Author: John Borhek
John Borhek

About John Borhek

John Borhek (VCP 3-6.5) is the IT Director and Lead Solutions Architect at VMsources Group Inc. and an active consultant specializing in VMware vSphere, Linux, Networking and Infrastructure Design.

NFS Reading list for vSphere Users

I have to confess that I have always thought of NFS for vSphere as being a second-tier choice. Even the best solutions from well known vendors using 10GbE and SSD, NFS datastores always seem to under-perform and be more problematic as compared to block-storage SAN devices. Even with the theoretical reduction of overhead per payload (per Ethernet Frame), I’ve never found an enterprise NFS device that I wouldn’t gladly trade for a block-storage SAN when used for vSphere-specific applications. Continue reading

Do you actually need CA Certificates?

External “Trusted” CAs


 There is a common misconception that security is improved Through installing certificates issued by “trusted” CAs. The truth is that certificates issued by external CAs like Thawte, Verisign and GoDaddy are no more secure than those you create yourself! In fact, by going to an external source in the first place, and trusting them with your Certificate Signing Request (CSR) and Privacy Key (PK) at all, you are placing the security of your organization in their hands! External CAs are generally security-aware, but they are also massive targets for hackers. The risk, if your data got exposed by an external CA, is that hackers could masquerade as you and potentially gain access to critical systems!

Continue reading

ESXi NC551m stops working after firmware update

In an ideal world, management would provide unlimited funding to upgrade hardware continuously! We all know that’s not going to happen! Sometimes it is necessary to prolong the lifespan of servers as long as possible, particularly when they are extremely well-provisioned devices, even by today’s standards!

Such is the case with our HP BL460 G7 Blades. They are each equipped with a dual-port 10Gb onboard NIC adapter (Emulex HP NC553i) and a dual-port Mezzanine NIC adapter (Emulex HP NC551m), rendering a total of four 10Gb ports.

Recently, after running HP Service Pack for Proliant (SPP), we lost network connectivity to the Emulex HP NC551m adapter. It wasn’t simply that no network traffic was being passed, but rather the entire adapter disappeared from the configuration in ESXi 6, and the adapters were not visible using the SSH CLI command: esxcli network nic list It’s as if the NC551m adapter simply wasn’t there! Continue reading

Setting the coredump partition when using vSAN

I was designing a customer vSAN deployment and I came across the guidelines and formula for calculating the required ESXi Coredump partition size: https://kb.vmware.com/s/article/2147881

Right away, I started working the formula for my customers deployment, when it occurred to me; this is WAY more complicated than it needs to be!

VMware actually wants you to take a number (the size of SSD in GB), divide by 100, multiply by 0.181 and then multiply by 0.25. Ridiculous!

  • Why not just multiply by 0.0045, it is exactly the same thing!

Continue reading

Virtual Machine Hardware Version does make a difference

For years, I have dismissed Virtual Machine Hardware version as unimportant. In fact, in this very blog, I may have advocated for leaving VM Hardware Version set at 8, to maintain full compatibility with both the vSphere C# Client and the vSphere Web Client.

Unfortunately, thanks to Spectre and Meltdown, things have changed. Updating your VM Hardware Version also updates the VM BIOS, and that’s an important part in the remediation of Speculative Execution Vulnerabilities, specifically: CVE-2017-5715 ‘Spectre Variant 2’. Continue reading

Invalid Snapshot Configuration

Invalid snapshot configurations happen. Mostly, they occur because of problems with storage arrays during snapshot creation/consolidation, but they can also occur if certain process become interrupted (like replication) mid-snapshot.

The more heavily you rely on snapshots, the more likely it is you will come across a problem with snapshots. Specifically if you use a product like Veeam, which leverages a VMware Snapshot to quiesce data, you may see an Invalid Snapshot Configuration from time to time.The more often you protect your data, the more often you create and remove snapshots. This is NOT to sat that there is a problem with Veeam; Veeam is awesome, however it is subject to events on the underlying infrastructure and possible on VPN/MPLS links between sites Continue reading