Enable Tech Support Mode Timeout

VMware
Tech Support Mode is a great feature of ESXi that lets admins and support personnel access the command directly on a ESXi hosts. This can be done via SSH or thru the host console. The security risk is that the console does not shut down automatically by default. There is a simple fix for this however, you can set the auto-timeout so that Tech Support Mode will shutdown automatically after a certain time has passed. You can find a great article on tech support mode here. To enable the Tech Support Mode Timeout via the vSphere Client (from the KB Article): Select the host and click the Configuration tab. Click Software>Advanced Settings. ESXi 5.0: Change the UserVars.ESXiShellTimeOut field to the desired value. ESXi 4.1: Change the UserVars.TSMTimeOut field to the desired…
Read More

VMware vSphere 5.0 Hardening Guide

VMware
Last Friday, VMware released their vSphere 5.0 Security Hardening Guide v1.0. It’s a great and extensive guide to completely secure your VMware vSphere 5 Infrastructure from ESXi host to vCenter server and from the vNetwork to virtual machine. The coincidence is that yesterday I had a discussion with a colleague on enabling root access on a customers ESXi hosts. Following this hardening guide will prevent people from adding vulnerabilities to a great product. With this new release the format of this guide has changed from previous versions. The guide is being released as a Excel spreadsheet only. The guideline metadata from earlier guides has been greatly expanded and standardized.  CLI commands for assessment and remediation of the guidelines is included for the vCLI, ESXi Shell, and PowerCLI.  For additional information, please see the Intro tab of the…
Read More

Simplify your XenAppXenDesktop with DNS aliases

Citrix, VMware
You can see this recommendation in few of our recent best practices – most recently in the excellent “XenDesktop and XenApp Best Practices document”: “The XenDesktop and XenApp servers should be configured to use DNS Aliases when accessinginfrastructure components such as the Citrix License Server and Database Server(s) rather than hostname or IP address. This helps to simplify management during certain maintenance and disaster recovery scenarios.” But what does it exactly mean and how should it be configured? I’m following this best practice for many years and I would like to share few information about how to use it and what are the benefits. (more…)
Read More

Slight change in “restart” behavior for HA with vSphere 5.0 Update 1

VMware
Although this is a corner case scenario I did wanted to discuss it to make sure people are aware of this change. Prior to vSphere 5.0 Update 1 a virtual machine would be restarted by HA when the master had detected that the state of the virtual machine had changed compared to the “protectedlist” file. In other words, a master would filter the VMs it thinks had failed before trying to restart any. Prior to Update 1, a master used the protection state it read from the protectedlist. If the master did not know the on-disk protection state for the VM, the master did not try to restart it. Keep in mind that only one master can open the protectedList file in exclusive mode. In Update 1 this logic has…
Read More

vSphere 5.0 HA restarting of VMs with no access to storage?

VMware
I had a question today around the restart of VMs with no access to storage by HA. The question was if HA would try to restart the VM and time out after 5 times. With the follow up question, if HA would try again when the storage would return for duty. By default HA will try to restart a VM up to 5 times in roughly 30 minutes. If the master does not exceed it will stop trying. On top of that HA manages a “compatibility list”. This list will contain the details around which VM can be restarted and where. In other words; which hosts have access to the datastores and network portgroup required for this VM to successfully power-on. Now if for whatever reason there are no compatible…
Read More

Cool tool update: RVTools 3.3 released!

VMware
Rob de Veij just published RVTools 3.3. I know many of you are using it and I definitely suggest downloading the latest version! RVTools has been downloaded more than 100.000, so definitely worth checking out if you had not so far! Here are the changes in this release: Version 3.3 (April, 2012) GetWebResponse timeout value changed from 5 minutes to 10 minutes (for very big environments) New tabpage with HBA information On vDatastore tab the definition of the Provisioned MB and In Use MB columns was confusing! This is changed now. RVToolsSendMail accepts now multiple recipients (semicolon is used as separator) Folder information of VMs and Templates are now visible on vInfo tabpage Bugfix: data in comboboxes on filter form are now sorted Bugfix: Problem with api version 2.5.0 solved Bugfix: Improved exception…
Read More