This has been an awesome week for me filled with virtualization from 8:00am Monday till 5:00pm Friday. I've given my cloud presentation once again, briefed on an announcement of a new free product (that will be updated on Monday), visited the VMware Express bus, attended Virtualization Forum in Cincinnati, and attended Louisville VMUG to hear more about Veeam SureBackup. During all this madness, two products really drew my attention and it's worth letting other know about.

Over the past few days, I figured I would give vShield Zones a shot. It's a brand new feature to vSphere and touted as a "virtual firewall" inside of your VMware environment. VMware describes vShield Zones as: "Monitor and enforce network traffic within your virtual datacenter to meet corporate security policies and ensure regulatory compliance.  VMware vShield Zones enables you to run your applications efficiently within a shared computing resource pool, while still maintaining trust and network segmentation of users and sensitive data."

A few reasons why people would want to use vShield Zones:

1. You have Virtual Machines in your datacenter, but they can't talk to each other for any reason. For instance, you work in a large company and business units don't want their application server to have contact with anything else in the company except their people or their servers.
2. You want all your VMs to talk, but not on every single port. If certain applications on multiple servers need to talk on a specific port, you can cut down on loud noise traffic by only allowing certain ports to talk.
3. The DMZ. Set your VMs up with an IP address to the outside world and start blocking requests.
4. From Eric Siebert's article below: "In some cases, a physical firewall can’t protect a VM. For example, if you have multiple VMs on the same vSwitch and port group on a host server, the network traffic between them never leaves the host to travel over the physical network, so a physical firewall cannot provide protection. Virtual firewalls are also complementary to physical firewalls and provide an additional layer of protection for your virtual machines."

EDIT: 11/29/2011

I have no updated these to reflect vSphere 5 changes!

VMware vSphere 5 Host Network Design Layout and Configuration

I was approached by someone via LinkedIn and the VMTN Community Forums this past week about possible ways to design a vSphere Host NIC layout. The customer has 12 NICs for each server (talk about making it easy), has Enterprise Plus licensing, but wasn't planning on using features such as Fault Tolerance or Virtual Distributed Switches. With that said, here is how I came up with a few designs.

Table Key
2 on-board NICs = vmnic0, vmnic1
4 expansion NICs = vmnic2, vmnic3, vmnic4, vmnic5
4 expansion NICs = vmnic6, vmnic7, vmnic8, vmnic9
2 expansion NICs = vmnic10, vmnic11


Option 1 easier and less configuration:
vSwitch0

Download the 1mb VKernel Capacity View tool for your VMware ESX and vSphere environment. It works with any ESX, ESXi or vCenter version. The install takes about 30 seconds and you get a quick glimpse of your environment.

Be sure to add kendrickcoleman [@] gmail [dot] com as your referral! minus the brackets of course :) Thanks! Click Read more for a picture of my Home lab setup!

I experienced this issue the past week. Veeam threw an error during a backup about it not being able to delete a snapshot. Come to find out, there was a slew of snapshots just sitting there even though the snapshot manager thought there were no snapshots.

Symptoms: You have a VM with a snapshot that says Consolidate Helper- 0

After about 2 weeks of frustration and testing I finally figured out why 2 of my VMs were not being backed up and hopefully this helps someone else out.

We run our Veeam server as a VM and use the Virtual Appliance mode to backup all of our VMs. At first, all I did was add my vCenter server into the list of servers. I set up a few jobs and I would have 2 VMs continuously fail, the vCenter and vCenter Database VMs. To alleviate this issue, these 2 VMs cannot be backed up through vCenter, but instead you have to add the ESX(i) server to the list of servers and then add the VM to the backup job through the particular host.

Veeam has recently announced a new technology called SureBackup that will change the way backups are done "forever". Forever is a strong word, but it holds true in this statement. This new technology will allow you to actually verify and test your backups with a few clicks of the button. The great thing, is that you don't have to restore to a particular VM, or even worry about space constraints. The verification process allows you to run a VM or a coupled group of VMs (vApp) all within the compressed images without inflation.

This past week I noticed an update to NetApp ONTAP. We were running version 7.3.1.1 and I wanted to upgrade to 7.3.2. I heard from so many people, "Don't worry Kenny, it's so easy to do an upgrade." Come to find out, it's actually EXTREMELY EASY. The bad part is, there is a 200 page upgrade guide that makes everything more challenging than it really needs to be. Chris Kranz (@ckranz) over at wafl.co.uk has a good guide for ONTAP Upgrades. I wanted to spoon feed his tutorial a bit more for anyone else wanting to do their first NetApp ONTAP upgrade. This will be done the n00b fashion way with Windows :)

So here we go from the beginning:

The ONTAP upgrade is done to ensure that the NetApp SAN has the most recent release of software. This is also a non-disruptive upgrade because in this case we have 2 controllers (or nodes).

To acquire the ONTAP release, login to the NOW site which is located at http://now.netapp.com
Once logged in, navigate to Download Software and find the drop down for ONTAP. Locate your SAN type and click go. Download the .exe file for the version to upgrade. We will be using windows and CIFS to perform the upgrade.
At this time, we downloaded the release called 732_setup_e.exe for the 7.3.2 release for our FAS2020a. Save it to your desktop until we are ready to transfer.