This morning I received an email from VMware informing me that I have been awarded a vExpert Award for 2009! I would like to send a big thank you to those who nominated me for the award. It's a pleasure to be contributing to the virtualization and especially VMware Communities.
The official vExpert Statement from VMware can be found at: http://blogs.vmware.com/vmtn/2009/02/vmware-vexpert-awards.html
Here's the information from the email I've received:
Congratulations! On behalf of VMware, we would like to thank you for all the work you’ve done giving back to the virtualization community and sharing your expertise with others. We are pleased to present you with the VMware vExpert Award for 2009. VMware is giving this award to individuals who have contributed significantly to the community of VMware users over the past year.
VMware vExpert award winners will receive:
* An award certificate and gift
* Access to a private vExpert community
* vExpert logo to display on website or email signature
* Free subscription to conference session materials on VMworld.com
* Access to exclusive online events and other opportunities to participate in activities
* Inclusion in public vExpert directory
The vExpert award duration is one year (through February, 2010).
At VMworld Europe 2009, VMware today announced VMware vShield Zones, a new security virtual appliance for the virtual datacenter operating system that will enable strict compliance with security policies and industry regulations for user data. Previously, compliance required diverting network traffic to external physical appliances, resulting in disconnected ‘islands’ of infrastructure. With VMware vShield Zones, customers will be able to create logical zones in the virtual datacenter that span all of the shared physical resources, with each zone representing a distinct level of trust and confidentiality. This will allow businesses to comply with corporate security policies and regulations on data privacy while still running applications efficiently on shared computing resource pools.
Traditional security products, such as firewall appliances, often require that all network activity pass through a handful of fixed physical locations in order to be monitored. Virtualized applications, in contrast, can be migrated between physical hosts for higher resource efficiency and improved uptime. Until now, companies virtualizing security-sensitive applications faced the choice of either leveraging virtualization capabilities such as live migration for optimal load balancing and availability, or enforcing strict security compliance. To solve that dilemma, most customers ended up dividing their virtual environments into smaller, less efficient clusters for areas such as their Internet-facing demilitarized zones (DMZ’s) or consumer credit data processing systems subject to Payment Card Industry regulations. VMware vShield Zones will enable customers to create security zones within enterprises or in multi-tenant cloud infrastructures, where security policies are enforced even as virtual machines dynamically migrate between hardware devices. Deployed as a virtual appliance and integrated with VMware vCenter™ Server, VMware vShield Zones helps make it easy to centrally manage and enforce compliance with security policies across large pools of servers and virtual machines. Built-in auditing capabilities make compliance straightforward and verifiable.
“VMware virtualization solutions have enabled companies to pool their computing resources and deliver IT as a dynamic, shared service,” said Raghu Raghuram, vice president, server business unit, VMware. “VMware vShield Zones enhances this architecture by enabling customers to segment and isolate their application traffic in a shared environment, thereby delivering new security benefits and making VMware Infrastructure a safe place to run business critical applications.”
Savvis recently rolled out a new virtual datacenter hosting and private cloud computing solution providing enterprises with an opportunity to cut costs without having to sacrifice security or performance.
“Maintaining multi-tenant isolation and network segmentation for hundreds of customers simultaneously is critical to the Savvis Cloud Compute solution,” said Ken Owens, technical vice president for security and virtualization at Savvis. “Providing a manageable way to internally partition the virtual datacenter allows us to deliver the most efficient and cost-effective infrastructure for our users to meet their security and compliance objectives.”
VMware vShield Zones will broaden the VMware portfolio of application services with network zoning and segmentation capabilities for the VDC-OS. Application services include services for security, availability, and scalability that are critical to internal and external clouds. In parallel, VMware is continuing to partner with security vendors who have been developing a wide range of complementary security offerings with VMsafe technology. Partner solutions offer a range of enhancements that can include defense-in-depth protection layers such as intrusion prevention, additional logging and notification options, and integration with physical firewalls and security appliances.
More than 50 vendor partners use VMware’s VMsafe technology to develop unique solutions that are virtualization-aware and that leverage new security capabilities such as hypervisor introspection. Altor Networks, Check Point Technologies, IBM Internet Security Systems, McAfee, Symantec, and Trend Micro are charter VMsafe partners who have already demonstrated prototypes of best-of-breed solutions integrated with the APIs. Additional partners such as Cisco Systems, Juniper Networks, RSA, Reflex Systems, Third Brigade and Sourcefire have more recently joined the VMsafe program.
Attendees at this week’s VMworld Europe 2009 can perform a test drive of VMware vShield Zones in the Hands-On Lab area as well as view demos of security partner solutions, such as a hands-on preview of Altor Networks’ VMsafe-integrated Altor VF Firewall, in the Labs and Solutions Exchange areas.
Pricing and packaging of VMware vShield Zones will be announced later in 2009. Customers can visit http://www.vmware.com/vshield to learn more about the product and register to download a beta release scheduled for spring of 2009.
Today I had an issue here an ESX host became unresponsive in vCenter, yet the VMs that were running on the host were fine. The normal remedy for this issue would be to restart the management agent on the ESX host via the Service Console:
However, this did not work. The mgmt-vmware restart command hung while stopping the "VMware ESX Server Host Agent". Ten minites after executing mgmt-vmware restart, I decided to break out of the process by pressing Ctrl+z.
Clearly, there was a problem with the existing running instance of the management agent, vmware-hostd. The only way to get this working without a host reboot, is to find the PID for vmware-hostd and kill it:
To locate the PID for the running vmware-hostd process execute:
ps -auxwww |grep vmware-hostd
You will see output similar to: (I've marked the PID in BOLD text)
root 13089 1.3 2.6 179080 6988 ? S 2008 1695:23 /usr/lib/vmware/hostd/vmware-hostd /etc/vmware/hostd/config.xml -u
To kill the running process, execute:
kill -9 <PID> (I had to run "kill -9 13089")
Once vmware-hostd is no longer running, you can restart the management agent by running:
service mgmt-vmware restart
For those of you going to VMworld Europe 2009, spare some time to visit the Veeam Software booth at VMworld Europe this year. Veeam is a leader in the virtual systems management market and I'm sure there will be some interesting solutions on display. Their booth will be #56, so be sure to drop by.
About Veeam Software:
Veeam Software, a VMware Technology Alliance Premier partner, helps organizations safeguard their investment in virtual infrastructure by providing innovative systems management software designed to reduce costs, increase productivity and mitigate risk.
Veeam offers a full suite of VMware management tools, including Veeam Backup, the 2-in-1 backup and replication solution; Veeam Reporter, to document virtual environments for capacity planning and chargeback; Veeam Configurator, to manage “configuration drift;” and Veeam Monitor, for performance monitoring and alerting across multiple VirtualCenters.
With its acquisition of nworks, Veeam expanded its product line to include connectors that incorporate VMware events, status and performance data into Microsoft System Center Operations Manager and HP Software Operations Manager. This product set includes the Smart Plug-in for VMware - an HP Certified SPI; and the Management Pack for VMware - for Microsoft System Center Operations Manager. These innovative connectors solve the need of large organizations to smoothly integrate VMware into their enterprise-wide systems monitoring architecture.
It's been a while now that I've been wanting to start a Virtualization Wiki Project. There's so much information available on virtualization and I think it would be great if it can all be in one simple location, LOL! There are numbers of virtualization vendors about now with many different products to choose from. We can't all be experts on every single virtualization platform. There's just not enough time in a day to learn and know everything.
This is why I've decided to finally go ahead and start an Open Virtualization Wiki, a site where anyone can write information on virtualization, not just on VMware but on any virtualization technology known to man kind! I've just started the site up on my web server a couple of weeks ago, but didn't really have the time to fill it with loads of information yet. Originally, I wanted to wait until there was enough information posted on the wiki before I changed the DNS settings to point to my server, but I've decided to make it live now anyway. The wiki is based on MediaWiki, the engine originally writen for Wikipedia.
Feel free to have a look at the wiki and please update it as you like. It needs your help!
You can find the wiki at http://www.vi-pedia.com. If you're unable to access the site, give it some time, we need to wait for DNS to update around the world.
I thought that it would be a good idea to post an update on my progress of the book/whitepaper/guide that I am writing on building a low cost VI lab. Life has been very busy in the past couple of weeks. I have therefore not been able to post a lot of articles to this site. I normally make a note of interesting things I find and then blog on them the same day. Lately I've been so busy (and on holiday last week I must add) that when I finally decide to blog on them, it's old news and not worth blogging over again. Most things are covered by Scott Lowe, Mike Laverick, Jason Boche and other top bloggers anyway.
For now I've decided to concentrate on the low cost lab book. Writing the book is taking longer that what I first anticipated because I'm doing a lot more testing than what I first thought would be necessary. But this is a good thing, as it's against my beliefs to state anything technical as facts if not tested. I don't like theories, I like facts. To also make sure that everything in the book is as true and accurate as possible, I will be passing it to a couple of peers for a peer review before it's released for download, so please bear with me.
Originally I only wanted to write a proper blog post on "Building a low cost VI lab", but I soon realised that it would be too much to fit in a single blog post, so I thought I could write a document on it. Now it's turned into a little book, rather than just a document. Most of the easy stuff is done, including hardware options and ESX installation and configuration options for non-HCL hardware and basic network configuration tasks. I've also completed most of the storage and shared storage sections of the book, but I've now turned my attention to fine-tuning iSCSI. I will then focus on advanced network configurations, like setting up secure hosting with DMZ configurations using cheap non-managed switches.
I have also decided to include service console commands for every change made within the VI Client. Also, as the whole point of the book is to illustrate a "low cost lab", I will cover configurations for both ESX 3.5 as well as ESXi 3.5 installable.
I'm just fighting the urge to start on the ESX 4 version, but I think it's best to finish this one for ESX 3.5 first. I don't really want to say "THIS BOOK WILL BE AVAILABLE ON SO AND SO DATE", but I don't like making promises that I can't keep. I do however thing the end of Feb should be a good time for the peers to have their review of the book. And yes, you will be able to download a free, full version of the book.
Thank you for your patience, I'll keep you posted.