Yellow Bricks

by Duncan Epping

ESX

Adding a role to a user from the Service Console

· ·

Three weeks ago I blogged about a powershell script that can assign roles to users. This is very handy when doing scripted installs cause it seemed that it was impossible to add a role to a user from the Service Console. Today we had a discussion via email and my colleague from South Africa, Hugo, actually found out how to add a role to a certain user from the Service Console:

vmware-vim-cmd vimsvc/auth/entity_permission_add vim.Folder:ha-folder-root 'newuser' false ReadOnly true

The command used is “vmware-vim-cmd” aka “vimsh”. “vim.Folder:ha-folder-root” is on cluster level, ‘newuser’ is the username of the user you want to add the role to and the role is “ReadOnly”. False and true are values for “isgroup” and “propagate”.

Great job Hugo, and thanks for letting me know about this solution.

New version of the NetApp NFS best practices doc!

· ·

I just noticed that there’s a new version(4.3) of the NetApp on NFS best practices document online. This document has a new best practice in there that I discussed a couple of weeks ago about the “/NFS/LockDisable” and the “prefvmx.consolidateDeleteNFSLocks” settings(Page 14).

As far as I can judge at this point in time the document seems to be also following the VMware guidelines. NetApp suggests running several commands directly on the Service Console to do the desired changes. Although I do agree with their suggested changes, I don’t agree with the order of the procedure.

On page 14 in both “procedures” NetApp suggests that you enter maintenance mode before applying the changes. Which is definitely something I would also suggest. But they also suggest to exit maintenance mode right before you reboot the server. In theory this could lead to VM’s being VMotioned to the host you’re about to reboot. When this happens the VM’s will be killed without any notice, which could lead to all sorts of problems as you can imagine.

So if you’re about to make the changes NetApp suggests, please change the order and do a reboot first and exit maintenance mode when the reboot is completed.

SRM, it’s just too easy

· ·

You’ve probably also noticed a whole bunch of Site Recovery Manager(SRM) related articles popping up with people installing and configuring it in their home lab:

I love these articles because they are prove of the fact that SRM is really easy to set-up. But, and this actually scares me, it might seem a bit too easy. I said “too easy” because implementing a Disaster Recovery solution isn’t about the tools you are using. The tools, which will make your life a lot easier, are not the most important piece of the puzzle. Indeed PUZZLE.

There a whole bunch of SRM projects going on globally where VMware PSO, the department I work for, is assisting. These projects typically have a duration of 3 to 9 months, while it seems that with the ease of VMware Site Recovery Manager this should be a matter of days.

People tend to forget that the most important thing about Distaster Recovery / Business Continuity is the business. You need to know the organisation and IT environment very well before you can even start:

  • SLA’s? –> RPO / RTO?
  • Which services are most important to the business?
  • Which servers are part of the service?
  • In which order need these be started?
  • Which service have the highest priority?
  • Are there any dependencies between services?
  • What about the desktops?

And these are just a couple of questions one should normally have to answer before even going down the SRM road. The fact that SRM is so easy to setup makes it really hard to actually explain to a customer why a BCDR project will take much longer then he expected. And remember that although SRM is a great tool you would still need to create a Disaster Recovery Plan, SRM will be part of the plan but it needs to be in place!

I’m not saying that you should not go down the BCDR / SRM road, but be sure to be prepared. (read this e-book, it’s good and it’s free) Get to know your “business”, and be prepared for a long engagement… cause my experience is that normally people have a hard time answering really obvious questions.

You will talk to a lot of people who don’t have a clue of what the core business services / applications actually are. And the same goes for the sys admins, dependencies? Why would you want to know about that and how would I know?

Do you know which questions to ask, do you know how to get the right answers… This is why BCDR subject matter experts are needed for SRM engagements, so before you start give VMware a call, or your local VAC partner for that matter and make sure you get the best out of the SRM product.

Update: Symantec and VMotion, Supported or not?

· ·

There has been a lot of hassle on this one over the last couple of days. Symantec wasn’t supporting VMotion for their anti-virus suite. (Mike D., Lone SysAdmin, VInternals)A little birdie just told me that the article has been updated:

Is VMware VMotion ESX server supported with Symantec AntiVirus and Symantec Endpoint Protection?

Symptoms:
Symantec supports running Symantec AntiVirus, Symantec Endpoint Protection, and Symantec Endpoint Protection Manager in VMware environments.

A few customers have reported problems with Symantec Endpoint Protection Manager with VMware VMotion ESX server. These problems may or may not be related to the presence of VMware VMotion or the presence of the Symantec Endpoint Protection Manager.

Some the problems include:

  • Client communication problems
  • Symantec Endpoint Protection Manager communication problems
  • Content update failures
  • Policy update failures
  • Client data does not appear in the database
  • Replication failures


Solution:
Symantec is investigating each support case and will update Symantec products where necessary. If you experience a problem that you suspect is related to VMware VMotion, please contact Symantec Technical Support.

So in short, there have been problems which might or might not have been related to VMotion or Symantec EPM. Symantec will support products running in a VMware Environment!

SVMotion and disk space

· ·

I received this question a couple of times and there’s no real definitive answer written anywhere…

“Does storage vmotion require additional disk space on the source volume?”

The answer is: Yes it does. Storage VMotion uses the snapshot technology to release the lock on the source disk. This snapshot is placed on the source volume. So in other words, all changes that take place during a Storage VMotion are written to the delta file. This delta file, can and will grow fast.

So keep this in mind if you need to storage vmotion a VM because the VMFS volume is running out of diskspace… it might run out of diskspace sooner than you think.