Wednesday, August 29, 2012

vSphere 5.1 - The ROOT access is no longer COMMON

Just wanted to give you a bite into the new and enhanced ESXi 5.1 feature which improves the way Administrators access the Shell of ESXi. The traditional way of accessing the highest privileges on an ESXi shell was to use the "root" account. Even if you are a LDAP user or a locally added user on the ESXi, you would have to switch to the root account by using the shell command "su" which will grant you root level access to initiate commands on the ESXi shell.

But with the latest version of vSphere 5.1 the administrative privileges can be removed from the default root account and individually assigned to Local Users which will provide them full access to the ESXi shell.

This is a cool enhancement, as this not only makes the platform more secure, but it also improves the auditing  of the ESXi shell activity as the logging will now display the name of the user who is accessing the shell and performing administrative tasks. In previous versions it was literally impossible to track that who logged in with root access as the logs will just show that the tasks are performed by "root" user.

Lets see what kind of use cases this will help:-

a) Organizations would not have to worry about resetting root password as there policy of password management as root can now be disabled, hence they will have one less account to manage.

b) Having to share a password (root user password) among admin team members is no longer required, ensuring no unauthorized access, end to blame games and a sense of accountability among VMware Administrators of an organization.

c) Monitoring and Auditing becomes easier as the log will reflect the name of the "username" who performed any activity instead of "root", hence making it easier to audit activities.

Another smart add on to this feature is the ability to auto terminate sessions which are left idle due to human error. For Example - An admin with full shell access logged into a ssh session while troubleshooting an issue from the system of his storage admin and he forgot to logout before taking that important call from his boss. Now the storage admin has full access to the Shell which could possibly be an issue"

In order to avoid such situations a new advance variable UserVars.ESXiShellInteractiveTimeOut is available to set a timeout value for any ESXi shell access. As soon as the timeout limit is reached, the session would be terminated, making the shell inaccessible for the unauthorized user.

Do remember to use this excellent feature in your environments to make it more secure, reliable &  manageable.







Tuesday, August 28, 2012

VMworld 2012 Highlights (playlist)

VMware vSphere 5.1 - What's new with this version?

As promised, a quick post to see whats changed after 1st day of  VMworld 2012.

Well I hope I can keep up with the word QUICK, because of the number of new things VMware has announced in a single day. I will give you the highlights and then some interesting links to follow which will give you tons of great reads on this latest release of VMware.



  • vRAM Entitlement is a concept of past - After a huge row about vRAM restrictions which were introduced last year with the announcement of vSphere 5.0, VMware relaxed the vRAM tax to 32 GB entitlement on Standard Edition, 64 GB Entitlement on Enterprise Edition and 96 GB vRAM entitlement on Enterprise Plus Edition of vSphere. This scheme of things ran for an year, however in the last customer survey done by VMware, they found that customers are not very happy about the limitations as this makes the entire capacity planning exercise a bit complex. VMware heard the customer and BOOM... the plan just changed. Yes no more vRAM tax. Just license each populated  processor socket on the server and you are good to go.
  • Feature Flow & New Editions- The editions have just become more beefier. Yes, you got it, the features from higher versions of vSphere like Enterprise & Enterprise Plus have flown down to the Standard edition making it more attractive and affordable for the SMB segment. For an example, Storage vMotion, VMware FT, vShield Zones, Hot Add etc. An important thing to note is that this has not affected the prices of these editions, yes you can get this at the same price. In addition to this a new edition is launched which can be seen as a new Avatar of the Standard edition along with Operations Management which allows you to lay your hands on Behavioral Performance Management & Capacity Planning. So you can not only be a smart SMB with Virtualization, but would also have the capability to manage it.
  • New Features Added - As always the VMware R&D teams are quick to react to customer requirements and this time around they were able to change the Monster VM's to SUPER MONSTER by giving them 64vCPU capability. SR-IOV is another feather in the cap which will now allow you to share special hardware devices between virtual machines. vMotion without Shared Storage is another one which would help those who cannot afford shared storage.
  • Data Protection - aka VDP (VMware Data Protection) just replaces the VMware Data Recovery (VDR) technology with a much widely accepted EMC Avamar backup appliance. VDP is a part of all the license editions hence all the VMware customers would have the liberty to throw the traditional backup equipment out of the window and use the more smarter and efficient way to backup virtual machines. Yes, you can still use your existing backup mechanisms if you wish too.
  • vSphere Replication - One of the coolest solution which I encountered with host based replication. You will not be wrong to say that this was introduced to help customers use SRM without identical storage and array based replication, but this feature was such a hit that VMware has made it native to the vSphere Platform. So now you can replicate virtual workloads as and when you need. SRM may not be needed if your use case is just replicating for a point in time backup. I am sure the smart customers of VMware would find 100 of use cases by the time they upgrade to vSphere 5.1 to get there hands on FREE vSphere replication.
  • vShield Endpoint is a part of all the editions - Must appreciate the fact that how VMware wants its customers to choose the best way of securing there virtual machines. vShield Endpoint which was a licensed product and came with a price tag is now FREE and is part of all the editions. Time to call your Anti-Virus and Malware vendors and ask them to help you transition to a more effective way of performing Antivirus scans by offloading to the Endpoint Service VM and saving your environment from deadly Anti-Virus scan storms. Way to go.
Here is a quick snap of what I discussed above:-






































Well for those who want to learn more about other license changes, here is the link to go to:-

vSphere 5.1 - Licensing, Pricing & Packaging - http://www.vmware.com/files/pdf/vsphere_pricing.pdf

For the TECHIES below are the bunch of links which will give you oodles of information about what VMware is upto with this release:-


All the above technical whitepapers have some great information about the new vSphere Platform. 

Apart from these great reads from the Technical Marketing teams of VMware, you can also see these features in action on the VMware Now Website at http://www.vmware.com/now.html?skip=y

Go to the Topics Guide section on this page to get a Deep Dive on all the topics mentioned above.



Enjoy the read. I will try some of them in my home lab and share my findings on how they make a difference.

Till then...

Happy Virtualizing
Sunny Dua

Friday, August 17, 2012

VMworld 2012 - The countdown begins!!

10 days to VMworld 2012 and I thought I will write about the excitement I see in the x86 Virtualization market. The market is hot as ever and this time the theme is Who is better and Who can fulfill what the customer needs with the most efficient and cost effective solution.

I have been working with VMware for the past few years and I am so impressed with the strategies of VMware. Be it Technology, be it Innovation or be it the humble ways of handling competition, it shows that VMware has not only matured as a most trusted platform for the cloud, but the organization itself has matured tenfold.

The competition for VMware has made enough noise for the past one year with what they "WOULD" release, however this has not made any impact to the strategies and goals of the organization which is driven by Customer Satisfaction and Innovative ways to move towards Cloud Computing.

'Thinking beyond Virtualization' -  was a clear message which came out of last year's VMworld and I am sure VMware would have some amazing surprises for the industry as every year. I know of people in the company who say that "This year VMworld would be the BIGGEST" and they have been saying this for past few years now :-)

Would be coming up soon with what VMware is upto by the beginning of next month. Stay tuned and watch this space for more.

In the mean time, if you wanna make to the VMworld in US or EMEA, here is the page where you can register yourself. If you are unable to be there due to other priorities then you could subscribe for streaming sessions on demand.

Till then, have a great time... ;-)

Saturday, August 4, 2012

My VCAP 4 - DCA Exam Experience - Better late than NEVER!!

I know there are a number of blogs out there which speak about this topic, however I still face this question as soon as I meet an aspirant for this certification. A recent inquiry about this urged me to write a quick note on this which I can share with everyone. 

I am sure people who would stumble upon this article would know about VCAP DCA, if not, you can get more details from :-


Since, the NDA restricts me to share anything from the examination content, I can only share how I prepared for this and that should help. Here is what I did:-

a) Created a Home Lab..
b) Used the LAB
c) More Lab time
d) Some more LAB time

Yup, that's the mantra you should know how to do those vSphere Administrator tasks on the tip of your fingers. The information on what labs you need to do can be obtained from the following blogs/links/resources:-


2- Go for VCAP DCA Brownbags from Professional VMware - These are a great set of videos which will give an insight of how to play around with your labs.



The 3 links above have tonnes of Guides, Videos, Whitepapers etc, so get going and this should sail you through. I would say that the above material would take around a month's time to cover so schedule your exam accordingly.

Remember this, this is a 4 hour exam with around 40 questions which are completely lab based, and trust me these were the fastest 4 hours of my life. Make sure you keep an eye on that clock and pace yourself accordingly.

Working on my VCAP 4 DCD now, will post the experience as soon as I am done with it.

Till then..

Have a good one..