VirtualCenter

VirtualCenter 2.0.2 Update 5

Duncan Epping · Aug 13, 2008 ·

Besides ESX 3.0.3 also a new VC version has been releaded! I did not notice this one yet.

Security Issues

Updates the Apache Tomcat Server
This release of VirtualCenter Server updates the Tomcat server package from 5.5.25 to 5.5.26, to address multiple security issues that existed in the earlier releases of Tomcat server.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, and CVE-2007-6286 to these issues.
For more information, refer to the Apache Tomcat 5.x Vulnerabilities page.

Updates the JRE Package
This release of VirtualCenter Server updates the JRE package from 1.5.0_12 to 1.5.0_15, to address multiple security issues that existed in the earlier releases of JRE.
For more information about security issues fixed in JRE package version 1.5.0_15 and in earlier versions, refer http://java.sun.com/j2se/1.5.0/ReleaseNotes.html.
The following advisories by Secunia list the CVE identifiers related to the fixed security issues in JRE 1.5.0_13, JRE 1.5.0_14, and JRE 1.5.0_15:

http://secunia.com/advisories/ 27009

http://secunia.com/advisories/ 27320

http://secunia.com/advisories/ 28795

http://secunia.com/advisories/ 29239

Note: These vulnerabilities can be exploited remotely only if the attacker has access to the service console network. Security best practices provided by VMware recommend that the service console be isolated from the virtual machine network. For more information on VMware security best practices, refer www.vmware.com/resources/techresources/726.

VirtualCenter Server Users Without the Modify Permission Privilege Can No Longer View User Name Details of Other System Users
Starting with this VirtualCenter Server release, only users with the Modify Permission privilege can view details of other system users. When users with read-only or similar roles attempt to assign permissions to other system users, user name details of other system users are not displayed, instead, a message similar to the following appears:
Permissions to perform this operation was denied.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-3514 to this issue.

Virtual Machine Management Issues

e1000 Is the Default Network Adapter Driver for Windows Vista Ultimate 32-Bit Guest Operating Systems
Starting with this release, the Windows Vista Ultimate 32-bit guest operating systems correctly detects the e1000 driver as the default network adapter driver, instead of the vlance driver.

Multiple Virtual Machines Can Be Scheduled to Power On Simultaneously
This release fixes an issue where multiple tasks that are scheduled to power on virtual machines at the same time might result in one of the following:

The scheduled tasks might fail, with log entries similar to the following in the vpxd.log file:
[2008-02-25 03:35:04.185 'App' 6708 verbose] [VpxdMoEventManager] Event[12597]: Task <virtualmachine _name>_PowerON on <virtualmachine _name> in Data Center failed: The request refers to an unexpected or unknown type.

The VirtualCenter Server might stop responding, with log entries similar to the following in the vpxd.log file:
Exception: Not reached! [2008-02-26 03:35:03.260 'App' 4848 error] Backtrace: backtrace[00] eip 0x016dc006 Ordinal788 backtrace[01] eip 0x0167248a Ordinal400….

VirtualCenter Server Accepts Suffix Less Domain Entries When Updating the DNS Configuration of an ESX Server Host
This release fixes an issue where, when updating the DNS configuration of an ESX Server host, the VirtualCenter Server fails to accept valid host domain names that do not have suffixes, and displays an error message similar to the following:
The Domain name is not in the correct format

Viewing the Event Tab Page No Longer Causes the Japanese Version of VirtualCenter Server to Stop Responding
This release fixes an issue where, if an event that writes multi-byte characters to the ARG_DATA column of VPX_EVENT_ARG database table, such as accessing the console of a virtual machine, is followed by viewing the Event tab page, the Japanese version of the VirtualCenter Server might stop responding. Entries similar to the following are logged in the vpxd.log file:
[2008-03-05 17:12:18.161 'App' 5012 verbose] [VdbStatement]Executing SQL: SELECT EVENT_ID, ARG_ID, ARG_TYPE, ARG_DATA, OBJ_TYPE, OBJ_NAME, VM_ID, HOST_ID, COMPUTERESOURCE_ID, DATACENTER_ID, RESOURCEPOOL_ID, FOLDER_ID, ALARM_ID, SCHEDULEDTASK_ID FROM VPX_EVENT_ARG WHERE (EVENT_ID IN (?,?,?,?..........) [2008-03-05 17:12:18.302 'App' 5012 error] An unrecoverable problem has occurred, stopping the VMware VirtualCenter service. Check database connectivity before restarting. Error: Error[VdbODBCError] (-1) ODBC error: () - [2008-03-05 17:12:18.302 'App' 5012 verbose] Backtrace:

Installation Issues

VirtualCenter Server No Longer Fails to Start When Japanese Version of VirtualCenter 2.0.2 Update 2 is Upgraded
The VirtualCenter Server might fail to start when the Japanese version of VirtualCenter 2.0.2 Update 2 is upgraded to VirtualCenter 2.0.2 Update 3, or VirtualCenter 2.0.2 Update 4, with entries similar to the following in the vpxd.log log file:
[2008-05-07 15:56:59.953 'App' 5840 error] [VpxdVdb] Database version value 'VirtualCenter Database 2.0.2u1' is incompatible with this release of VirtualCenter. [2008-05-07 15:56:59.953 'App' 5840 error] Failed to initialize VMware VirtualCenter. Shutting down...
This release fixes the issue. The VirtualCenter Server is capable of starting, when the Japanese version of VirtualCenter 2.0.2 Update 2 is upgraded to VirtualCenter 2.0.2 Update 5.

What if my VirtualCenter server crashes?

Duncan Epping · Aug 5, 2008 ·

Seva, a VMware Technical Account Manager, put together a cool table with the implications of a VirtualCenter crash. This is a follow up to my blog about VirtualCenter getting more important by the minute. I think the most important thing to remember is that the VM’s keep running whatever happens to your VC Server and HA will still work if VC fails, well except for adding hosts to the cluster of course. So reinstalling the VirtualCenter server and re-adding the hosts is still possible, but in my opinion not recommended. Especially when you’ve got complex Resource Pools and Folder structures set up.

Open this link to the PDF or click on the picture below.

VirtualCenter database

Duncan Epping · Jul 31, 2008 ·

There has always been much discussion about the VirtualCenter database if it was important enough to back it up. Most people agreed that the information that the database held was not important. A datacenter and cluster could be easily reconfigured and all other settings were saved on the host. HA wasn’t even using VirtualCenter, and DRS well a day without DRS is something most companies could afford.

VirtualCenter 2.5 already contained a feature called “Distributed Power Management”, with this feature the VirtualCenter database became more important but still one could easily do without it. But VMware just released VirtualCenter 2.5 Update 2. This update contains a new feature for HA. HA will get it’s IP info straight from VirtualCenter instead of the /etc/hosts file or DNS. With this info HA fills up /etc/FT_HOSTS. This all of a sudden makes the VirtualCenter database and the VirtualCenter server more important than ever.

I guess it’s time to start building the VirtualCenter server in a different way. Going virtual might be the best solution for having a highly available VirtualCenter server and database. But what about actually backing up the Database, via a maintenance plan or a backup engine. In time the VirtualCenter database will only get more important, especially when for instance DPM evolves. I can imagine DPM will detect trends and switch servers on and off accordingly.

Anyway, the only message I wanted to get out is start backing up that database!

High Availability change

Duncan Epping · Jul 29, 2008 ·

I just noticed the following, when creating a new(!) HA cluster on VirtualCenter 2.5 Update 2 the default isolation response is set to “Leave powered on”. In other words, when your ESX host hasn’t got a network connection any more the VM’s remain on. This is a huge change because the default used to be “Power Off”.

Besides “Power Off” and “Leave powered on” there’s a new option introduced. And this is one I was looking for, “Shutdown VM”. Shutdown VM doesn’t just pull the cord, it tries to shutdown the VM in a decent fashion, via the OS.

ESX 3.5 Update 2 available now!

Duncan Epping · Jul 26, 2008 ·

Am I the first one to notice this? VMware just released Update 2 for ESX(i) 3.5 and a whole bunch of new patches!

So what’s new?

Windows Server 2008 support – Windows Server 2008 (Standard, Enterprise, and Datacenter editions) is supported as a guest operating system. With VMware’s memory overcommit technology and the reliability of ESX, virtual machine density can be maximized with this new guest operating system to achieve the highest degree of ROI. Guest operating system customizations and Microsoft Cluster Server (MSCS) are not supported with Windows Server 2008.
Enhanced VMotion Compatibility – Enhanced VMotion compatibility (EVC) simplifies VMotion compatibility issues across CPU generations by automatically configuring server CPUs with Intel FlexMigration or AMD-V Extended Migration technologies to be compatible with older servers. Once EVC is enabled for a cluster in the VirtualCenter inventory, all hosts in that cluster are configured to ensure CPU compatibility for VMotion. VirtualCenter will not permit the addition of hosts which cannot be automatically configured to be compatible with those already in the EVC cluster.
Storage VMotion – Storage VMotion from a FC/iSCSI datastore to another FC/iSCSI datastore is supported. This support is extended on ESX/ESXi 3.5 Update 1 as well.
VSS quiescing support – When creating quiesced snapshot of Windows Server 2003 guests, both filesystem and application quiescing are supported. With Windows Server 2008 guests, only filesystem quiescing is supported. For more information, see the Virtual Machine Backup Guide and the VMware Consolidated Backup 1.5 Release Notes.
Hot Virtual Extend Support – The ability to extend a virtual disk while virtual machines are running is provided. Hot extend is supported for vmfs flat virtual disks without snapshots opened in persistent mode.
192 vCPUs per host – VMware now supports increasing the maximum number of vCPUs per host 192 given that the maximum number of Virtual Machines per host is 170 and that no more than 3 virtual floppy devices or virtual CDROM devices are configured on the host at any given time. This support is extended on ESX 3.5 Update 1 as well.

I really really like the VSS support for Snapshots, especially for VCB this is a great feature! And what about hot extending your harddisk, this makes a VMFS datastore as flexible as a RDM datastore!

For Hardware there are also a couple of really great additions:

8Gb Fiber Channel HBAs – Support is available for 8Gb fiber channel HBAs. See the I/O Compatibility Guide for ESX Server 3.5 and ESX Server 3i for details.
SAS arrays – more configurations are supported. See the Storage/SAN Compatibility Guide for ESX Server 3.5 and ESX Server 3i for details.
10 GbE iSCSI initiator – iSCSI over a 10GbE interface is supported. This support is extended on ESX Server 3.5 Update 1, ESX Server version 3.5 Update 1 Embedded and ESX Server version 3.5 Update 1 Installable as well.
10 GbE NFS support – NFS over a 10GbE interface is supported.
IBM System x3950 M2 – x3950 M2 in a 4-chassis configuration is supported, complete with hardware management capabilities through multi-node Intelligent Platform Management Interface (IPMI) driver and provider. Systems with up to 32 cores are fully supported. Systems with more than 32 cores are supported experimentally.
IPMI OEM extension support – Execution of IPMI OEM extension commands is supported.
System health monitoring through CIM providers – More Common Information Model (CIM) providers are added for enhanced hardware monitoring, including storage management providers provided by QLogic and Emulex. LSI MegaRAID providers are also included and are supported experimentally.
CIM SMASH/Server Management API – The VMware CIM SMASH/Server Management API provides an interface for developers building CIM-compliant applications to monitor and manage the health of systems. CIM SMASH is now a fully supported interface on ESX Server 3.5 and VMware ESX Server 3i.
Display of system health information – More system health information is displayed in VI Client for both ESX Server 3.5 and VMware ESX Server 3i.
Remote CLI – Remote Command Line Interface (CLI) is now supported on ESX Server 3.5 as well as ESX Server 3i. See the Remote Command-Line Interface Installation and Reference Guide for more information.

One of the important thing in my opinion is the full support for the CIM Smash API! And iSCSI over a 10GBe interface, same goes for NFS! 8GB fibre and SAS arrays is a great extension.

VMware High Availability – VirtualCenter 2.5 update 2 adds full support for monitoring individual virtual machine failures based on VMware tools heartbeats. This release also extends support for clusters containing mixed combinations of ESX and ESXi hosts, and minimizes previous configuration dependencies on DNS.
VirtualCenter Alarms – VirtualCenter 2.5 Update 2 extends support for alarms on the overall health of the server by considering the health of each of the individual system components such as memory and power supplies. Alarms can now be configured to trigger when host health degrades.
Guided Consolidation – now provides administrators with the ability to filter the list of discovered systems by computer name, IP address, domain name or analyzing status. Administrators can also choose to explicitly add physical hosts for analysis, without waiting for systems to be auto-discovered by the Consolidation wizard. Systems can be manually added for analysis by specifying either a hostname or IP address. Multiple hostnames or IP addresses, separated by comma or semi-colon delimiters, may also be specified for analysis. Systems can also be manually added for analysis by specifying an IP address range or by importing a file containing a list of hostnames or IP addresses that need to be analyzed for consolidation. Guided Consolidation also allows administrators to override the provided recommendations and manually invoke the conversion wizard.
Live Cloning – VirtualCenter 2.5 Update 2 provides the ability of creating a clone of a powered-on virtual machine without any downtime to the running virtual machine. Therefore, administrators are no longer required to power off a virtual machine in order to create a clone of it.
Single Sign-On – You can now automatically authenticate to VirtualCenter using your current Windows domain login credentials on the local workstation, as long as the credentials are valid on the VirtualCenter server. This capability also supports logging in to Windows using Certificates and Smartcards. It can be used with the VI Client or the VI Remote CLI to ensure that scripts written using the VI Toolkits can take advantage of the Windows credentials of your current session to automatically connect to VirtualCenter.

One of the best new features described above in my opinion is the extension of Alarms! It’s awesome that VirtualCenter will report on hardware health! But what about that live cloning, that will definitely come in handy when troubleshooting a live production environment. Just copy the server, start it without the network attached and try to solve the problem!

DOWNLOAD it now:

ESX 3.5 Update 2
ESXi 3.5 installable Update 2
VirtualCenter 2.5 Update 2
VMware Consolidated Backup 1.5