Required ports for configuring an external firewall to allow ESX and vCenter Server traffic

You might be in a Scenario where in you would like to allow ESX and vCenter server to communication through firewall.

Below is the list of mandatory and optional ports needed to be opened on the Firewall.

You will have to contact your firewall administrator to get this done.

 

These ports are mandatory:

• 22 - SSH port
• 53 - DNS Quesry
• 80 - HTTP
• 902 - vCenter Server / VMware Infrastructure Client - UDP for ESX Heartbeat
• 903 - Remote Console
• 443 - Web Access
• 27000, 27010 - License Server

These ports are optional:

• 123 - NTP
• 161, 162 - SNMP
• 88 - Kerberos
• 464 - Active Directory
• 3260 - Software iSCSI

VCP 4: Doing it the hard way

VCP 4: Doing it the hard way

If you’re interested in trying to pass the VCP 4 without using the study guides or test samplers, you can expect to have a much more difficult time. I have been working with VMware software’s but I doubt to get the VCP cleared if I had not used any of the tutorials or Brain dumps.
However, if you want to study the “official way” here’s a the Topics of what you’ll need to know:

Deploying a new VMware installation:
o Identify minimum hardware requirements
o ESX Hardware Reqs – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_vc_installation_guide.pdf#page=13
o ESXi Hardware Reqs – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esxi_i_vc_setup_guide.pdf#page=13
o Download, prepare and validate installation media
o Download media – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_vc_installation_guide.pdf#page=25
o Determine appropriate ESX/ESXi configuration in a given situation
o Obtain required information for environment: IP info, LUN info, boot information, service console memory, user accounts, ntp server IP, etc.
o Verify hardware against the VMware Hardware Compatibility Guide: Server, hard drives, san, HBAs, nics, procs, etc. all on HCL
o Perform a custom installation
o Booting ESX installer – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_vc_installation_guide.pdf#page=27
o Graphical Install – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_vc_installation_guide.pdf#page=39
o Text Install – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_vc_installation_guide.pdf#page=42
o Scripted Install – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_vc_installation_guide.pdf#page=45
o Customize storage layout for given situations
o Required Partitions – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_vc_installation_guide.pdf#page=61
o Optional Partitions – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_vc_installation_guide.pdf#page=62
o Configure ESXi from the direct console
o Install ESXi – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esxi_i_vc_setup_guide.pdf#page=22
o Direct Console User Interface – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esxi_i_vc_setup_guide.pdf#page=26
o Configure ESX/ESXi NTP
o ESX NTP During Install – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_vc_installation_guide.pdf#page=24
o Configuration tab, Time Configuration, Properties
o Manage ESX/ESXi licensing
o Compare/Contrast VMware vSphere editions
o Edition Comparison Chart – http://kb.vmware.com/kb/1010579
o Manage license keys – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_vc_installation_guide.pdf#page=107
Upgrading an existing VMware installation:
o Plan a VMware vSphere upgrade
o Backup/Restore ESX/ESXi host configuration
o Backup host configuration – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_upgrade_guide.pdf#page=71
o Restore host configuration – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_upgrade_guide.pdf#page=83
o Understand Virtual Machine backup options
o VMotion, storage VMotion, vcb, converter, vdr, third party
o Determine if existing hardware meets upgrade requirements
o Hardware Requirements – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_upgrade_guide.pdf#page=27
o Understand VMware ESX/ESXi upgrade scenarios
o Host Upgrades – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_upgrade_guide.pdf#page=67
o Release Upgrade Support – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_upgrade_guide.pdf#page=72
o Perform upgrade to ESX 4.0
o Upgrade VMware ESX/ESXi
o About Host Updates – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_upgrade_guide.pdf#page=101
o Update Manager Upgrade Baseline – http://www.vmware.com/pdf/vsp_vum_40_admin_guide.pdf#page=53
o esxupdate/vihostupdate – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_upgrade_guide.pdf#page=104
o ESX Upgrade – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_upgrade_guide.pdf#page=75
o ESXi Upgrade – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_upgrade_guide.pdf#page=77
o Upgrade virtual machine hardware
o Virtual Hardware Upgrade – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_upgrade_guide.pdf#page=97
o Upgrade VMware Tools
o Tools Upgrade – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_upgrade_guide.pdf#page=86
o Verify success of upgrade
o Upgrade Logs – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_upgrade_guide.pdf#page=79
o Understand upgrade roll back options
o Roll Back an ESX Upgrade – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_upgrade_guide.pdf#page=82
o Roll Back an ESXi Upgrade – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_upgrade_guide.pdf#page=83
Understand VMware security:
o Identify default security principles
o Default Roles – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_admin_guide.pdf#page=214
o General Security – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_server_config.pdf#page=179
o ESXi Lockdown Mode – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esxi_server_config.pdf#page=168
o Understand Service Console firewall operation
o Service Console Security Level
o COS Security – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_server_config.pdf#page=142
o Firewall Security Level – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_server_config.pdf#page=180
o Opening/Closing ports in the firewall using the vSphere Client
o Configuration, Security Profile, Properties
o Set up user/group accounts
o Host Users/Groups – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_admin_guide.pdf#page=212
o Understanding Users/Groups – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_server_config.pdf#page=167
o Working With Users & Groups – http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_server_config.pdf#page=170
o Determine applications needed for accessing the service console in a given scenario: vSphere client, ssh client, vCenter, VCB/VDR, Update Manager, Converter, etc.
Know these tools:
o VMware Hardware Compatibility Guide
o VMware ESX/ESXi and vCenter Server Installation Guide
o Configuration Maximums Guide
o Product Documentation
o VMware Virtualization Toolkit
o vSphere Host Update Utility
o vCenter Update Manager
o vSphere Upgrade Guide
o ESX 4 Patch Management Guide
o Product Documentation
o esxupdate
o vSphere Client
o ESX/ESXi Configuration Guides
o Product Documentation

Help to restore a lost vmx-file from a *.vmsn

A *.vmss file = Virtual machine snapshot is a binary file with metadata for the snapshot.
It has a copy of the vmx-file at a fixed location and so we use dsfo.exe again - or dd on Linux.

dsfo.exe vm1.snapshot.vmsn 100 10000 vm1.vmx

Use the below command to edit and reinject the vmx-file into the *.vmsn use
dsfi.exe vm1.snapshot.vmsn 100 10000 vm1.vmx

On Linux extract with
dd if= vm1.snapshot.vmsn of=vm1.vmx bs=1 skip=100 count=10000

To inject use
dd if=vm1.vmx of= vm1.snapshot.vmsn bs=1 skip=100 count=10000

How to restore a lost vmx-file from a *.vmss

A vmss-file = Virtual machine suspended state also has a copy of the vmx file that was used.
The location inside the binary file varies so no extraction command can be given.

 

VMware vSphere 4 Thin Provisioning: Pros & Cons

vSphere 4′s thin provisioning is a pretty cool feature, but it has downsides, too.

Pros & cons for a customer, especially given all the thin provisioning talk lately.

Pros:

• Saves disk space where it isn't really being used by permitting over commitment, meaning:
• more VMs per datastore, which, for local datastores, means more VMs per host.
• better utilization of expensive storage.
• Smaller disk allocations translate into faster storage VMotion s, clones, snapshot operations. You are only copying what needs to be copied.
• Incredibly easy to convert to and from thin-provisioned disks, on the fly, using Storage VMotion.
• More flexible disk allocation strategies. VMs could have extra, unallocated space built into them, making it easy to grow later without adding additional virtual disks but not consuming all that space initially.

Cons:

• Changed block tracking is a VM v.7 feature, but thin provisioning can be done with v.4 hardware, too.
• Cannot use other advanced features of vSphere 4, such as Fault Tolerance.
• Normal maintenance operations, such as defragmentation, use of sdelete, etc., rapidly & irreversibly negate thin provisioning by causing blocks to be changed. This is especially important as strategies to maximize deduplication by zeroing filesys! tem blocks negate almost all benefits of thin provisioning.
• Over commitment of storage adds the risk that a volume may fill, causing a denial-of-service for other VMs. This can be through malicious behavior by a customer, through normal day-to-day use of VMs, or through well-intentioned but uninformed behavior (such as running a defragmenter, etc.).
• Thin provisioning may have performance concerns:
• The gradual growth of a VMDK file will likely cause fragmen! tation, which may be a performance issue. On disk arrays that are already subject to fragmentation, such as those from NetApp, the effect may be more severe. However, Storage VMotion operations also serve to defragment virtual disks.
• More VMs per LUN may introduce storage I/O performance issues.
• General understanding of how filesystems work is low. Add to that a general lack of understanding of how thin provisioning works, and how it would interact with other technologies like deduplication and snapshots, and I can see the potential for colossal mishaps.

Some of the cons are mitigated with better monitoring strategies. vCenter has a number of new ways to monitor thin provisioned VMs, and notify when datastores fill. However, if you're doing deduplication on your storage array you might have to choose which technology to go with. Many people use sdelete or custom scripts to zero out empty filesystem space so that deduplication can identify and deduplicate free space. Running "sdelete -c" on a thin-provisioned 40 GB VMDK file causes it to grow to 40 GB, though. On the back end I know it's being deduplicated very well, but on the front end it isn't thin anymore, and can't be made thin again with Storage VMotions because all those blocks have been "touched." Coupled with fragmentation and other performance issues, users of deduplicating arrays (NetApp, etc.) might consider not thin provisioning for now, a! nd work to improve their back-end deduplication rates instead.

P.S. if thin provisioning were coded to recognize zeroed blocks it'd be a different story altogether. Then normal filesystem use (file creates, deletes, etc.), or use of sdelete, defragmenters, etc. wouldn't be a problem at all.

 

VMware View 4.6 will launch sans profile management

VMware launched View 4.6 last week, it will include some needed improvements, such as PCoIP tunneling.

But the software won't have, and it may never include, the integrated profile management capabilities that VMware had promised its VDI customers.

VMware partners learned during the company's recent Partner Exchange that RTO Software will not be part of View 4.6. According to one New England-based VMware View integrator, "The problems are so major that [the RTO investment] has been totally deep-sixed." Another source close to VMware confirmed that the company has all but nixed its RTO integration plans.

The integrator, who preferred anonymity, tested RTO Software's Virtual Profiles last year and said that it works great with Windows XP, but with Windows 7, it "locks up and corrupts files."

Other sources confirmed problems with Windows 7, but VMware has denied that the lack of Windows 7 compatibility is the reason for the failed launch of the RTO technology. Meanwhile, the company hasn't offered customers an official reason.

VMware signed an OEM agreement with RTO Software in September 2009 to integrate Virtual Profiles technology with VMware View. It then acquired some of RTO's technologies in February 2010. VMware said profile management software would be built into View 4.5 and included it in the View 4.5 beta, but the company pulled the feature before releasing a second beta in June. VMware later said it would integrate RTO in future versions of View, but it has provided no timeline.

VMware recently stated in an email, "Profile management is a key component of VMware's strategy to modernize the enterprise desktop and will be offered in future releases of View." It also said that "customers can expect further innovation and integration of persona management."

 

What is in View 4.6?
View 4.6 does support secure PC-over-IP (PcoIP) tunneling.VMware View 4.5 lacks support for PCoIP sessions via the View Security Gateway, so remote users have had to use a secure virtual private network (VPN) tunnel, which adds latency. In addition, remote locations without a VPN could not use PCoIP.

View 4.6 also includes a number of bug fixes, better support for Windows 7 Service Pack 1 and enhanced USB device compatability, according to reports from the VMware Partner Exchange.