VMware vSphere Blog: vCLI + ESXCLI Authentication Options

By William Lam, Sr. Technical Marketing Engineer

Did you know the vCLI (includes ESXCLI) offers several different authentication options? This is actually not a very well known fact and I thought I share some of the different options, as this question comes up from time to time.


Note: In the examples below, I am using the vCLI 5.0 release.

1. Traditional username and password - You can either specify both the --username and --password or only specify the --username and you will then be prompted to enter your password.

Here is an example:

Vcli-auth-1

In the screenshot above, we can specify either just the --username and be prompted for the password or we can specify both --username and --password on the command line. If you are using special characters, make sure you either escape them using “” character or just enclose them with single quotes.

2. Session File - Instead of specifying a username/password each time, you can login once and create a session file which can then be used for the duration of your tasks. If the session file is not used, it will automatically expire after 30 minutes.

Here is an example:

Vcli-auth-2

In the screenshot above, you need to first create a session file by using the --savesessionfile option and specifying the name of the session file. Once you have successfully created the session file, you can then use the --sessionfile option and the session file itself as your authenication.

3. Environmental Variable - You can store your authentication as well as other parameters using an environmental variable. This option is not very secure for username and passwords, as the contents is in clear text.

Here is an example:

Vcli-auth-3

In the screenshot above, we are using the export command to create two environmental variables for username and password which is VI_USERNAME and VI_PASSWORD. There is a complete list here for more details. You can also create enviornmental variables on a Windows system, you can refer to the vCLI documentation for an example.

4. Configuration File - You can store your authentication as well as other parameters using a configuration file. This option is also not very secure for credentials, but if you decide to use this, ensure you limit access to the file.

Here is an example:

Vcli-auth-4

In the screenshot above, we add the same variables to a configuration file. Again, you can get the full list of variables here.

5. Credential Store - For service accounts or agents that need to login through a non-interactive session, you can leverage the credential store which stores the passwords in an obfuscated (not encrypted) form for access.

Here is an example:

Vcli-auth-5

In the screenshot above, we are using the credstore_admin.pl vSphere SDK for Perl script to add a host into credential store. We can verify by using the “list” operation and then finally we can use the credential store by using the --credstore option and specifying the default path of the file which is in /home/<user>/.vmware/credstore/vicredentials.xml

6. Pass-Through - This option is available only for Microsoft Window systems which support SSPI (Security Support Provider Interface) and passes the credentials of the executing user to the server. The executing user must have an account in a domain trusted by both machines

Here is an example:

Vcli-auth-6

In the screenshot above, to use the pass-through option, you just need to specify the --passthroughauth option. By default, the passthroughauth is configured for negioate but you can specify a particular authentication package such as "kerberos" by using the --passthroughauthpackage option.

In addition to these authentication options, there is one new option that is only available with the ESXCLI command that you may not have heard about. This is the --cacertsfile option which allows you to specify the CA (Certificate Authority) certificate file, in PEM format, to verify the identity of the vCenter Server system or ESXi system to run the command on. The primary use case for this is to help prevent MITM (Man-In-The-Middle) attacks.

Here is an example:

Vcli-auth-7

In the above screenshot, to leverage the --cacertsfile option you will need to specify a certificate file in PEM format. You will still need to specify the credentials to the system using any of the options listed above in addition to the certificate file.

You can use the following command to convert *.pfx file to *.pem format:
openssl pkcs12 -in rui.pfx -out rui.pem -nodes

If the certificate can not be verified as the screenshot shows, then the operation will be rejected even with valid credentials, else it will proceed as normal.

As you can see you have several options for authentication when it comes to the vCLI than just specifying the username and password on the command-line. Some options may be more secure than others or fit a particular use case such as leveraging a session file for a few tasks or using pass-through authentication if you are in a Windows environment. For more details about the vCLI authentication options, please refer here which also include equivalent commands for a Window systems.

FYI - For those studying for the VCAP-DCA exams, I would highly recommend you create a configuration file of the credentials, this way you do not have to retype the credentials each time. I know with a timed exam such as the VCAP-DCA, anything to help speed things up will help.

Get notification of new blog postings and more by following VMware Automation on Twitter:  @VMWAutomation

EMC acquires Syncplicity

Microsoft published Windows 2012 Editions and Licensing

July 6th, 2012

In these days Microsoft published an overview on Windows 2012?s Editions and Licensing.
From an editions perspective we find two “main” editions, Standard and Datacenter, differentiated only by virtualization rights:…

VMware becomes a Leader in Gartner’s Magic Quadrant for x86 Server Virtualization Infrastructure

July 5th, 2012

Last week VMware announced that it has been positioned at the top of Leaders Quadrant of 2012 Gartner’s Magic Quadrant for x86 Server Virtualization Infrastructure.
Nothing surprising, unlike the fact…

Raspberry Pi Thin Client for VMware View 5.0

July 4th, 2012

On 1st of July Raspberry Pi Thin Client project, published a video showing VMWare View Client 5.0 working on their 35$, credit card-sized, thin client.
PCoIP protocol seem not working…

Release: VMware Labs Guest Reclaim fling

July 3rd, 2012

On 1st of July VMware Labs released Guest Reclaim a tool intended for virtualized guests with NTFS filesystems (supported OSes are XP onwards up to Windows 7 for clients and…

Dell acquires Quest Software

July 2nd, 2012

Today Dell and Quest announced the achievement of a definitive agreement for Dell to acquire Quest after several months of “bidding war“, according to Bloomberg.
Under the terms of the…

Citrix announces Hosted Server VDI Technolgy

July 2nd, 2012

On June 29 Citrix announced, through its official blog, the general availability of Citrix’s Hosted Server VDI technology.
This solution, intended for Service Providers, allows to deliver dedicated Cloud VDI…

VMware vCenter Server scalability for VDI deployments View

June 29th, 2012

Yesterday Thincomputing.net published an article that highlights the limits that vCenter imposes on VDI deployments.
The article tries to answer the VMware View Administrators’ question about the scalability differences between…

Google launches Compute Engine to compete with Amazon’s EC2

June 28th, 2012

Today Google has revealed, through its developers’ blog, its plans to launch an Infrastructure as a Service (IAAS) in competition with Amazon’s Elastic Compute (EC2) service.
Google Compute Engine will…

Paper: Citrix XenDesktop 5.5 vs. VMware View 5: User experience and bandwidth consumption

June 27th, 2012

Yesterday, Citrix’s official blog published a comparative study between XenDesktp 5.5 and VMware View 5 commissioned to Principled Technology, in order to answer to an identical study, from the same…

Paper: Performance Study of Oracle RAC on VMware vSphere 5.0

June 27th, 2012

Two days ago VMware published a technical paper containing a comparative performance study of a large Oracle RAC instance installed on vSphere 5 and on a similar physical environment.

The…

Piston Cloud partners with Gridcentric to offer OpenStack-Based VDI

June 27th, 2012

Yesterday Piston Cloud Computing, Inc., a one-year old company that has developed a private cloud operating system built on OpenStack and named Piston Enterprise OS, announced an exclusive licensing…

Release: Microsoft User Experience Virtualization (UE-V) Beta 2

June 26th, 2012

Today Microsoft, through its Windows for your Business Blog, announced the availability of the second beta of User Experience Virtualization (UE-V).
This release includes new functionality like roaming system settings…

Microsft elects RemoteFX its new VDI brand

June 25th, 2012

Last week, during two Remote Desktop Services sessions at TechEd, Microsoft announced that it has advanced RemoteFX as a brand that covers its entire VDI technologies portfolio.
RemoteFX, a technology…

Bromium raises $26.5M Series B funding for Security

June 22nd, 2012

Two days ago, during GigaOM Structure 2012, Bromium Inc., an enterprise and virtualization startup based in Cupertino, CA, announced it has raised $26.5M Seres B funding from lead investor…

 
Monthly Archive

sanbarrow.com

sanbarrow.com.

 

MOA – VMware on the road

what is
this ?

The MOA project started in 2003 as a plugin for Bart Lagerwijs PEbuilder. This plugin allowed to run VMware Workstation 4.5.2 from a Windows based LiveCD.
Since that time it has been in constant development and nowadays you can use it for much more than that.

Typical use-cases :
– it is a very good replacement for the VMware Coldclone CD
– it can be used to run VMs in a restricted Kiosk-mode
– it can be used as a very powerful multi purpose portable toolbox

Database workload testing with Dell DVD Store

The DVD Store Version 2 (DS2) is a complete online e-commerce test application, with a backend database component, a web application layer, and driver programs.  The goal in designing the database component as well as the midtier application was to utilize many advanced database features (transactions, stored procedures, triggers, referential integity) while keeping the database easy to install and understand. The DS2 workload may be used to test databases or as a stress tool for any purpose.


The distribution includes code for SQL Server, Oracle, MySQL and PostgreSQL.Included in the release are data generation programs, shell scripts to build data for 10MB, 1GB and 100 GB versions of the DVD Store, database build scripts and stored procedure, PHP web pages, and a C# driver program.

http://linux.dell.com/dvdstore

VMware vFabric Blog: 4 Ways VMware transforms Postgres for the Cloud

In a nutshell, relational databases weren’t built for the cloud. With vFabric Postgres, VMware customers can get a proven, enterprise database integrated with VMware virtualization and ready for cloud computing.

As announced earlier this week, vFabric Postgres (vPostgres) is now available within vFabric Suite 5.1 Advanced. With vPostgres, the well-respected, open-source database gains built in best practices, optimized configuration, and cloud-ready features.  While vFabric Postgres is synced up to PostgreSQL 9.1.3 minor release and includes all the new features of this version of the database (see PostgreSQL wiki for more), vFabric adds many features and considerable improvements in three categories:

1. Development and deployment become simpler, smarter, and cloud ready
2. Performance improvements with elastic memory and more
3. Monitoring and administration get an upgrade
4. Lower TCO and increased staff efficiency


Development and Deployment with vFabric Postgres

First, vPostgres is available in two form factors:

  • vPostgres Virtual Appliance
  • vPostgres RPMs for 64-bit Linux Servers (RHEL 6, Suse 11 sp1+)

DeployedModelsSized

The virtual appliance is easy to deploy because it is designed for the vSphere 5.0 platform.  vPostgres RPMs are also available for custom installations requiring co-locations with other applications in a VM or having special deployment needs (including hot-standby setup). The RPMs can be accessed from repo.vmware.com and also from the VMware download website. The vPostgres virtual appliance can be used for development and test on VMware PlayerWorkstation, and Fusion products.  Since vPostgres is free for developers and works on various platforms (including mobile development), developers will have a less cumbersome time moving their work to a cloud platform or virtualized environment.

In addition, the virtual appliance is ready to handle changing resource needs by adapting CPU, memory, disk size, and more without needing any other changes inside the appliance. The vPostgres smart tuning and management capabilities require less in-depth knowledge about the inner workings of the database. With these features, developers, architects, and administrators can 1) spend less time on manual resets of configuration parameters for the core engine and 2) gain cloud scale.

vFabric Postgres Performance Improvements

There are several elements that bring cloud scale to vPostgres:

  • vPostgres can be highly available. Using vSphere HA and vMotion technologies, “database aware high availability” and automatic failover are available with simple point and click setup using the vSphere client.
  • Many companies face scenarios where databases requests spike – where memory consumption is tight and lowering.  With Elastic Database Memory working directly within the vSphere hypervisor, The Kernal Balloon driver, vPostgres Database Balloon driver, and buffer pool dynamically allocate memory to and from the hypervisor during times of need to help avoid inconsistent performance. This reduces performance variances drastically when facing changing memory pressures seen in server consolidation scenarios.   

VFabric-Postres-Arch

  • Many critical settings have higher default values than standard PostgreSQL. This improves out-of-the-box performance with a slight trade-off in disk space and memory usage.
  • Checksums are performed on each write to tables and indexes to help ensure data is clean. For example, in scenarios where SANs fail, the checksums help prevent silent bit corruption.
  • Lastly, checkpoint trade-offs between recovery time and performance are more complicated in the virtual world.  vPostgres allows for SLA configuration. With this capability, checkpoint parameters are tuned dynamically for recovery time and performance as the system monitors itself.

Monitoring and Administration with vFabric Postgres

 vPostgres supports core admin tools and adds enhancements.

  • vPostgres native clients are available for Linux, Windows and Mac. JDBC and ODBC clients are also available. Community PostgreSQL 9.1 clients and management tools work with vPostgres including pgadmin.

ClientsDrivers

  • vPostgres includes an enhanced version of pg_top which gives database transactions per second, bufferpool hits, cpu, memory, disk ios and top database connections in a single dashboard view for easier understanding of the state of the database. 

Blackbox

  • vPostgres is integrated with VMware vFabric License server for license management. The license keys can be used locally or using VMware vFabric License server. (There is a default 60-day trial license also available.)

Lower TCO and increase staff efficiency

  • Financially, license costs are more attractive compared to other “commercial” databases. 
  • The database is packaged to work with vSphere infrastructure where virtualizing supports considerable cost-savings.
  • The virtual appliance saves a significant amount of installation time – no need to size hardware, install the OS, install the RDBMS, set-up the database server, and tune, With VMware vSphere 5.0+, the appliance can be set up in 15 minutes and supports real-world workload.
  • A built-in watchdog process enables quick HA configuration, and vSphere-based High Availability can be set-up in one click.
  • Smart tuning, configuration, and management reduce overall management time.
  • The advanced version of pg_top helps to quickly narrow the focus on problematic areas saving DBAs time who do not have indepth Postgres knowledge.

Learning More

To try out vFabric Postgres, you can download a 60 day free trial, as part of vFabric Suite Advanced, at www.vfabric.co/try.

Jigneshshah

About the Author: Jignesh Shah is the Product Manager for vFabric Postgres. He also has interests in database performance  and have been working with Postgres Community for many years. He was also a key member to deliver the first published benchmark with Postgres.

NVIDIA introduces World’s Firs Virtualized GPU

On May 15th NVIDIA unveiled the NVIDIA® VGX™ platform that will be available later this year through NVIDIA’s hardware OEM and VDI partners.

This new platform promises to deliver a desktop experience  comparable to a local PC, up to 100 VDI users for each single server equipped with a VGX board.

NVIDIA VGX represents a new era in desktop virtualization. It delivers an experience nearly indistinguishable from a full desktop while substantially lowering the cost of a virtualized PC.

said Jeff Brown, general manager of the Professional Solutions Group at NVIDIA.

This product is intended for those kind of users who work with 3D design softwares and simulation tools and is designed to be integrated into enterprise IT departments providing an integration layer for commercial hypervisors (the news only talks about Citrix XenServer) and a level of manageability that allows to configure the graphics capabilities delivered to individual users in the network, based on their demands.

NVIDIA describes as follows the three key technologies of this solution:

NVIDIA VGX Boards
NVIDIA VGX boards are the world’s first GPU boards designed for data centers. The initial NVIDIA VGX board features four GPUs, each with 192 NVIDIA CUDA® architecture cores and 4 GB of frame buffer. Designed to be passively cooled, the board fits within existing server-based platforms.

The boards benefit from a range of advancements, including hardware virtualization, which enables many users who are running hosted virtual desktops to share a single GPU and enjoy a rich, interactive graphics experience; support for low-latency remote display, which greatly reduces the lag currently experienced by users; and, redesigned shader technology to deliver higher power efficiency.

NVIDIA VGX GPU Hypervisor
The NVIDIA VGX GPU Hypervisor is a software layer that integrates into a commercial hypervisor, enabling access to virtualized GPU resources. This allows multiple users to share common hardware and ensure virtual machines running on a single server have protected access to critical resources. As a result, a single server can now economically support a higher density of users, while providing native graphics and GPU computing performance.

This new technology is being integrated by leading virtualization companies, such as Citrix, to add full hardware graphics acceleration to their full range of VDI products.

NVIDIA User Selectable Machines
NVIDIA USMs allow the NVIDIA VGX platform to deliver the advanced experience of professional GPUs to those requiring them across an enterprise. This enables IT departments to easily support multiple types of users from a single server.

USMs allow better utilization of hardware resources, with the flexibility to configure and deploy new users’ desktops based on changing enterprise needs. This is particularly valuable for companies providing infrastructure as a service, as they can repurpose GPU-accelerated servers to meet changing demand throughout the day, week or season.

Cool Tool – Cloud Resource Meter

6fusion’s Cloud Resource Meter is a VMware vApp that allows you to profile any vSphere 4.1 or 5.0 environment and evaluate the cost of running that environment in the cloud – all for free and all right from the vSphere Console. Cloud Resource Meter installs in your VMware vSphere environment in minutes and allows users to view “real time” computing consumption information at a glance for the entire system, any vSphere grouping of VMs, or for each VM in the infrastructure.

Cloud Resource Meter comes in two versions Free and Pro. When you sign up and download the application, you are automatically set up with the Free Plan. If you need more, you can choose to upgrade to the Pro Plan from within the application. Take a look at the intrudcution video here.

Free ebook – The Debian Administrator’s Handbook

Accessible to all, this book teaches the essentials to anyone who wants to become an effective and independent Debian GNU/Linux administrator. It covers all the topics that a competent Linux administrator should master, from the installation and the update of the system, up to the creation of packages and the compilation of the kernel, but also monitoring, backup and migration, without forgetting advanced topics like SELinux setup to secure services, automated installations, or virtualization with Xen, KVM or LXC.
Raphaël Hertzog and Roland Mas are pleased to announce that — after 5 months of work — the Debian Administrator’s Handbook is now available, both as a beautiful 495-page paperback and as an ebook (PDF, EPUB, MOBI formats).

Philips: 21,5 Zoll großes USB-Display

Mit dem 221S3UCB hat Philips ein Display mit einer Bildschirmdiagonalen von 21,5 Zoll vorgestellt, das ausschließlich über USB mit dem Rechner verbunden wird. Auch die Stromversorgung läuft über USB.

Der Philips 221S3UCB ist ein USB-Display, das vor allem für den Einsatz am Notebook gedacht ist. Da stört ein zusätzliches Kabel für ein Netzteil, so das Kalkül des Herstellers.

Das Display mit LED-Hintergrundbeleuchtung erreicht eine Auflösung von 1.920 x 1.080 Pixeln bei einer Reaktionszeit von 5 Millisekunden und einer Helligkeit von 150 Candela pro Quadratmeter. Das Kontrastverhältnis gibt Philips mit 1.000:1 an. Den Paneltyp verriet Philips zwar nicht, aber die Einblickwinkel von 160 Grad horizontal und 150 Grad vertikal deuten auf ein TN-Panel hin.

Eine Höhenverstellung um 70 mm, die Neigefähigkeit und ein Drehteller im Fuß sollen die Einstellung einer ergonomischen Position ermöglichen. Der Philips 221S3USB soll ab sofort für rund 173 Euro erhältlich sein.

Roamingpreise: Telefonieren und mobiles Internet wird in der EU billiger

Ab dem 1. Juli 2012 wird die Handynutzung im EU-Ausland nochmals günstiger. Das Europäische Parlament hat die von den EU-Gremien vorgeschlagenen Preisobergrenzen für Roaminggebühren festgelegt und erstmals einen Höchstpreis für Datenroaming bestimmt.

Für die mobile Datennutzung dürfen Mobilfunknetzbetreiber im EU-Ausland ab dem 1. Juli 2012 von ihren Kunden maximal 83 Cent pro MByte verlangen, entschied das Europäische Parlament. Damit wurden die Vorschläge vom März 2012 umgesetzt. Die Kosten für Handytelefonate sinken für ausgehende Anrufe von 42 Cent auf maximal 35 Cent pro Minute. Eingehende Anrufe dürfen pro Minute dann statt 13 Cent nur noch 10 Cent kosten. Im EU-Ausland versendete SMS dürfen bald nur noch mit maximal 11 Cent berechnet werden. Alle Preise enthalten die Mehrwertsteuer von 19 Prozent.

EU beschließt weitere Preissenkungen für 2013

Im Zuge der neuen Roamingpreisfestlegungen wurden auch neue Preisobergrenzen für die folgenden zwei Jahre bestimmt. Ab dem 1. Juli 2013 kostet das MByte maximal 54 Cent im EU-Ausland. Die Preisobergrenze für ausgehende Telefonate beträgt dann 29 Cent die Minute, während die Telefonminute für eingehende Anrufe maximal 8 Cent kosten darf. Der SMS-Preis im EU-Ausland sinkt auf 10 Cent.

Nochmals deutlich günstiger wird die mobile Datennutzung ab dem 1. Juli 2014 im EU-Ausland. Kunden müssen dann nur noch maximal 24 Cent pro MByte bezahlen. Maximal 23 Cent pro Minute kosten ausgehende Anrufe und die Telefonminute bei eingehenden Telefonaten verringert sich auf 6 Cent. Der SMS-Preis sinkt auf 7 Cent pro Nachricht.

Mit den Preisobergrenzen will die EU das Telefonieren im EU-Ausland für Kunden günstiger machen und den Wettbewerb im Roamingmarkt antreiben. Dazu sollen ab dem 1. Juli 2012 Anbieter ohne eigenes Netz eigene Roamingpreisangebote unterbreiten können. Somit wäre es also denkbar, dass bald Mobilfunkdiscounter eigene Roamingpreise anbieten.

Mitte 2014 werden Roamingverträge möglich

Ab dem 1. Juli 2014 sollen Mobilfunkkunden zusätzliche Roamingverträge abschließen können. Diese Verträge sollen mit einem anderen Netzanbieter möglich sein, während der Kunde ohne Einschränkungen unter der Rufnummer des Hauptvertrages erreichbar sein soll. Sobald sich der Kunde im EU-Ausland befindet, sollen die Konditionen des Roamingvertrages gelten. Für die mobile Datennutzung sollen örtliche Anbieter zusätzliche Konditionen anbieten können, die sich am Niveau der Kosten für die mobile Datennutzung im Inland orientieren sollen.

Die innerhalb der EU übliche Warnung vor zu hohen Roaminggebühren wird ab dem 1. Juli 2012 auch außerhalb der EU eingeführt. Vorausgesetzt, das im Ausland genutzte Mobilfunknetz erfüllt die technischen Anforderungen dafür, heißt es recht schwammig in einer Mitteilung des Europäischen Parlaments. Dann sollen Kunden eine Warnung erhalten, sobald sie mehr als 50 Euro an Roamingkosten verbraucht haben. Dieser Grenzwert gilt noch ohne Aufschlag der Mehrwertsteuer.