Virtualization

A bunch of people seem to be reposting of the VMware KB article on adding a second superuser (root) account to VMware ESX. I have to ask: Why would you ever want a second superuser account? Isn’t one enough trouble? Root is basically a user with full access to the machine. And by “full” I mean “uncontrolled and unaudited.” When it comes to securing a computing environment I don’t usually want to add more accounts like this. I usually want to reduce them, and secure any accounts like that which absolutely need to remain. My recommendation, in all cases, is to secure your root accounts well with SSH restrictions (which is the default in ESX), firewalling, and very secure passwords. …

Read More

A few days ago I’d written about the fix for VMs rebooting after being VMotioned. In the comments there was some speculation about what the big problem would be for ESX 3.5 Update 3. That question was just answered: “Virtual Machines may unexpectedly reboot after a VMotion migration to an ESX 3.5 Update 3 Host OR after a Power On operation on an ESX 3.5 Update 3 Host, when the VMware HA feature with Virtual Machine Monitoring is active.” KB 1007899 has the information you want. I nominate VMware ESX for inclusion in the software defect hall of fame, alongside Mediawiki and Sendmail.

Been waiting for this fix, now found in ESX350-200811401-SG: VMotion might trigger VMware Tools to automatically upgrade. This issue occurs on virtual machines that have the setting for Check and upgrade Tools before each power-on enabled, and the affected virtual machines are moved, using VMotion, to a host with a newer version of VMware-esx-tools. Symptoms seen without this patch: Virtual machines unexpectedly restart during a VMotion migration. The guest operating systems might stall (reported on forums). Note: After patching the ESX host, you need to upgrade VMware Tools in the affected guests that reside on the host. In my environments we use the “Check and Upgrade Tools” feature for our Windows hosts, so when they reboot to pick up their …

Read More

Mr. Epping over at Yellow Bricks (which looks nice, BTW) has broken the news this morning that Symantec has clarified their stance on VMotion, and it’s not explicitly unsupported now. This is good. I suspect that folks at VMware had some role in Symantec’s change of course, partner relationships, etc. Whoever was part of this, thank you. And thank you Symantec for not being a typical corporation and staying the course because you don’t want to look foolish. Personally, I always say that I reserve the right to change my mind when I get new information. I’m glad to see others doing the same.

Playing catch-up, and some shameless self-promotion: if you didn’t catch Bridget Botelho’s article on live VM migration between Intel and AMD, you should. Plus, she quoted me quite a bit. Cool! Because AMD was late to release its quad-core processor, Barcelona, Intel has dominated the hardware market with their Xeon quad-core CPUs. “As such, AMD basically locked themselves out of the virtualization market, because there wasn’t any cross-compatibility, and everybody who built a virtual environment did so with Intel CPUs,” Plankers said. I’ve never been a big fan of AMD hardware because every time I try using it I’ve been bitten by some problem. Large page table support was hosed on the Athlons I had, making Linux installs hard. I …

Read More

There are several mentions of this out in the blogosphere, plus it was talked about openly at VMworld by VMware staff in presentations and labs. It’s worth mentioning again because people don’t seem to be catching on: Future versions of VMware ESX/ESXi will only run on 64-bit-capable CPUs. You will still be able to run 32-bit guest OSes, but the ESX console OS will only work on CPUs capable of Intel VT & EM64T. This is a big deal for two reasons: 1. Dell doesn’t let you enable VT on anything but the PowerEdge 6850, and all ninth-generation servers (x9xx) and beyond. There are a lot of Dell PowerEdge 1850/2850s out there that will still be in use over the …

Read More

If there’s one feature I want to see added to VMware Virtual Infrastructure it’s the ability to update hardware firmware. “Hi, I’m VirtualCenter. I noticed you have a Dell PowerEdge 2950 with BIOS 2.3.1. I have a copy of BIOS 2.4.3, let me put that on there for you. Your fibre channel HBA has firmware from the stone age? No big deal, maintenance mode, update, reboot, awesome. BTW, I also set the queue depth on the HBA to the optimal values.” Perhaps you can speculate what I’ve spent the last few hours doing… several hours of my life I’m never getting back. I can only imagine that VMware has thought of this already, but I wish they’d hurry up. 🙂