I spent all morning chasing an annoying error in Group Policy Management while trying to delete an old unused OU while logged in as Domain Admin: Group Policy Management Access is Denied Continue reading
I have to confess that I have always thought of NFS for vSphere as being a second-tier choice. Even the best solutions from well known vendors using 10GbE and SSD, NFS datastores always seem to under-perform and be more problematic as compared to block-storage SAN devices. Even with the theoretical reduction of overhead per payload (per Ethernet Frame), I’ve never found an enterprise NFS device that I wouldn’t gladly trade for a block-storage SAN when used for vSphere-specific applications. Continue reading
I’ve been harping about this for years, but a couple of recent customer situations have emphasized the importance of correct time/NTP configuration for all of your vSphere components. Continue reading
External “Trusted” CAs
There is a common misconception that security is improved Through installing certificates issued by “trusted” CAs. The truth is that certificates issued by external CAs like Thawte, Verisign and GoDaddy are no more secure than those you create yourself! In fact, by going to an external source in the first place, and trusting them with your Certificate Signing Request (CSR) and Privacy Key (PK) at all, you are placing the security of your organization in their hands! External CAs are generally security-aware, but they are also massive targets for hackers. The risk, if your data got exposed by an external CA, is that hackers could masquerade as you and potentially gain access to critical systems!
In an ideal world, management would provide unlimited funding to upgrade hardware continuously! We all know that’s not going to happen! Sometimes it is necessary to prolong the lifespan of servers as long as possible, particularly when they are extremely well-provisioned devices, even by today’s standards!
Such is the case with our HP BL460 G7 Blades. They are each equipped with a dual-port 10Gb onboard NIC adapter (Emulex HP NC553i) and a dual-port Mezzanine NIC adapter (Emulex HP NC551m), rendering a total of four 10Gb ports.
Recently, after running HP Service Pack for Proliant (SPP), we lost network connectivity to the Emulex HP NC551m adapter. It wasn’t simply that no network traffic was being passed, but rather the entire adapter disappeared from the configuration in ESXi 6, and the adapters were not visible using the SSH CLI command: esxcli network nic list It’s as if the NC551m adapter simply wasn’t there! Continue reading
I was designing a customer vSAN deployment and I came across the guidelines and formula for calculating the required ESXi Coredump partition size: https://kb.vmware.com/s/article/2147881
Right away, I started working the formula for my customers deployment, when it occurred to me; this is WAY more complicated than it needs to be!
VMware actually wants you to take a number (the size of SSD in GB), divide by 100, multiply by 0.181 and then multiply by 0.25. Ridiculous!
- Why not just multiply by 0.0045, it is exactly the same thing!
For years, I have dismissed Virtual Machine Hardware version as unimportant. In fact, in this very blog, I may have advocated for leaving VM Hardware Version set at 8, to maintain full compatibility with both the vSphere C# Client and the vSphere Web Client.
Unfortunately, thanks to Spectre and Meltdown, things have changed. Updating your VM Hardware Version also updates the VM BIOS, and that’s an important part in the remediation of Speculative Execution Vulnerabilities, specifically: CVE-2017-5715 ‘Spectre Variant 2’. Continue reading
Invalid snapshot configurations happen. Mostly, they occur because of problems with storage arrays during snapshot creation/consolidation, but they can also occur if certain process become interrupted (like replication) mid-snapshot.
The more heavily you rely on snapshots, the more likely it is you will come across a problem with snapshots. Specifically if you use a product like Veeam, which leverages a VMware Snapshot to quiesce data, you may see an Invalid Snapshot Configuration from time to time.The more often you protect your data, the more often you create and remove snapshots. This is NOT to sat that there is a problem with Veeam; Veeam is awesome, however it is subject to events on the underlying infrastructure and possible on VPN/MPLS links between sites Continue reading
Many people are under the incorrect belief that it is hardware-level firmware updates from companies like HPE and Dell that will protect our Virtual Machines from Speculative Execution Vulnerabilities. This is NOT TRUE.
- As far as your VMs are concerned, the VM BIOS and Hypervisor are the hardware!