This problem applies to all ESX 3.5 U2 hosts but should not affect you running VMs. Suggested Workarounds:

For the Virtual Machines:

• Set DRS to manual


• Do not VMotion


• Do not power off or suspend your VMs


• If you have important VMs you need to turn on again: a. Create a quarantine host b. Set time on this host back c. Cold migrate the VM to the quarantine host d. Verify that your VM does not synchronize its time with that ESX host: Power the VM on, log into it and set the time manually


• You could also think about temporarily disconnecting the VM to power on from the Virtual Switch - this way you are certain that the VM will not be able to communicate with a DC while it’s out of time-synch

Note: Please take into account that if you change the time on the affected ESX host and VMware tools is configure to synchronize the guest with it, you may adversely affect your running services.

For the ESX Host:

• Log in as root on the target host


• Issue the following commands:
  
  a. service ntpd stop
  
  b. date -s 08/01/2008

Note: This can also be done using the VI Client (Configuration, Software, Time Configuration, Properties).

Further reading and sources for this article:

• VMware Knowledge Base


• VMware Communities


• ICT_Freak


• Leo's Ramblings

Posted by Gabriel Maciel

Kim Blomgren from Tripwire kindly sent me an e-mail with information about the updated version of Tripwire ConfigCheck. Last moth I wrote a post about this free tool / utility and now it is very nice to see how in such short period of time Tripwire has improved it again. Here is the new information:

Tripwire, a leader in configuration assessment and change auditing for virtual environments, today announced the availability of Tripwire ConfigCheck™ for VMware ESX 3.0.  Tripwire ConfigCheck is a free utility that quickly assesses configuration settings for VMware ESX 3.0 and 3.5 hypervisors, determines potential configuration risks, and provides prescriptive remediation advice so that administrators can ensure greater security.

Tripwire ConfigCheck provides an immediate assessment of the configurations of a VMware ESX hypervisor, comparing them against VMware hardening security guidelines, which are best practice recommendations for optimal security in virtual environments, and provides remediation instructions if any are needed. With Tripwire ConfigCheck, customers gain immediate visibility into risks that might exist in their virtual environment due to misconfiguration and are advised of recommended fixes to any configuration settings that could present future risk.

With tens of thousands of visitors and downloads in the past month, Tripwire has been lauded for offering a free solution to a growing industry concern. “The massive popularity of Tripwire ConfigCheck speaks loudly to the market need for solutions that address the knowledge and skills gap in managing virtual infrastructure.  With this latest release, we leverage the best practices of VMware’s hardening security guidelines for 3.5 and 3.0.x environments increasing the overall value of the utility,” said Mark Gaydos, Tripwire VP of Marketing. 

In addition to offering immediate insight into unintentional vulnerabilities in virtual environments, Tripwire also provides a remediation guide containing the necessary steps to return both VMware ESX 3.0 and 3.5 hosts to a known, secure state.  Tripwire ConfigCheck and the Tripwire Remediation Guide are available for free and can be downloaded at www.tripwire.com/configcheck. 

Find more about ConfigCheck here.

Also, this is the link to the VMware Communities roundtable podcast where ConfigCheck was discussed.

Posted by Gabriel Maciel

"As virtualization of network DMZs becomes more common, demand is increasing for information to help network security professionals understand and mitigate the risks associated with this practice. This paper provides detailed descriptions of three different virtualized DMZ configurations and identifies best practice approaches that enable secure deployment."

Read the full article here: DMZ Virtualization with VMware Infrastructure.

Posted by Gabriel Maciel

And the winners for this week are:

1. Top 5 things to know about Hyper-V via Windows Virtualization Team Blog
2. Deploying Windows Server 2008 with slipstreamed Hyper-V RTM (Part 2) via John Howard's Blog
3. If A Virtualization Misconfiguration Or Security Vulnerability Exists Within An “ESX Appliance,” Does It Really Exist? via Virtualization Security
4. Virtualising (Domain Controller) Servers via Mark Empson's Blog
5. Virtualization's Impact on IT Operations - Part Two via Virtual Strategy Magazine

Via NTPRO.NL:

Chris Skinner, a Technical Trainer over at VMware created a document for clustering VirtualCenter 2.5 with MSCS. Feel free to distribute to clients and colleagues. A special thanks to Seva and Charu for challenging Chris to do this based on their VC2.0 document. This paper documents the steps to successfully implement a high availability solution for VirtualCenter 2.5 using Microsoft’s cluster services. There are some basic requirements to start the process. Microsoft requires Active Directory for cluster services. Additionally, Windows 2003 Enterprise server or higher will be necessary. This document was compiled from several sources. It demonstrates creating a VC cluster on the same ESX host (cluster-in-a-box) with a SAN-based quorum disk. The hyperlinks at the end of the document has more detailed information for other types of configurations, such as, cluster-across-boxes and physical-to-virtual.

Posted by Gabriel Maciel

In what it seems to be the Top 10 things you must read about VMware series, Eric Siebert wrote the top 10 about VMware Networking:

1-VI3 Networking – Concepts and Components: A VMworld 2007 presentation (you will need to sign-in) describing the VI3 network architecture and how to properly configure it.

2-VI3 Networking - Advanced Configurations and Troubleshooting: A VMworld 2007 presentation (you will need to sign-in) on advanced virtual networking topics with tips for troubleshooting problems.

3-VMware ESX Server 3 802.1Q VLAN Solutions: Provides concepts and configuration tips for using 802.1Q VLAN tagging with your vSwitch configurations.

4-Integrating Virtual Machines into the Cisco Data Center Architecture: A white paper written by Cisco on ESX server networking architecture and integration with Cisco network devices.

5-Networking Performance in VMware ESX Server 3.5: A white paper from VMware comparing virtual to physical networking performance.

6-Network Throughput in a Virtual Infrastructure: A white paper from VMware that outlines the considerations that affect network throughput.

7-ESX3 Networking Internals: A VMware TSX 2007 presentation on the internals of how ESX vSwitches function.

8-High Performance ESX Networking: A VMware TSX 2007 presentation on ESX network design considerations.

9-How To Configure Networking from the Service Console Command Line: A VMware KB article on setting up networking via the CLI.

10-Server Virtualization – Network Implications and Best Practices: A presentation from Cisco on network virtualization architecture and design considerations for Cisco networks to support virtual environments.

Posted by Gabriel Maciel

"This upcoming customer webcast series is targeted at folks who administer
Windows and are relatively new to VMware, so if you are already a VI expert,
feel free to tell others about this event! Here is the webcast
description..."

1. Webcast 1: Optimize Your Windows Environment with VMware July 10, 9 a.m. PST Learn how HelioVolt uses VMware Infrastructure to increase efficiency and availability of their Windows environment.
2. Webcast 2: Consolidate Your Windows Workloads with VMware August 12, 9 a.m. PST Hear how Johnson Controls virtualized mission-critical Windows applications with VMware, including SQL, Citrix and their Java applications.
3. Webcast 3: Increase Availability of Your Windows Environment with VMware September 25, 9 a.m. PST Join us as ViaHealth shares its experience with using VMware Infrastructure to provide high availability and disaster recovery to their Windows applications.
4. Webcast 4: Simplify Management of Your Windows Environment with VMware October 9, 9 a.m. PST Find out how T-Systems uses key features of VMware Infrastructure — like VMware DRS and VMware Update Manager — to increase productivity and improve overall business agility within its Windows environment.

Back in February I wrote a post about the VMware Tools and Utilities I use to administer our VMware environment. Now, via vmware-land.com we get the following list:

1-Putty - Telnet and SSH client for remotely connecting to the ESX service console
2-WinSCP and Veeam FastSCP - SCP clients for browsing ESX server file systems and transferring files to/from ESX hosts
3-VI3 SnapHunter and SnapAlert - Utilities that can report all running snapshots on ESX hosts including name, size and date. Can also automatically email reports and optionally commit snapshots
4-VI Scripted Backup Utility - A backup utility that is run from the Service Console that provides VMDK level backups of any VM on storage accessible by the host
5-MCS StorageView - A utility that displays all the logical partitions, operating system, capacity, free space and percent free of all virtual machines on ESX 3.x or Virtual Center 2.x
6-SSH Plug-in - A VI client plug-in that integrates an SSH console directly into the client
7-Storage VMotion Plug-in - A VI client plug-in that extends the client’s functionality by providing an integrated, graphical tool that can be used to invoke storage VMotion (SVMotion) operations
8-VMotion Info - A program that will collect Vendor, Model, CPU Types and the CPU feature bits from all hosts to check for VMotion compatibility
9-VMCdConnected - Scans all Virtual Machines and shows if they have a CD connected to it. After scanning the VM’s you can disconnect all the CD’s with a click of a button
10-VMware Converter – (Performs hot and cold conversions of physical and virtual servers to virtual machines. Also converts image formats

Enjoy!

Posted by Gabriel Maciel