usb

Can I boot ESXi from an SD card while placing OSDATA on my SAN?

Duncan Epping · Nov 16, 2021 · 1 Comment

I see this question popping up all the time, literally twice a day on our VMware internal slack, can I boot ESXi from an SD card while placing OSDATA on my SAN? I guess people are confused after reading this article. It is probably a result of skim-reading as the article is in-depth and spells it out to the letter. If you look at the following table then it mentions FCoE and iSCSI:

However, FCoE, iSCSI, and FC would only be supported when you boot from SAN, only then is OSDATA supported on a SAN device. When you boot from USB/SD, OSDATA will need to reside on a locally attached device. In other words, the answer to the original question is: no you cannot boot ESXi from an SD card and place OSDATA on your SAN. Again, for details, read this excellent document.

Booting ESXi from SD/USB devices? Time to reconsider when buying new hardware!

Duncan Epping · Sep 17, 2021 · 26 Comments

We’ve all seen those posts from people about worn-out SD/USB devices, or maybe even experience it ourselves at some point in time. Most of you reading this probably also knew there was an issue with 7.0 U2, which resulted in USB/SD devices wearing out a lot quicker. Those issues have been resolved with the latest patch for 7.0 U2. It has, however, resulted in a longer debate around whether SD/USB devices should still be used for booting ESXi, and it seems that the jury has reached a verdict.

On the 16th of September, a KB article was published by VMware, which contains statements around the future of SD/USB devices. I can be short about it, if you are buying new hardware make sure to have a proper persistent storage device, USB/SD is not the right choice going forward! Why? The volume of reads/writes to and from the OS-DATA partition continues to increase with every release, which means that the lower grade devices will simply wear out faster. Now, I am not going to repeat word for word what is mentioned in the KB, I would just like to urge everyone to read the KB article, and make sure to plan accordingly! Personally, I am a fan of M.2 flash devices for booting. They are not too expensive(greenfield deployments), plus they can provide enterprise-grade persistent storage to store all your ESXi related data. Make sure to follow the requirements around endurance though!

“Access Denied” when encrypting a memory stick with BitLocker

Ian Gibbs · Nov 6, 2010 ·

At a customer this week, where BitLocker To Go is mandatory on Windows 7 machines, we discovered a problem encrypting USB memory sticks (flash drives). With the GPO settings at the customer, BitLocker To Go detects when a removable disk is plugged in to the machine, and prompts the user to either encrypt the drive or mount it read-only.

When you select the option to encrypt the drive, BitLocker then encrypts the whole disk (rather than just the files). At our customer however, when doing this over VMware View 4.5 USB redirection in an RDP session, the user was rewarded with “Access Denied” instead.

With PCoIP, it worked fine. It also works fine on RDP if you are an administrator. We quickly established that what looked at first like a USB redirection issue was in fact environment specific. We were able to encrypt the drive without issue in our test lab over both PCoIP and RDP. A day or so of fun inside Process Monitor and the (non-obvious) answer was found:

Set a DWORD called
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\AllowRemoteDASD
with the value
1

Fortunately there’s a corresponding GPO setting for this: Go to Computer Configuration > Administrative Templates > System > Removable Storage Access > All Removable Storage and set Allow direct access in remote sessions to Enabled.

Click for full size version showing the path

We set that, rebooted and BitLocker then worked fine. PCoIP seems to be unaffected by this issue, likely because it’s not a remote session/separate session in the same way an RDP session is.

Credit for the hard work goes to my colleague Reno Finch. Well done, Reno.

Ian Gibbs

Ian works for Virtual Clarity who consult on enterprise scale virtualisation.