Friday, February 6, 2015

Quantifying TPS Savings now that its disabled - how much are you losing?

The most recent ESXi updates will incorporate a change in TPS.  Due to security (KB 2080735) considerations, TPS will be disabled by default.
As a vmadmin, your next question would be how much am I losing with TPS gone ?
Thankfully there is a tool to quantify exactly how much TPS is going on - credit @vmMarkA and @vBrianGraf.
As it turns out, our main clusters are only seeing 2-5% TPS savings (mostly zero pages) so this change will have no real impact.  I can imagine VDI type workloads could be the most impacted by this change - what are the max TPS numbers folks are seeing ?


vExpert 2015

Congratulations to the vExpert class of 2015, new and alumni alike, its an honor to be counted in your company!

Friday, April 18, 2014

Windows 2003 IPSec error blocks all traffic

This happened to one of our windows 2003 VMs this week - it was patched and rebooted and came up with no network traffic being passed.

The team first looked to revert to the previous known good state - the central storage snapshots.
But as it turns out these restored snapshots also came up with no network being passed.

I removed the old VM network adapter (AMD) and replaced it with the newer Intel, updated the vmwaretools, several reboots in between, all to no effect (the adapter was up and "connected") but not passing any traffic - could not ping the default gateway.

Finally found a post leading us to check the System Event logs






And finding a VMware KB article confirming the resolution:

Disable the Windows 2003 IPSec service and reboot - voila, traffic now unblocked!

Hope this saves other folks some time to resolution!















Tuesday, April 8, 2014

ESXi 5.5 vulnerable to OpenSSL Heartbleed bug - 4/19 Patch Released

Today the existence of a serious bug in OpenSSL was revealed which allows an attacker to read the memory of your system including usernames, passwords, keys etc.

More information here: http://heartbleed.com

This site will check a URL for the vulnerability:  http://filippo.io/Heartbleed/ 

This command line tool also checks for the vulnerability- its a python script you can use inside your firewalled zones.

Our ESXi 5.5 build 1331820 servers have the vulnerability.
And fully patched ESXi 5.5  build 1623387 (as of 4/8) shows the vulnerability as well.
I've posted in the vmware forums asking about the ETA of a patch to fix this in our VI.

Update 4/9: VMWare has supplied a KB of products affected 

Update 4/19 - Patch Released:

Note: VMWare recommends updating vCenter before ESXi


VMware KB: Resolving OpenSSL Heartbleed for ESXi 5.5 - CVE-2014-0160

Confirmed the vulnerability is removed by this patch - folks should also cycle keys and update passwords

cd /etc/vmware/ssl
/sbin/generate-certificates
chmod +t rui.crt
chmod +t rui.key
passwd root




Thursday, January 2, 2014

Team Canada Hockey Roster Map

One of my other passions (besides  virtualization, storage IOPS, cloud engineering  etc) is hockey.
Today Steve Yzerman, team Canada GM released the Team Canada Hockey roster for Sochi.
I wanted to create a visual, infographic map of the player's hometowns and found this cool geo mashup tool which is mostly intuitive and accurate.


View 2014 Team Canada Hometown map v0.3 in a full screen map