Yesterday VMware released a patch for the Site Recovery Manager Client:

Client Patch for Site Recovery Manager 1.0 Update 1
This client patch for Site Recovery Manager 1.0 Update 1 corrects a performance problem observed at sites that support more than seven ESX hosts.

If you are running SRM, it might worth downloading the patch and installing it! The download page contains a section on how to apply this patch, besure to read it cause it’s not a case of “next, next, finish”.

When we were playing around with Site Recovery Manager last week we had the opportunity to ask a bunch of questions to Lee Dilworth. Lee is a Specialist System Engineer for Site Recovery Manager. During the discussion Lee told us about a document that Horst Mundt, also a VMware employee, wrote about using trusted certificates. We received the document via email and I wanted to share this with you. After a quick search on the internet I noticed that Horst already uploaded his document to VI:OPS:

SRM establishes a secure connection between the protected and the recovery site.

There are two options for authentication: Credential based or certificate based.

If you install SRM into an existing environment, make sure to choose the method that is appropriate for your environment.

If you have not changed the default certificates that were installed by the VMware vCenter server setup then go for credential based authentication. You do not need to read the this document.

If you have installed SSL certificates issued by a trusted CA on your VMware vCenter servers then go for certificate based authentication. The document explains how certificates need to be setup in order for this to work.

Just noticed the following press release:”VMware Announces Speaker and Exhibitor Lineups for VMworld Europe 2009“.

Europe’s Largest Virtualization Event Garners Broad Industry Support From Leading IT Vendors

FRIMLEY, England & PALO ALTO, Calif.–(BUSINESS WIRE)–Jan. 14, 2009–VMware, Inc. (NYSE:VMW), the global leader in virtualization solutions from the desktop to the datacenter, today announced that nine of the IT industry’s leading vendors have confirmed their participation at VMworld Europe 2009 as Platinum sponsors of the event. At the same time, the company announced that keynote addresses at the event will be headed by Paul Maritz, President and CEO of VMware; Dr. Stephen Herrod, Chief Technology Officer, VMware; and Dr. Wolfgang Krips, Managing Director, SAP Hosting.

Headline sponsors of the second VMworld Europe conference have been confirmed as CA, Dell, Fujitsu Siemens, EMC, HP, IBM, Intel, NetApp and Symantec. VMware is the overall event sponsor of VMworld Europe 2009.

VMworld Europe 2009 will build on the success of the first VMworld Europe conference, which more than 4,500 delegates attended. This year, VMware is expecting more than 5,000 attendees at the Palais des Festivals in Cannes between 24-26 February. The event has rapidly become Europe’s largest virtualization forum. Alongside these nine Platinum sponsors, nearly 70 other exhibitors have confirmed their participation, bringing innovative virtualization offerings to the event, as well as a strong presence from vendors with traditional networking, storage, applications and security expertise.

5000, VMware expects 5000 attendees. If you didn’t sign up yet, go here!

I dropped the news about the VMware Virtualization Professional Program a couple of weeks ago. It was supposedly to be opened up today for voting. Unfortunately it has been postponed atleast 18 hours. But John Troyer just announced the official name VMware vExpert. Wouldn’t you want to become a vExpert!?!

Most of you are familiar with the VMTN Podcasts by now which are hosted by VMware’s John Troyer. One of the regulars of the VMTN podcast, Edward Haletky (also known as Texiwill on VMTN and Twitter), formed a panel of experts on Security and will start a new podcast: The Virtualization Security Round Table Podcast. Those who listen to the VMTN Podcast know how passionate Edward is about security and virtualization so expect these weekly roundtables to be at least on the same level as the VMTN podcasts.

Info about the podcasts can be found on Edwards website:

Episode 1: First Panel Talkshoe on Thursday 15 January 2009 at 2:30 PM EST / 20:30 (CEST): http://www.talkshoe.com/tc/34217

Expect the following topics to be discussed in the near future:

• Use of Virtualization in a DMZ.
• Review of security lockdown standards/benchmarks and tools
• Virtualization Security in shared and dedicated hosting environments
• Providing VaaS (VMware as a Service) securely to SMBs for DR.
• How virtualization security relates to cloud computing security
• Top 3 security issues
• Optimal Network configuration and design for security
• How to accommodate small / medium and home businesses
• Disaster recovery options – small, medium, large businesses
• VLANs as a Security measure with vSwitch Security

If you’ve got ideas / topics for the roundtable hit Edward up on the VMTN forum or via Twitter. And off course it’s also possible to just drop your questions during the podcast on the Talkshoe chat. Mark the date in your agenda, every week on Thursday at 2:30 PM EST / 20:30 (CEST)!

I was just troubleshooting a problem with permissions and roles at a customer site within vCenter. For some weird reason we could not create a VM. I hardly ever use this functionality and if I do it’s mostly on a “Hosts & Clusters” level.

This customer wanted to set permissions on a “HA-DRS” Cluster level. Each cluster will be administered by a different group of admins. These admins should not be allowed to do any administrative tasks on one of the other clusters in vCenter. Half of the setup worked, as in the admins could do certain tasks on the ESX hosts, but there was no way they could create VM’s.

I’ve browsed through my documentation but couldn’t find anything useful but luckily VI:OPS contained an excellent document on this topic: VI3 Roles and Permissions.

I did a copy and paste of the information that clarified the problem we were facing:

VMs appear in the inventory in two places: under the “Virtual Machines and Templates” view and the “Hosts and Clusters” view. This is also reflected in their privilege inheritance: VMs inherit privileges from both the containing host/cluster object as well as the containing VM/Template folder. Under Hosts and Clusters, possible containing objects include: folders, clusters, hosts, and resource pools. The two views and hierarchies become unified at the top level datacenter (or any folder that contains the datacenter)

Certain tasks require privileges on both sides of the hierarchy. For example, to create a VM, you need to have the “VM > Inventory > Create” privilege on a VM folder (in the VM view) as well as “Resource > Assign VM to Resource Pool” somewhere on an object in the Host view (folder, cluster, host, or resource pool). If you have a role which contains both these privileges, and you assign it at the datacenter level, it will propogate down both sides of the hierarchy. If, however, you want to limit its scope, then you’d need to apply it separately to individual subsections on each side of the hierarchy.

In other words, creating VM’s requires permissions on both levels “Datacenter” and “Cluster”.

When reading several SRM docs I was wondering if Microsoft Clustering was supported or not. I knew that in version 1.0 it wasn’t supported. When reading the Release Notes I noticed the following:

Full Support for RDM devices
SRM now provides full support for virtual machines that use raw disk mapping (RDM) devices. This enables support of several new configurations, including Microsoft Cluster Server. (Virtual machine templates cannot use RDM devices.)

Microsoft Clustering Services is supported as of Update 1. But you will need to keep in mind when creating your Recovery Plan that all nodes of the cluster will belong to the same Protection Group and can possibly  be started up or shutdown at the same time….. I haven’t configured SRM in combination with MSCS so far, if any of you has any tips/tricks let me know.