Virtualization Pro Tips Blog

Oct 28, 2010
blog

Off-Topic: The Challenge of Eliminating Administrator Rights when the User Owns their Computer

Another off-topic post for today, this time on the ever-present problem of successfully eliminating administrator rights.  If you’ve been around IT for any period of time, you know that administrator rights represent one of our biggest security challenges.  Microsoft Windows, for all its greatness, gives us what amounts to an on/off switch for assigning rights to most people:  Either they’re Administrator, or they aren’t. Problem is that the real world knows that on versus off mentality just won’t fly any more.  Its for that reason why I was recently asked to present a webinar (which you can view on-demand here) on exactly these challenges. There were some unfortunate technical difficulties that precluded my helping out with the post-event Q&A.  That that I’m greatly disappointed, because one of the people watching asked this intriguing question: How do you justify to "professionals" (e.g., lawyers, doctors, faculty) the removal of control of "their own" computers? The person who asked this question nailed privilege management’s “people” problem right on its head.  Namely, that all people are reticent to give away rights when they feel a sense of ownership.  If a user’s computer belongs to the company and not them, they’ll argue less when you pull their privileges.  At the very least, they’ve got no leg to stand on when you do. But when that computer is actually owned by its user, pulling their privileges is a lot like taking someone’s car keys away.  They still own the car, but they can’t drive. It is in exactly this situation where the art of privilege management enters one of its most challenging grey areas.  Challenging, because of the obvious ownership issues; grey area, because the good of the public is arguably better served by inconveniencing the good of the individual. There are no technical answers for eliminating administrator rights in this situation.  There’s no script I can suggest you run or box you check in an inte...More
Oct 5, 2010
blog

Podcast: Increasing Hyper-V Storage Performance by 3x with Virsto Software 1

Are you running Hyper-V as your hypervisor, but concerned about performance? It could be your storage. In this podcast, I talk with Mark Davis, CEO of Virsto Software about the thrashing problems with Hyper-V and some interesting solutions for better IOPS. Catch up with @ConcentratdGreg on Twitter!...More
Sep 30, 2010
blog

Free Book: Private Clouds: Selecting the Right Hardware for a Scalable Virtual Infrastructure

I’m in the middle of constructing a new book for Realtime Publishers titled Private Clouds: Selecting the Right Hardware for a Scalable Virtual Infrastructure.  Four chapters long once its complete, I’m giving it away for free at the Realtime Publishers’ website:  http://nexus.realtimepublishers.com/pcsrh.php. This one’s an interesting new topic for me.  In it I attempt to re-write the conventional wisdom of virtual hardware, focusing people towards the benefits in pre-packaged and pre-engineered virtual hardware.  The concept is a lot like the old “white boxes” of yesteryear.  Back then you at some point realized that building your own servers out of individual pieces and parts was never as good as those you could pick up from a Tier 1 hardware vendor. This book’s argument is that we’ve essentially come to the same inflection point in virtual hardware today.  Rather then constructing your virtual environment out of individual pieces and parts, it makes more sense to purchase pre-packaged and pre-engineered “modules” of processing, networking, and storage.  Only by abstracting hardware into “units of processing” do we finally embrace the otherwise-confusing concept of Private Clouds. To me, its turning into quite the interesting read. Drop on by http://nexus.realtimepublishers.com/pcsrh.php and pick up your free copy.  Chapter 1 is up, with future chapters coming every four weeks or so (following the usual Realtime Publishers model).  Definitely let me know here what you think of the discussion. Here’s the blurb from the site to whet your appetite even more: Private clouds are quickly becoming an effective means of stretching infrastructure to meet growing application needs. But the definition of the term "private cloud" can be somewhat elusive. What exactly is meant by "private cloud"? How do you build one? Once you have a private cloud, what is the benefit for the application consumer? And, finally, how can modular hardware make a cloud...More
Sep 27, 2010
blog

VMware Releases Workstation 7.1.2 Update

You’ll find a new update for VMware Workstation the next time you power it on.  Version 7.1.2 includes a set of fixes for various operating systems, as well as some performance improvements for NAT networking.  I’ve been experiencing problems myself with NATted virtual machines since the 7.1.1 update.  I look forward to seeing if this fixes those problems. Here’s what VMware’s website advertises as the highlights: Added Microsoft Visual Studio 2010 support for Integrated Virtual Debugger’s live debugging mode. Addressed issues with running Windows 7 SP1 Beta, RHEL 6.0 Beta and Fedora 13 in a virtual machine.  Each of these Operating Systems versions are still in development or have known issues, therefore they are not fully supported by VMware. Made several performance improvements to NAT networking. VMware Workstation 7.1.2 has been tested with the new standalone VMware Converter 4.3.  VMware Converter 4.3 now handles Windows 7!  Download VMware Converter for free. Easy Install now supports older versions of CentOS. Added Windows 2008R2 and Apache Server 2.2.15 support for ACE Management Server. Read the VMware Workstation 7.1.2 release notes for more details. Remember that you can always manually check for an update by clicking Help | Check for Software Updates Now inside Workstation. Catch up with @ConcentratdGreg on Twitter!...More
Sep 24, 2010
blog

WEBINAR: Achieving Server Recovery in Minutes with Virtualization

The nice people over at AppAssure asked me not long ago to join them for a webinar.  That webinar essentially asks the question, “What do you do when you need to bring a crashed server back online – literally – in minutes?”  The answers might surprise you. If that’s a capability you wouldn’t mind having, check out this webinar.  I’ll talk about some of the simple and stupid reasons why you won’t get there today, along with some smart alternatives that will make “in minutes” a reality. Here’s a bit more from the webinar’s blurb: Achieving Server Recovery in Minutes through Virtualization Uh oh, your mission critical server is down. What do you do? Look for its last backup on tape, hoping that last night's backup job actually succeeded? Start rebuilding a new server? Look for a new job? Or, simply click the button marked Recover Server, wait a few minutes, and then go about your day? With the right backup solution in place, that second option is an absolute reality. Today's disk-based backup approaches go much further than simply shifting the backup medium off of tape. They enable files, individual emails, and database entries to be restored without restoring volumes, data stores, and databases. They enable fast server recovery to any 15 minute interval in the past. They enable lost servers to be restored in minutes, either onto the same server or even onto an alternate one. And they finally solve the age old problem of what to do when that mission critical server is down. The answer: Recover it in minutes to a virtual server, giving you the breathing room to fix its original hardware without massive downtime. Learn all about how to get there with IT industry analyst and Windows IT Pro blogger Greg Shields. In this quick but informative webcast, Greg will highlight the Seven Requirements Your Backup Solution Doesn't Have, and show you why disk-based backups will better preserve your servers…and your job! Register Today!   Catch up with @Concentratd...More
Sep 20, 2010
blog

Simple Fix: vSphere Client Performs Slowly on Windows 7 1

I love these little, “turn off something we turned on” fixes for common problems.  Surfing through VMware’s recent knowledgebase articles today I found 1027836.  That KB is titled vSphere Client performs slowly on a Windows 7 system. The symptoms suggest that the vSphere Client may experience slow performance when run atop Windows 7, particularly redraws and especially when maximizing the client. The resolution is rather simple.  Right-click the vSphere Client’s shortcut and choose Properties.  Under the Compatibility tab, select Disable desktop composition.  Then give ‘er a try. Catch up with @ConcentratdGreg on Twitter!...More
Sep 20, 2010
blog

Get Your Hyper-V Visio Stencils!

The web’s full of all kinds of great Visio stencils you can download to make your Hyper-V graphics look snappy.  A quick search pulled up three that are worth a look-see: Get your set of handmade Visio stencils, compliments of IT Consultant Jonathan Cusson, from this URL:  http://www.jonathancusson.com/tag/virtualization-stencil/. Over at the TechNet blogs, TONYSO points you to the Microsoft Office 2007 Professional Add-In for Rack Server Virtualization (Virtual Rack).  His link is http://blogs.technet.com/b/tonyso/archive/2008/07/21/hyper-v-visio-stencils-and-rack-visualization.aspx. If App-V is your game, then check out these nifty App-V stencils from datadr.net:  http://www.datadr.net/index.php?option=com_content&task=view&id=51&Itemid=30. Catch up with @ConcentratdGreg on Twitter!...More
Sep 19, 2010
blog

Video Training Tiplet: Teaming & Load Balancing ESXi NICs in vCenter Server 4.1 4

A single network connection won't get you far in ESXi. It'll absolutely get you network connectivity, but you'll quickly lose that connectivity should you lose the NIC. Learn how to team network connections in ESXi and vCenter Server 4.1 in this Video Training Tiplet.   Transcript: Hey, this is Greg Shields with another Windows IT Pro Video Training Tiplet, this time on Teaming and Load Balancing ESXi Server NICs in vCenter Server version 4.1. So you’ve completed the installation of ESXi and you’ve probably got your vCenter Server up and running, and the next thing you probably want to do is team some of the network connections so your virtual machines have a redundant connection to the production network. Now when you team those connections, you’ve got a couple of different options for how you team them. First is failover teaming, which essentially means that one NIC will pick up when the other one fails, or you can also do load balancing teaming which uses the 802.3ad link aggregation protocol on the network switch side to actually go through and complete load balancing so that both of the NICs are in use at all times. Now the way that you go about doing that involves a couple of steps. The first thing that you need to do is obviously here inside of the vSphere Client. You’ll see that I have two servers that are currently attached to Our DataCenter. And for this server, 221, I’m actually looking at its configuration tab here under Networking. You’re probably familiar with the virtual networking configuration of ESX. Here on the left-hand side we have the virtual half of the equation. Here are our Virtual Machine Port Groups and also the VMkernel port that is being used for the management network. In the middle we have our grey box that references the virtual switch. And on the right-hand side we have the physical adapters that plug into that virtual switch. Adding an additional physical adapter starts by clicking the Properties button. When you click the...More
Sep 19, 2010
blog

Video Training Tiplet: Connecting ESX 4.1 to iSCSI Storage in vCenter Server

I’ve always been a big fan of network storage over traditional Ethernet.  With iSCSI’s long history and the new technologies we’re seeing in Fibre Channel over Ethernet (FCoE), storage technologies are pretty obviously making a push towards using the copper infrastructure you already have.  If you haven’t made iSCSI connections yet in ESX 4.1, I’ll show you the steps to set up a simple one in this video.   Transcript: Hey, this is Greg Shields with another Windows IT Pro Video Training Tiplet. Today, we’re connecting an ESX server version 4.1 to iSCSI storage inside vCenter Server. Let’s say that you’ve completed the installation of your ESX server, and you’ve got some of the networking done but what you want to do is connect that ESX server to a little bit of shared storage where you’re going to put your virtual machines. We start that process here inside of the vSphere Client. Now let’s assume that we’ve already created a volume and exposed that LUN to this ESX server. You’ll see here 192.168.0.221. On this server we have two port groups and one physical adapter that are both connected in to the virtual switch. What we want to do is make a connection between this ESX server and that iSCSI storage. We start the process by going here under Add Networking and creating a VMkernel connection type. This connection type is used for things like vMotion, iSCSI, NFS, and even host management. In this case, because we’re doing iSCSI, this is the type of connection we want to create. We have two options here, one for creating a virtual switch or one for using the existing virtual switch. In our case, we’re going to use that existing virtual switch. I choose the Next button, and I have the option of creating a network label, which I’ll just call iSCSI. This is just a friendly name for that port group. You’ll notice three options down here for whether we want to use that port group for vMotion, for Fault Tolerance, or for management traffic. Now because this is a stora...More
Sep 10, 2010
blog

Add to Your RSS Feed: Microsoft Support’s Top Windows Server and Client Problems and Solutions.

These are not necessarily virtualization-focused, but they’re useful nonetheless. I was recently introduced to two new Microsoft RSS feeds that you might add to your watch list.  These two highlight a set of most-commonly seen support issues at Microsoft Support along with a set of possible fixes.  All are tutorials that step you through potential solutions, those that you’ll probably be asked about upon calling Microsoft Support.  Some are fairly simplistic, while others highlight “scientific method” ideas that you might not have thought about. Add these two to your RSS feed to keep abreast of new tutorials as Microsoft releases them: Windows Server:  http://support.microsoft.com/rss/winsrv.xml Windows Client:  http://support.microsoft.com/rss/winclient.xml   Catch up with @ConcentratdGreg on Twitter...More
Sep 10, 2010
blog

Microsoft Releases Compilation of Recommended Hotfixes for RDS in 2008 and 2008 R2

…and the list is surprisingly long.  Six for device redirection, seven for authentication, seven as “core” updates, four for RemoteApps, three for RD Gateway and RD Web, and three more for Session broker. Find the links here:  http://support.microsoft.com/kb/2312539 You might have missed this update, as it was a “Fast Publish” TechNet article released about a month ago.  If you’re running either RDS or XenApp, check out the link above and see if any problems you’re experiencing might be fixed with a hotfix....More
Sep 3, 2010
blog

Video Training Tiplet: Adding an ESXi 4.1 Host to vCenter Server and Configuring Lockdown Mode

Going through a vCenter upgrade to 4.1, and need a quick tiplet? How about this one on adding an ESXi 4.1 Host to vCenter Server. You’ll learn how to accomplish the task, as well as how to verify that the ESX server you’re adding is indeed the correct ESX server.  At the same time you'll learn about setting Lockdown Mode on that host, a great solution for restricting configurations to only the vCenter Server console.   Transcript: Hey, this is Greg Shields with another Windows IT Pro Video Training Tiplet, this time on Adding an ESXi version 4.1 host to vCenter Server and also configuring Lockdown Mode. Now if you’ve already gone through the process of installing ESXi onto a server somewhere, you’ll see I have already done that here, the next step is to add that ESXi host into a vCenter Server somewhere. That vCenter Server provides the mechanism to manage that ESXi instance across all the ESX servers you have. Now, obviously, in order to do this you need to have a vCenter infrastructure. You have to install vCenter Server. I’ve done that here to the server vcenter.company.pri. You also need to create a Datacenter. That Datacenter ends up becoming the boundary of administration, and I’ve done that here by creating Our DataCenter. Now adding a host into that Datacenter is relatively easy, you right-click and choose Add Host. Its at this point that we create that connection between vCenter Server and that ESX host. We do that here by putting in the hostname or the IP address. In my case, that’s 192.168.0.28, and then the username and password. Remember that we’re connecting in to an ESX host here. So our username starts with root, and then whatever password we entered in when we finished the post-installation configuration of that ESXi host. If I click the Next button here, you’ll see that we get a security alert that says that vCenter Server is unable to verify the authenticity of the host we’re attempting to connect to, and the SHA1 thumbprint of the certif...More
Sep 2, 2010
blog

There’s a New Microsoft Poster! This Time it’s the Remote Desktop Services Component Architecture.

Everybody loves Microsoft’s poster series.  They’ve handed them out at conferences, and even dropped them in Windows IT Pro’s hard copy magazine from time to time.  They’re loved because they take a very complex topic like Active Directory, Server 2008 Features, Hyper-V R2, and others, and display them graphically in HUGE format. If you liked those, then you’ll really like Microsoft’s newest one.  Just released is the Remote Desktop Services Component Architecture Poster, a soft copy of which you can get here.  No one knows if hard copies might be coming inside (hint) certain (hint) Windows-oriented (hint) magazines, but they’ve had a history of getting these really neat wall coverings distributed to people.  Let’s hope so!...More
Aug 31, 2010
blog

Microsoft Takes a Shot at VMware. At VMworld. In the USA Today. 2

You’re assuredly getting all sorts of news already out of this year’s VMworld.  I won’t reproduce that news here.  There’s plenty to see with a huge attendance, crowded breakout rooms, and an even more crowded expo floor. One interesting piece of news arrived as a full-page ad in today’s localized edition of the USA Today newspaper.  That ad was sponsored by Microsoft.  In it is what amounts to a letter from Microsoft directly to VMworld’s attendees.  Read on for its content (in its entirety), and comment below what you think… Dear VMware customers, VMware is asking many of you to sign 3-year license agreements for your virtualization projects.  But with the arrival of cloud computing, signing up for a 3-year virtualization commitment may lock you into a vendor that cannot provide you with the breadth of technology, flexibility, or scale that you’ll need to build a complete cloud computing environment. Microsoft believes cloud computing, which lets you store information and programs in datacenters and access them from almost anywhere with the same ease as accessing a website, represents the biggest opportunity in decades for organizations to be more agile and cost-effective.  Information Technology is evolving into a service accessible from almost anywhere, anytime, and any device.  Virtualization clearly played a role in enabling this move toward IT services by simplifying the deployment and management of desktops and datacenters, which is why we made virtualization part of Windows Server.  However, virtualization represents only a stepping stone toward cloud computing. Imagine never having to set up a server, update an operating system or build a database system.  That is the promise of cloud computing: the ability to access core services quickly and roll out legacy software and new applications at Internet scale without having to deal with today’s deployment logistics, which exist even with a virtualized datacenter.  In other words, if you liked th...More
Aug 22, 2010
blog

Greg to Speak in NYC on Managing Administrator Rights for PC Lockdown – Free Event! 2

A little aside today from the usual virtualization-focused content, but a topic that’s no less important! In just a few short weeks, I will be speaking at a free half-day workshop in New York. Join me, a few other experts, and the sponsor of the event – Viewfinity – to explore some real-world lessons in implementing PC control policies. You already know that handing out Administrator rights simply isn’t a good idea. With widespread Administrator rights, IT no longer really controls their computers any more.  During this half-day event I’ll help you understand why focusing on “The Administrator” just isn’t enough anymore. Among other things, you’ll learn: …that distributing the right permissions to the right people goes so much further than simply eliminating administrator rights.  Applications require them.  Some users need them.  Administrator alone isn’t granular enough. …that smart businesses are replacing IT’s traditional focus on people alone.  That new focus secures desktops based on who the person is, what they need to do, and when they need to do it. …that smart tactics exist to implement Least Privilege, finally solving the problem of effective PC lockdown. If you are interested in joining me in New York on September 15th for a morning workshop, please feel free to reserve your seat here:   http://bit.ly/9k9Jtl...More
Aug 18, 2010
blog

Inexpensive Solutions for Generating Monthly VM Network Reports…?

Blog reader Genadi submitted this question after this week’s Paessler PRTG podcast.  Maybe you can help! He’s looking for a solution that will consolidate per-VM ESX network traffic statistics into a monthly report.  But he’s stuck in that classic situation where his budget is zero.  Here’s his question: Hi Greg!  We are looking for a way, to generate monthly reports of traffic bandwidth used by our virtual machines.  Currently, we are generating monthly traffic reports (in MBs) for all our dedicated servers via Paessler PRTG, as it monitors SNMP sensors on switch.  We cant utilize this method, as it gives us physical ports and we are dealing with VMs.  Also we cant install SNMP tools on client VMs, as this solution is considered unacceptable.  Do you know of any other ways, or tools to allow us this monitoring on virtual machines? As I see it, Genadi’s in a tough position.  SNMP might give him some of the statistics he wants, but its not a best fit and he’s limited down that road.  I suggested two options: First, check out the stats you get with esxtop, which is built right into ESX.  It will provide per-VM network statistics.  However, you'll need to find a tool that aggregates them, or build one yourself. vCenter Server can do (some) of this.  Or, get yourself a Cisco virtual switch like the Nexus 1000v.  That virtual switch should be able to peer much more deeply into the per-VM stats you need. He responded this morning to say that neither solution works for him.  Esxtop requires too much polling, as well as (for Genadi) a bit of custom development that he’s not prepared to do.  The virtual switch route costs money that he doesn’t have. Two other solutions come to mind.  Both involve no cost, but extra effort.  The first involves importing batch mode esxtop data into Perfmon.  I write about this process in this article.  Not a big fan of Perfmon myself, the second involves using some other solution for visualizing batch mode esxtop data.  A q...More
Aug 16, 2010
blog

Podcast Interview: Visualizing Virtual Networking with Paessler PRTG 1

Virtual environments today need advanced network monitoring solutions. Without deep integrations throughout your entire environment, you'll never be able to untangle the web of interconnections a virtual environment creates. In this podcast with Aurelio Lombardi, Technical Engineer for Paessler, I learn how a comprehensive monitoring solution can bring network traffic visualization to any enterprise network.  We talk about Paessler’s PRTG solution, which brings easy-to-use network monitoring into any environment. Catch up with @ConcentratdGreg on Twitter!...More
Aug 13, 2010
blog

Video Training Tiplet: Understanding DRS Groups and Rules in vCenter Server 4.1

Curious about that new DRS rule and the new host and VM groups?  I’ll show you what they mean and what they’re for in this quick Video Training Tiplet.   Transcript: Hey, this is Greg Shields with another Windows IT Pro video training tiplet. Today we’re going to talk about the new DRS groups in vCenter Server version 4.1, and how the new DRS groups work with DRS rules. If you’ve played with DRS rules before in vCenter Server you know that DRS is the function that allows vCenter to look at the performance of your various virtual machines and then rebalance those virtual machines across your available hosts. The goal is that you have the best and most optimized use of your system resources. Now if you’ve turned on DRS, you know that you can get back here to Edit Settings in your cluster and change some of the properties of DRS. Back in the earlier versions of DRS we had the ability to create different rules that were associated with DRS. In the previous versions the rules that we had were to Keep Virtual Machines together or to Separate Virtual Machines out as they’re moving around. If you think about certain situations as virtual machines are moving around across different hosts in your environment, you may have the situation where you want a couple of virtual machines to never, ever, ever exist on the same host. Maybe they’re protected by some firewalls, and as long as they’re on different hosts you’ll know that those firewalls will be protecting their network traffic. Consequently, you may have other situations where you want virtual machines to always reside on the same host. Maybe those virtual machines talk a lot over the network, and its better to talk over that system bus than is it to over the rest of the network in your environment. And so these rules, as DRS is moving virtual machines around, provided a mechanism for you to tell DRS when to keep virtual machines together and when to spread them apart. In version 4.1 we now add a third rule, calle...More
Aug 11, 2010
blog

SteelEye Announces DataKeeper Cluster Edition v7.1 Maintenance Update 1, Fixes Reboot Hang

If you’re using SteelEye’s DataKeeper Cluster Edition, you might want to schedule a quick update in the near future.  The company announced yesterday a Maintenance Update 1 release that, among other bug fixes, corrects a race condition which can cause servers to hang during a reboot. SteelEye considers this problem to be significant, and suggests that companies using DataKeeper consider updating immediately.   Catch up with @ConcentratdGreg on Twitter!...More
Aug 9, 2010
blog

Video Training Tiplet: Upgrading the vSphere Client to 4.1 3

Another Video Training Tiplet for you.  This time, we’re taking a look at the many ways to upgrade the vSphere Client to v4.1.  While the upgrade itself is pretty standard stuff, sometimes just finding the right client can be a challenge.  This tiplet shows you how.   TRANSCRIPT: Hey, this is Greg Shields with another Windows IT Pro Video Training Tiplet, this time we’re upgrading the VMware vSphere Client from version 4.0 to version 4.1. After you’ve gone through upgrading one or more of your servers from version 4.0 to 4.1, you’re gonna’ find that you’re going to need to upgrade that vSphere client to the new version. The version 4.0 client does not work with servers that are at version 4.1; however, the reverse is true. If you have a 4.1 client, you’ll actually still be able to work with your 4.0 servers. Now there are a couple of different ways in which you can get the client. You may or may not know that the vSphere Client is no longer deployed with ESX or ESXi. So, downloading it something that’s going to have to happen over the Internet. If you have a vCenter Server and you attempt to connect to that vCenter Server – you can see here vcenter.company.pri – if you attempt to connect to that vCenter Server by clicking the logon button here you’ll notice an interesting box that pops up letting you know that you need to download those required client support files. VMware does actually package the vCenter Client with vCenter Server, even though they don’t with ESX or ESXi. So, you can click here to save the installer, click it, download it, run it, and actually complete the installation using this facility. Now, if you just have ESX or ESXi servers the process to do this is going to be just a little bit different. You’ll see here that I’ve brought up Internet Explorer, and what I want to do instead is go to HTTP with the IP address for that server. There will be a problem with the website’s security certificate, but that’s OK. What we want to do is get h...More
What's Virtualization Pro Tips Blog?
Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×