vSphere 5 vReference card – networking section

Here is the first preview of the vSphere 5 vReference Card – the networking section.  I’d love to hear any of your feedback. Just drop your comments below or catch me on twitter (@forbesguthrie).

Click on the images to see them full size, or you can view/print it as a PDF.

and

 

===== vSphere 5 vReference card – networking section originally posted by Forbes Guthrie on vReference. Subscribe to my RSS feed for all the latest updates, and follow me on Twitter for shorter ramblings. Follow @forbesguthrie

vSphere 5 documentation is now available

Along with today’s release of vSphere 5, VMware has published the vSphere 5 documentation:

http://www.vmware.com/support/pubs/vsphere-esxi-vcenter-server-pubs.html

In addition to the online html library and the downloadable PDFs, there are now e-book versions to grab.  There are MOBI files for your kindle and EPUB files for most other e-book readers.  I’ve requested this for some time now, so I’m glad VMware is providing them.  They have to be one of the first large mainstream software vendors to offer their documentation in these formats.  I wouldn’t say it is a revolutionary concept, but nice that VMware is leading competition and being innovative when they can.

The result is great:

Over the last few weeks I’ve been working feverishly on my documentation notes and reference card for vSphere 5.  See here and here for the vSphere 4 versions if you’re not sure what I’m referring to.

I’m 90% done on my notes from the Release Candidate version of the official documentation, so I just need to finish them off and quickly check the new GA versions for changes.  I hope to get them published in the next couple of weeks.  So if you’re not willing to wade through 2000+ pages of official documentation then you might want to get a copy of my notes for some of the newer and more interesting excerpts.  I wanted to have them released in time for VMworld, but what with that being merely days away it probably isn’t going to happen.  We’ll see; after all, what’s else are plane journeys for if not documentation. BTW, if you’re heading to VMworld this year and spot me out-and-about, be sure to come and say hi. It’s always nice to meet fellow v12n geeks.

As soon as I’ve got the documentation notes out the door, I’ll be beavering away on the new reference card.  I can’t say when it will be available, as it takes a tremendous amount of work, but rest assured I’ll be working hard to complete it as quickly as possible.

If you want to be the first to know when the notes and/or card is available, be sure to follow me on twitter @forbesguthrie.  I’ll try to keep everyone abreast of my progress over the coming weeks.

===== vSphere 5 documentation is now available originally posted by Forbes Guthrie on vReference. Subscribe to my RSS feed for all the latest updates, and follow me on Twitter for shorter ramblings. Follow @forbesguthrie

esxcli listing

I thought I’d post up a full listing of the esxcli command from vSphere 5.  It’s as much for my own future reference, but as 5.0 still isn’t GA I thought there are probably other folk who’d like to take a look through all the options.

Although the esxcli command was around before vSphere 5.0, it has been propelled into the spotlight with the news that esxcli will be the new standard that VMware will migrate towards while depreciating the other command line tools we have come to know.  It’s time to get comfortable with it.  As I pull together all the pieces for the vSphere 5 reference card, I’ll be changing the commands over to esxcli.

If you want to learn more about the esxcli command, pop over to William Lam‘s excellent posts on the subject.  In particular his post outlining the major enhancements.

One interesting point that I noticed from the listing, is that it was missing the “license” top-level namespace that William had identified.  I suspect this may be because I had joined the host to a vCenter instance.  Perhaps at this point the host realizes that it’s not authoritative for its licensing anymore and then excludes the namespace as an option.

Anyway, without further ado here is a full listing (created with esxcli esxcli command list):

Namespace                                           Command    
--------------------------------------------------  -----------
esxcli.command                                      list       
fcoe.adapter                                        list       
fcoe.nic                                            disable    
fcoe.nic                                            discover   
fcoe.nic                                            list       
hardware.bootdevice                                 list       
hardware.clock                                      get        
hardware.clock                                      set        
hardware.cpu.cpuid                                  get        
hardware.cpu.global                                 get        
hardware.cpu.global                                 set        
hardware.cpu                                        list       
hardware.memory                                     get        
hardware.pci                                        list       
hardware.platform                                   get        
iscsi.adapter.auth.chap                             get        
iscsi.adapter.auth.chap                             set        
iscsi.adapter.capabilities                          get        
iscsi.adapter.discovery                             rediscover
iscsi.adapter.discovery.sendtarget                  add        
iscsi.adapter.discovery.sendtarget.auth.chap        get        
iscsi.adapter.discovery.sendtarget.auth.chap        set        
iscsi.adapter.discovery.sendtarget                  list       
iscsi.adapter.discovery.sendtarget.param            get        
iscsi.adapter.discovery.sendtarget.param            set        
iscsi.adapter.discovery.sendtarget                  remove     
iscsi.adapter.discovery.statictarget                add        
iscsi.adapter.discovery.statictarget                list       
iscsi.adapter.discovery.statictarget                remove     
iscsi.adapter.discovery.status                      get        
iscsi.adapter.firmware                              get        
iscsi.adapter.firmware                              set        
iscsi.adapter                                       get        
iscsi.adapter                                       list       
iscsi.adapter.param                                 get        
iscsi.adapter.param                                 set        
iscsi.adapter                                       set        
iscsi.adapter.target                                list       
iscsi.adapter.target.portal.auth.chap               get        
iscsi.adapter.target.portal.auth.chap               set        
iscsi.adapter.target.portal                         list       
iscsi.adapter.target.portal.param                   get        
iscsi.adapter.target.portal.param                   set        
iscsi.ibftboot                                      get        
iscsi.ibftboot                                      import     
iscsi.logicalnetworkportal                          list       
iscsi.networkportal                                 add        
iscsi.networkportal.ipconfig                        get        
iscsi.networkportal.ipconfig                        set        
iscsi.networkportal                                 list       
iscsi.networkportal                                 remove     
iscsi.physicalnetworkportal                         list       
iscsi.physicalnetworkportal.param                   get        
iscsi.physicalnetworkportal.param                   set        
iscsi.plugin                                        list       
iscsi.session                                       add        
iscsi.session.connection                            list       
iscsi.session                                       list       
iscsi.session                                       remove     
iscsi.software                                      get        
iscsi.software                                      set        
network.fence                                       list       
network.fence.network.bte                           list       
network.fence.network                               list       
network.fence.network.port                          list       
network.firewall                                    get        
network.firewall                                    load       
network.firewall                                    refresh    
network.firewall.ruleset.allowedip                  add        
network.firewall.ruleset.allowedip                  list       
network.firewall.ruleset.allowedip                  remove     
network.firewall.ruleset                            list       
network.firewall.ruleset.rule                       list       
network.firewall.ruleset                            set        
network.firewall                                    set        
network.firewall                                    unload     
network.ip.connection                               list       
network.ip.dns.search                               add        
network.ip.dns.search                               list       
network.ip.dns.search                               remove     
network.ip.dns.server                               add        
network.ip.dns.server                               list       
network.ip.dns.server                               remove     
network.ip                                          get        
network.ip.interface                                add        
network.ip.interface.ipv4                           get        
network.ip.interface.ipv4                           set        
network.ip.interface.ipv6.address                   add        
network.ip.interface.ipv6.address                   list       
network.ip.interface.ipv6.address                   remove     
network.ip.interface.ipv6                           get        
network.ip.interface.ipv6                           set        
network.ip.interface                                list       
network.ip.interface                                remove     
network.ip.interface                                set        
network.ip.neighbor                                 list       
network.ip                                          set        
network.nic                                         down       
network.nic                                         get        
network.nic                                         list       
network.nic                                         set        
network.nic                                         up         
network.vswitch.dvs.vmware                          list       
network.vswitch.standard                            add        
network.vswitch.standard                            list       
network.vswitch.standard.policy.failover            get        
network.vswitch.standard.policy.failover            set        
network.vswitch.standard.policy.security            get        
network.vswitch.standard.policy.security            set        
network.vswitch.standard.policy.shaping             get        
network.vswitch.standard.policy.shaping             set        
network.vswitch.standard.portgroup                  add        
network.vswitch.standard.portgroup                  list       
network.vswitch.standard.portgroup.policy.failover  get        
network.vswitch.standard.portgroup.policy.failover  set        
network.vswitch.standard.portgroup.policy.security  get        
network.vswitch.standard.portgroup.policy.security  set        
network.vswitch.standard.portgroup.policy.shaping   get        
network.vswitch.standard.portgroup.policy.shaping   set        
network.vswitch.standard.portgroup                  remove     
network.vswitch.standard.portgroup                  set        
network.vswitch.standard                            remove     
network.vswitch.standard                            set        
network.vswitch.standard.uplink                     add        
network.vswitch.standard.uplink                     remove     
software.acceptance                                 get        
software.acceptance                                 set        
software.profile                                    get        
software.profile                                    install    
software.profile                                    update     
software.profile                                    validate   
software.sources.profile                            get        
software.sources.profile                            list       
software.sources.vib                                get        
software.sources.vib                                list       
software.vib                                        get        
software.vib                                        install    
software.vib                                        list       
software.vib                                        remove     
software.vib                                        update     
storage.core.adapter                                list       
storage.core.adapter                                rescan     
storage.core.adapter.stats                          get        
storage.core.claiming                               autoclaim  
storage.core.claiming                               reclaim    
storage.core.claiming                               unclaim    
storage.core.claimrule                              add        
storage.core.claimrule                              convert    
storage.core.claimrule                              list       
storage.core.claimrule                              load       
storage.core.claimrule                              move       
storage.core.claimrule                              remove     
storage.core.claimrule                              run        
storage.core.device.detached                        list       
storage.core.device.detached                        remove     
storage.core.device                                 list       
storage.core.device.partition                       list       
storage.core.device                                 set        
storage.core.device                                 setconfig  
storage.core.device.stats                           get        
storage.core.device.vaai.status                     get        
storage.core.device.world                           list       
storage.core.path                                   list       
storage.core.path                                   set        
storage.core.path.stats                             get        
storage.core.plugin                                 list       
storage.core.plugin.registration                    add        
storage.core.plugin.registration                    list       
storage.core.plugin.registration                    remove     
storage.filesystem                                  automount  
storage.filesystem                                  list       
storage.filesystem                                  mount      
storage.filesystem                                  rescan     
storage.filesystem                                  unmount    
storage.nfs                                         add        
storage.nfs                                         list       
storage.nfs                                         remove     
storage.nmp.device                                  list       
storage.nmp.device                                  set        
storage.nmp.path                                    list       
storage.nmp.psp.fixed.deviceconfig                  get        
storage.nmp.psp.fixed.deviceconfig                  set        
storage.nmp.psp.generic.deviceconfig                get        
storage.nmp.psp.generic.deviceconfig                set        
storage.nmp.psp.generic.pathconfig                  get        
storage.nmp.psp.generic.pathconfig                  set        
storage.nmp.psp                                     list       
storage.nmp.psp.roundrobin.deviceconfig             get        
storage.nmp.psp.roundrobin.deviceconfig             set        
storage.nmp.satp.generic.deviceconfig               get        
storage.nmp.satp.generic.deviceconfig               set        
storage.nmp.satp.generic.pathconfig                 get        
storage.nmp.satp.generic.pathconfig                 set        
storage.nmp.satp                                    list       
storage.nmp.satp.rule                               add        
storage.nmp.satp.rule                               list       
storage.nmp.satp.rule                               remove     
storage.nmp.satp                                    set        
storage.vmfs.extent                                 list       
storage.vmfs.snapshot.extent                        list       
storage.vmfs.snapshot                               list       
storage.vmfs.snapshot                               mount      
storage.vmfs.snapshot                               resignature
storage.vmfs                                        upgrade    
system.boot.device                                  get        
system.coredump.network                             get        
system.coredump.network                             set        
system.coredump.partition                           get        
system.coredump.partition                           list       
system.coredump.partition                           set        
system.hostname                                     get        
system.hostname                                     set        
system.module                                       get        
system.module                                       list       
system.module                                       load       
system.module.parameters                            list       
system.module.parameters                            set        
system.module                                       set        
system.process                                      list       
system.process.stats.load                           get        
system.process.stats.running                        get        
system.secpolicy.domain                             list       
system.secpolicy.domain                             set        
system.settings.advanced                            list       
system.settings.advanced                            set        
system.settings.kernel                              list       
system.settings.kernel                              set        
system.settings.keyboard.layout                     get        
system.settings.keyboard.layout                     list       
system.settings.keyboard.layout                     set        
system.stats.uptime                                 get        
system.syslog.config                                get        
system.syslog.config.logger                         list       
system.syslog.config.logger                         set        
system.syslog.config                                set        
system.syslog                                       mark       
system.syslog                                       reload     
system.time                                         get        
system.time                                         set        
system.uuid                                         get        
system.version                                      get        
system.visorfs                                      get        
system.visorfs.ramdisk                              add        
system.visorfs.ramdisk                              list       
system.visorfs.ramdisk                              remove     
system.visorfs.tardisk                              list       
system.welcomemsg                                   get        
system.welcomemsg                                   set        
vm.process                                          kill       
vm.process                                          list

===== esxcli listing originally posted by Forbes Guthrie on vReference. Subscribe to my RSS feed for all the latest updates, and follow me on Twitter for shorter ramblings. Follow @forbesguthrie

VMware has a change of heart on licensing

When VMware announced the new licensing model based on vRAM when they revealed vSphere 5 the ensueing uproar overshadowed all the great features and enhancements that are part of vSphere 5. In fact if you look at my vSphere 5 link collection you will see that there are more links about licensing then there are about everything non-licensing related in vSphere 5. There was also a thread started in the VMTN forums on licensing and it is currently 87 pages long.

Well VMware heard you loud & clear and is changing the licensing model in a manner that should make almost everyone happy. I was fortunate to be on a pre-briefing call with VMware on the licensing changes and one of the points I brought up to VMware was how could you not of expected this reaction. If they had consulted with customers, vExperts and some other key people they could of seen what the reaction was going to be like and not be in the position they are in today. VMware said they kept this mostly internal which was not a good idea when making changes that would have a big impact on customers. VMware had calculated that only a very small percentage of there customers would be affected by this. I asked them how did you calculate this and what percentage of your customers did you get this information from. They responded that they use information obtained from logs that are sent in when support requests are opened and vm-support bundles are typically sent in which documents a persons environment.

To VMware’s credit they listen to their customers though, many other companies would just go ahead with the changes regardless of how customers felt about them. While VMware didn’t directly respond to the 87 page forum thread they did read every single post in it to see what customers were saying about the licensing changes. So the end result is VMware addressed some of the key concerns that customers were making with licensing. Here is a summary of feedback that VMware obtained from customers & partners:

  • With no cap on vRAM licensing the monster VM with 1TB of vRAM would cost $38,445 to license.
  • Entitlements were too low and while it would only affect a small percentage of customers it would have a big financial impact.
  • Penalized customers for short lived usage spikes that may not occur on a frequent basis.
  • The 8GB cap on the free version of ESXi is too low and doesn’t make it that usable.

So VMware responded to each of these concerns to licensing in vSphere 5 as follows:

  • The amount of vRAM counted per VM has been capped at 96GB. So a 1TB VM would now only use 96GB from the vRAM licensing pool and only cost $3,495 to license.

vsphere5-licensing3

  • vRAM entitlements have been changed as follows:

vsphere5-licensing1

  • To help against spikes in memory usage it now uses a calculated 12 month average of configured vRAM rather than a high water mark

vsphere5-licensing4

  • The vRAM limit for the free edition of ESXi has been raised from 8GB to 32GB.

One other question I had for VMware was whether they have to modify the vSphere 5 RC code now before it goes GA to update it with these new licensing changes. My main concern was the hard limits imposed on the Essentials and free edition of ESXi. VMware responded that they have actually not applied any hard limits to the code yet so the GA version of vSphere 5 will not enforce any hard limits at all. This will be considered a bug and will be resolved in the next update of vSphere 5.

To make it easier for customers to see how the licensing changes will affect their existing environments VMware is releasing a vSphere Licensing Advisor Tool. It is an application that can be installed on any Windows computer that connects to vCenter Server and collects information about your environment. The information gathered is a point in time picture of vRAM usage, you can exit the tool and re-run it if you want to get updated vRAM usage numbers. The tool maps editions to the vSphere 5 equivalent edition using standard entitlement paths. It does not capture information on Linked Mode and instead calculates pools as if all vCenter Servers are linked together. The tool also caps the amount of per VM vRAM usage at 96GB. The results of the tool can be exported to a CSV file so data can be more easily viewed. Here are some screen shots of the tool in action:

vsphere-advisor-1

vsphere-advisor-4

vsphere-advisor-5

vsphere-advisor-6

vsphere-advisor-8

So there you have it VMware heard you loud & clear and did what was needed to fix the mess they created. I hope you understand VMware had to do something to change the licensing model because the socket model just doesn’t work anymore with the way core counts keep increasing. It would of been nice if they had implemented these new changes originally so the reception to the vSphere 5 announcement focused on the features and not the licensing but what is done is done, VMware fixed it and now its time to move on. I really have to give them a lot of credit for so quickly responding to customer feedback and trying to make things right with their customers. While there are some that may still not like the new licensing model, it’s definitely better than before and since it is here to stay its time to start getting used to it. So lets start getting excited about the features in vSphere 5 and not fixate on licensing anymore. This promises to be another great release from VMware that makes an already great product even better.

The design options grow with vCenter 5

vCenter deployments are likely to change for large companies as they upgrade to vSphere 5.  Traditionally vCenter has been installed in one of two designs.  The primary decision was whether to split off the database onto a second server.  Smaller shops simply installed vCenter and MS SQL (or even MS SQL Express for the very small) on the same server.

Medium and large organisations commonly split out the database onto a separate server; their vCenter server is dedicated. As we know, larger companies like to divide out applications and databases onto their own server instances.  This is done for several reasons, not least to help scale up to heavier workloads.  So I think its fair to say, in most medium and large implementations, this is the “classic” vCenter deployment:

Now for very large deployments, some companies create a third separate server for the vCenter Update Manager (VUM).  This was particular important for anyone using the VM guest OS patching feature, as that capability could consume significant resources for a vCenter which managed lots of VMs.  However this guest OS patching was never a particularly popular feature with large enterprises, as they usually already had a working patch solution that they stuck with.  When VMware announced with the release of vSphere 4.1 that it would remove the guest OS patching feature in the next iteration, it really put the nail in the coffin.  So I’d postulate that this 2 server model is the one that the vast majority of vSphere users have at the moment.

So what’s new?

vSphere 5 comes with many more components which you now need to consider (new ones in blue):

  • vCenter itself
  • vCenter database
  • vSphere Update Manager (VUM) – note the vCenter > vSphere name change with v5 for VUM
  • VUM database
  • vSphere Web Client (* see note below)
  • ESXi Dump Collector
  • Syslog Collector
  • AutoDeploy
  • Authentication Proxy

 

With so many separate components, many deployment possibilities exist.  Arguably the largest of deployments can do this:

However, I think the most likely candidate for the Next Generation, is something modelled around a 3 server deployment for the larger deployments.  Companies can choose which additional components they might want and selectively install them on a Components Server. (Smaller companies can obviously consolidate services as they see fit across 1 or 2 servers)

Personally I think very large organisations with the most demanding of vSphere infrastructures are more likely to scale-out to multiple vCenter instances using Linked Mode, instead of further splitting this 3 server model.

The new Linux based vCenter Server Appliance currently has two limitations which will restrict its adoption in these larger deployments:

  • No Microsoft SQL support
  • No Linked Mode

Once these are overcome we’ll see an even more diverse mix of designs.  vSphere architects will be able to slice-and-dice with more efficiency, and scale as required in a more dynamic fashion.  For now I think we’ll see this 3 server design become de rigueur.

Note *

The Web Client has a “service” component that should be installed centrally.

The RC version of the vCenter Server and Host Management PDF states:

VMware recommends that you register a given vCenter Server system
with only one vSphere Web Client instance

Once this service is installed, it has to be registered via a browser (with Flash) on the server that it’s installed on.  It cannot be registered remotely.  I’m not sure how good I feel about having to install Adobe Flash alongside my critical vCenter components just for this registration step.

===== The design options grow with vCenter 5 originally posted by Forbes Guthrie on vReference. Subscribe to my RSS feed for all the latest updates, and follow me on Twitter for shorter ramblings. Follow @forbesguthrie

New vBookshelf launched

I just launched my new vBookshelf section of vSphere-land which can be found under the vInfo drop-down menu. I’ve gathered together over 30 books related to VMware and virtualization and have links and information on them. I think I’ve put together a pretty complete selection of good books that are available but if I’ve missed any please let me know. I’d also like to highlight 4 good books that have been recently released.

Click here to access the vBookshelf section of vSphere-land.com

blkfade

v_visible_ops

Title: Visible Ops Private Cloud: From Virtualization to Private Cloud in 4 Practical Steps

Authors: Andi Mann, Kurt Milne, Jeanne Morain

Publish Date: April 8, 2011

v_vsphere_design

Title: VMware vSphere Design

Authors: Scott Lowe, Maish Saidel-Keesing, Forbes Guthrie

Publish Date: March 8, 2011

v_powercli_ref

Title: VMware vSphere PowerCLI Reference: Automating vSphere Administration

Authors: Luc Dekens, Alan Renouf, Glenn Sizemore, Arnim van Lieshout, Jonathan Medd

Publish Date: April 12, 2011

v_vmware_enterprise

Title: VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers (2nd Edition)

Authors: Edward Haletky

Publish Date: February 18, 2011

New free tools section is open

This one is long overdue, I had a section created on my website a year ago that correlated to a link in my book, Maximum vSphere that listed all the many free tools that would be useful to a VMware administrator. But I had forgotten about it until recently so I scoured the internet for free tools and put together a big list of them. The table currently has over 80 tools and is sortable by category, name and vendor to help you go through them. If there is anything missing be sure and let me know.

Click here to access the Free Tools section of vSphere-land.com

Win a copy of Edward Haletky’s new book

I recently received an extra copy of Edward Haletky’s new book that was just released, VMware ESX and ESXi in the Enterprise. This is a second edition of his original book and covers up to vSphere 4.1. I was trying to think of a contest idea to give my extra copy away and thought I would keep it simple. I have a number between 1 and 100 the first one to guess it in the comments wins it. Only one guess per person, I have your IP addresses so no cheating, make sure you leave a valid email address in the appropriate field, it isn’t published so nobody sees it. Let the guessing begin!

Update: Eric Wright wins with 42 (answer to life the universe and everything for you Douglas Adam fans)

95572912


How PCI DSS 2.0 affects virtualization compliance

The Payment Card Industry Data Security Standard (PCI DSS) 2.0 is hot off the presses, and the question everyone’s asking is, “Does it cover virtualization compliance?”

Well, kind of.

Two years in the making, PCI DSS 2.0 offers additional guidance and clarifies portions of the previous PCI DSS 1.2 standard. Virtualization compliance is mentioned, but only generally, and there are no specific virtualization security recommendations. In fact, the major change in version 2.0 is that PCI Security Standards Council brought the virtualization layer into the scope of the standard, which governs organizations that handle credit card information.

Previously, virtualization was completely ignored, so the move is a step in the right direction. But without firm guidance on how to ensure virtualization compliance, the standard is still ineffective. And the council doesn’t plan to update PCI DSS 2.0 for another three years, so it will be quite a while before we get more detail about protecting credit card information in virtual infrastructures.

Read the full article at searchvmware.com…