Archive for January, 2010

Next London VMUG, Feb 25th 2010 – I'm Presenting!

January 26, 2010

Yes that’s right, I was very flattered to be asked to present at the next London VMUG and just couldn’t say no to Piglet (illustrious London VMUG co-ordinator). The more people there, the more nervous I am bound to be so let’s have a massive showing and try to give me a nervous breakdown! If you haven’t been before, be sure to register by sending an email to as per the announcement. And a personal thankyou to Pano Logic for sponsoring the event this time round – it couldn’t happen without the sponsors, it is very much appreciated.

As for the topic, I’ll be talking about real world Enterprise Cloud but in a sufficiently generic way – I’m talking as ‘stu the blogger at vinternals’, not ‘stu the employee of Company X’ (Company X’s competitive advantage will remain safe! You hear that, senior managers at Company X who don’t even know about let alone condone this blog? No need for alarm!). I will not be mentioning any products either, so regardless of the technology platform or what stage you are at with your own Enterprise Cloud implementations, hopefully you’ll find the discussion useful. Or not, you might think I’m talking complete shit. But you won’t know unless you go, so why not come along and tell me what you think in person (over a beer afterwards :D).

Advertisements

ESXi 4.0 Security

January 18, 2010

I’ve been wanting to put up a post on ESXi security for some time now, and 2 recent posts have kicked me into action – this one from Scott Lowe about setting the root password on ESX and this announcement about the vSphere blogging contest :D. So have your caffeinated beverages and pizzas at the ready, we might be here a while!

Strangely, and disappointingly might I add, there is no vSphere 4 Security Hardening Guide available currently (UPDATE: A draft version has now been published – I’d like to think the release had something to do with this post, but in reality I’m sure it is merely a coincidence!) – the only published security guidance we have from VMware is the old one for VI 3.5 and the Security section in the ESXi Configuration Guide. While this situation sends a negative message to security types who may wonder if this lack of documentation is indicative of VMware’s approach to security (vSphere has been out for nearly 9 months now), when it comes to ESXi 4 not a lot has changed so most of the ESXi parts in the old 3.5 document apply equally to ESXi 4 and are covered in the ESXi Config Guide anyway. Before anyone flames me about that comment, I don’t believe VMware has a weak stance with regards to security and I am NOT one of the aforementioned security types – I have had to deal with them however, so I am speaking from experience.
(more…)

Useful Linux VM Tweaks, Part 1

January 13, 2010

I’ve called this Part 1 because as I mess around more with Linux VM’s I have no doubt there will be more posts like this one. Don’t expect anything earth shattering in them either… this is all easily obtainable info, it wouldn’t surprise me if I get comments suggesting better ways to do what I have done (and I encourage such comments so I can learn!).

For this first installment, I’m going to cover a very small customisation I make to the startup scripts on my Linux template machine, which is currently based on Ubuntu 8.04.3 JeOS edition.

At this point in time, I basically only make 2 small changes. First, to save me from having to login and run ifconfig to find out what IP address the VM has, I modify /etc/issue to display the IP address above the login prompt. The other thing that really bothers me is the PC speaker beep. Yes I know you can disable this by adding an option to the .vmx file, but I would rather do it within the VM so I (or other people) can deploy via OVF and get a consistent result without needing to modify .vmx files. So I remove the module that is responsible for enabling the PC speaker.

So here is what I add just above the exit 0 line of /etc/rc.local

# Clear screen
clear


# Build /etc/issue
HEADER="Ubuntu 8.04.3 LTS \l"
KERNEL=`uname -sr`
IP=`ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'`
echo "$HEADER :: $KERNEL :: $IP" > /etc/issue
echo >> /etc/issue


# kill pc speaker
rmmod pcspkr

Which produces the following nice looking screen, ready for me to SSH into the box

If you have any similar favourite small tweaks for Linux VM’s, please share them in the comments!

Get Only ESXi 4 Updates in VUM 4

January 7, 2010

One of the (many) things that bugs me about VMware Update Manager is the fact that I can’t specify to only pull down ESXi updates. I doubt there are many large enterprises that will run both fat and thin ESX in production for any length of time, I know I wouldn’t. And sure it’s “only” metadata if I never actually scan an ESX host, but it pollutes the VUM interface with millions of entries for fat ESX that I will never care about. So maybe I’m a little bit OCD about stuff like that, but there you go. Luckily I can do something about it though, via the use of a custom patch source and a little XML hacking.
(more…)

First Patches of 2010 Released – VC 4 U1 / ESXi Bug Slain!

January 7, 2010

I don’t normally post about patch releases, but this one is important because it fixes the issue described in my post Why You Shouldn’t Update vCenter If Using ESXi… Yet!.

This means that after applying the patch to ESXi 4, you can go right ahead with upgrading to vCenter 4.0 Update 1 without fear of disconnected hosts – go grab it now!