VMware

Gabriel Maciel's Blog

February 2008

Previous Next
0

Mike Laverick recently gave a really interesting 42 minutes Webcast covering the following topics:

1) ESX Partitioning
2) Local VMFS Volumes
3) Pros & Cons of using SAN Storage
4) How big should my LUNs be?
5) How big should my Virtual Disk be?
6) How should you arrange Virtual Disks in VM?
7) What are the storage considerations for VDI?
8) What storage considerations do you have with VMware Virtual Machine Snapshots?
9) Storage Monitoring / Reporting advices
10) How fast will my Virtual Center Data Base grow?

You can watch the event here.

Posted by Gabriel Maciel

0 Comments Permalink Tags: virtualization, vmware, esx, server, storage, virtual, center
0

Here are some best practices published by the VMware Security Blog for keeping your VMotion traffic secure:

1. The most important VMotion best practice is to isolate your VMotion activity from all production network traffic. The current design of VMotion assumes that the VMotion network is secure within a data center, certainly within a rack or set of adjacent racks. In a typical situation, servers in one or more co-located racks would each have one or two network cards dedicated for VMotion; these would be connected to a switch or VLAN that has no other endpoints connected.
Isolating VMotion takes away that most common of staging points for man-in-the-middle: some unpatched box anywhere on the production network that has already been taken over by malware. Indeed why any non-ESX box, compromised or not, would be on this network at all would be immediately in question. The researcher's assumption is that long-haul VMotion over wide area networks might become popular in the future. However, most companies today already use encrypted links for inter-datacenter traffic.

2. Tightly restrict access to VI administrative accounts and roles. With VMotion isolated, a virtual rogue presence is more plausible than a physical one, but even a compromised guest VM does not have a virtual NIC on the VMotion network, only on the production network. Therefore the rogue VM must be configured in VI to have a vNIC on the VMotion network.

3. Don't enable promiscuous mode on vswitches. Unlike a physical network card, someone who has taken over a guest VM cannot cannot configure a vNIC to be promiscuous. Another VI admin setting, promiscuous mode (off by default) is configured on the virtual switch port separately from a VM. Also, to manipulate rather than snoop, the proof-of-concept technique requires traffic actually route through the rogue VM, which would not occur naturally on the vswitch."
More Best practices for hardening your VMware Infrastructure environment can be found here.

More information about this article here.

Posted By Gabriel Maciel

0 Comments Permalink Tags: esx, server, security, virtual, center, virtualization, vmware
4

Forbes Guthrie has released a reference card for the VMware 3 / 3.5 environment. It covers the ESX Install, 3i, Storage, Networking, MSCS Clustering, Resources, Backups, ESX Host, VMs, Web Access, Virtual Center and License Server.

You can can find your copy here.

Posted By Gabriel Maciel

4 Comments Permalink Tags: esx, server, virtual, center, virtualization, vmware, 3i, security, vi, vi3, reference
2

There are several tools and utilities that I use every day to administer our VMware environment and I would like to share here with you:

Virtual Center and ESX:

  • PuTTY is a robust and highly configurable free implementation of Telnet and SSH.
  • Veeam FastSCP (Fast & Secure Copy) is my favorite tool for managing files in ESX or Windows. Also, WinSCP is another good utility that has been around for a while.
  • Veeam RootAccess gives you an easy way to enable / disable remote root access or create a regular user account. Combine it with FastSCP and you can easily enable root access, transfer your files and disable root access again.
  • EsxDiag for ESX Server 3.x is a free console script that will check several services and configurations for you. EsxDiag is part of Veeam Configurator.
  • vmCDConnected scans all the Virtual Machines and shows if they have a CD connected to it. After scanning the VM's, you can disconnect the CD's with a simple click.
  • SnapHunter will report to you which virtual machines have snapshots. The tool is very useful if you want to automatically track how much space they are consuming in your virtual environment.
  • esx-autopatch.pl is another rock solid utility that combined with a Web Server (optional) can quickly patch you entire environment.

VMware Server, Workstation & Player


As always, feel free to add your tools to the list!

Posted By Gabriel Maciel

2 Comments Permalink Tags: esx, server, virtual, center, virtualization, vmware, tools, vi3
0

SAN Fundamentals

Posted by Gabriel Macie… Feb 15, 2008

If you are interested in taking a web based training that will explain you the basics about Storage Area Networks, go to this Hewlett Packard site and register / login for free. The course is not bad at all and can be used to refresh your knowledge or learn something new. Enjoy!

Posted By Gabriel Maciel

0 Comments Permalink Tags: san, esx, server, vmware, vi3, virtualization
0

Welcome!

Posted by Gabriel Macie… Feb 14, 2008

This is a blog focused on IT Infrastructure Management, so you can expect to find here articles about Virtualization, Microsoft & Open Source Technologies, IT Management and Security.

The main objective is to share ideas and experiences through simple posts that can serve as on-line reference and hopefully provoke some thoughts.

Also, feel free to visit http://it-infrastructure-management.blogspot.com/ for more weekly updates!

Posted By Gabriel Maciel

0 Comments Permalink Tags: virtualization, microsoft, open, source, technologies, it, management, security

Gabriel Maciel Ottawa
Click to view Gabriel Maciel Ottawa's profile Member since: Mar 11, 2008

VMware and Microsoft Virtualization - Open Source Technologies - IT Management and Security

View Gabriel Maciel Ottawa's profile

Communities