Geoff White has released the esxplot 1.5 ALPHA code

esxplot is a GUI application that lets you explore the data collected by esxtop in batch mode. The program takes a single command line argument which is the esxtop batch mode output file. You can also simply start esxplot without any arguments, and enter a dataset file via the File attribute of the menu bar. Esxplot loads the data in this file and presents the metrics as a hierarchical tree where the values are selectable in the left panel. In the right panel, a graph is plotted (value over time) of the selected metric, in this way, you can “browse” the contents of these somewhat unwieldy files.

Geoff White over at durganetworks has Forked esxplot 1.0, watch github for improvements in performance, stability and features. Currently the esxplot 1.5 ALPHA code is available for download.

Hi Everyone,

Eric, I want to thank you for alerting the community to the fork. The current code base has been reworked under the hood a bit to allow for actual continued development which was difficult with the original, single file version. The forked code is not packaged for the "end user", there isn't an installable package for windows or even an egg or easy install just yet.

What I would like interested parties to do for now is to follow the repository, and try it out when you hear of a feature that you think you would be interested in. I also need folks to test this out on vSphere 5. I've seen an elusive behavior with the 1.0 version where it seemed that data was being reported in a 'skewed' fashion which, if it's a bug in esxplot, it would be somewhat serious.

The problem is that I've observed it on a single vSphere 5 host, and then when I changed the state of the host, (powered off a VM) the problem disappeared. I've added extra debugging code into this fork to try and log any bad data being read in (the 1.0 version would just silently ignore it) to try and catch this.  If anyone has seen this using the 1.0 version, please report it to me so we can get to the bottom of this. I need to isolate if this is a bug in esxplot or a bug in the way esxtop is writing the csv in batch mode. So the number one priority for me right now is to get to the bottom of the possible bug.

The number two priority is to fix the way the metric selection works so that it is easier to navigate and so that start-up time  and response time will decrease with large data sets (> 150 MB).  This work should also allow users to load larger data sets without the program becoming unresponsive. The number three priority is the WHERE clause that I've been alluding to in the past which will allow some limited visibility into the actual data when you are pruning the result set with a search query.  You can read about it in the repository wiki. This is also a good time to put in feature requests.  For now, you can go over to the github repository and add an issue.

I am not going to move away from wxPython for the 1.x release but I am entertaining a new GUI model for the 2.x version, what i'm currently looking at is jPlot/JQuery and/or QT5.  I'm glad the program has been useful to folks over the years, my apologies for not updating it sooner, but this was not a primary job function (still isn't :-) but a labor of necessity and love.


Geoff White 

RVTools version 3.3 is now available for download

RVTools is a windows .NET 2.0 application which uses the VI SDK to display information about your virtual machines and ESX hosts. Interacting with VirtualCenter 2.5, ESX Server 3.5, ESX Server 3i, ESX Server 4i, VirtualCenter 4.0, ESX Server 4.0, VirtualCenter 4.1, ESX Server 4.1, VirtualCenter 5.0, VirtualCenter Appliance or ESX Server 5 RVTools is able to list information about VMs, CPU, Memory, Disks, Partitions, Network, Floppy drives, CD drives, Snapshots, VMware tools, ESX hosts, HBAs, Nics, Switches, Ports, Distributed Switches, Distributed Ports, Service consoles, VM Kernels, Datastores and health checks. With RVTools you can disconnect the cd-rom or floppy drives from the virtual machines and RVTools is able to update the VMware Tools installed inside each virtual machine to the latest version.

Updated in Version 3.3 (April, 2012)

  • GetWebResponse timeout value changed from 5 minutes to 10 minutes (for very big environments)
  • New tabpage with HBA information
  • On vDatastore tab the definition of the Provisioned MB and In Use MB columns was confusing! This is changed now.
  • RVToolsSendMail accepts now multiple recipients (semicolon is used as separator)
  • Folder information of VMs and Templates are now visible on vInfo tabpage
  • Bugfix: data in comboboxes on filter form are now sorted
  • Bugfix: Problem with api version 2.5.0 solved
  • Bugfix: Improved exception handling on vCPU tab.
  • Bugfix: Improved exception handling on vDatastore tab.

Kudos to fellow vExpert Rob de Veij - get your laters copy here

VMware Security Blog: VMware Releases vShield 5.0.1

VMware is proud to announce the immediate availability of the 5.0.1 versions of vShield Edge, vShield App, vShield Endpoint, and vShield Data Security.  Each of these updates introduces a number of new features and bug fixes.

Check out the new reporting capabilities in vShield Data Security!


Highlights of the 5.0.1 release include:


  • Simplified automation using new REST API calls for vShield Data Security workflows, including triggers for completion of scans.
  • Enable download of vShield VIBs (host modules) from vShield Manager, a key step in support for Autodeploy (Stateless ESXi).

 High Availability and Policy Management

  • Automatic restart of vShield App or virtual machines if a heartbeat is not detected.
  • Improved vShield App policy management with the option to fail open or fail closed.
  • Option to selectively exclude virtual machines from vShield App protection.

 Actionable Data

  • Improved audit logs for vShield Manager provide detailed information about administrative user actions on vShield security operations.
  • Simplified troubleshooting with single file download of vShield system configuration and events.
  • Enhanced reporting for vShield Data Security allows users to view data as pie charts and bar graphs - and export this data to various file formats.

Download links:

The iPad as an IT professional’s tool


John Welch over at Ars Technica wrote a wonderful post about using an iPad as a system administrator's tool, noting that Apple's tablet is "an addition, not a replacement" to the many tools that IT pros currently use to complete their daily tasks.

Welch brings up points that I discovered when I first started taking my iPad along on client visits -- the size is right, the battery life is wonderful, and it's much more handy than a laptop or an iPhone. Note-taking, for example, is much easier to accomplish on the iPad, and it's possible to prop up the iPad for easy reading at a distance instead of squinting at a small screen. Welch notes that he's able to easily analyze data from Cacti or Nagios with just a glance, keeping an eye on how things are doing.

With Welch's iPad, there's no waiting for a laptop to start up every morning. Most devices can be monitored in the aforementioned Web-based systems, he has email to catch messages about systems going down, and once a problem is found, he can "get a lot done over SSH." Welch uses Prompt (US$7.99) as his SSH client of choice, perfect for logging into Mac or Linux servers and desktop machines.

For other sysadmin tasks, Welch has some concerns. There's no iPad analogue to Apple Remote Desktop, for example, although Windows network admins have a wonderful tool available in WinAdmin ($7.99). Apple hasn't released any management tools for Mac OS X Server that run on the iPad, but there are some limited third-party tools available such as Server Admin Remote ($9.99).

Still, there's a good-sized market for sysadmin tools for the iPad, and if Apple doesn't step up to the plate to deliver them, Welch hopes that third-party developers will. If you're a system administrator who uses an iPad regularly at work, let us know in the comments what tools you use or would like to see.

Österreich: Identitätsdiebstahl per Bürgerkarte

Das System für elektronische Signaturen in Österreich, die Bürgerkarte, weist eine Sicherheitslücke auf. Über den Angriff auf ein Java-Applet können Zugriffe so umgeleitet werden, dass der Nutzer auf der falschen Webseite unterschreibt.

In einem Vortrag beim Security Forum an der FH Oberösterreich in Hagenberg hat der Student Wolfgang Ettlinger eine Sicherheitslücke beim System der Bürgerkarte aufgezeigt. Veranstaltet wurde die Konferenz vom Verein Hagenberger Kreis zur Förderung der digitalen Sicherheit. Die Bürgerkarte dient Österreichern dazu, sich beispielsweise beim Onlinebanking oder bei E-Government-Anwendungen zu legitimieren.

Dazu gibt es neben der auf PCs lokal zu installierenden Bürgerkartenumgebung (BKU) auch die Möglichkeit, die Authentifizierung über ein Java-Applet vornehmen zu lassen. Das ist beispielsweise nützlich, um den Dienst auch mit mobilen Geräten zu nutzen.

Ettlingers Angriff basiert darauf, die Eingabe der PIN für die Bürgerkarte mitsamt der erfolgreichen Authentifizierung - die beispielsweise in einem Cookie gespeichert werden kann - abzufangen und umzuleiten. Wie bei vielen Java-Lücken kommt dabei ein versteckter iFrame zum Einsatz.

Der Beschreibung des Angriffs zufolge lässt sich das auch mit einem selbstgemachten Applet erreichen, das sich mit den Authentifizierungsservern verbindet. Damit ist es möglich, auch auf betrügerischen Webseiten, wie bei typischen Phishing-Angriffen, die Daten der Bürgerkarte abzufangen. Im Hintergrund können dann ganz andere Aktionen ablaufen wie beispielsweise eine Buchung per Onlinebanking. Ettlinger hat das mit dem Konto eines Freundes und dessen ausdrücklicher Zustimmung auch bereits demonstriert und in einem Video festgehalten.

Dem Student zufolge hat das österreichische Mocca-Projekt, das für das Bürgerkarten-Applet verantwortlich ist, die Lücke bereits geschlossen. Die früheren Versionen des Programms sind aber immer noch digital signiert und können missbraucht werden. Laut Ettlinger ist die einzige gründliche Abhilfe eine Aufnahme der alten Applets in die Blacklists von Java-Umgebungen.

UMTS: Das iPad 3 hat Verbindungsprobleme

Das iPad 3 hat offenbar Probleme mit UMTS-Funkverbindungen. Laut Computerbild sind vor allem Telekom-Kunden betroffen.

Hat das iPad 3 ein UMTS-Problem? Laut Computerbild fliegt Apples neues Tablet ständig aus dem UMTS-Mobilfunknetz, betroffen sollen vor allem Telekom-Kunden sein. Vodafone-Kunden sollen ebenfalls nicht verschont bleiben. Das Problem betreffe viele Besitzer eines iPad 3 Wi-Fi + 3G, nicht nur in Deutschland, sondern auch in anderen europäischen Ländern.

Nach Recherchen der Computerbild-Redaktion versagt die Internetverbindung zum einen, wenn der Nutzer sein iPad unterwegs an wechselnden Orten verwendet, etwa bei der täglichen Fahrt mit Bus und Bahn ins Büro. Zum anderen versagt sie, wenn das Gerät mit dem Mobilfunknetz verbunden war, dann zum Beispiel zu Hause im WLAN-Netz benutzt wurde und es anschließend wieder mit dem Mobilfunk verbunden wird.

Auf der Suche nach der Ursache

Computerbild konnte das Problem an unterschiedlichen Orten mit mehreren iPads und verschiedenen SIM-Karten von Telekom und Vodafone nachstellen. Auch hatte auf einem Gerät hin und wieder UMTS-Verbindungsprobleme.

Wie viele Kunden betroffen sind, ist laut Computerbild unklar. Die Telekom spreche von einer zweistelligen Zahl, doch die vielen Hilferufe im Internet ließen auf eine höhere Zahl schließen. Ebenso seien viele Betroffene auf der Suche nach einer zuverlässigen Lösung, die es bisher aber nicht gebe. Einige Kunden hätten ihr iPad 3 auch schon austauschen lassen, teils mehrfach, ohne dass sich etwas geändert hätte.

Die Telekom sieht Apple in der Verantwortung: "Das Problem liegt nicht im Mobilfunknetz der Deutschen Telekom", zitiert Computerbild eine Telekom-Sprecherin. Ein Problem sei, dass "neue Apple-Geräte [...] nicht im Freifeld, sondern nur unter Laborbedingungen getestet werden" könnten. Computerbild schlussfolgert daraus: "Die Tests im echten Netz unternehmen jetzt die Kunden."

Ein Sprecher von Apple-Deutschland wollte auch auf Nachfrage von noch keinen Kommentar zu den UMTS-Problemen des iPad 3 abgeben.

vSphere 5.0 Hardening Guide public draft available

One of the things my team is responsible for is security of the cloud infrastructure suite. They have worked really hard the last couple of months on overhauling the vSphere Hardening Guide. Today the public draft was published. (Thanks Charu, Grant and Kyle!)

One of the major changes is the format of the guide. It has been poured into an Excel spreadsheet making it easier filter, sort and edit. Please take a look at the guide and if there is any feedback don’t hesitate to comment on the community forum thread! The final version of the document should be published mid May.

vCenter Operations 5 – Level 300 training

My virtualization friend Bas Vinken pointed me to a real great vCenter Operations 5 presentation created by Iwan ‘e1’ Rahabok ( who's working as a VMware staff SE, Strategic Accounts in Singapore. It's available for download in PowerPoint format and I really would like to advise you to read the slide notes (they're awesome). The presentation serves 2 purposes, first it provides in-depth training for those who are learning or evaluating vCenter Operations 5 and second it provides materials that vCenter Ops champion can use to share with internal colleagues (e.g. storage team, app team, etc).

Now available in Rough Cuts – Managing and Optimizing vSphere Deployments

The Rough Cuts service from Safari Books Online gives you exclusive access to an evolving manuscript that you can read online or download as a PDF and print. A Rough Cuts book is not fully edited or completely formatted, but you'll get access to new versions as they are created.

To make the most of VMware's vSphere 5, IT professionals need knowledge, tips, and insights they'll never find in the manuals - or in any book, until now! In Managing and Optimizing vSphere Deployments, two world-class VMware experts offer start-to-finish lessons for vSphere planning, implementation, operation, management, and troubleshooting: expert insights drawn from their own unsurpassed "in-the-trenches" consulting experience.

Harley Stagner (VCDX,vExpert) and Sean Crookston (VCAP-DCA, VCAP-DCD, vExpert) focus on the most crucial techniques VMware professionals need, providing guidance optimized for the new vSphere 5, and frameworks that will support the evolution of virtual infrastructure for years to come. They present scenarios and case studies drawn from real-world data, addressing areas ranging from sizing and performance to redundancy, coverage includes: 

  • Smoothly integrating vSphere 5 into current environments and considerations 
  • Overcoming roadblocks to 100% virtualization 
  • Establishing a more stable infrastructure 
  • Choosing hardware and making optimal configuration decisions 
  • Automating tasks with PowerCLI, Host Profiles, and Auto Deploy 
  • Maximizing availability with Distributed Resource Scheduler, Networking Redundancy, and Fault Tolerance 
  • Efficiently managing updates, patches, and upgrades * Monitoring vSphere 5 with tools provided by VMware and its community 
  • Planning for growth, and much more.

LogMeIn enters cloud storage arena with Cubby


Remote access giant LogMeIn is taking on Apple iCloud and DropBox with its latest move into the cloud storage arena. Cubby is now a website, a Mac server, and an iOS application. (Android and Windows apps are also available.) Like LogMeIn's recent JoinMe site and app, Cubby's focus remains on remote collaboration and group work.

The service differentiates itself by providing a folder-by-folder opt-in feature, so you can choose what items you need to share rather than having to set the focus around a specific DropBox-like central folder. And, of course, there's standard LogMeIn 256-bit SSL security to keep your data safe.

You can apply for a beta account by submitting your email address at their website. Basic accounts include 5 GB of free cloud storage to share with the world, plus unlimited syncing across your own devices using your home computer as a server.