Monthly Archives: March 2009

Virtual Geek: VMFS Best Practices and Counter-FUD

Check out this nice post about VMFS misconceptions on the Virtual Geek Blog

VMware Virtual User Group

Virtual-Al mentioned the possibility of a VMware Virtual User Group, similar to a Powershell Virtual User Group that has been around for a while.  He started a quick, seven question survey to measure interest. Please click here to take the survey.

Virtualization and Security

Security is huge when it comes to virtualization. The extra moving parts require a special care and feeding.  The Defense Information Services Agency is basically the IT department for the US Defence Department. They have an arm, called the Information Assurance Support Environment. The IASE is a has some serious information about securing any system. They post Security Technical Implementation Guides (STIGS) and Security Checklists that are very comprehensive. They even have STIGs and Checklists for all the different versions of winders. Some of the information is specific to the DoD, but those things, like certificates, etc. still have a place in any IT shop. I subscribe to their newsletter, so they just came to mind again because they posted a Draft XenApp STIG. I glanced at the docs, but they look pretty deep and I have reading narcolepsy…

So, why do I bring this up? They also posted a STIG for ESX Server a while ago and recently posted an updated Security Checklist for ESX. I know that Sid used these as a guide for his kickstart / post installation script. When coupled with the Unix STIG and Checklist, you will get a very secure system. So go check them out. They a free and that is my favorite price. So go get some.

:o)

Script to Restart VMware Tools Remotely

I was “forced” to learn how Powershell and the VI Toolkit works for an engagement a few months ago. Once you learn how powershell works and how the VI Toolkit integrates with Powershell, you will love it. This is coming from a linux guy who sees some of the VBScript stuff and just goes “HUH?!?” If you like VB SCripts, check out this post on Jase’s Place. Back in the day, I knew DOS scripting pretty well and I have learned rudimentary bash and perl scripting. To be frank, Powershell was easy for a knucklehead like me to pick up. I use it frequently to automate tasks in VI3 and the winders VMs it manages.

In my last post, I mentioned that VCB snapshots will cause VMware Tools to appear to go off line, even though they are still running. The fixes were to restart the management services on the host or login/logout of the guest. Restarting the management services on the host could cause issues if someone set up to automatically start VMs on boot. Logging in to the VMs is fine unless you have hundreds of VMs.

A third option is to restart the VMware Tools service. This is something that can easily be scripted as long as you have admin access to the guest via RPC services. There are a few methods to script the restart of services on a server remotely. The first is using the sc.exe utility. The syntax of the script looks like this:

sc.exe \\guestname stop VMTools
sc.exe \\guestname start VMTools

This can be easily scripted using the good-old DOS for command. Create a text file (C:\scripts\serverlist.txt) with all of the servers that need to have the VMware Tools service restarted, one guest per line in the file so it looks like this:

guest1
guest2
guest3
guest4

Then run a command that looks like this:

For /F %%SERVER in C:\scripts\serverlist.txt do
sc.exe \\%SERVER stop VMTools
sleep 10
For /F %%SERVER in C:\scripts\serverlist.txt do
sc.exe \\%SERVER start VMTools

You can get the sleep utility in the Resource Kit Tools for Windows 2003. A 10 second pause seems to work pretty well to make sure the service actually stops.

Since I lost all of my DOS scripting chops, I only know how to automate this fully using the VI Toolkit and Powershell. The script below will use the VI Toolkit to automatically create a list of guests that report as not having VMware Tools running and pass that information to standard powershell commands to stop and start the services:

#Connect to the vCenter Server
Connect-ViServer <vCenter.FQDN>

#Get a list of guests where VMware Tools are not running
$servers = get-vm | where { $_.PowerState -eq “PoweredOn” } | Get-VMGuest | where { $_.State -ne “Running” } | select vmName, State

# Stop VMTools Service
foreach ($srv in $servers)
{

Write-Host “Stopping services on $srv”
# Get the VMTools Service
$Service = get-wmiobject -ComputerName $srv -query “select * from win32_service where name=’VMTools'”
if ($Service -ne $null)

#Stop the VMTools Service
{$Service.StopService()}

Sleep 10
Write-Host “Starting services on $srv”

#Start the VMTools Service
$Service.StartService()
}

Another thing I recently needed was a quick way to list the guests with snapshots as a quick method to make sure VCB exited properly. You can use this:

Get-VM | Get-Snapshot | Select VM, Name, Created, Description

Well, there you have it. Script your VMware Tools restart…
:o)

VMware Tools status shows as not running after running VMware Consolidated Backup

Yesterday, VMware posted a Knowledgebase Article about VMware Tools appearing to go off line after a VCB snapshot is taken. This issue occurs after applying the ESX350-200901401-SG hotfix. The KB Article also says it can occur “for some time after the initial snapshot” on unpatched hosts, but I have never seen it.

The work-arounds are simple:

  1. restart the mgmt-vmware service (Make sure you don’t have VMs set to auto start)
  2. Log In and log out of the VM, this will cause VMware Tools to kick itself in the pants.
  3. Use the name or UUID lookup method instead of the ipaddr method.

This was originally addressed here.

It is difficult sometimes to get your backup software to use the name lookup method if it does not use a VCB Integration Kit. If you ARE using an integration kit, you can set this in the config.js file:

VM_LOOKUP_METHOD=”name”;

Since most of the “majors” in backup software, like NetBackup, TSM and Networker were originally Unix based, you may be able to find a config file somewhere to set this option.

Using VCB with any backup software

I don’t know how many times I have helped with VCB issues in the past couple of years on the VMTN Forums. It usually falls down to someone not understanding the VM Backup Guide or how VCB works. Honestly, the guide leaves something to be desired. Because of this, I have published a “Proven Practice” guide on VI:OPS to try to clarify things.

<commercial>

VI:OPS is a VMware Forum that dedicates itself to providing information related to operations surrounding a VMware Infrastructure. The “Proven Practice” documents are submitted and reviewed by moderators before they are published. The published documents allow for peers to comment on the documents.

</commercial>

Although VMware provides integration kits for a few different brands of backup software, it does not cover all of the different brands versions. Some vendors have created their own integration kits as well. But not every brand or version is covered. Because of this, I have outlined a generic method for using VCB to back up and recover VMs. Some other things that really needed to be clarified were using VCB in hot-add mode and performing FullVM backups of selected disks. The doc includes screen shots and command sytax examples.  So head over and check out the doc -> Proven Practice: Setting Up VMware Consolidated Backup for any Backup Software.

Getting New Performance Overview Charts Working in VC2.5U4

One of the New features of vCenter 2.5 Update 4 is the “Performance Overview Charts”. But, if you do not follow the proper upgrade steps, it will not work properly. I am a big fan of the “Complete uninstall and install fresh” method. You can make sure all of the bits are gone before the upgrade. Obviously, you will need to make a backup copy of your license files and, if changes were made, the vpxd.cfg file.If you look at the release notes, you will see a link to a VMware Knowledgebase Article about how to get the charts working. It tells you that you will need to install the Java Development Kit6u11. You will also need to set path info into the environment, copy the files from the CD to a local disk and run install from there.

But there are those of us that will just download the zip file, uncompress it, and run setup.exe. No backups, no uninstall first. This is why VMware has several KB articles about how to get the charts working, depending on how you upgraded.

The first KB Article deals with not stopping the Web services first. Another KB Article deals with the need for an updated Oracle ODBC driver if you have an Oracle database.  Finally, for those of us living on the edge, there is a KB Article if you are suing the bundled SQL Express database.

So, here are my steps in a nutshell:

  1. Backup the databases, license file and (if needed) vpxd.cfg
  2. Uninstall the old version of vCenter, VUM, Converter, and Capacity Planner
  3. Install the Java Development Kit6u11
  4. Edit the environment path and append C:\Program Files\Java\jdk1.6.0_11\bin\
  5. Add a system variable of JAVA_HOME to point to C:\Program Files\Java\jdk1.6.0_11
  6. Install vCenter, pointing to the vCenter and VUM databases when prompted
  7. Copy the \vpx\perfCharts\ directory from the CD to local disk
  8. Run install.bat from \vpx\perfCharts\ on the local disk
  9. Uninstall Capacity Planner (You don’t need it by now, do you???)

Obviously, if you have your Program Files on a different drive or path than the default, it will need to be entered appropriately in steps 4 and 5.

Well, there you have it. Setup Performance Overview Charts in 9 easy steps.

Here we are!!

Welcome to DailyHypervisor. Please be patient as we get our site up and running.