TheVMinator's Posts

OK thank you - so it looks like vShield App is what I need to start testing with. And understanding that it is the ability to create vshiled app security groups that distinguishes vshield app fr... See more...
OK thank you - so it looks like vShield App is what I need to start testing with. And understanding that it is the ability to create vshiled app security groups that distinguishes vshield app from vshield edge helps clarify the issue. So I was looking at the requirements regarding the version of VMware needed - hoping that it would be included for free, as vshield zones are, with something like the Enterprise license. I looked at the pricing on this website: if I'm reading this correctly, regardless of your license version, they are saying that you have to pay extra for vshield app - $4500 for 25 virtual machines I'm hoping I'm reading something wrong. If vshield zones is included with enterprise license, is there any way that either vshield zones, or another open-source solution, can be made to do what vshield app does - allowing you to create your own internal security groups?
That's an excellent reference - thank you. It almost looks as though for this situation because the goal is to have all VM's on the same IP subnet and not behind NAT, as they would be with Vshie... See more...
That's an excellent reference - thank you. It almost looks as though for this situation because the goal is to have all VM's on the same IP subnet and not behind NAT, as they would be with Vshield edge, that it is actually vShield App that does what I'm looking for - at least in example number two in this document. In that second example they are using vshield app to prevent communication between vm's that are otherwise on the same ip subnet. I'm still a little unclear though if it is in fact vshield zones, vshield edge with special port groups, or vshield app that I should be looking at first - (p.s. now I see that you provided a long answer to my question and I posted this just after your most recent post although I was actually replying to the post before it and hadn't read your most recent post - thanks again I'm looking at your most recent one now)
Thanks - that is a helpful article. In this scenario, one of the goals is to be able to have a group of esx hosts, clusters and vms, all on the same physical subnet, and all with IP's on that ... See more...
Thanks - that is a helpful article. In this scenario, one of the goals is to be able to have a group of esx hosts, clusters and vms, all on the same physical subnet, and all with IP's on that subnet - and then from this larger group of VMs, to separate groups of VM's and allow them to only talk to VM's in their group. For example, suppose there are 200 vm's on the 192.168.1.0/24 subnet. They are all going to keep their IP addresses. Suppose 20 of those vm's are in "group A" and 20 are in "group B". Group A vm's should be able to talk to other group a Vm's only. Group B vm's should be able to talk only to other Group B vm's. However, there could be group A vm's spread out among different esx hosts and clusters. But whatever management tool is controlling the isolation still keeps track of where the Group A vm's are even if they are spread out among separate ESX hosts and ESX clusters. Amidst all of this it is happening without requiring the creation of a separate subnet and and keeping all IP's on the 192.168.1.0/24 subnet. The management piece that is administering the (vshield zones/vshield edge or whatever the solution is) for example, can from one place manage the vm's that are in these separate groups and keep their traffic separate. Although the article discussed some of these topics from a high-level perspective, I'm not completely clear on the distinctions between products and what they can and can't do to understand which product if any will actually do just this. Can this be done with Vshield Zones? The next commenter talked about vshield Edge "separating layer 2 traffic" Is Vshield edge dealing with separating traffic between VM's on separate logical subnets as a router would or on the same subnet? (In this scenario all the vm's would be created on and stay on the 192.168.1.0/24 subnet)
OK thank you
In looking at implementing vShield Zones, I'm trying to figure out what the requirements are for compatibility with vmotion and fault tolerance. I create a port group for a vShield zone on one o... See more...
In looking at implementing vShield Zones, I'm trying to figure out what the requirements are for compatibility with vmotion and fault tolerance. I create a port group for a vShield zone on one of the ESX servers in the environment. Do I need to exactly duplicate the configuration of that vShield zone port group on every ESX server to which I want to possiblly vmotion a VM or have a VM fail over to through fault tolerance or HA - even if that server currently doesn't have any VM's that need a vShield Zone?
I'm looking to get a high level comparison of solutions (vshield zones, pvlans, VMsafe 3rd pary solutions, etc.) for isolating a network of virtual machines within a vSphere environment. ... See more...
I'm looking to get a high level comparison of solutions (vshield zones, pvlans, VMsafe 3rd pary solutions, etc.) for isolating a network of virtual machines within a vSphere environment. Here is the scenario: The physical LAN is segmented into a few VLANS already but we don't want to rely on that alone to isolate groups of VMs from one another. We want to also isolate traffic from groups of VMs that belong to similar groups within the virtual environment as well and not have to create a separate vlan on the physical switches for every group of vm's that needs its traffic isolated from other vm's. (all vm's need internet connectivity) I know this can be done with vShield zones, but I'd like to get a vision of other ways this can be done and how they compare and the pros and cons of each. Also, any other gotchas I need to watch out for such as incompatibility with HA, FT, etc. If 10 new vm's need to be created and they will be spread out among various esx hosts and different clusters, we want to have all layer 2 frames from these vm's be invisible to all other vm's. Ease of managing the internal vLANs/vShield Zones and solutions that are free or come with enterprise/enterprise plus versions are preferred. Any thoughts are appreciated.
I have two linux virtual machines running in vSphere on ESX 4 hosts- one of them is being retired. I need to make the files on the VM being retired accessible on the second virtual machine. ... See more...
I have two linux virtual machines running in vSphere on ESX 4 hosts- one of them is being retired. I need to make the files on the VM being retired accessible on the second virtual machine. I added the virtual disk from the old Linux VM to the new Linux VM by going into "edit settings" on the new VM. I chose the option to add an existing virtual disk. It looks good in my virtual machine properties in VMware However, the new Linux VM will not boot correctly after I add the former VM's virtual disk to it.. (Error messages are listed below and screenshot is in post below) Can someone advise as to what I'm doing wrong? I should add that the error I'm getting is "request_module: runaway loop modprobe binfMt-464c" the Linux boot process hangs on that line. When I remove the second virtual disk, it will boot fine, but when I add it back, it hangs on that line again and won't boot. (See the attached screenshot - it actually hangs on this line for 120 seconds then goes a little farther and hangs again) Your input is much appreciated. Thanks!
I have two linux virtual machines running in vSphere on ESX 4 hosts- one of them is being retired. I need to make the files on the VM being retired accessible on the second virtual machine. I a... See more...
I have two linux virtual machines running in vSphere on ESX 4 hosts- one of them is being retired. I need to make the files on the VM being retired accessible on the second virtual machine. I added the virtual disk from the old Linux VM to the new Linux VM by going into "edit settings" on the new VM. I chose the option to add an existing virtual disk. It looks good in my virtual machine properties in VMware However, the new Linux VM will not boot correctly after I add the former VM's virtual disk to it.. (Error messages are listed below and screenshot is in post below) Can someone advise as to what I'm doing wrong? I should add that the error I'm getting is "request_module: runaway loop modprobe binfMt-464c" the Linux boot process hangs on that line. When I remove the second virtual disk, it will boot fine, but when I add it back, it hangs on that line again and won't boot. (See the attached screenshot - it actually hangs on this line for 120 seconds then goes a little farther and hangs again) Thanks!
Hello, We have a Windows OS in a VMware Vsphere virtual machine. There is lots of room on the SAN. However, the OS has run out of space and needs more room. We have extended the VMFS volume... See more...
Hello, We have a Windows OS in a VMware Vsphere virtual machine. There is lots of room on the SAN. However, the OS has run out of space and needs more room. We have extended the VMFS volume on which the virtual machine is running. Now, within the OS, is there a simple way to extend the amount of hard drive space windows sees without using a 3rd party tool to resize the partition's size from the viewpoint of the operating system? Is there a tool in VMware to do this, either built in, or that uses the VMware API's to make it easier than in a pure physical server world? When we have extended partitions on a physical server, it takes a long time and requires the server to be down during the whole process so I'm hoping there is a faster way requiring less downtime when the OS is in a virtual machine. Many thanks for your input/tips.
OK thank you. Yes I am definitely able to reconfigure the settings manually afterward if I need to. However, if Sysprep can cause it to maintain the original IP static address that is much pref... See more...
OK thank you. Yes I am definitely able to reconfigure the settings manually afterward if I need to. However, if Sysprep can cause it to maintain the original IP static address that is much preferred. This is an application server where once it boots up with a dynamically assigned address, strange things start happening to the application server so it is much better to maintain the static address. Is sysprep absolutely required to maintain the static IP address - there isn't a simple setting somewhere? Thanks
We have encountered an issue following a V to V conversion that we need help on. We are converting VM's running on an ESXi 4 server from hardware version 7 to 4 to make them compatible with some... See more...
We have encountered an issue following a V to V conversion that we need help on. We are converting VM's running on an ESXi 4 server from hardware version 7 to 4 to make them compatible with some older servers that can only run ESXi 3.5 because they aren't on the ESXi 4 HCL. Prior to the conversion, the Windows Servers have static IP addresses. Following the conversion, the static IP's are being changed to DHCP assigned addresses. Can someone advise as to what setting in VMware converter controls this behavior, and how to maintain the static IP address of the converted OS the same after the conversion as it was beforehand? Thanks!