Eric Siebert

Author's posts

vCenter Mobile Access – now with https support

The vCMA is considered a “Fling” which means it is an experimental app that is not officially supported and more of technology preview. The vCMA has been out for over a year and can be used for mobile devices to provide web-based basic administration of vSphere. I first downloaded the vCenter Mobile Access (vCMA) virtual appliance from VMware’s website a few weeks ago in preparation for the iPad vSphere Client application that is due to be released soon,VMware released an updated version of the vCMA in February that added support for the vSphere Client iPad application.

After installing the vCMA I found a really big security hole with it, by default all client connections to it are made over http and there is no support for enabling https. This means all the traffic between your mobile devices and the vCMA is in plain text, including your login credentials to hosts and vCenter Server. I ran a sniffer on my PC to prove this and saw my login information clear as day. I looked around in the vCMA forum and found a post from someone at VMware that gave general instructions for enabling https. It was not an easy process at all and involved creating your own certificates and modifying files inside the vCMA operating system. Most users would not be able to do this on their own.

I brought this to VMware’s attention, I couldn’t believe that they did not have https support for the vCMA, this should of been the highest priority above everything else. Well VMware agreed and they quickly responded and turned around a new version of the vCMA inside of 2 weeks time. The new version now has https enabled by default using a certificate that VMware installed on the appliance so all network traffic is safe and sound.

So if you already have the vCMA installed make sure you download and install the new version of it as you run a great risk using it un-secured.

2011-03-16_1545291

Share This:

VMware Mobile Hypervisor hands-on

Engadget has published some video of VMware’s forthcoming mobile hypervisor platform in action running on an Android device. It’s pretty slick as it allows both personal, consumer managed and corporate, enterprise managed instances of Android running on a single device. No longer will you have to carry two phones, one for work and one for personal use and as you can switch between two separate instances of Android running as VMs on a mobile device. Head on over to Engadget and check it out.

Share This:

My new series on the VMware vShield product family

I recently did a new series of tips on the new version of vShield for Tech Target that covers what the various components of the product family are, how to deploy to the Manager, Zones & App components and some additional tips for using vShield. The tips are broken into several smaller tips and I’ll be posting links to all of them here as they are published.

Share This:

Win a copy of Edward Haletky’s new book

I recently received an extra copy of Edward Haletky’s new book that was just released, VMware ESX and ESXi in the Enterprise. This is a second edition of his original book and covers up to vSphere 4.1. I was trying to think of a contest idea to give my extra copy away and thought I would keep it simple. I have a number between 1 and 100 the first one to guess it in the comments wins it. Only one guess per person, I have your IP addresses so no cheating, make sure you leave a valid email address in the appropriate field, it isn’t published so nobody sees it. Let the guessing begin!

Update: Eric Wright wins with 42 (answer to life the universe and everything for you Douglas Adam fans)

95572912


Share This:

IPv6 support in vSphere

With all the talk lately of IPv4 addresses being exhausted on the internet I thought I would post a snippet from my book Maximum vSphere that covers IPv6 support in vSphere. This is just a small part of a whole chapter on networking so for more good networking information be sure an check out my book, currently only $28.22 on Amazon.

blkfade

Another new feature in vSphere is support for IP version 6 (IPv6) which is the successor to the traditional IPv4 IP addresses that are commonly used today. IPv6 was created to deal with the exhaustion of the number of IP addresses that IPv4 supported. IPv4 uses 32-bit IP addresses which yields a maximum number of around 4 billion unique IP addresses. IPv6 on the other hand uses 128-bit IP addresses which results in an insanely high number of unique IP addresses (340 undecillion or 3.4 x 10 to the power of 38). Besides more IP addresses IPv6 also has many enhanced features over IPv4 like stateless host auto-configuration to obtain IP addresses, mandatory IPSEC for security and mandatory multi-cast. IPv4 addresses are all numeric and an IPv4 address is 4 bytes, also referred to as octets (4 bytes of 8 bits = 32-bits) such as 192.168.1.125 or in binary it would be 11000000 10101000 00000001 11111101. Each byte contains 8 bits which results in possible values of 0 through 255 or a total of 4,294,967,296 possible IP addresses.

IPv6 addresses are 16 bytes (128 bits) and represented in hexadecimal and a typical IPv6 address is in the following form: hhhh:hhhh:hhhh:hhhh:hhhh:hhhh:hhhh:hhhh. IPv6 addresses have both a full and shorthand notation, the full notation displays the whole address of 8 sections, i.e. E3D7:0000:0000:0000:51F4:9BC8:C0A8:7625; the shorthand notation drops the extra zeros which are common in IPv6 addresses, i.e. E3D7::51F4:9BC8:C0A8:7625. The double colon denotes the zero sections that were dropped. Support for IPv6 was enabled in vSphere for the networking in the VMkernel, Service Console and vCenter Server. Support for using IPv6 for network storage protocols is currently considered experimental and not recommended for production use. Mixed environments of IPv4 and IPv6 are also supported.

To enable IPv6 on a host you simply select the host and choose the Configuration tab and then Networking. If you click the Properties link (not the vSwitch Properties) there is a checkmark to enable IPv6 for that host. Once enabled you must restart the host for the changes to take effect. Once restarted you will see in the VMkernel, Service Console (ESX) or Management Network (ESXi) properties of the vSwitch both an IPv4 and IPv6 address as shown below.

ipv6

You can edit the IPv6 settings and specify to obtain IPv6 addresses automatically through DHCP or through router advertisements as well as set a static address. While IPv6 is better than IPv4 it has not seen widespread adoption and in order to use it your network environment needs to support it, this includes DNS/DHCP servers, switches and routers. In many cases IPv6 is tunneled through IPv4 networks so both can co-exist together.

blkfade1

One additional note to add about IPv6 support in vSphere, as of vSphere 4.1, IPv6 is supported for:

  • Guest virtual machines
  • ESX/ESXi management
  • vSphere client
  • vCenter Server
  • vMotion
  • IP storage (iSCSI, NFS)-experimental

NOTE: IPv6 is not supported for vSphere vCLI, VMware HA and VMware FT logging.

Update from VMware on vShield support:

We have support for IPv6 on the roadmap for vShield Edge to support IPv6 on external interface. For vShield App, Zones and Endpoint, we will be agnostic to v4 vs. v6 being as layer 2. Beyond that, vShield manager will support all UI for the v6 configs. Regarding timeframe, we may phase in the support for this over a few releases and exact details are in works.

Share This:

Tech Field Day #5 wrap-up – Day 1 – Drobo

drobo_logo1After a visit to Symantec HQ in the morning it was off to Drobo’s HQ. Drobo stands for Data Robotics but they have permanently moved to the Drobo name instead. There products consist of of low-end storage devices for the consumer and SMB markets. The Drobo line ranges from small 4-bay storage units up to their soon to be released 12-bay unit. Much of their presentation was focused on their new B1200i 12-bay iSCSI SAN storage and their newly designed management UI. I’ve always thought Drobo’s were attractive and well built units but I felt that they were overpriced compared to the many other similar units on the market from vendors like NetApp, Synology, QNAP and Iomega.

I’ve always felt like Drobo has had a bit of an identity crisis, they target a specific market with each of their storage devices instead of going after a much broader market. Most of their business class devices only support the iSCSI protocol which limits their use cases. Their FS line doesn’t natively support iSCSI or NFS but if you install one of their Drobo Apps on it then you can use NFS. Finally their smaller consumer units only support direct attach via FireWire or USB. Each line is marketed at a different use case and has different connectivity. This limits each device to only being used for a specific purpose. The problem with that is all of their competitors support all protocols and connectivity options across their entire line of devices. If you take Synology or NetGear for example, from their small 1 bay units all the way up to their expandable 5-bay units they support all the same features across most of their product line. This means any of their devices can support iSCSI, NFS, CIFS, FTP, AFP and much more. As a result they can be used for a multitude of things simultaneously, the Drobo units on the other hand are very limited in what they can do. I can’t see that it would be all that difficult to provide support for both iSCSI & NFS on all their devices so customers can choose what they want to use. Having consistent software and protocol support across all their devices would also make development easier.

Drobo unveiled there new 12-bay unit (B1200i) to us which fits into their “Drobo means business” theme, it looks like a larger version of their 8-bay units with a few key differences.

  • Dual hot-swappable power supplies (other Drobos only have single fixed power supplies)
  • Support for SATA, SAS and SSD drives (other Drobos only support SATA)
  • 3 Gigabit Ethernet ports (other Drobos only have 2)
  • 1 Gigabit Ethernet port dedicated to device management (other Drobos don’t have this)

lg_b1200i_open_800x5001lg_b1200i_rear_800x500

I asked some questions such as if they supported 6.0 GB/s SAS drives and they said they did, which is nice, but some other answers I didn’t like so much. The first is that while they have 3 Ethernet ports, they have no ability to team them together for load balancing or failover. Each port is independent and must be assigned its own IP address, they seemed to think this was OK because users and apps could use different IP addresses to access the Drobo but I thought this was too complicated and unrealistic. The B1200i only has a single controller card but has additional empty ports for future expansion. I asked if they planned on supporting a second controller card and they said they might at some point in the future. That seemed to me like they were releasing a product that wasn’t completely done yet.

The next is the price, they had said the B1200i was going to be released at just under $10,000 half-populated with 12TB of storage. That just seems way to high for a storage unit that is missing many enterprise features and is in the same price range as the NetApp FAS2020, EMC VNXe & HP MSA, all of which are much more robust, enterprise class units. They plan on also offering a lower cost model with no/smaller drives but the price is still way too high. They need to be down around the price range of the Iomega ix12-300r which starts at $4999 for a 4TB model.

They also showed off their new Drobo Dashboard which was visually very nice looking but I felt was lacking in many areas. They were asked several questions on if it supported different features like SNMP and they kept answering that additional features would be coming later. I felt that if they were going to put all that effort into developing a new interface they should get it right before they release it. It seemed like much of the development effort went into improving the visual elements of the interface and not the functional elements. The Dashboard lets you manage multiple Drobo units that are on the network in a centralized view but seemed lacking enterprise features like AD or LDAP authentication.

dashboard_lg_main_800x5751dashboard_lg_mgmt_800x5751dashboard_lg_status_800x575

The Drobos use a proprietary RAID called BeyondRAID which is the only RAID that you can use as they do not support any traditional RAID levels. You are limited to a single RAID group even on the 12-drive model. Think of BeyondRAID as kind of a dynamic, intelligent RAID level that has the ability to use drives of different sizes and types in a RAID group. The size of the RAID group can be increased simply by removing a drive and inserting a larger drive and letting the RAID rebuild itself. Being able to increase drive sizes without data loss is a nice feature but I’m not a big fan of mixing different size/type drives in a single RAID group. There is support for standby hot spares and also dual disk redundancy, also drives can be re-inserted in any order without data loss. Thin provisioning is supported but only for traditional OS volumes, it is not supported for VMware VMFS volumes.

I’d really like to see Drobo succeed but I feel to do so they need to do a few things to better compete with the many other low-end storage devices on the market.

  • More competitive pricing, across your whole line, its OK to charge more if you’re offering more then your competitors but in most cases they are not.
  • Feature and protocol parity across their entire product line, offer iSCSI, NFS and other features on all models from the 4-bay Drobo up to the 12-bay B1200i.
  • More features on both consumer and business models, take your Drobo Apps that are only available on the FS models and integrate them in all your models. Features like FTP & CIFS support, jumbo frames, backups, rsync, AFP, SSH and SNMP should be on all your models.
  • Simpler product line, right now there is a Drobo, Drobo S, Drobo FS, DroboPro, DroboElite, DroboPro FS, Drobo B1200i, B800i and B800 FS. This is kind of confusing as all the models have a specific use case, consolidate into 4-5 models by bringing features together, the i (iSCSI) & FS (NFS) should be one unit.
  • Better centralized management interface, it looks great but add more features and functionality to it.

One of the best things Drobo has going for it is that they seem to have very well built and well designed storage devices. The devices are high quality and it looks like a lot of thought went into their design. They are attractive looking units with nice LED indicators that give visual indications of how the device is functioning. If Drobo could pack some more features into the devices they would better compete with everyone else. I’ve really always wanted to like these devices and I’ve been tempted to buy one for my home lab but the high cost and lack of features turned me off. If Drobo can address some of these issues I could definitely see myself being a Drobo owner.

Share This:

Tech Field Day #5 wrap-up – Day 1 – Symantec

symantec2

Symantec totally brought their A game to the event, the presenters were mostly technical which was good and included their Chief Architect for the NetBackup product family. They also served a very nice breakfast which included bacon! They have a huge campus in Mountain View, CA which is their world headquarters and where we visited. A big surprise to us all was that their CEO, Enrique Salem, flew into town just to talk to us for a bit. He seemed like a very high energy, approachable, down to earth guy who gave us some vision for Symantec and let us ask him questions. At one point he popped a Milky Way into his mouth to get some nourishment and he also gave out his cell phone number to us in case we wanted to contact him later.

Symantec primarily covered their backup products which includes NetBackup and Backup Exec, there was a heavy emphasis on their virtualization integration which was appealing to me. I found that they are now integrated with vSphere extremely well and are fully leveraging the vStorage APIs for data protection. NetBackup and Backup Exec are now jointly developed so much of the same code is used in both so they no longer have to do double the work to develop the same features in both versions. I asked if there was any future plans to eventually merge the two into one product and they responded that there was not and that both products while sharing many of the same features would remain independent.

What impressed me the most about their virtualization integration was the fact that they could perform restores of individual files from image level backups to tape. Almost all vendors can do individual file restores from disk targets but Symantec found a way to do it directly from tape by only restoring the blocks for that file and not the whole VM to do it. Symantec inserts a filter in their image level backups that reads all the data being backed up so it can index and know exactly where files reside on the target media. Typically with file restores the virtual disk must be mounted from the target repository so the files can be selected and restored, NetBackup doesn’t require this.

What was also impressive is the number of enterprise backup features that have found there way into Backup Exec as well which makes it a great affordable and robust solution for SMBs. Their emphasis with Backup Exec compared to NetBackup is simplification, Symantec believes that SMBs with smaller IT staffs do not want a highly configurable solution. As a result they have developed Backup Exec with many of the same features as NetBackup but have made the administration and configuration options much simpler. I think one of the strengths of the Netbackup/Backup Exec line is that they support both physical and virtual machine backups which is one of the weaknesses for the virtualization only platforms from vendors like Veeam and Quest.

Most environments are not 100% virtual so using Backup Exec or NetBackup means you only need one backup solution. However, Symantec’s development cycle seems slow and smaller vendors like Veeam are quicker to support new features related to backups, such as the vStorage APIs for Data Protection and the Changed Block Tracking feature. The strength of Veeam is that they are lean and mean and can move at a very fast pace to support changes and new technologies in the backup space, they also think outside the box and come up with innovative features. I asked Symantec if they had planned on introducing features similar to Veeam’s SureBackup and they said no, they didn’t feel that their was a high demand for it. But if you’re looking for a single backup solution that supports both physical servers and virtual machines you can’t go wrong with NetBackup or Backup Exec that has some great features and is very well integrated with virtualization.

Overall I came away pretty impressed with their products, the new 7.1 version of NetBackup is supposed to be released later this month and has some additional new features in it. While we had the attention of Symantec’s CEO I did ask him a question, I wanted to know where they were at with producing a version of their anti-virus software that would be compatible with vShield Endpoint. Currently Trend Micro is the only vendor shipping a product for it, he stated that did not plan on releasing something anytime soon and it would be at least a year before they released a new product that would support vShield. The reason for the delay is that they are waiting for the next generation of vShield to be released that has more features and better integration to more effectively secure the platform. They plan on releasing an Endpoint compatible product called Single Instance Security in the first half of 2012.

The next post will cover our meeting with Drobo & Druva. Here are the videos that were shot during the Symantec presentation:

Share This:

Tech Field Day #5 wrap-up – Day 0 – Arrival & Dinner

Well Tech Field Day #5 which was held in San Jose, CA is over and it was a great 2 intensive and long days spending time with various vendors. This will be a series of posts on my thoughts and experiences at TFD5, overall I had a great experience there and would highly recommend it to any bloggers out there that get invited. The event is run by Stephen Foskett and his Gestalt IT company and is designed to bring together highly regarded bloggers and vendors from various IT industries. Delegates are selected from a list of independent bloggers that prior TFD delegates rank in several categories using a point scale, those at the top of the list get selected, apparently I was the highest ranking delegate that had never attended a TFD event, I had prior invitations but had turned them down due to conflicts. There were 12 delegates for TFD with a variety of backgrounds that included virtualization, storage, backups and networking.

BloggerWebsiteTwitterLocationSpeciality
Sean Clarkhttp://seanclark.us/@vSeanClarkIowaVirtualization
Jeff FryFryGuy’s Blog@FryGuy_PAPennsylvaniaNetworking
Robin HarrisStorage Mojo@StorageMojoArizonaStorage
Bill HillVirtual Bill@Virtual_BillOregonVirtualization
Tom HollingsworthThe Networking Nerd@NetworkingNerdOklahomaNetworking
Matthew NorwoodNetwork Therapy@MatthewNorwoodGeorgiaNetworking
Devang PanchigarStorage Nerve@StorageNerveNew JerseyStorage
W. Curtis PrestonBackup Central@WCPrestonCaliforniaBackup
Maish Saidel-KeesingTechnodrone@MaishSKIsraelVirtualization
Eric SiebertvSphere-land@EricSiebertColoradoVirtualization
Greg StuartvDestination@vDestinationArizonaVirtualization
Chris Wells@vSamurai@wygtyaJapanVirtualization

I arrived late Wednesday afternoon and after a meetup in the hotel lounge we were off to a group dinner at a nearby restaurant, Zeytoun which featured middle eastern food. Dinner was great, we had the whole restaurant to ourselves and featured great food, gift exchanges and a belly-dancer which was the highlight of the evening. The gifts were small tokens from each bloggers local culture and consisted of micro brews, Japanese whiskey, rocks from Colorado, pastries from Israel and much more. It was a great time and gave a chance for all of us bloggers from all over the globe to get to know each other better. I had previously met about half the bloggers at other events and knew a few of the others but there were some that were completely new to me.

tfd-1

After dinner a bunch of us hung out in the hotel lounge before heading off to bed to get some sleep before our 7:30am start the following day which included a visit to Symantec’s HQ, Drobo’s HQ and the Computer History Museum for a presentation from Xangati followed by a reception. Stay tuned for the next post which will cover our trip to Symantec.
Share This: