Today, I had the good fortune to work with Todd Dayton, A VMware specialist on all things VDI/View related. The client I am working for had been accepted into the View 4 beta and Todd was onsite to help with the install and config of View and some thin clients.
We relearned a pretty common lesson in IT that a clean install is generally better than an upgrade. In an effort to save a few minutes, we decided to upgrade existing View 3 components. The connection server worked well, and the View composer worked, but the View 3 agent and the VMware tools from ESX 3.5 caused us to have problems with PCoIP connections. After removing the new agent, then removing the old VMware tools, we reinstalled the VMware tools for ESX 4 and finally the View 4 agent. After this remediation things worked like a charm!
If you haven’t tried PCoIP, you must! It blows the doors off RDP. I can’t wait to get the released bits and get this into production. Thanks Todd for the assistance!
Category Archives: VMware
Licensing VMware ESX 4, ESXi and vCenter 4 Video KB article
This week VMware posted KB article 1010839 on licensing ESX 4, ESXi 4 and vCenter 4. I get many questions in class about the new license assignment process for vSphere. This KB article has a nice video demonstration and very concise text direction for assigning licenses.
EMC Storage resources
Earlier today I saw an exchange between Scott Lowe and Chad Sakac on twitter regarding a post on learning about EMC storage. I teach as a contractor for VMware and storage is routinely identified by students a topic for more and more in-depth discussion. I follow both Scott Lowe‘s and Chad Sakac‘s blogs with interest as they both have provided me with insight and very useful information. In this case, I found the comments to be very helpful and in particular the comment from Chad Sakac of EMC to be a succinct and helpful quick start for learning more about EMC storage and VMware and will be referencing it in future classes.
vCenter 2.5 Update 5 released
VMware released vCenter 2.5 Update 5. The release notes state:
VirtualCenter 2.5 Update 5 includes significant performance and scalability improvements to VMware HA. Use VirtualCenter 2.5 Update 5 for environments with more than 35 virtual machines per host in an HA cluster.
For information on the ESX Server host settings required for this scalability improvement, see ESX Server host settings required for environments with up to 80 virtual machines per host in an HA Cluster (KB 1012002).
KB 1012002 states that with vCenter 2.5 update 5 an ESX host in an HA cluster can support up to 80 VM’s. The article continues with the specific ESX settings that are needed. The “RunningVCpuLimit” needs to be set to 192, the Service Console memory needs to be raised to 512MB and the Host Agent (hostd) memory settings in /etc/vmware/hostd/config.xml need to be increased. Note that the ESX host will need to be restarted after changing the Service Consle memory allocation.
In addition to the HA change, the release adds new http connection timeout settings:
A new advanced setting entry vpxd.httpClientIdleTimeout can be used to configure the timeout value for an idle HTTP connection. The default value for this entry is 15 minutes (900 seconds), ensuring that the VirtualCenter Server closes the idle HTTP connection after the connection has been idle for 15 minutes. If a firewall session timeout value is set to less than 15 minutes, the value for vpxd.httpClientIdleTimeout should be changed to be smaller than the firewall’s timeout value.
No updates to the vCenter Enterprise Converter or Update Manager plug-ins have been made.
New ESX 3.5 patches for June released
VMware released 7 patches for ESX 3.5 including:
VMware ESX 3.5, Patch ESX350-200906401-BG : Updates vmkctl and vmkernel RPMs
Issues fixed in this patch (and their relevant symptoms, if applicable) include:
When you power on virtual machines on ESX 3.5 hosts, many inactive VMFS volumes are opened in addition to the VMFS volume containing the virtual machine disk files. This might cause the virtual machines to take more time to boot. In a cluster environment, this issue might also cause VMotion operations to timeout on the destination host. This fix ensures that only the VMFS volumes on which the virtual machines reside are opened. While performing a host rescan on ESXi, the host and virtual machines might stop responding till the end of the rescan operation. During this time, connections to virtual machines are lost, including SSH, client connections, and communication to other clustered storage modules. The virtual machines start responding after the rescan operation is completed. Excessive cold migration of virtual machines between ESX hosts might cause ESX hosts to be disconnected from vCenter Server due to a memory leak on the host agent (hostd).
Critical update. Host reboot required.
VMware ESX 3.5, Patch ESX350-200906402-BG: Updates NetXen Driver
This patch fixes a NetXen driver issue where the ESX 3.5 host or a virtual machine might lose network connectivity or become unstable when using a NetXen NX2031 device.
Critical Update. Host reboot required.
VMware ESX 3.5, Patch ESX350-200906403-BG: Updates Kernel Source and kernel-vmnix RPMs
This patch upgrades kernel-source and kernel-vmnix to support the bnx2x and NetXen software driver updates, which fix the following issues:
When virtual machines are run with older versions of VMware Tools (ESX 3.0.x) on ESX 3.5 and ESXi 3.5 hosts containing bnx2x NICs, the virtual machines might experience a network outage…
To work around this issue, upgrade the version of VMware Tools in the virtual machines.A NetXen driver issue where the ESX 3.5 host or a virtual machine might lose network connectivity or become unstable when using a NetXen NX2031 device.
General Patch. Host reboot required.
VMware ESX 3.5, Patch ESX350-200906405-BG: Updates bnx2x Driver for Broadcom
Issues fixed in this patch (and their relevant symptoms, if applicable) include:
On Dell PowerEdgeServers 11G installed with ESX 3.5, BCM57710 Mezzanine cards might lose network connectivity to the network switch. When virtual machines are run with older versions of VMware Tools (ESX 3.0.x) on ESX 3.5 and ESXi 3.5 hosts containing bnx2x NICs, the virtual machines might experience a network outage… To work around this issue, upgrade the version of VMware Tools in the virtual machines.
Critical Patch. Host reboot required.
VMware ESX 3.5, Patch ESX350-200906406-BG:Updates VMware Tools
This patch adds prebuilt modules for Ubuntu 9.04 and fixes the following issue:
When diskinfo query is run, VMware Tools installed on Solaris 10.x virtual machines reports incorrect virtual disk size information. Also, some Linux virtual machines do not report correct logical volume manager (LVM) partitions.
General Update. No host reboot is required.
VMware ESX 3.5, Patch ESX350-200906407-BG: Updates krb5-libs and pam_krb5
Issues fixed in this patch (and their relevant symptoms, if applicable) include:
Service Console package krb5 has been updated to version krb5-1.2.7-70. This fixes a input validation flaw that was found in the ASN.1 (Abstract Syntax Notation One) decoder used by MIT Kerberos. The Common Vulnerabilities and Exposures Project has assigned the name CVE-2009-0846 to this issue. The pam_krb5 package is upgraded to pam_krb5-1.81-1. This fixes an issue where a user authentication failure occurs under certain circumstances.
For details on this issue, refer to the Red Hat advisory at https://rhn.redhat.com/errata/RHBA-2008-0813.html.
Security Update. Host Reboot is required.
VMware ESX 3.5, Patch ESX350-200906408-BG: Updates VMX RPM
This patch fixes an issue where virtual machines that use the Virtual Machine Interface (VMI) might stop responding.
Critical Update. No host reboot is required.
Patches are available on the downloads page.
One of the locations that VMware lists updates is on the VMware Knowledge Base Blog.
New VMware network technical papers published
Network Segmentation in Virtualized Environments
As virtualization becomes the standard infrastructure for server deployments, a growing number of organizations want to consolidate servers that belong to different trust zones. The demand is increasing for information to help network security professionals understand and mitigate the risks associated with this practice. This paper provides detailed descriptions of three different virtualized trust zone configurations and identifies best practice approaches that enable secure deployment.
DMZ Virtualization Using VMware vSphere 4 and the Cisco Nexus 1000V Virtual Switch
This paper tackles the subject of DMZ security and virtualization. It covers a number of DMZ security requirements and scenarios, presenting how vSphere users can implement the Cisco Nexus 1000V virtual switch in a DMZ.
VMware Security Advisory 2009-0008
VMware has released security advisory VMSA-2009-0008. The advisory is for a vulnerability in an MIT Kerberos 5 package in the service console. The advisory explains:
An input validation flaw in the asn1_decode_generaltime function in MIT Kerberos 5 before 1.6.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. A remote attacker could use this flaw to crash a network service using the MIT Kerberos library, such as kadmind or krb5kdc, by causing it to dereference or free an uninitialized pointer or, possibly, execute arbitrary code with the privileges of the user running the service.
NOTE: ESX by default is unaffected by this issue, the daemons kadmind and krb5kdc are not installed in ESX.
The advisory goes on to state that all currently supported version of ESX (not ESXi) are affected.
For ESX 3.5 the patch: ESX 3.5.0 ESX350-200906407-SG
md5sum: 6b8079430b0958abbf77e944a677ac6b
KB Article: VMware ESX 3.5, Patch ESX350-200906407-BG: Updates krb5-libs and pam_krb5
For ESX 2.5.5, 3.0.2, 3.0.3 and 4.0 patches are pending.
You can subscribe to VMware Security announcments here: http://lists.vmware.com/mailman/listinfo/security-announce
New patches released for ESX
VMware released 6 patches for ESX 3.5 including:
VMware ESX 3.5, Patch ESX350-200905401-BG: Updates vmkernel and hostd RPMs Critical updates related to HA failover of VM’s on NFS datastores and invalid license issues. Host reboot required.
VMware ESX 3.5, Patch ESX350-200905402-BG: Updates VMX RPM General update to address a robustness issue with VMX. No Host reboot required.
VMware ESX 3.5, Patch ESX350-200905403-BG: Updates aacraid driver for Adaptec Replaces the Adpatec aacraid_esx30 driver to mitigate potential failure under heavy load on some IBM, SUN or Fujitsu hosts. Host reboot required.
VMware ESX 3.5, Patch ESX350-200905404-BG: Update to tzdata package Updates time zone information for changes in Brazil and Argentina. No host reboot required.
VMware ESX 3.5, Patch ESX350-200905405-BG: Updates Kernel Source and VMNIX This patch updates kernel-source and kernel-vmnix to support the aacraid software driver update. Host Reboot is required.
One of the locations that VMware lists updates is on the VMware Knowledge Base Blog.
VMware Security Advisory 2009-0007
VMware released security advisory VMSA-2009-007. The security advisory is related to the “Descheduled time accounting service” an optional, experimentally supported component of the VMware tools. The denial of service vulnerability only exists on Windows based VM’s with the descheduled time accounting service installed, but not running. The advisory lists the conditions and required steps to remediate these VM’s and the various VMware platforms that they may be running on.
For ESX 3.5, the patch ESX350-200904401-BG released last month is required.
For ESX 3.0.3, patch ESX303-200905401-SG released this week is required.
You can subscribe to VMware Security announcments here: http://lists.vmware.com/mailman/listinfo/security-announce
VMware KB Resolution Paths
Last week I saw a post on the VMware Knowledge Base Blog with resolution paths for Converter. This morning I noticed that resolution paths have been posted for most VMware products and problem areas. The Resolution paths are a matrix that walk you through recommended troubleshooting steps with hyperlinks to related KB articles for each step. Here is the link: http://blogs.vmware.com/kb/2009/05/resolution-paths-published.html
Dennis Bray's Virtual Place 