are a few minor additional improvements with VSAN in 6.2, the first one is rather interesting. VMware is introducing a new client (host) cache in VSAN 6.2 that utilizes host memory (RAM) as a dynamic read cache to help improve performance. The size of this cache will be .4% of total host memory up to a maximum size of 1GB. This is similar to what 3rd party vendors such as Pernix and Infinio do by leveraging host memory as a cache to speed up storage operations. While this new client cache is currently limited to VSAN you have to wonder if VMware will open this up in a future release to work with local VMFS datastores or SAN/NAS storage.

Another new feature is the ability to have your VM memory swap files (.vswp) use the new Sparse disk format that VMware introduced in VSAN 6.0 as a more efficient disk format. As memory over-commitment is not always used by customers this enables you to reclaim a lot of that wasted space used by vswp files that are created automatically when VMs are powered on.

VSAN62-13

Feb 09 2016

Denver VMUG coming soon – go register now

We don’t seem to have that many VMUGs in Denver as of late so when comes around you should definitely try and attend. There is an upcoming Denver VMUG on Thursday Feb. 18th from 11:00am – 3:00pm at the usual NW location of CableLabs. Sponsoring this one is the good folks from HyTrust, maker of virtualization security products and a company I know very well as I picked them as the winner of Best of VMworld many years ago. So go register and I look forward to seeing everyone there.

Feb 08 2016

vExpert class of 2016 announced – are there too many vExperts

VMW-LOGO-vEXPERT-2016-kThe annual vExpert recognition from VMware has been announced for 2016 with over 1300 people receiving the honor this year. I’m honored to be on that list again, I’ve been a recurring vExpert since the program’s inception in 2009 thanks to the efforts of John Troyer to help recognize members of the VMware community that continually give back by sharing their knowledge and experience with others. The original group was about 300 members and was mostly compromised of bloggers and VMUG leaders. The group has expanded over the years as both the number of bloggers has grown and the criteria and requirements have changed.

Personally I have always thought the group is too large and doesn’t distinguish that well based on the level of contributions. It seems like just about anyone that has a blog is included even if they only posted once or twice in a year. There are definitely people very deserving of the honor but I feel there are some people out there that start blogs just so they can get the vExpert title and they don’t put a lot of effort into it. Remember the vExpert title is not an official certification, it is simply a recognition award from VMware that validates your contributions to the VMware community. What you get from it is recognition and some other great perks like VMware licenses, beta program access, exclusive early access webinars, special events and more. Some vendors will also reward vExperts with special giveaways.

I’d like to see the bar set higher and it be a more exclusive club and/or have recognition levels like vExpert Gold/Silver/Bronze based on the level of contributions and the duration of maintaining the vExpert title. Those that have been named a vExpert every year since the beginning should also get special recognition as to keep it going year after year takes commitment and hard work. I think doing this would give the people that really deserve special recognition just that and put them in higher tier. I’ve always felt there are vExperts, and then there are vExperts, meaning I’ve always seen those that do more to earn it differently then those that do the minimum.

I also see this directly relate to blogging, there are many opportunistic bloggers out there. They see starting a blog as their path to getting something whether it be a new and better job or to get recognition for becoming a vExpert. Now there is nothing wrong with this, if someone wants to better themselves good for them. It’s not the reason I starting blogging and I know that’s true for many other bloggers. What happens too often though is they get what they want and then they dump what got them there. Just this week I removed at least 50 dead blogs from my vLaunchpad. Again there is nothing wrong with this, if that person is happy we’re they are at and doesn’t want to blog any more so be it.

The point I’m trying to make is those bloggers that stick with it year after year and publish great content should get special recognition and they do via my annual Top vBlog voting. It would be nice to see this carry over to the vExpert program, recognize those that deserve it the most instead of publishing a huge list of names with no segregation based on accomplishments. Maybe have a point system that weights accomplishments and then separating the vExperts into different tiers. Also seniority should play into it, someone who has been a vExpert for 8 years should have a higher weight then someone new to the vExpert program.

The vExpert program is a great thing to have and I appreciate VMware’s hard work and continued commitment to it. As the program continues to grow larger hopefully they can find some way to implement different levels of vExperts that I believe would make the program even more special as well as motivate people to accomplish even more instead of just doing the bare minimum. Additionally it would get those that deserve special recognition just that and give more meaning to the vExpert title.

Feb 07 2016

Don’t miss VMware’s big online event this week

VMware is hosting a big online event this week that is themed “Enabling the Digital Enterprise”. It’s being presented as a 2-part event on multiple days split into 2 tracks. The first track seems to be all about VDI, that’s a bit of a change for VMware that has historically put VDI as secondary at their events like VMworld. If VDI isn’t your cup of tea then tune in the 2nd day that is all about vSphere and the cloud and VSAN. I’m willing to bet that you’ll be hearing new product announcements as well as all sorts of licensing changes (hint: streamlined product portfolio).

Track 1 – Deliver and Secure Your Digital Workspace

VMware is helping customers develop consumer-simple, enterprise-secure digital workspaces that include their desktop and mobile environments along with critical components of security, identity and cloud infrastructure. Pat Gelsinger will be joined by Sanjay Poonen who will present VMware’s digital workspace vision and share exciting announcements that help companies securely deliver and manage any app on any device.

What You’ll Learn

  • How to transform traditional IT culture, process, tools, and budgets by delivering and managing any app on any device from one platform
  • What’s new with the VMware Horizon portfolio
  • VMware’s new approach for managing your desktop and apps in the cloud

Americas Tuesday, February 9 at 9:30 AM PST
EMEA Wednesday, February 10 at 9:30 AM GMT
Asia Pacific Tuesday, February 16 at 9:00 AM (GMT +11)

Track 2 – Build and Manage Your Hybrid Cloud

Raghu Raghuram joins Pat Gelsinger to share how VMware’s software-defined approach can help simplify how you build and manage your hybrid cloud. See how VMware’s enterprise-ready cloud management platform (CMP) helps accelerate IT service delivery, improve IT efficiency, and optimize IT operations and capital spending. Get up to speed on how VMware is enabling high-performance hyper-converged infrastructure (HCI) solutions through radically simple storage and a tightly integrated software stack.

What You’ll Learn

  • How companies are implementing CMPs for intelligent operations, automated IT to IaaS, and DevOps-ready IT
  • VMware’s new streamlined product portfolio
  • Why companies are embracing HCI solutions powered by Virtual SAN

Americas Wednesday, February 10 at 8:30 AM PST
EMEA Thursday, February 11 at 9:30 AM GMT
Asia Pacific Tuesday, February 16 at 9:00 AM (GMT +11)

Register here

Feb 06 2016

No VMware Partner Exchange (PEX) this year and I don’t care

As you may have noticed if you are a partner or VAR, VMware decided last year to dis-continue it’s annual Partner Exchange (PEX) conference that it has held annually in Feburary. PEX was a partner and VAR only event, no customers allowed and was mostly aimed at providing partners and VARs with the training and information they needed to better sell VMware solutions. It followed the same basic outline as VMworld just on a much smaller scale (i.e. 5,000 attendees).

PEX was a bit of a tricky event for VMware as it was split into 2 audiences, partners that sold products and solutions into the VMware ecosystem and VARs that sell both VMware and partner products. The tricky part comes from VMware directly competing with many (most?) of it’s partners in just about every area from storage to networking to management to cloud to data protection. This caused VMware to actually ban some companies from the event in prior years. Because of the competitive angle the conference prevented VMware from being able to have the full attention of resellers who could also learn about competitor products at the event.

Because PEX mostly duplicated the formula of VMworld and was still a fairly technical show, VMware decided last year to roll it into VMworld and not have PEX this year. The rolling in part was pretty hasty and not very well executed, the technical part was simple as VMworld is already very technically focused. The partner part not so well, partners didn’t get the opportunity to do boot camps which were a big part of PEX and the partner offerings were very limited and not presented well enough in advance to be able to plan for them.

The one nice thing about PEX was that it gave VMware another window in the year to do new product launches in front of a big audience outside of the yearly VMworld window. VMware has broken this out lately into special internet broadcast events like the one coming up next week. Hopefully they will do a better job with the execution next year as they have more time to plan for it.

What replaced PEX this year is what VMware’s calls a Partner Leadership Summit which is an invitation only event that is focused on c-level business audiences within the company’s partner ecosystem. The event is being held March 6th-9th In Scottsdale, AZ, I didn’t get an invite so I must not be very important ;-( I’m not sure if many partners even received invites, I asked around at HP with our alliance teams and nobody has heard of the conference. I think it is more aimed at VAR’s then VMware technology partners, that way VMware can pitch VSAN and other products without any distractions from competitors. VMware mentioned the conference once last year in this blog post.

vExpert meets the Hit King at PEX 2013:

20130225_162109-smallI for one won’t shed too many tears at the loss of PEX as in the later years it started to conflict with an even bigger annual event, the Super Bowl. Last year totally sucked for me as I was set to fly from Phoenix to San Francisco Sunday morning to get in early enough to watch the big game. The Super Bowl was held in Phoenix last year and that Sunday was literally the one day in years that the whole city got hit with heavy fog (Phoenix almost never gets fog). As a result planes couldn’t land for hours, pilots timed out, my flight got canceled and I literally spent 12 hours at the airport having to watch the Super Bowl at a small crappy airport bar. I finally flew out on one of the last flights of the night that had one seat left.

That wasn’t my worst PEX travel experience though, a few years before that when PEX was in Vegas I was set to fly out from Denver to Vegas on Sunday when a huge snowstorm hit the Denver area that weekend. Of course most of the flights got canceled and the earliest re-bookings were late Monday or Tuesday which meant missing the boot camp and half the show. Well that didn’t deter me, I took a taxi to the airport, rented a Jeep Cherokee and hit the road Sunday evening to get to Vegas by morning.

The Jeep was great in the snow and once you got outside of the Denver area into the mountains it wasn’t that bad. Late that night while driving through Utah, conditions were clear, roads were good but it was very cold out I rounded a corner on I-70 and there was a herd of moose blocking the entire highway. The chances of stopping or avoiding them were zero, even with my lightning reflexes we hit at least one of them which smashed up the front fender pretty good. They all scattered and the one that was hit limped off, at that hour in the middle of nowhere there was no traffic, and of course no cell service. Thankfully the car was still drive-able, the airbag had not deployed and the cooling system seemed to be intact, the Jeep was like a tank.

Jeep vs big ass moose:

BEEF9BLCQAIDX67We drove for a while longer finally got cell service, called the rental car company, since the car was still driving OK they said to bring it to them in Vegas and they would swap it out. As they needed a police report I called the Utah Highway Patrol, they wouldn’t come out for it they just took a report and gave me a case #. We continued on to Vegas, I was constantly nervous the car might overheat in the freezing cold and we’d get stranded but it made it just fine. Took the car to them, they didn’t say much and just exchanged cars with me. Despite that ordeal I ended up getting there just in the knick of time about an hour before the boot camp started on Monday at 8:00am.

So I for one won’t miss PEX all that much, having to plan for our presence at PEX each year was a lot of duplicated effort. So goodbye PEX and hello VMworld.

Feb 06 2016

Top vBlog 2016 new requirements for bloggers

So this year I’m going to try something a bit different to try and limit the number of blogs that are in the voting. Every year the number of blogs in the voting continues to rise with over 400 last year. Each year I do remove dead blogs from the voting, these are blogs that have not produced any new posts in the last year. The number of dead blogs is fairly small though, maybe less than 20. With the number of blogs so high it gets very difficult for voters to sort through the huge number and pick their favorite blogs. It also makes all the work that goes into the building the whole voting process and processing the results much more difficult.

So based on some feedback from last year and especially thanks to Andreas Lesslhumer’s hard work of actually tallying up blog posts for each and every blogger last year I’m going to set a minimum post count as a requirement for being on the Top vBlog ballot. Right now I’m thinking of setting it as a minimum of 6 posts in the prior year to be eligible for Top vBlog. This would eliminate at least a 100 blogs from the voting. I know people get busy and it’s often hard to maintain a blog but I think one post every 2 months is a fairly low bar to set for this. The end result is it will be more fair to the bloggers that put in more work, easier for the voters to choose their favorite blogs and easier for me to complete the who process.

Let me know what you think about this, too high? too low? just right?

Jan 29 2016

Veeam Backup & Replication turns v9 this month

veeam-v9Veeam Backup & Replication was first introduced as a 1.0 product back in 2008 and helped launch the revolution of the data protection industry with a backup product specifically designed for VMware environments. To put that in context with vSphere back in 2008 vSphere consisted of VirtualCenter 2.5 together with ESX 3.5 and ESXi was just being introduced. Back then Veeam was a small company consisting of around 10 employees. Fast forward to today and they’ve come a long way since that time, Veeam now has over 2,000 employees and has just released version 9 of their flagship Backup & Replication product. You can read more on the history of Veeam in a post I did back in 2014.

Veeam Backup & Replication is one of the core components of the Veeam Availability Suite along with the Veeam ONE monitoring and reporting tool. The v9 release of Veeam Backup & Replication is packed full of new features and enhancements including a lot more integration with some of the big storage array vendors. I was on a blogger early preview of the v9 release and one nice thing that caught my attention was new support for Direct to NFS backups. Prior to v9 Veeam has always supported Direct to SAN backups where a backup appliance could directly backup VMs on a SAN without involving the hypervisor which is more efficient, in v9 that has been extended to NFS storage arrays as well.

The list of new features and enhancements in this release is ridiculously long, so rather than list them all here go check out the 10-page What’s new in v9 document that Veeam has published. You can also give this blog post from Doug Hazelman a read and check out a recorded webinar from Rick-a-tron that provides an overview of the v9 Availability Suite

Jan 18 2016

Customer adoption of VMware Virtual Volumes (VVols)

Tom Fenton recently published an article on Virtualization Review detailing the current state of VMware’s new Virtual Volume (VVol) storage architecture. In the article he polled a few vendors to find out what they are seeing as far as customer adoption of VVols. A few vendors responded including myself, both HDS & Dell did not have an accurate way to track adoption and where mainly relying on customer feedback. They are mainly seeing customers testing it out right now and using it in Dev/Test environments. HDS stated one of the limiters to VVol adoption is customers still on vSphere 5.5 and Dell stated customers are still trying to understand it better before diving in.

At HPE, we can track actual usage of VVol adoption via our array phone home capability which provides us with some usages stats on the array. In the article based on my feedback Tom wrote that we had seen at least 600 3PAR arrays with the VVols VASA Provider enabled within the array. More recent numbers puts that at around 720 arrays, but its important to note that this just means they have the potential to use VVols, not that they have VMs running on VVol storage. More detailed stats show that about 50 customers have created VMs on VVol storage. So this is pretty much inline with what other vendors are seeing which is pretty light adoption of VVols right now.

VVols has been available as part of vSphere 6 for almost a year now (March 2015), so why aren’t more people using it? There are probably a lot of reasons for this including:

  • Customers haven’t migrated to vSphere 6
  • Array firmware doesn’t support VVol
  • Lack of replication capabilities in VASA 2.0
  • Lack of knowledge/understanding of VVols
  • Limited scalability and feature support in some implementations
  • It’s essentially a 1.0 architecture

In my previous post on when customers would start adopting VVols I went into a lot more detail on the barriers/challenges to VVol adoption. I expect usage to pickup within the next year or so based on a number of factors:

  • VASA 3.0 with replication support in the next vSphere release
  • More arrays support for VVols
  • Increased scalability and more feature support
  • More mature implementation from VMware and array vendors
  • Better understanding of VVols and how to implement it

Until then I expect to see steadily increased usage of VVols, like any new technology or feature, adoption is almost always slow at first as customers are often cautious about jumping right in to something new. The same growing pains were apparent with VSAN as well when it was released as a 1.0 new storage architecture. If your array supports VVols I encourage you to definitely try it out and learn all you can about it as VVols is the future and at some point I expect VMFS to be phased out just like ESX was. If you are looking for resources to learn more about VVols be sure and check out my huge ever-growing VVols link collection and also my VMworld 2015 STO5888 session that VMware has made publicly available.

Older posts «

» Newer posts