Category Archives: Virtualization

Nutanix Announces New Release with 4x Performance Improvement

Nutanix-Logo

The Nutanix web-scale computing platform is getting an upgrade!  A new release was announced on February 16 that promises 4x performance improvement for any workload without additional hardware or software license.  Some snippets from the press release are below:

SAN JOSE, Calif. – February 16, 2016Nutanix, the enterprise cloud company, today announced a new release of its web-scale computing platform that delivers up to 4x performance improvement for any workload with no additional hardware or software license, freedom to choose hypervisors without lock-in, and built-in machine learning capabilities that increase operational efficiency. Nutanix solutions for building and operating enterprise clouds uniquely deliver the agility, pay-as-you-grow consumption, and operational simplicity of the public cloud without sacrificing the predictability, security, and control of on-premises infrastructure.

To support the increasing demands of modern businesses, an enterprise cloud platform must include a web-scale infrastructure fabric that delivers resiliency, availability, predictable performance across a wide range of enterprise applications. In addition, it should incorporate seamless application and data mobility, invisible operations with one-click simplicity through built-in machine intelligence, extensive automation and rich analytics, and a security-first design. The 4.6 release of the Nutanix software extends the company’s technology leadership and provides a platform that furthers its mission to deliver invisible infrastructure to elevate IT.

 

Delivering Continuous Value with 4x Better Price/Performance
Enterprise clouds must offer versatile performance for traditional and next-generation enterprise applications, delivering value back to businesses through continuous innovation. Acropolis 4.6 includes more than 25 powerful software enhancements that increase system performance by up to 4x compared to earlier versions. Current customers can get these benefits through a simple software upgrade at no additional expense. These enhancements increase performance across the full portfolio of Nutanix appliances, including the recently updated NX-9000 all-flash model. Customers benefit from:

  • Better performance across a wide range of enterprise application workloads, e.g., powering up to 30,000 Microsoft Exchange mailboxes in just 8U of rack space, as validated through the Microsoft Exchange Solution Reviewed Program (ESRP)
  • Delivering the industry’s fastest storage I/O performance across hyperconverged all flash solutions with over 1 million storage IOPS in just 4U of datacenter space.
  • Up to 4x price/performance gains on existing investments to deliver as low as $0.35/IOPS, better than top-selling all-flash arrays which also suffer from complex management and additional networking requirements.

 

As with public clouds such as AWS, wherein cost reductions achieved due to innovation and scale are passed back to the customer on an ongoing basis, customers deploying enterprise clouds powered by Nutanix also benefit from ongoing price/performance improvements on their existing investments without additional costs.

Removing Hypervisor Lock-In To Enable Infrastructure Choice for Traditional and Next Generation Apps
Public cloud services provide a single runtime environment, which while suited to some applications is a poor fit for others. In the new era of enterprise clouds, flexibility and choice are fundamental tenets, allowing businesses to run traditional enterprise applications such as databases and VDI as well as next-generation big data and DevOps applications uniformly and consistently on the best runtime environment for each application. This release extends the ambitious Acropolis App Mobility Fabric (AMF) with critical software updates that give IT teams the freedom to pick the right virtualization environment for their applications, and the flexibility to switch easily in order to reduce costs or simplify operations. New features include:

  • 1-click Hypervisor Conversion – Switch the hypervisor running on a Nutanix system from VMware vSphere to the built-in Acropolis Hypervisor (AHV) in a completely automatic operation that can be completed in minutes with minimal disruption and risk.
  • Cross-hypervisor DR and Backup – Rapidly recover from a site failure by failing over VMs from one site to another location running a completely different hypervisor. Perform automatic backups of VM-level data from one Nutanix system to another running a different hypervisor. IT professionals can choose the best hypervisor for each environment to minimize virtualization license costs.

 

Making Datacenter Operations Invisible With Built-in Machine Intelligence
Enterprise clouds require machine intelligence and automation to simplify complex operations from many clicks to a single click, and eventually from a single click to zero-touch management. New in this release is Prism Pro, a datacenter automation solution with a unique search-first interface and customizable dashboards that bring unmatched simplicity to a diverse set of IT operations.

Prism Pro features the new X-Fit™ technology with foundational machine intelligence built into the platform, delivering streamlined operations for every workload. With X-Fit™, the platform now includes self-learning capabilities that continuously improve prediction accuracy and the quality of automated decisions over time. Prism Pro leverages X-Fit to power automation and intelligence across a variety of operations, such as smart capacity management. This technology pits multiple predictive algorithms against one another, picking the best fit and making actionable recommendations to eliminate over-provisioning without increasing risk to application performance.

A link to the press release can be found here.

VMworld 2015 Sponsors – Zerto and Opvizor

The final 2 sponsors for vBrainstorm at VMworld 2015 are Zerto and Opvizor!

First up is Zerto!  Zerto says it best with this excerpt from their web site:

Zerto provides enterprise-class business continuity and disaster recovery (BCDR) solutions for virtualized IT infrastructure & cloud.

They not only provide your typical backup of VMs but also virtual replication of VMs to a remote location.  vSphere, Hyper-V and even Amazon Web Services (AWS) is supported by Zerto.  Visit their web site for videos and customer testimonials.

So what is Zerto doing at VMworld?  Zerto is famous at VMworld for “Red Wednesday”!  This is the day that you wear your Zerto Red T-Shirt that you get at their booth to win some great prizes!  I was fortunate enough one year to win some Beats headphones from Zerto.  It is as simple as their prize team spotting you around VMworld and choosing you for a prize!  It really is that simple.  Zerto is also throwing a party and I am super excited about this one.  The are going to have an all female Queen cover band called “Killer Queens”!  I cannot wait to hear some of that!

You can find Zerto at booth #623.  You can also read more about what Zerto has in store at VMworld at http://www.zerto.com/zerto-at-vmworld-2015/.

Finally our final sponsor is Opvizor!  Opvizor provides solutions to monitor the health of your VMware environment as well as monitoring VM snapshots in your environment.  Opvizor says this statement about their solution on their web site:

With Opvizor you control everything you love about VMware, and Opvizor automates all the rest

Opvizor’s Health Analyzer solution analyzes your VMware infrastructure, offer resolutions, provide reporting and help you optimize virtual applications!  Opvizor’s Snapwatcher solution monitors VMware snapshots across vCenter systems, tracks the snapshots, finds invalid snapshots and helps free wasted disk space by fixing broken, old and invalid snapshots.

Opvizor is not going to be at VMworld this year so I highly encourage you to visit the web site for more information: https://www.opvizor.com/

Look for myself (rolltidega), Roger (rogerlund) and Aaron (virtualroads) wearing the shirt below around VMworld!  We can help you find Zerto’s booth on the show floor!  Hope to see you there!

ZertoOp

vBrainstorm will be at VMworld 2015 in San Francisco!

VMworld 2015 is right around the corner in San Francisco and vBrainstorm.com will be there as an official blogger of VMworld!  What can you expect?  All the announcements made at the keynotes will be reported and summarized here.  We will be meeting with some of the vendors to report on their products.  These reports will be blog posts as well as videos.  We will also use Periscope for some live video reports so make sure you check us out there.  It should be a great week of virtual goodness and fun so stay tuned!

Shawn Cannon – vBrainstorm Blogger

VMware vSphere 6.0 is now available

Looks like VMware has made the 6.0 version of their vSphere and related product lines available today.  Here are the links to download.  Note:  These links require a My VMware account that is licensed for these products.

VMware vCloud Suite 6.0 (You can get ESXi 6.0, vCenter Server 6.0, vSphere Replication 6.0, vSphere Data Protection 6.0, vCenter Site Recovery Manager 6.0,  vRealize Orchestrator Appliance 6.0.1 and vRealize Operations Manager 6.0.1 from this link.  Virtual SAN is included with ESXi and vCenter Server downloads)

Short and simple right?

 

This is from the VMware Site.

 

VMware Announces General Availability of vSphere 6

Today, we are excited to announce the general availability of VMware vSphere 6 along with a slew of other Software-Defined Data Center (SDDC) products including VMware Integrated OpenStack, VMware Virtual SAN 6, VMware vSphere Virtual Volumes, VMware vCloud Suite 6, and VMware vSphere with Operations Management 6.

vSphere 6 is the latest release of the industry-leading virtualization platform and serves as the foundation of the SDDC. This is the largest ever release of vSphere and is the first major release of the flagship product in over three years.  vSphere 6 is jammed pack with features and innovations that enable users to virtualize any application, including both scale-up and scale-out applications, with confidence. New capabilities include increased scale and performance, breakthrough industry-first availability, storage efficiencies for virtual machines, and simplified management  at scale. For more details on the blockbuster features please refer to the vSphere 6 announcement.

If you are interested in learning more about vSphere 6, there are several options:

 

 [/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

HyTrust KeyControl Cryptographic Module Enters Process for FIPS 140-2 Validation

For those of you in fields where regulatory requirements are important then this news from HyTrust is for you.  They have entered the process to be validated for FIPS 140-2.  A press release was released yesterday, March 11 2015.  The contents of this press release is below.

MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)–HyTrust Inc., the Cloud Security Automation Company, today announced that the HyTrust KeyControl®Cryptographic Module has entered the validation process for FIPS 140-2 compliance. By adding FIPS 140-2 validation, HyTrust will continue to strengthen support for critical regulatory mandates such as PCI, HIPAA, and FedRAMP, offering a significant competitive advantage in an environment where data security compliance requirements are being updated and enforced across the board.

“The HyTrust engineering team has extensive experience in building FIPS 140-2 compliant encryption systems. We have a deep understanding of the complexities involved in both the security requirements for cryptographic modules and the validation process,” said Hemma Prafullchandra, CTO and senior vice president of Products at HyTrust. “That’s why we can assure our customers that there will be a seamless upgrade path from current HyTrust DataControl deployments to the FIPS-validated version.”

FIPS 140-2 and the validation process involved represent an established standard from the National Institute of Standards and Technology (NIST). It exists specifically to validate that a cryptographic module creates and handles encryption keys in a secure manner. The validation serves to assure users that the technology has passed rigorous testing by an accredited third-party lab, in accordance with NIST’s Cryptographic Module Validation Program. Since its inception, FIPS 140-2 has been considered the defining benchmark for securely engineered encryption in a range of critical areas, from the defense sector to financial services and other sensitive vertical industries.

HyTrust KeyControl® is a hardened software appliance that can be easily deployed on physical or virtual servers. Working in tandem with the HyTrust DataControl® encryption engine, KeyControl provides automated and centrally managed control over all encryption and key management policies. The Cryptographic Module is a subset of HyTrust KeyControl, representing the core software elements that generate and manage cryptographic keys. HyTrust KeyControl uses the module to generate and protect keys, enabling the rest of the solution to confidently store and distribute those protected keys.

About HyTrust (www.hytrust.com)

Cloud Under Control.

HyTrust is the Cloud Security Automation Company. Its mission is to secure the next generation datacenter by automating data protection and continuously enforcing security policies for the people and tools that operate private, hybrid and public clouds. HyTrust software helps enterprises increase system availability, reduce the risk of compromise, and ensure compliance to industry standards. With HyTrust, organizations gain the control, visibility and security necessary for a trustworthy cloud.

The Company is backed by strategic investors VMware, Cisco, Intel, In-Q-Tel, Fortinet, and venture capital investors Granite Ventures, Trident Capital,Epic Ventures and Vanedge Capital; its technology and go-to-market partners include VMware; VCE; Symantec; CA; McAfee; Splunk; HP Arcsight;Accuvant; RSA and Intel.

HyTrust; HyTrust, Inc.; HyTrust CloudControl (HTCC); HyTrust DataControl (HTDC); HyTrust DataControl: VM Edition; HyTrust DataControl: Virtual Storage Edition; HyTrust DataControl: AWS Edition; HyTrust KeyControl (HTKC); HyTrust Appliance; HyTrust Appliance Community Edition; HyTrust Cloud Control; HighCloud; HighCloud DSM; HighCloud VMV; HighCloud Key and Policy Server; “Virtualization Under Control”; “Cloud Under Control” and “Virtualization & Cloud Under Control” are all trademarks of HyTrust, Inc. All other names and trademarks are property of their respective firms.

Source for press release:  http://www.businesswire.com/news/home/20150311005992/en/HyTrust-KeyControl-Cryptographic-Module-Enters-Process-FIPS#.VQGnsivF-KO

Move vSphere Replicated VM files from one datastore to another

Recently at my day job we had some new storage allocated at our recovery site to use for vSphere storage.  I was tasked with decommissioning the old datastores.  The problem is that my replicated VMs resided on the old storage.  Of course I could go into my vSphere replication settings on each VM and just point it to the new datastores and be done with it.  That would have taken quite some time to do since the VMs would have to fully replicate again.  I wanted to find an easy way to copy the replicated VMs from the old datastores to the new datastores.  So I did some Internet searches and found the following blog post:  Copy Files Between Datastores – PowerCLI.   Dan Hayward posted a useful PowerCLI script that he used to copy ISO files from one datastore to another.  I basically adapted this script and changed it to move a VM from an old datastore to another.  I could have scripted it and passed in the variables from a CSV file but I wanted to update the vSphere Replication settings one VM at a time.  So here is what my script looked like:

Connect-VIServer ServerName

#Set’s Old Datastore
$oldds = get-datastore “OldDatastore”

#Set’s New Datastore
$newds = get-datastore “NewDatastore”

#Set’s VM Folder Location
$VMloc = “VMName”

#Map Drives
new-psdrive -Location $oldds -Name olddrive -PSProvider VimDatastore -Root “\”
new-psdrive -Location $newds -Name newdrive -PSProvider VimDatastore -Root “\”
#Copies Files from Old to New
copy-datastoreitem -recurse -force -item olddrive:\$VMloc\$VMloc*.vmdk newdrive:\$VMloc\

Basically the script connects you to your vCenter server, sets the old and new datastore variables, sets the VM Folder name and then does the magic to map the datastores and copy the VMDK files from the old to the new.  Having the VMDK files copied over to the new datastores allowed me to use these as my replication seed for each drive when I reconfigured replication settings for the VM.  I just updated this file for each VM that I needed to copy to the new datastores.

Obviously this could have been automated even more as I had to do this for over 120 VMs but I am not a scripting expert.  I am just thankful for a great blog post from Dan Hayward to help me out!  Thanks Dan!

VMware products and “Ghost” (CVE-2015-0235)

I wanted to share this information from the VMware Security and Compliance Blog.  The bottom line is that no VMware products at this time have been found that are vulnerable to the glibc gethostbyname* buffer overflow (CVE-2015-0235).  The quoted blog post is below as well as a link to the post itself.

This Tuesday a buffer overflow in the gethostbyname family of functions (“gethostbyname*”) in the widely used glibc library (CVE-2015-0235) was disclosed.  As soon as we became aware of this vulnerability we began investigating.  We regarded it as a significant vulnerabiliy since theoriginal advisory detailed remote code execution in the Exim mail server.

We quickly realized that exploitability of this vulnerability depends on where and how the vulnerable function is invoked.  In particular, if an attacker cannot control the arguments passed to the gethostbyname* functions, then the overflow cannot be triggered.  Suffice it to say, the applicability of this vulnerability to the Exim mail server, cannot be generalized to all software using glibc, or even to all invocations of gethostbyname*.

We have been reviewing the use of glibc and gethostbyname* in our products.  Based on our current analysis, we have not identified any VMware product that is affected by this issue. Many of our products do use a vulnerable version of the glibc library, but we have not found a way to pass untrusted input to gethostbyname*. Our KB on this issue is published here.

We take the security of customers extremely seriously.  Even though no VMware product has been found to be exploitable using this issue, we will update the glibc library in normal upcoming maintenance releases.

Link:  VMware products and “Ghost”, glibc gethostbyname* buffer overflow (CVE-2015-0235)

VMware Security Advisory VMSA-2015-0001

VMware released security advisory VMSA-2015-0001 on January 27 2015.  A link to the advisory can be found here.  An overview of the items that this advisory addresses is shown below.

  • VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability
    VMware ESXi, Workstation, Player and Fusion contain an arbitrary file write issue. Exploitation this issue may allow for privilege escalation on the host.The vulnerability does not allow for privilege escalation from the guest Operating System to the host or vice-versa. This means that host memory can not be manipulated from the Guest Operating
    System. 
  • VMware Workstation, Player, and Fusion Denial of Service vulnerability
    VMware Workstation, Player, and Fusion contain an input validation issue in the Host Guest File System (HGFS). This issue may allow for a Denial of Service of the Guest Operating system.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-1043 to this issue.
  • VMware ESXi, Workstation, and Player Denial of Service vulnerability
    VMware ESXi, Workstation, and Player contain an input validation issue in VMware Authorization process (vmware-authd). This issue may allow for a Denial of Service of the host. On VMware ESXi and on Workstation running on Linux the Denial of Service would be partial.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-1044 to this issue.
  • Update to VMware vCenter Server and ESXi for OpenSSL 1.0.1 and 0.9.8 package
    The OpenSSL library is updated to version 1.0.1j or 0.9.8zc to resolve multiple security issues.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-3513, CVE-2014-3567, CVE-2014-3566 (“POODLE”) and CVE-2014-3568 to these issues. 
  • Update to ESXi libxml2 package
    The libxml2 library is updated to version libxml2-2.7.6-17 to resolve a security issue.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3660 to this issue.

vCenter Server 5.5 Update 2d recently released

On January 27 2015 VMware released an update for vCenter Server 5.5.  The release notes are located here.  A brief summary of the resolved issues from the release notes are below.

vCenter Single Sign-On

  • VMware Directory Service consumes excessive memory
  • Backup and restore of vCenter Single Sign-On database might not replicate the data between primary and secondary nodes correctly
  • Attempts to logout through the vCloud Automation Center UI might fail

Networking

  • Network Interface Cards of virtual machines in disconnected state might get ejected during vMotion

vCenter Server, vSphere Client, and vSphere Web Access

  • Virtual machines on ESXi hosts containing NSX Endpoint virtual machines might not power on
  • Update to SUSE Linux Enterprise Edition Server in vCenter Server Appliance to address time zone changes
  • vpxd reports massive logging
  • Accessing the Storage View tab fails with the error
  • Scheduled tasks cannot be created for a different time on the same day in vSphere Web Client
  • The VMware VirtualCenter Server service fails intermittently
  • HTML console cannot be launched with custom port
  • Datastore browser in vSphere Web Client does not overwrite existing files
  • VMware VirtualCenter Server service fails

Virtual Machine Management

  • Cloning or deploying deploying virtual machines over the network causes performance degradation
  • Alert event is not triggered when one VM has multiple vNICs with same MAC address

vMotion and Storage vMotion

  • The default behavior of DRS has been changed to make the feature less aggressive during cluster upgrade

Initial Configuration of SolarWinds Virtualization Manager v6.1.1

So now that the Virtualization Manager appliance is installed and powered on we need to configure it.  The vBrainstorm lab has DHCP enabled but we are using static IP addresses so we need to change the appliance to use a static IP.  To do this, just right-click on the appliance in vCenter and choose to Open Console.  To configure a static IP, arrow down and hit enter on Configure Network.

setup (1)

Enter the info as prompted.

setup (2)

After the IP is set just open up a browser and go to the IP via HTTPS.  The default username and password is admin.

setup (3)

Once you are logged in you have to accept the license agreement (after you review it of course).

setup (4)

Next is the configuration wizard.  Just click begin!

setup (5)

The first screen is going to ask you for your registration info.  Enter that information and click Next.

setup (6)

The next screen is used to configure your credentials to access the server(s) you are going to access.

setup (7)

 

Click on the Add button to add the proper credentials.  In our case we are connecting to a vCenter server.  Enter the credentials and click Save.  Click Next.

setup (8)

 

The next screen is the data sources screen.  This is where you add your servers.  Click the Add button.

setup (9)

Choose Virtual Center.

setup (10)

Enter your vCenter server information.  Click Save.  Click Next.

setup (16)

The next screen lets you select collection schedules.  These are used to gather the data needed to populate Virtualization Manager.  For this lab setup I enabled both of these tasks.  You do that by highlighting the task and clicking thee Enable button.  Click Next.

setup (11)

 

The next screen is where you configure your SMTP settings so that you can receive email alerts.  After the info is entered click Next.

setup (12)

 

The final wizard screen is for integration with Storage Manager.  In our lab we are not using Storage Manager at this time.  Click Finish.

setup (13)

The Configuration Summary screen will appear.  A configuration status bar will show in the middle of the screen under Active Data Collection Jobs.

setup (14)

 

That’s it! Virtualization Manager has been configured for the vCenter instance in our lab!  The next blog post will go over the different screens in the software after data has been collected for a few days.