vCOPS 5.6 Integration in the VMware vSphere Web Client

vCenter Operations Manager 5.6 is the latest release of VMware's integrated operations suite, converging performance, capacity, and configuration management. This new release introduces the following features and enhancements.

This release introduces vCenter Operations Manager integration in the vSphere Web Client. Badges appear in the vSphere Web Client interface when you register an instance of VMware vCenter Operations Manager with a vCenter Server that you want to monitor. Your vCenter Operations Manager license determines which badges and widgets you can see in the vSphere Web Client.

Note: vCenter Operations Manger supports integration in the VMware vSphere Client for vCenter Server 5.1.

Technical Paper – Replacing Default vCenter 5.1 and ESXi Certificates

vSphere encrypts session information using standard digital certificates. Using the default certificates that vSphere creates might not comply with the security policy of your organization. If you require a certificate from a trusted certificate authority, you can replace the default certificate.

Certificate checking is enabled by default and SSL certificates are used to encrypt network traffic. However, ESXi and vCenter Server use automatically generated certificates that are created as part of the installation process and stored on the server system. These certificates are unique and make it possible to begin using the server, but they are not verifiable and are not signed by a trusted, well-known certificate authority (CA).

These default certificates are vulnerable to possible man-in-the-middle attacks. To receive the full benefit of certificate checking, especially if you intend to use encrypted remote connections externally, install new certificates that are signed by a valid internal certificate authority or public key infrastructure (PKI) service. Alternatively, purchase a certificate from a trusted commercial security authority. For information about encryption and securing your vSphere environment, see the vSphere Security documentation.

Release: VMware ESXi and vCenter Server 5.0 Update 2

Release: Citrix VDI-in-a-Box 5.2

January 7th, 2013

Citrix has released version 5.2 of its Virtual Desktop Infrastructure (VDI) product: VDI-in-a-box. Citrix acquired the VDI-in-a-box product after acquiring Kaviza in May 2011. VDI-in-a-Box offers an all-in-one VDI solution…

Red Hat signs definitive agreement to acquire ManageIQ

December 24th, 2012

Red Hat has agreed to acquire ManageIQ, for approximately $104.0 million in cash. The closing of the transaction is subject to customary closing conditions, including approval by the stockholders of…

Release: VMware vCenter Server 5.1.0b

December 24th, 2012

VMware has released an update for vCenter Server 5.1. The update contains some bugfixes as described in the release notes. The problems solved are:

Timeout errors occurring when logging in…

Release: VMware ESXi and vCenter Server 5.0 Update 2

December 24th, 2012

Although VMware already released version 5.1 of vSphere it still updates earlier supported versions as well. VMware has released Update 2 for both its hypervisor ESXi and its hypervisor management…

Release: Login Virtual Session Indexer 3.7

December 19th, 2012

Login VSI has released version 3.7 of its vendor independent Login Virtual Session Indexer benchmarking utility. Login VSI measures the performance and scalability of Virtual Desktop Infrastructures (VDI) and Server…

Release: VMware View 5.1.2

December 18th, 2012

VMware has released version 5.1.2. for its Virtual Desktop Infrastructure (VDI) product View. This version is considered a maintenance release which can be used to upgrade from View 5.1 which…

Paper: HP DBC Reference Architecture technical overview

December 17th, 2012

HP has released a paper titled: "HP DBC Reference Architecture technical overview". The paper which contains 55 pages contains a reference architecture solution for database consolidation, provisioning, and running thousands…

Release: Trilead VM Explorer 4.1

December 17th, 2012

Trilead has released version 4.1 of its backup solution for Virtual Machines VM Explorer. VM Explorer Backups can be stored on ESX, Windows, Linux and FreeBSD based storage platforms or…

Release: Microsoft Assessment and Planning Toolkit 8.0

December 17th, 2012

After releasing a beta in November, Microsoft last week released version 8.0 of its Assessment and Planning Toolkit (MAP). MAP is Microsofts capacity planning tool, which it releases for free…

Release: Microsoft System Center 2012 Service Pack 1

December 15th, 2012

Microsoft has released Service Pack 1 for its private cloud management suite System Center. The news was initially posted at a TechNet forum by a Microsoft employee working in the…

Release: Bromium vSentry 1.1

December 11th, 2012

In June last year, Simon Crosby at that time CTO of Citrix and Ian Pratt VP of Advanced Virtualization products at Citrix announced that they were leaving Citrix to…

Release: VMware VMmark 2.5

December 11th, 2012

VMware has released version 2.5 of its benchmarking framework VMmark. VMmark focuses on measuring the performance of the whole data center, including complex operations like manual and automated (or DRS-initated)…

Paper: HP VirtualSystem VS2 for Red Hat

December 11th, 2012

HP has released a paper titled: "HP VirtualSystem VS2 for Red Hat". The paper which contains 39 pages contains a reference architecture for building a Red Hat Enterprise Virtualization (RHEV)…

Paper: vStart 1000m for Enterprise Virtualization using Hyper-V

December 10th, 2012

Dell has released a new paper titled: "vStart 1000m for Enterprise Virtualization using Hyper-V: Reference Architecture". The paper which contains 34 pages describes a validated reference architecture for running Hyper-V…

Monthly Archive

Google Sync: Datenzugriff via Activesync wird für Neugeräte eingestellt

Google stellt in Google Sync die Unterstützung von Microsofts Exchange-Activesync-Protokoll Anfang kommenden Jahres ein. Die Änderung betrifft nur Privatnutzer und Neugeräte.

Ab dem 30. Januar 2013 unterstützt Google Sync das Exchange-Activesync-Protokoll von Microsoft nicht mehr. Ab diesem Datum können keine neuen Geräte mehr auf diesem Wege die Daten der Google-Dienste Gmail, Kalender, Kontakte synchronisieren. Die Änderung gilt nur für Geräte, die bis dahin nicht mit Google Sync eingerichtet wurden. Wer bereits eine solche Verbindung verwendet, kann diese weiter verwenden.

Diese Einschränkung gilt nur für Privatnutzer. Wer Google Apps als Unternehmenslösung, für Behörden oder Bildungseinrichtungen verwendet, kann den Google-Sync-Datenaustausch via Activesync ebenfalls weiter nutzen. Damit E-Mails, Termine und Kontakte künftig per Google Sync ausgetauscht werden können, werden IMAP, CalDAV und CardDAV verwendet. Während die IMAP-Unterstützung für die meisten Plattformen keine Probleme darstellt, sieht es beim Termin- und Kontaktaustausch schon anders aus.

Somit haben nun mobile Plattformen das Nachsehen, die CalDAV und CardDAV nicht unterstützen. Sowohl Apples iOS als auch Googles Android beherrschen die beiden Protokolle. Microsofts Smartphone-Plattform Windows Phone kann auch in der aktuellen Version mit CalDAV- und CardDAV-Daten nichts anfangen. Research In Motion (RIM) unterstützt die beiden Protokolle mit dem Playbook OS und das künftige Blackberry OS 10 soll es ebenfalls können. Die bisherigen Blackberry-Smartphone-Betriebssysteme unterstützen die Protokolle von Haus aus nicht.

Ebenfalls am 30. Januar 2013 werden die Synchronisationsoptionen Sync für Nokia S60 und SyncML von Google eingestellt. Damit wird der Datenzugriff auf Google-Dienste vor allem für ältere Mobiltelefone dann schwieriger. Ob auch diese Dienste für Bestandsgeräte weitergeführt werden, erklärte Google nicht.

2.0.2 Release Now Available!

pfSense 2.0.2 is a maintenance release with some bug and security fixes since 2.0.1 release. You can upgrade from any previous release to 2.0.2.

Heads up for those upgrading

Auto Update URL – For those upgrading from a prior release, first please make sure you’re on the correct auto-update URL. Tens of thousands of installs were from 2.0 pre-release snapshots which had their update URL set to the snapshot server rather than the stable release updates. Others had manually set their architecture incorrectly at some point and had failed upgrades because of it. Just browse to System>Firmware, Updater Settings tab. From the “Default Auto Update URLs” drop down box, pick either the stable i386 or amd64 depending on which version you have installed, and click Save. Then you can use the auto-update and be ensured you’re pulling from the correct location.

PPP-assigned DNS server problem – those with PPP type WANs (PPP, PPPoE) using the DNS servers assigned by their ISP rather than ones defined under System>General Setup, be aware those DNS servers will not be used. There are two work arounds detailed here.

FreeBSD Security Advisories

Base OS updated to 8.1-RELEASE-p13 to address the following FreeBSD Security Advisories:

  • NOTE: FreeBSD-SA-12:03.bind, FreeBSD-SA-12:05.bind, and FreeBSD-SA-12:06.bind do not apply to us, since we do not use nor include bind. FreeBSD-SA-12:08.linux does not apply since we do not use nor include the Linux compatibility layer of FreeBSD. FreeBSD-SA-12:02.crypt doesn’t apply because we don’t use DES in that context.


  • Added a warning to PPTP VPN configuration page: PPTP is no longer considered a secure VPN technology because it relies upon MS-CHAPv2 which has been compromised. If you continue to use PPTP be aware that intercepted traffic can be decrypted by a third party, so it should be considered unencrypted. We advise migrating to another VPN type such as OpenVPN or IPsec.
  • Fix reference to PPTP secondary RADIUS server shared secret.
  • PPTP 1.x to 2.x config upgrade fixes.

NTP Changes

  • OpenNTPD was dropped in favor of the NTP daemon, used by FreeBSD.
  • Status page added (Status > NTP) to show status of clock sync
  • NTP logging fixed.
  • NOTE: ntpd will bind/listen to all interfaces by default, and it has to in order to receive replies. You can still do selective interface binding to control which IPs will accept traffic, but be aware that the default behavior has changed.

Dashboard & General GUI Fixes

  • Various fixes for typos, wording, and so on.
  • Do not redirect on saving services status widget.
  • Don’t use $pconfig in widgets, it has unintended side effects.
  • Fix display of widgets with configuration controls in IE.
  • Changed some padding/margin in the CSS in order to avoid wrapping the menu.
  • #2165 Change to embed to prevent IE9 from misbehaving when loading the Traffic Graph page

OpenVPN Fixes

  • Safer for 1.2.3 upgrades to assume OpenVPN interface == any, since 1.2.3 didn’t have a way to bind to an interface. Otherwise people accepting connections on OPT interfaces on 1.2.3 will break on upgrade until the proper interface is selected in the GUI
  • Don’t ignore when multiple OpenVPN DNS, NTP, WINS, etc servers were specified in 1.2.3 when upgrading. 1.2.3 separated by ;, 2.x uses separate vars.
  • Fix upgrade code for 1.2.3 with assigned OpenVPN interface.
  • Fix LZO setting for Upgraded OpenVPN (was turning compression on even if old config had it disabled.)
  • Be more intelligent when managing OpenVPN client connections bound to CARP VIPs. If the interface is in BACKUP status, do not start the client. Add a section to rc.carpmaster and rc.carpbackup to trigger this start/stop. If an OpenVPN client is active on both the master and backup system, they will cause conflicting connections to the server. Servers do not care as they only accept, not initiate.

IPsec fixes

  • Only do foreach on IPsec p2?s if it’s actually an array.
  • #2201 Don’t let an empty subnet into racoon.conf, it can cause parse errors.
  • #2201 Reject an interface without a subnet as a network source in the IPsec Phase 2 GUI.
  • Add routes even when IPsec is on WAN, as WAN may not be the default gateway.
  • #1986 Revamped IPsec status display and widget to properly account for mobile clients.
  • Fixed a bug that caused the IPsec status and widget to display slowly when mobile clients were enabled.

User Manager Fixes

  • #2066 Improve adding/removing of users accounts to the underlying OS, especially accounts with a numeric username.
  • Include admin user in bootup account sync
  • Fix permission and certificate display for the admin user
  • Fix ssh key note to refer to DSA not just RSA since both work.
  • “:” chars are invalid in a comment field, filter them out.
  • When renaming a user, make sure to remove the previous user or it gets left in /etc/passwd.
  • #2326 Do not allow empty passwords since this might cause problems for some authentication servers like LDAP.

Captive Portal Fixes

  • Take routing table into account when figuring out which IP address to use for talking to CP clients.
  • Prevent browser auto-fill username and password on voucher config, as it can interfere with the settings being properly saved if sync isn’t fully configured, which this can make happen accidentally.
  • Correct the Called-Station-Id attribute setting to be the same on STOP/START packets
  • Correct the Called-Station-Id attribute setting to be consistent on the data sent
  • #2082 Correct the log to display the correct information about an existing session
  • #2052 Remove duplicate rule
  • Fix which roll to write when writing the active voucher db
  • Always load ipfw when enabling CP to ensure the pfil hooks are setup right
  • #2378 Fix selection of CP interfaces when using more than 10 opt interfaces.
  • Strengthen voucher randomization.

NAT/Firewall Rules/Alias Fixes

  • #2327 Respect the value of the per-rule “disable reply-to” checkbox.
  • #1882 Fix an invalid pf rule generated from a port forward with dest=any on an interface with ip=none
  • #2163 1:1 Reflection fixes for static route subnets and multiple subnets on the same interface.
  • Better validation on URL table alias input from downloaded files.
  • #2293 Don’t put an extra space after “pass” when assuming it as the default action or later tests will fail to match this as a pass rule.
  • Update help text for Host aliases to indicate FQDNs are allowed.
  • #2210 Go back to scrub rather than “scrub in”, the latter breaks MSS clamping for egress traffic the way we use it.
  • Fix preservation of the selection of interfaces on input errors for floating rules.
  • Fix URL table update frequency box.
  • Fix input validation for port forwards, Local Port must be specified.
  • Added a setting to increase the maximum number of pf tables, and increased the default to 3000.
  • Properly determine active GUI and redirect ports for anti-lockout rule, for display and in the actual rule.
  • Handle loading pf limits (timers, states, table/entry limits, etc) in a separate file to avoid a chicken-and-egg scenario where the limits would never be increased properly.

Interface/Bridging Fixes

  • Correct checking if a gif is part of bridge so that it actually works correctly adding a gif after having created it on bootup
  • Use the latest functions from pfSense module for getting interface list
  • Use the latest functions from pfSense module for creating bridges
  • Implement is_jumbo_capable in a more performant way. This should help with large number of interfaces
  • Since the CARP interface name changed to “vipN” from “carpN”, devd needs to follow that change as well.
  • #2242 Show lagg protocol and member interfaces on Status > Interfaces.
  • #2212 Correctly stop dhclient process when an interface is changed away from DHCP.
  • Fixed 3G SIM PIN usage for Huawei devices
  • Properly obey MTU set on Interface page for PPP type WANs.

Other Misc. Fixes

  • #2057 Add a checkbox that disables automatically generating negate rules for directly connected networks and VPNs.
  • Mark “Destination server” as a required field for DHCP Relay
  • Clarify the potential pitfalls when setting the Frequency Probe and Down parameters.
  • Add a PHP Shell shortcut to disable referer check (playback disablereferercheck)
  • #2040 Make Wireless Status tables sortable
  • #2068 Fix multiple keys in a file for RFC2136 dyndns updates.
  • Check to see if the pid file exists before trying to kill a process
  • #2144 Be smarter about how to split a Namecheap hostname into host/domain.
  • Add a small script to disable APM on ATA drives if they claim to support it. Leaving this on will kill drives long-term, especially laptop drives, by generating excessive Load Cycles. The APM bit set will persist until the drive is power cycled, so it’s necessary to run on each boot to be sure.
  • #2158 Change SNMP binding option to work on any eligible interface/VIP. If the old bindlan option is there, assume the lan interface for binding.
  • Fix reference to PPTP secondary RADIUS server shared secret.
  • #2147 Add button to download a .p12 of a cert+key.
  • #2233 Carry over the key length on input errors when creating a certificate signing request.
  • #2207 Use PHP’s built-in RFC 2822 date format, rather than trying to make our own.
  • Allow specifying the branch name after the repository URL for gitsync command-line arguments and remove an unnecessary use of the backtick operator.
  • Correct send_multiple_events to conform with new check_reload_status behaviour
  • Do not wipe logs on reboot on full install
  • Set FCGI_CHILDREN to 0 since it does not make sense for php to manage itself when lighttpd is doing so. This makes it possible to recover from 550-Internal… error.
  • Support for xmlrpcauthuser and xmlrpcauthpass in $g.
  • Fix Layer 7 pattern upload, button text check was incorrect.
  • Correct building of traffic shaping queue to not depend on parent mask
  • #2239 Add alias support to static routes
  • Use !empty instead of isset to prevent accidental deletion of the last used repository URL when firmware update gitsync settings have been saved without a repository URL.
  • Better error handling for crypt_data and also better password argument handling
  • Stop service needs to wait for the process to be stopped before trying to restart it.
  • Use a better default update url
  • Fix missing description in rowhelper for packages.
  • #2402#1564 Move the stop_packages code to a function, and call the function from the shell script, and call the function directly for a reboot.
  • #1917 Fix DHCP domain search list
  • Update Time Zone zoneinfo database using latest zones from FreeBSD
  • Handle HTTPOnly and Secure flags on cookies
  • Fixed notifications for firmware upgrade progress
  • Removed an invalid declaration that considered a private address.
  • Fixed redirect request for IE8/9
  • #1049 Fix crashes on NanoBSD during package removal/reinstall. Could result in the GUI being inaccessible after a firmware update.
  • Fix some issues with upgrading NanoBSD+VGA and NanoBSD+VGA Image Generation
  • Fix issues upgrading from systems with the old “Uniprocessor” kernel which no longer exists.
  • Fix a few potential XSS/CSRF vectors.
  • Fixed issue with login page not showing the correct selected theme in certain configurations.
  • Fix limiters+multi-wan

Binary/Supporting Program Updates

  • Some cleanup to reduce overall image size
  • Fixes to ipfw-classifyd file reading and handling
  • Updated miniupnpd
  • ISC DHCPD 4.2.4-P1
  • mdp5 upgraded to 5.6
  • pftop updated
  • lighttpd updated to 1.4.32, for CVE-2011-4362 and CVE-2012-5533.

Upgrade Information

As always, information on upgrading can be found in the Upgrade Guide.


Downloads for new installs can be found on the mirrors here.

Upgrades can be found here.

Note: some mirrors are still syncing, it will be several hours from the time of this post until all are synced.

Proliant Microserver N54L: Neuer günstiger Mini-Server von HP

In Preisvergleichen ist ein leicht verbessertes Modell des bei Bastlern beliebten Microserver N40L von HP gelistet worden. Der N54L besitzt eine schnellere CPU und bleibt weiterhin günstig. Das Leergehäuse ist durchaus eine Alternative zu NAS-Systemen oder dem privaten Heimserver.

Hewlett-Packards neuer Microserver N54L wird mittlerweile in Preisvergleichen wie etwa gelistet. Der Server ist ein leicht verbessertes Modell des beliebten N40L, einem AMD-basierten Kleinstserver mit viel Platz für Festplatten. Offiziell angekündigt hat HP Deutschland den neuen Server noch nicht, so dass noch unklar ist, wann er auf den Markt kommt. Es gibt aber bereits ein US-Datenblatt und auch auf der deutschen HP-Webseite ist der Microserver schon zu finden.

Vom Vorgänger übernimmt HP fast alle Eigenschaften des Systems. Bis zu vier Festplatten im 3,5-Zoll-Format lassen sich in die Wechselrahmen einsetzen. Unterstützt wird SATA 3Gb/s, vermutlich wie beim N40L auch bei diesem Modell über einen MiniSAS-Anschluss auf dem Mainboard. Da in den Slots ein normaler SATA-Anschluss steckt, braucht es keine Adapter. Laut HP werden aber nur Festplatten mit 2 TByte Speicherkapazität offiziell unterstützt. Ob größere Festplatten funktionieren, ist derzeit unklar.

Außerdem hat das System Platz für ein optisches 5,25-Zoll-Laufwerk sowie zwei PCIe-2.0-Karten, einmal per x1 und einmal per x16 angebunden. In diese Schächte kann auch HPs Remote Access Card mit eigenem Ethernet-Anschluss eingesetzt werden. Beim N40L können damit etwa ISO-Images aus der Ferne in das System eingebunden werden. Das System bietet zudem sieben USB-Anschlüsse. Vier vorne, zwei hinten und einer auf dem Mainboard, der offiziell für HPs interne Bandlaufwerke vorgesehen ist. Die USB-Anschlüsse bieten nur das langsame USB 2.0.

Für die schnelle Außenanbindung hat der Microserver einen eSATA-Anschluss sowie Gigabit-Ethernet. Als Prozessor kommt der namensgebende AMD Turion II Neo N54L mit 2 x 2,2 GHz zum Einsatz. Der Vorgänger hatte nur einen N40L mit 2 x 1,5 GHz im Inneren. Der Arbeitsspeicher kann auf 8 GByte aufgerüstet werden (2 x DDR3-DIMM, ECC). Voll bestückt soll der Server eine elektrische Leistungsaufnahme von 72 Watt haben.

Bisher listen wenige Händler den neuen Microserver, den es zunächst nur als Modell mit 2 GByte RAM, einem optischen Laufwerk sowie einer 250-GByte-Festplatte geben wird. Die Preise liegen bei 360 bis 420 Euro mit einem derzeit unbekannten Liefertermin.

VROOM!: VMmark 2.5 Released

I am pleased to announce the release of VMmark 2.5, the latest edition of VMware’s multi-host consolidation benchmark. The most notable change in VMmark 2.5 is the addition of optional power measurements for servers and servers plus storage. This capability will assist IT architects who wish to consider trade-offs in performance and power consumption when designing datacenters or evaluating new and emerging technologies, such as flash-based storage.

VMmark 2.5 contains a number of other improvements including:

  • Support for the VMware vCenter Server Appliance.
  • Support for VMmark 2.5 message and results delivery via Growl/Prowl.
  • Support for PowerCLI 5.1.
  • Updated workload virtual machine templates made from SLES for VMware, a free use version of SLES 11 SP2.
  • Improved pre-run initialization checking.

Full release notes can be found here.

Over the past two years since its initial release, VMmark 2.x has become the most widely-published virtualization benchmark with over fifty published results. We expect VMmark 2.5 and its new capabilities to continue that momentum. Keep an eye out for new power and power-performance results from our hardware partners as well as a series of upcoming blog entries presenting interesting power-performance experiments from the VMmark team.

The power measurement capability in VMmark 2.5 utilizes the SPEC®™ PTDaemon (Power Temperature Daemon). The PTDaemon provides a straightforward and reliable building block with support for the many power analyzers that have passed the SPEC Power Analyzer Acceptance Test.

All currently published VMmark 2.0 and 2.1 results are comparable to VMmark 2.5 performance-only results. Beginning on January 8th 2013, any submission of benchmark results must use the VMmark 2.5 benchmark kit.

. Bookmark the


Sparkleshare 1.0 ist fertig

Das Git-Backend für SparkleShare läuft auf dem eigenen Server oder bei einem Git-Hoster. Vergrößern
Die SparkleShare-Entwickler haben die Version 1.0 ihrer Synchronisationslösung veröffentlicht. Die Software, verfügbar für Linux, Mac OS X und Windows, bietet ähnliche Funktionen wie Dropbox, verwendet jedoch Git als Backend zum Speichern der synchronisierten Daten auf dem Server. Das Versionskontrollsystem kann dabei auf einem eigenen Server oder bei einem Git-Hoster wie GitHub, Gitorious oder Bitbucket laufen.

Der SparkleShare-Client legt beim Start einen Ordner an, dessen Inhalt mit allen anderen SparkleShare-Installationen des Anwenders synchronisiert wird. Dank Git ist es möglich, auf ältere Versionen von Dateien zuzugreifen. Zudem können mehrere Anwender mit einem gemeinsamen Repository arbeiten. Die Datenübertragung zwischen Client und Git-Host erfolgt verschlüsselt; optional lassen sich die Daten auch verschlüsselt speichern, wobei der Schlüssel lokal gespeichert wird.

Da SparkleShare die Daten in dem Versionskontrollsystem Git speichert, arbeitet die Software am besten mit Textdateien und eignet sich weniger für große Binärdateien. Die Clients für Linux, Mac OS X und Windows sind unter GPLv3 kostenlos erhältlich; einige Entwickler außerhalb des Projekt stellen zudem Clients für Android und iOS bereit, die allerdings zusätzliche Software auf dem Server benötigen.

Siehe dazu auch: