September 03, 2010
Security is a major theme at VMworld 2010.
I’m just winding down from a whirlwind trip through VMworld 2010 – days filled with sessions and meetings, and nights filled with celebratory events! Nice to see that the show continues to be very technology focused, with participants from around the world eager to learn and share the advances being made on so many fronts.
Security was a major theme this year, driven by three major forces:
- Enterprises are well down the path of virtualization, and as more critical assets get virtualized, security and compliance come to the fore.
- With so much interest in the benefits of cloud computing and infrastructure as a service, secure multi-tenancy is a top of mind issue.
- The security industry itself has been under siege for a while now, trying to keep up with the ever increasing volume of threats, while trying to avert endpoint and network bottlenecks. Virtualization and the associated scale out, agile architectures hold promise to achieve “better security with virtualization”.
VMware launched 3 products under the vShield umbrella, to secure virtualized environments all the way from the edge to the endpoint:
- vShield Endpoint: Enables offloading guest security agents to per-host security VMs.
- vShield App: Virtualizes network security, and enables mixed trust zones per host.
- vShield Edge: Virtualizes data center edge services i.e. FW, NAT, DHCP, VPN & Load Balancer.

A quick note on the vShield concept – these represent purpose-built, security VMs, that are distributed across the cluster in a scale out fashion, and are proximate to the resources being protected, while taking advantage of virtualization concepts like introspection, programmable insertion and mobile policies. We believe “virtual shields” are a key element of next generation security architectures, and where existing, static, scale-up firewalls and security devices/agents need to head, to take advantage of the VMware stack.
The vShield product line is managed by vShield Manager, which represents VMware’s point of integration for its security and wiring products. vShield Manager exposes all of the vShield product line features through the vShield API set, which is a RESTful set of APIs. vCloud Director, for example, integrates some of the vShield Edge capability, into its provisioning portal.
We announced partnerships around the vShield Manager concept with Cisco, Intel, McAfee, RSA, Symantec and Trend Micro, to further work towards presenting a unified security framework for VMware’s customers. We believe the framework and partnerships will significantly simplify security architectures for our customers, and leave us well poised to move to secure hybrid clouds.
The products were well received, and it was nice to see the vShield products get Best of Show for Security!
A quick note on some of the sessions I was involved with:
In my session SE8389 - Architectural Overview of Virtualization Security for the Private Cloud, we talked through our rationale & strategy for VMware security, with the vShield products representing a significant step in this direction. Whilst there is a lot of talk about public clouds, the bigger story is enterprises taking advantage of the benefits of cloud computing, by embracing secure hybrid clouds. From a security vantage point, we talked about four key areas we’re investing in, to make this happen:
- Virtualize security: The first step is virtualizing security hardware, and guest security agents. Much like server, desktop, storage and network virtualization led to disruptive architectures, likewise security virtualization will dramatically accelerate the journey to secure clouds.
- Build in security into the 3 layer VMware stack: We need to weave in security into the 3 layers of the virtualization/cloud stack i.e. cloud infrastructure, cloud apps, and end user computing. Different layers demand different areas of focus, all the way from roots of trust, end point security, virtualization infrastructure security, to app/data/id based security and edge security.
- Create a unified framework to tie together policies and trust zones: Rather than have tens of solutions hit the customer, it is important to tie these together in a unified fashion. We believe some of the key notions are “Trust Zones”, “Policy-based security” and “RESTful Services”.
- Make Secure VDCs (Virtual Data Centers) the next unit of virtualization and cloud computing: Once the above constructs are in place, we can encapsulate VMs, their wiring and their security policies into a higher level “Secure VDC” construct, that can be built, instantly stood up, migrated, federated, etc. Visio diagrams come to life!
SE8520 - Panel Discussion - Private Cloud - Virtualization Security and Compliance, Meeting PCI Standards
This was a nice, relaxed session with lot’s of audience participation, talking through issues of compliance in the virtualization and cloud world, with industry experts Neil MacDonald from Gartner, Bret Hartman from RSA, and Christopher Hoff from Cisco. Hoff did provide some comic relief, when he opened up to show a magic quadrant, carefully drawn up on his shirt. Here he is in pre-game warm-ups…
That’s about it for now. Lot’s to talk about. I’ll continue to provide more color in further posts.
Thanks, and your comments are most welcome!
/Allwyn
More VMware Cloud Director Support for vCloud from Zenoss
By Josh Duncan, Product Marketing Manager at Zenoss
The Zenoss team has been busy at VMworld talking with customers and learning lots about what is going on in the cloud and virtualization space. We made a big announcement at the conference about Zenoss support for VMWare's vCloud offering.
I asked Chet Luther, principal engineer at Zenoss, to give a quick introduction to our announcement while at the conference this week.
What’s in it for cloud providers using vCloud? For them, Zenoss offers real-time visibility into the resources required to operate a private or public cloud at scale. Providers need visibility into which customers are using what resources, what users/workloads are causing performance problems, and what is the root cause of these problems. They need to know when they are going to run out of capacity and where, and what customers will be affected.
Zenoss provides a service assurance console enabling operational insights from across all your physical and virtual devices and into your vCloud infrastructure. With automatic discovery and mapping of the dependencies between the components in the cloud and a map that updates in real-time based on changes to the environment, gives customer improved service delivery, faster time to resolution on operational issues, delegated administration, and access to the operational insight needed for capacity planning and management.
Check out our full demo here to learn more on Zenoss and vCloud management.
Installing the OS on Your New Blank Server on vCloud Express
Matthew D. Sarrel, Sarrel Group
In my previous post, I created a blank server within my Terremark vCloud Express VM environment. Now I can connect to it and begin to install the operating system from a local .ISO file.
WARNING! A critical pre-requisite for a successful browser-based connection to a Windows machine is that the URL https://my.vcloudexpress.terremark.com must be in Internet Explorer’s trusted sites. To add this URL to your trusted sites on IE, go to Internet options, security, trusted sites, and then click the sites button to add it.
Or http://www.youtube.com/watch?v=bitTioTYbws
Then I connect, mount the local ISO, and reboot the VM. Windows XP begins to install.
http://www.youtube.com/watch?v=iRkoJnsNI4M
It’s very time consuming to install from a local .ISO.
Short cut alert! There is a faster way to do this. Upload all the .ISO's to a server in your vCloud Express environment, share that directory, and mount them from within the "local" network in the could. However, what I showed you in the video this is the easiest so those who want to get going fast and start experimenting with vCloud.
There’s been a lot of buzz on the Terremark message boards about this not working at all over a low bandwidth connection so be forewarned. I did this from a 1.5 Mbps SDSL connection and had no trouble.
Matthew D. Sarrel (or Matt Sarrel) is executive director of Sarrel Group, a technology product testing, editorial services, and technical marketing consulting company. He also holds editorial positions at pcmag.com, eweek, GigaOM, and Allbusiness.com, and blogs at TopTechDog.
Creating A Blank Server on vCloud Express
Matthew D. Sarrel, Sarrel Group
In my first blog, I wrote a hands-on introduction to vCloud Express. In my second blog, I wrote about my experimentation with Terremark’s vCloud Express and found it easy to create a VM from one of Terremark’s templates. Yet, as we know, simply creating VM’s isn’t the end of the story. While the templates for Operating Systems to install on my VM’s are great, what happens when I want to install a blank server and then install my own OS?
Watch this video to see how to create a blank server:
http://www.youtube.com/watch?v=BVQ19GT8bs4
It couldn’t be more straightforward. In my next entry I’ll explain how to mount an ISO and install the OS and apps of your choice – this is probably the most challenging set of tasks I’ve encountered on vCloud Express.
By the way, Terremark tells me that in vCloud Enterprise you can just copy an OVF or VMDK up into your cloud environment. This seems like it would be a lot easier, but then you can’t take advantage of the vCloud Express features that make it so easy and inexpensive to get started.
Matthew D. Sarrel (or Matt Sarrel) is executive director of Sarrel Group, a technology product testing, editorial services, and technical marketing consulting company. He also holds editorial positions at pcmag.com, eweek, GigaOM, and Allbusiness.com, and blogs at TopTechDog.
Snapshot Size
There have been multiple posts in the community about the size of the snapshots and how it should be calculated. There are some issues with the “SizeMB” property of the Snapshot object, so this post will try to explain what these problems are and what is the correct way to calculate snapshot sizes.
We’ll try to keep things simple and not go in too much detail. To start off let’s imagine you have a virtual machine with a single hard disk. This disk is represented as a “vmdk” file in the datastore (e.g. VM.vmdk). Whenever you write something on the hard disk of the VM it is saved in that VM.vmdk file (figure-1).
When you create a snapshot this VM.vmdk file gets “frozen” and a new one (VM-1.vmdk) is created. The “frozen” VM.vmdk file represents the exact state of the VM’s hard disk at the time when the snapshot was taken. From that point on all changes on the VM’s hard disk are reflected in the new VM-1.vmdk file. Also a new “vmsn” file is created (e.g. Snapshot1.vmsm) which represents the state of the VM’s memory at the time of the snapshot creation (figure-2).
Similarly when a second snapshot is taken VM-1.vmdk gets “frozen” and VM-2.vmdk and Snapshot2.vmsn files are created, the same thing happens when we create a third snapshot (figure-3).
So how is the snapshot size calculated?
For each snapshot the size includes the sizes of the files needed to capture the state of the VM at snapshot time (e.g. hard disk and memory).
For Snapshot2 (figure-3) these files are Snapshot2.vmsn and VM-1.vmdk. The VM-1.vmdk contains all changes made after the first snapshot and it is required part of Snapshot 2.
For the currently active snapshot (e.g. Snapshot3), its size also includes the file which stores disk changes after the snapshot (e.g VM-3.vmdk, figure-3). Thus Snapshot3 files are Snapshot3.vmsn, VM-2.vmdk and VM-3.vmdk. VM-2.vmdk contains all changes since previous snapshot and VM-3.vmdk contains the current changes.
The root snapshot (e.g. Snapshot1) is based directly on the VM’s disk (e.g. VM.vmdk) but its size is not calculated (it’s calculated towards the size of the hard disk itself, not the snapshot). That way the files calculated in the size of each snapshot are the ones marked in orange in figures 2 and 3.
(Note: if we consider figure 3 and imagine that Snapshot2 is the currently active snapshot, then the size of VM-3.vmdk will be calculated in Snapshot2’s size, not Snapshot3’s)
Now for the “SizeMB” property of the Snapshot object. When calculating its value we use the above mentioned approach and calculate the size correctly for ESX 3.0 and 3.5. However there are some changes in the API behavior from 3.5 to 4.0 that we overlooked, thus resulting in wrong calculation of the snapshot size on ESX 4.0.
This issue will be fixed in a future release, but until then you can use the attached script to get the correct snapshot sizes. The script works on all ESX versions and uses the above mentioned approach for calculation.
Dimitar Hristov & Vitali Baruh
PowerCLI Team
September 02, 2010
VMware "Cloud" Opening for VMworld 2010
|
The meaning of "The Cloud" or "Cloud Computing, Unraveled" was presented as the opening video for the VMworld 2010 General Session |
From:
vmwaretv
Views:
1368
![]() 13
ratings | |
| Time: 03:49 | More in Science & Technology |
Looking up View Client Machine Info and Using it in a ThinApp
Often times we here at VMware get asked, "How do I determine the connecting client system info?". Many times this is asked in conjunction with ThinApp as well. Therefore, I figured I'd post this script here to assist anyone looking for this information - at least in conjunction with ThinApp. ☺
This VBScript sample code (Thanks to Todd Dayton - one of our Desktop Specialists - for providing the meat of the code) will look up and report on the View Client Machine Name (the client computer), the View Client IP Address, and the View Client Mac Address. According to Todd, reading the registry of the virtual desktop directly is the best way to ensure these values are properly obtained.
In the below script I have the data lookup defined in two different ways - one via an NTDLL call (the first part) and the other being a Win32 call (the second part) as often times customers desire to have validation logic such as this embedded into a ThinApp package so the ThinApp packaged app will operate in a certain fashion based upon the scripted outcome of the validation logic. And often times, customers wish to use the View Client info to determine all of this.
The issue with doing an NTDLL registry call via a VBScript within a ThinApp package is, ThinApp doesn't fully support NTDLL registry calls. At least, not properly (yet) - and so one will get various anonymous outcomes when using NTDLL registry calls like the one shown in the scripted example. Therefore, I've provided the below script which shows both ways to gather the View Client info - via an NTDLL registry call and via a Win32 registry call.
As a simple test, drop this code into a ThinApp package, rebuild and execute. From within a ThinApp package, it is very likely you will not get any or all values properly returned in the MSGBOX output for the NTDLL call, but you will get them via the Win32 call - or at least, what they are currently set to within the registry of the View session (NOTE: If the values are not updated, it's not a script issue at that point).
Sample Code:
'============================================================================================== 'Notes: '====== 'Windows Registry calls can be made at two levels within the Windows operating system. One is 'the Win32 level and the other is at the NTDLL level. ' 'Unfortunately, ThinApp currently only hooks the Win32 level, so registry calls such as '"WMI stuff(objRegistry)" which make calls at the NTDLL level will not be correctly handled by 'ThinApp ' '============================================================================================== '============================================================================================== 'NTDLL Call to View Session Details '============================================================================================== 'Declare Environment Variables Dim vMachine, vIP, vMAC 'Set Environment Variables Const HKEY_CURRENT_USER = &H80000001 Set wmiLocator=CreateObject("WbemScripting.SWbemLocator") Set wmiNameSpace = wmiLocator.ConnectServer(".", "root\default") Set objRegistry = wmiNameSpace.Get("StdRegProv") sPath = "Volatile Environment" 'Lookup values in registry and assign to variables lRC = objRegistry.GetStringValue(HKEY_CURRENT_USER, sPath, "ViewClient_Machine_Name", vMachine) lRC = objRegistry.GetStringValue(HKEY_CURRENT_USER, sPath, "ViewClient_IP_Address", vIP) lRC = objRegistry.GetStringValue(HKEY_CURRENT_USER, sPath, "ViewClient_MAC_Address", vMAC) 'Test Message Box to show values MsgBox "The Remote Device Name is " & vMachine & " @ " & vIP & "(" & vMAC & ")",, "NTDLL Call Test" '============================================================================================== 'Win32 Call to View Session Details '============================================================================================== 'Declare Environment Variables Dim vMachine, vIP, vMAC 'Set Environment Variables Set WSHShell = CreateObject("WScript.Shell") 'Lookup values in registry and assign to variables vMachine = WSHShell.RegRead("HKEY_CURRENT_USER\Volatile Environment\ViewClient_Machine_Name") vIP = WSHShell.RegRead("HKEY_CURRENT_USER\Volatile Environment\ViewClient_IP_Address") vMAC = WSHShell.RegRead("HKEY_CURRENT_USER\Volatile Environment\ViewClient_MAC_Address") 'Test Message Box to show values MsgBox "The Remote Device Name is " & vMachine & " @ " & vIP & "(" & vMAC & ")",, "Win32 Call Test"
Feel free to download the View Client Machine Name.zip and give it a go.
Hope this helps clarify a few things when you or your customers are building ThinApp packages relying upon the View Client info.
How to Disable ThinDirect within a ThinApp Packaged Browser
What is ThinDirect?
Now that ThinApp 4.6 has released, one of the new features is ThinDirect, a URL based browser redirection. If you don't know what I'm talking about, please do read Jonathan Clark's blog article, "VMware ThinApp 4.6 – What’s new?".
ThinDirect is Cool. But If I Don't Need It, How Do I Disable It?
Before we get into disabling ThinDirect, it is important to understand a few basic parts to ThinDirect.
- ThinDirect works by installing a Browser Helper object in the native instance of IE. The installation of the browser helper object can happen in one of 3 ways:
- When performing an “All Users” install of a ThinApp .msi package for a virtualized browser that contains ThinDirect redirection entries.
- When running “Thinreg /a VirtualBrowser.exe”. (/a is all users)
- Deploying the “ThinDirect.msi” installer included with ThinApp 4.6 to target desktops.
- The first part of the redirection is from the Native browser to the Virtual browser. This works for all versions of natively installed IE and all common browsers (redirecting from native IE to virtual browser of some kind).
- The second part of the redirection is from the Virtual browser to the native browser. This only works for virtualized Internet Explorer browsers. My slang term for this is "FatDirect" - but that's just my oversimplification of the feature.
To reiterate what Jonathan said in his post...
Disabling ThinDirect
To disable different portions of the ThinDirect functionality, you can do any one of or a combination of the following to obtain the desired results:
- Delete the THINDIRECT.TXT file in the root of the project. When the package is built or rebuilt using BUILD.BAT, it will not redirect any native URLs to the virtual browser nor will it redirect any virtual URLs to native browser.
- Uninstall or disable the native IE ThinDirect Browser Helper Object by going into the Native Internet Explorer Options under the Programs settings and modify the Add-Ons (Manage Add-Ons) and select the ThinDirect Helper Object and disable it. This will prevent any native URLs from being redirected to virtual. It should be noted the same can be done from inside the ThinApp package to disable virtual to native redirection - but that's the hard way.
- Additionally, the ThinDirect Browser Helper Object can be installed separately to a system by use of the THINDIRECT.MSI. If this is done, you can also uninstall the ThinDirect Browser Helper Object by going into Add/Remove Programs and removing the installation.
- Add the "ThinDirectWhitelistOnly=0" Build Option to the PACKAGE.INI. This will disable virtual to native URL redirection ONLY for virtualized IE packages.
For more information on ThinDirect and it's uses, please also see the ThinApp Online Help - and specifically the Extracting and Registering ThinDirect article.
Application Independence for End-User Computing
Normally this blog focuses on the technical aspects of ThinApp and how IT pros can deliver and deploy applications more effectively, but today I want to take a step back and look at VMware’s overall vision for End-User Computing and how ThinApp fits in to the mix.
If you are attending VMworld 2010 in San Francisco today, you’ll hear Paul Maritz and Steve Herrod detail our vision for the future of IT. For the end-user, the future we see centers around the idea of delivering a consumer cloud computing experience within the enterprise while maintaining corporate policy, flexible service delivery at lower costs (read more about our strategy in today’s announcement).
But before we achieve that vision, we have some work to do. A key first step is to enable IT organizations to modernize their existing desktop architecture. Modernization of the desktop environment enables organizations to evolve from a device-centric world to a more modern, user-centric model where users can flexibility access their applications and data from any device while providing IT with greater control to deliver increased efficiencies. You can learn more about how our new release of VMware View (View 4.5) modernizes the desktop in our View Blog.
Thanks to Cloud Computing the future of end-user computing is shifting away from the traditional desktop. The future will be about the secure delivery of applications anywhere, anytime and on any device type. Whether it’s a desktop application, Software as a Service (SaaS) application or native to the iPhone/iPad or Android app won’t matter. What matters is that you as the user will be able to access the tools you need from the device you have at the moment.
To cope with the new technology landscape, many IT organizations have already embraced the paradigm shift by modernizing their entire desktop environment. The persuasive argument for most is the ability to centralize control, simplify management, control costs and better deliver IT service to the end users. In this environment, both the desktop and the applications are virtualized. Virtualization provides IT and end users an abstraction layer that isolates the applications and the desktops from the operating environment. A virtualized application is much more predictable in its behavior as it does not interact with the underlying operating system.
With VMware ThinApp, applications can be made aware of each other but run completely isolated from each other. This allows for multiple applications or multiple versions of the same application to be run on the same environment without any conflict. For the system administrator, there is no installation required, there is a single image to manage, .EXE or .MSI, for each application, not a myriad of files. This single image executable can be deployed on a variety of the Windows operating environment allowing IT to dynamically meet the application access demands of the mobile workforce. With no agent code required on the end point devices, VMware ThinApp packaged applications give users the full mobility and flexibility they need to be productive anywhere.
Pragmatically, does the paradigm shift bring a worry-free era of centralized management and control in the datacenter and better delivery and access to computing resources and applications? Not exactly. This technology change is an evolution, not a revolution. While there is no panacea to achieve user-centric computing over night, we need the technology today to bridge the gap between legacy and leading edge, between legacy applications and end user computing services.
Over the years, businesses spent millions of hours and same in money encoding their business practices into custom software applications to automate the business process, from an order entry system to a supply chain application to patient’s records and hospital delivery tracking system. All these legacy applications continue to drive real and significant revenue for many enterprises today. For IT to evolve how we deliver these legacy applications as services to users, we need to be able to move these legacy business applications to the new operating environment. This translates to a potential massive application migration wave.
Take Microsoft Internet Explorer 6 (IE 6) as one example. Even though its end of life is declared, IE 6 is still the second most used browser version in enterprises to date. Many internet and intranet business applications are still running on this browser version. The dilemma for IT is that IE 6 does not run natively on Windows 7, keeping these applications around means having to maintain both legacy hardware and software. Porting these applications means disruption to the business and a substantial investment cost in recoding them in many cases.
The solution? Transform these existing applications such that the business logic is preserved and they can be used in the new environment in a cost effective way. Many IT organizations are looking to application virtualization to extend the life of these legacy IE 6 applications. VMware ThinApp 4.6 provides an easy way to virtualize these IE6 applications along with their custom ActiveX controls for deployment on Windows 7. A virtualized IE 6 application can run seamlessly alongside a natively installed newer version of IE on the same system. For IT, virtualizing IE6 or any other custom legacy application is effectively bridging the old with the new, preserving the domain expertise encoded in the custom applications and continue to serve up business services to end users or be pulled down to a handheld device.
In addition to the IE 6-based web applications, there are thousands of custom applications in existence. Manually virtualizing these applications is also not a cost effective way to transform applications into services. To do this, there needs to be an automated mechanism to convert these traditional applications with .MSI files to virtualized applications. VMware ThinApp Converter works with ESX, vSphere and Workstation images to automatically convert silently-installed applications into ThinApp packages.
Custom business applications are investments and require long term commitment. Unlike hardware, applications are not easily swapped out for a “newer” model. In many businesses, applications upgraded to a newer version require, in addition to lengthy regression testing, business specific requirements of certification, particularly for healthcare and applications deployed in the government sector and commitment from the helpdesk team for ongoing support. For IT the transition to user-centric computing must also include the solution to transform existing legacy applications into services while preserving the current investment.
For more information on ThinApp 4.6 go to: http://www.vmware.com/products/thinapp/
Download Free Trial of VMware ThinApp for 60 days: http://www.vmware.com/go/trythinapp
How to Allow Execution for a Single Instance of a ThinApp Package
We've had a number of people ask how to go about ensuring a user can only run one instance of a ThinApp package at a time.
Here's how to do that.
Why Doesn't the Old Way Work?
Since the release of ThinApp 4.5, VMware has included Windows 7 and Windows Server 2008 R2 support. In order for VMware to make ThinApp compatible with these operating systems, we had to also include support for easier white-listing of processes - specifically a ThinApp's child processes - within ThinApp. This means ThinApp 4.5 and higher will do some process obfuscation to hide the child processes under the parent process. This means the old scripting techniques of looking directly at the processes reported in the running processes list no longer work.
So How Can I Script This Into a ThinApp 4.5 or Higher Package?
This Script is designed to check for multiple instances of a ThinApp process, even under ThinApp 4.5 and newer, to determine if there is a second instance of a process being started and not allow it to run. It will work on Entry Points both of the same and of different names from their source executables as well as executable data containers and entry points that are not data containers. Additionally, this script will ONLY work on ENTRY POINTS and executable DATA CONTAINERS and will not track or limit child launched processes or services.
Known Issues:
This script will not work on a ThinApp package which a.) has multiple entry points and b.) where RemoveSandboxOnExit is not enabled. In the case where multiple entry points are needed, enable RemoveSandboxOnExit=1 in the PACKAGE.INI and disable the OnLastProcessExit code. Additional modifications may also be necessary to the OnFirstParentExit callback function.
SCRIPT CODE:
' ======================================================== ' Script Information ' ' Title: ThinApp Instance Checking Script ' Author: Dean Flaming ' Originally created: 28-Aug-10 ' ' Description: ' ============ ' This Script is designed to check for multiple instances ' of a ThinApp process, even under ThinApp 4.5 and newer, ' to determine if there is a second instance of a process ' being started and not allow it to run. ' ' This script will work on Entry Points of the same and ' of different names from their source executables as ' well as executable data containers and entry points that ' are not data containers. ' ' This Script will ONLY work on ENTRY POINTS and executable ' DATA CONTAINERS and will not track or limit child launched ' processes or services. ' ' Known Issues: ' ============= ' This script will not work on a ThinApp package which has ' multiple entry points where RemoveSandboxOnExit is not ' enabled. In the case where multiple entry points are ' needed, enable RemoveSandboxOnExit=1 in the PACKAGE.INI ' and disable the OnLastProcessExit code. Additional mods ' may also be necessary to OnFirstParentExit. ' ======================================================== ' DECLARE VARIABLES Dim WSHNetwork, WSHShell, objFSO, objShell, objWMIService, strComputer Dim objProcess, colProcess, colParentProcess, objParentProcess Dim GCPCurProcName, TSCurProcName, CurProcName, CurProcID, CurParentProcName, CurParentProcID Dim RecProcID, RecParentProcName, RecParentProcID, RecExplorerProcID, ERRProcRunning, ERRProcName strComputer = "." ' SET GLOBAL VARIABLES Set WSHNetwork = CreateObject("WScript.Network") Set WSHShell = CreateObject("WScript.Shell") Set objFSO = CreateObject("Scripting.FileSystemObject") Set objShell = CreateObject("Shell.Application") Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") ' DEFINE SCRIPT ENVIRONMENT VARIABLES 'Find the Entry Point Process Name TSOrigin = GetEnvironmentVariable("TS_ORIGIN") TSLastSlash = InStrRev(TSOrigin, "\") TSSourcePath = Left(TSOrigin, TSLastSlash) TSCurProcName = Mid(TSOrigin, TSLastSlash + 1, Len(TSOrigin)) 'Find the Current Process Name GCPOrigin = GetCurrentProcessName GCPLastSlash = InStrRev(GCPOrigin, "\") GCPSourcePath = Left(GCPOrigin, GCPLastSlash) GCPCurProcName = Mid(GCPOrigin, GCPLastSlash + 1, Len(GCPOrigin)) 'Find the Sandbox Name and Path SandboxParent = GetBuildOption("SandboxPath") SandboxName = GetBuildOption("SandboxName") If SandboxParent = "." Then SandboxPath = SourcePath & SandboxName Else SandboxPath = SandboxParent & Chr(92) & SandboxName End If Function OnFirstSandboxOwner CheckProcessCount End Function Function OnFirstParentStart CheckProcessCount End Function Function OnFirstParentExit ' ' ----------------------------------------- ' 'Check for IEUSER (on Vista) and ' 'WLLOGINPROXY (on XP) and terminate ' 'processes ' ' ----------------------------------------- ' Dim strProcessKill ' strProcessKill = "'ieuser.exe'" ' Set colProcess = objWMIService.ExecQuery ("Select * from Win32_Process Where Name = " & strProcessKill ) ' For Each objProcess In colProcess ' objProcess.Terminate() ' Next ' strProcessKill = "'wlloginproxy.exe'" ' Set colProcess = objWMIService.ExecQuery ("Select * from Win32_Process Where Name = " & strProcessKill ) ' For Each objProcess In colProcess ' objProcess.Terminate() ' Next If ERRProcRunning = "" Then 'MsgBox "Deleteing registry values for '" & GCPCurProcName & "'",,"Test Message - OnFirstParentExit" On Error Resume Next WSHShell.RegDelete "HKEY_CURRENT_USER\SOFTWARE\" & SandboxName & "\" & GCPCurProcName & "\" & "RecProcID" WSHShell.RegDelete "HKEY_CURRENT_USER\SOFTWARE\" & SandboxName & "\" & GCPCurProcName & "\" & "RecParentProcID" WSHShell.RegDelete "HKEY_CURRENT_USER\SOFTWARE\" & SandboxName & "\" & GCPCurProcName & "\" & "RecParentProcName" WSHShell.RegDelete "HKEY_CURRENT_USER\SOFTWARE\" & SandboxName & "\" & GCPCurProcName & "\" On Error Goto 0 Else 'MsgBox "Not removing registry values for '" & ERRProcName & "'",,"Test Message - OnFirstParentExit" End If End Function Function OnLastProcessExit ' ----------------------------------------------------------------------------------------------------------------------------------- ' Clean up after duplicate process searching if RemoveSandboxOnExit=1 not set in PACKAGE.INI ' ----------------------------------------------------------------------------------------------------------------------------------- 'MsgBox "Deleteing registry values for '" & SandboxName & "'",,"Test Message - OnLastProcessExit" On Error Resume Next WshShell.RegDelete "HKEY_CURRENT_USER\SOFTWARE\" & SandboxName & "\" On Error Goto 0 End Function Function CheckProcessCount 'Reset Values to Null ERRProcRunning = "" ERRProcName = "" CurProcID = "" CurParentProcName = "" CurParentProcID = "" RecProcID = "" RecParentProcName = "" RecParentProcID = "" RecExplorerProcID = "" ' ----------------------------------------------------------------------------------------------------------------------------------- ' Search for all processes with Current Process Name and find process information ' ----------------------------------------------------------------------------------------------------------------------------------- 'Find the Current Process based upon the initial Sandbox Owner Entry Point used. CurProcName = GCPCurProcName Set colProcess = objWMIService.ExecQuery("Select * from Win32_Process Where Name = '" & CurProcName & "'") For Each objProcess In colProcess CurProcID = objProcess.ProcessId CurParentProcID = objProcess.ParentProcessId Next 'If the Current Process based upon the actual process name. This is used only if the above process discovery fails. If CurProcID = "" Then CurProcName = TSCurProcName Set colProcess = objWMIService.ExecQuery("Select * from Win32_Process Where Name = '" & CurProcName & "'") For Each objProcess In colProcess CurProcID = objProcess.ProcessId CurParentProcID = objProcess.ParentProcessId Next End If ' ----------------------------------------------------------------------------------------------------------------------------------- ' Search for all processes with Current Parent Process ID ' ----------------------------------------------------------------------------------------------------------------------------------- Set colParentProcess = objWMIService.ExecQuery("Select * from Win32_Process Where ProcessId = " & CurParentProcID) For Each objParentProcess In colParentProcess CurParentProcName = objParentProcess.Name Next 'MsgBox "Current Process Name: " & GCPCurProcName & vbCrLf & "Current Process ID: " & CurProcID & vbCrLf & "Current Parent Process ID: " & CurParentProcID & vbCrLf & "Current Parent Process Name: " & CurParentProcName,, "Test Message - CheckProcessCount" ' ----------------------------------------------------------------------------------------------------------------------------------- ' Search for HKCU registry keys to record process information and create it if not found in VOS ' ----------------------------------------------------------------------------------------------------------------------------------- On Error Resume Next RecProcID = WSHShell.RegRead("HKEY_CURRENT_USER\SOFTWARE\" & SandboxName & "\" & GCPCurProcName & "\" & "RecProcID") On Error Goto 0 If RecProcID = "" Then 'If the registry entry doesn't exist, we can assume this is the first run and record the info. WSHShell.RegWrite "HKEY_CURRENT_USER\SOFTWARE\" & SandboxName & "\" & GCPCurProcName & "\" & "RecProcID", CurProcID, "REG_SZ" WSHShell.RegWrite "HKEY_CURRENT_USER\SOFTWARE\" & SandboxName & "\" & GCPCurProcName & "\" & "RecParentProcID", CurParentProcID, "REG_SZ" WSHShell.RegWrite "HKEY_CURRENT_USER\SOFTWARE\" & SandboxName & "\" & GCPCurProcName & "\" & "RecParentProcName", CurParentProcName, "REG_SZ" Else 'If the registry entry does exist, we can assume a second instance and begin comparison of existing Process info with previously recorded Process info. RecParentProcID = WSHShell.RegRead("HKEY_CURRENT_USER\SOFTWARE\" & SandboxName & "\" & GCPCurProcName & "\" & "RecParentProcID") RecParentProcName = WSHShell.RegRead("HKEY_CURRENT_USER\SOFTWARE\" & SandboxName & "\" & GCPCurProcName & "\" & "RecParentProcName") If Abs(Fix(CurProcID)) <> Abs(Fix(RecProcID)) Then 'If the Current Process ID is different from the Recorded Process ID... If Not Abs(Fix(CurParentProcID)) = Abs(Fix(RecProcID)) Then 'If the Current Parent Process ID is not the same as the Recorded Process ID... '...Warn the user, define error messages, and exit the current process. MsgBox "This appears to be a second instance of '" & CurProcName & "'",, "Process Already Running!" ERRProcRunning = "Process Running" ERRProcName = GCPCurProcName ExitProcess 0 'Exit the current process End If End If End If End Function
September 01, 2010
How to Disable Internet Explorer's Default Browser Popup
Have you packaged Internet Explorer and gotten the default browser popup when testing your ThinApp package on another Windows system?
No worries, here is how to disable that popup for your ThinApp package.
Disable During Capture:
You can disable it prior to harvesting Internet Explorer 6 from an XP Pro system (or during capture of Internet Explorer 7/Internet Explorer 8) by launching the Internet Control Panel Applet by typing INETCPL.CPL in the RUN line after Pre-Install Setup Capture but prior to the Post-Install Setup Capture (when you would normally install any other app to capture). You'll then want to browse to the PROGRAMS tab and uncheck the "Internet Explorer should check to see whether it is the default browser" check box.
Disable Within Project:
You can also disable it within your Internet Explorer ThinApp project after the fact as well as this is simply a registry modification to the project. To do this, edit the HKEY_CURRENT_USER.TXT file and add the following data under the HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN key.
isolation_full HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Value=Check_Associations
REG_SZ~no#2300
NOTE: Do NOT add the registry key (as most likely it is there already). Rather, just add the VALUE and REG_SZ lines (shown above) underneath the registry key line. You'll probably want to search on "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" and see if there is a "Check_Associations" value already defined with a value of "yes" instead of "no". If it's not listed, add it to the bottom of that section...and make certain to leave a blank space between the bottom of that section and the top of the next section.
Once done, save and rebuild!
It is a Brand New Day
Posted by Vittorio Viarengo
Vice President of Desktop Products
This week at VMworld 2010, we announced a strategy and set of new and emerging products that will help businesses and governments move beyond "IT as a Cost Center" to a more business-centric "IT as a Service" model. I am excited to finally be able to tell you about what we have been working on for a key component of this new IT model – the top layer of a modern IT architecture – End User Computing.
We have come a long way since this company launched our first desktop product, VMware Workstation. From that humble beginning we revolutionized the idea of virtualization, and radically simplified the data center with products like ESX and then VMware vSphere. We also created the virtual desktop market with the introduction of VDI 1.0 (now known as VMware View) in 2007. We love this market and have created solutions that are as innovative as they are simple. Along the way, we have also helped customers deploy tens of thousands of virtual desktops.
It is because of this ongoing love affair that the VMware View team is particularly proud to announce another major View deployment at VMworld. The Bank of Tokyo-Mitsubishi UFJ, Ltd recently deployed 3,000 end users on View 4.0 and is in the process of rolling it out to another 14,000.
View 4.0 has been a real tipping point for us in terms of customer adoption and deployments.
But that was yesterday, today is a new day.
At VMworld 2010 we are announcing VMware View 4.5, which will ship in early September. You can read Scott Davis’ blog to learn all about the great innovation that went into this release.
I want to highlight a couple of the principles that drove the development of this release:
As customers start to run VDI solutions at scale, we invested a lot our development cycles in making VMware View 4.5 even easier to manage and more scalable. View has been recognized over the years as the best integrated solution for VDI on vSphere. With this release, we are raising the bar even further with a newly designed, single management console. We are also doubling the scalability per each individual pod from 5,000 to 10,000 desktops.
We are dramatically increasing the number of use cases for virtual desktop technology by lowering the upfront infrastructure cost to a new record low of $252 per seat, and by introducing the first offline VDI solution in the market. View 4.5 Local Mode allows users to check out their virtual desktop from the data center and take it on the road with them with a standard laptop.
The VMware View 4.5 team should be very proud of these accomplishments.
At VMworld 2010 we are also introducing project Horizon. This is an exciting R&D initiative that we have kept under the radar for a while now. Horizon is the result of a lot of new thinking at VMware around the future of end user and cloud computing.
Under the leadership of our executive team, we have refocused our commitment to solving the client computing issues that our customers care about most. After all guys like Paul Maritz who led the development of Microsoft Windows, Richard McAniff who led the Microsoft Excel and Office team, and Tod Nielsen who built MSDN, know how to build compelling end user computing solutions.
They asked us to think outside the box and look at the next set of challenges that our customers need to solve.
The desktop as we know it today is being pulled apart by the cloud.
-
Interactions and applications are moving increasingly toward a variety of different devices at the edge of the cloud
-
Computing is moving into the data center (private cloud) and so are applications
- The public cloud is changing everything with 85% of new enterprise applications being delivered as SaaS (IDC)
VDI is definitely a fundamental first step to solve this puzzle. By modularizing the desktop and delivering it as a managed service with better security and manageability, customers can create better user experiences and gain more control.
We need to build upon our success in VDI and move beyond the Virtual Machine and the Hypervisor into the next level of abstraction – abstracting applications (including SaaS) and data.
In our personal lives, the cloud has spoiled us rotten as
end users with high availability, along with ubiquitous and immediate access to
information and applications. But
this is not yet the case within the enterprise.
Our vision is to bring that consumer type of experience into the enterprise.
We need to help our customers build the foundation of their private clouds so that they can achieve the same level of service, speed and reliability that the public cloud offers today. We need to help them centralize and manage applications and data so that they can be delivered to end users on any device with the right level of security and compliance.
Project Horizon shows the direction that we are undertaking and we are all very excited about it.
A part of this transformation and increased commitment to this space, we created a new business unit within VMware, the End User Computing business unit, which includes our end user computing assets along with the desktop business unit.
See you around at VMworld 2010, don’t miss the End User Computing supersession on Thursday and the party Wednesday night.
Vittorio
For more information on the enhancements above and the other features in the View 4.5 release be sure to check out the following sites:
View Point Blog: View 4.5 - Modernizing the Window's Desktop - http://blogs.vmware.com/view-point/2010/08/view-45-modernizing-the-windows-desktop.html - a more technical look at the View 4.5 release
View Home Page: http://www.vmware.com/go/view - updated with new information related to the View 4.5 release
View Community Page: http://communities.vmware.com/community/vmtn/entdesk/view - keep up with the conversations, ask questions and learn more about View 4.5
OVF The First ANSI Adopted Virtualization and Cloud Standard
It is a big deal for several reasons. First of all this may just be the first national standard for virtualization and cloud computing. Secondly customers buying virtulization software or IaaS cloud computing need to demand that their vendor support the spec, there is no excuse. Thirdly, there is broad industry support for the specification including VMware across its entire product line. And lastly as the US government under the leadership of Vivek Kundra is moving to cloud computing OVF could soon be a requirement for anyone that wants to offer cloud infrastructure services to any government agency.
Is OVF enough? No, but it is a great start. Other standards are in development. However, we can no longer say there are no standards for clouds and we can no longer say all standards take a long time to achieve adoption and improve interoperability.
Global Support Services at VMware
Recorded at VMworld 2010, here is Angela Jaques talking all about support services at VMware, where Angela is a Director. The video below is a great overview of all of the services that VMware provides under the Global Support Services umbrella.
Angela talks about all of the various pieces that make up the support organization, and provides some details on how we rank case severities. She then outlines some really cool new things support is doing, like Twitter and Alerts. She recounts a recent serious issue VMware faced with a Microsoft .Net patch that crippled some VMware software. Using Twitter and other social media, tens of thousands of customers were immediately notified of the issue. Angela noted that not one escalation resulted from this potentially serious problem.
Here's video-
Why Virtualize HPC? (Part II)
We continue here describing the rest of the primary use-cases.
Checkpoint / Restart
Checkpoint / Restart – the ability to save and restore the state of a running job to disk – has been a much sought after capability in HPC for decades. Many attempts have been made with varying degrees of success. As a lack of application resiliency has come to be recognized as one of the largest barriers to increased application scaling on future systems, it has become more critical to find effective ways to safeguard application state in the presence of failing hardware and software. Virtualization offers the potential of a better way to checkpoint based on the existing snapshot functionality already available for virtual machines. By working in conjunction with an MPI implementation, it is possible to cause the draining of in-flight messages and write a checkpoint as a set of coordinated virtual machine snapshots. A very basic version of this capability has been prototyped using Open MPI running over TCP.Dynamic Workload Migration
Some of the most exciting potential uses of virtualization for HPC revolve around the creative use of dynamic workload migration – VMotion. Leveraging this one capability will add significant capabilities to virtualized HPC environments.First, migration can be used for power management by actively shifting running workload onto a subset of nodes when utilization drops to allow other nodes to be powered off or placed in a low power state.
Second, migration can be used to rearrange running workload on a cluster to make room for high priority jobs whose resource requirements cannot be met with the current workload placement. This is a significant advance beyond what is possible with current generation HPC distributed resource managers which place jobs within OS instances and have no subsequent ability to revisit or revise those placement decisions. In a virtualized environment, workload can dynamically shift across the cluster as resource requirements change.
Third, while checkpoint/restart is an important capability, it is a very expensive operation that requires the state of all virtual machines and their applications be written to disk periodically. In addition, for highly-scaled systems the data must be written quickly to avoid experiencing hardware failures before the checkpoint has been safely written to disk. As systems and their memories become larger and as failures become more frequent due to increased component counts, checkpointing becomes more problematic.
Virtualization in conjunction with fault management agents running on the cluster can mitigate this problem by creating a proactive approach to application resiliency. In such a system, a virtual machine could be migrated from a node that has been predicted to fail to a healthy node without having to take a checkpoint of the full application. While this capability would be quite challenging to implement, it could offer some significant advantages in the future as systems and applications continue to scale. It should be noted that researchers have successfully migrated individual MPI processes of a running MPI job using this technique, again with MPI running over TCP. Handling the more general case will be much more challenging.
Performance
Performance is obviously the question since the above benefits need to be assessed in terms of their value to a particular site and that value needs to be weighed against the performance cost of virtualization for applications of interest. As we’ve just begun our HPC effort, I do not yet have VMware-generated HPC performance numbers. We have several efforts underway to get this data, among them a proof-of-concept engagement with a university partner that is running a wide variety of traditional HPC benchmarks and applications both native and virtualized so comparisons can be made. I am also in the process of identifying additional benchmarks to run and am acquiring the gear to do so. The gear will include a variety of interconnects so we can carefully assess interconnect performance.Having said the above, I’d like to share a few graphs from some research papers that looked at various aspects of performance for HPC workloads. These results were generated using Xen. I have used them in the past to illustrate the plausibility of vHPC, but of course these are not substitutes for generating our own numbers , which we will do. These numbers should not be taken at face value – use them, as I did, to conclude that good performance is plausibly achievable in a virtualized environment.

Figure 7: The Impact of Paravirtualized Memory Hierarchy on Linear Algebra Kernels and Software, Youseff, et al, HPDC ‘08
The first paper looked at both compute and memory performance for linear algebra kernels. Figure 7 shows the floating point performance for BLAS double precision routines over a range of scenarios. For our purposes, the specific configurations aren’t important beyond the fact that some are native and some are virtual. The fact that each fat histogram bar is essentially flat on top indicates that no significant performance difference was seen when running these kernels native or virtualized. The paper presents a much more in-depth analysis of both memory and CPU performance and essentially concludes that no significant performance differences were found.
While this is certainly promising and a useful result when considering single threaded application performance, it will still be important for us to measure performance of highly-threaded applications within a single virtual machine to assess the scalability of our infrastructure. Nonetheless, the results presented in this paper are encouraging.
Based on these results as well as performance results published by two other companies (I need to be vague until I have permission to share their results) who examined several single-process, parallel HPC applications and who found generally small slowdowns, I feel it is possible today for virtualization to be deployed in certain carefully chosen HPC vertical markets where large throughput workloads are processed and applications do not require MPI. Issues related to MPI are addressed below.

Figure 8: High Performance VMM-Bypass I/O in Virtual Machines, Liu et al, USENIX ‘06
A second paper examined the use of MPI and InfiniBand in a virtualized environment. More specifically, the researchers prototyped the equivalent of an OS bypass mechanism for Xen to allow the guest operating system to gain direct access to the underlying InfiniBand hardware and to achieve maximum possible performance. The left-hand graph in Figure 8 demonstrates that native and virtual latencies in this test framework were the same over a range of small message sizes. It is important to note that this result was generated with MVAPICH in polling mode. As can be seen in the right-hand netperf test, performance results can be lower in the virtualized case if interrupts are used to handle transfer completions. This is essentially because interrupts currently cannot be passed directly to the guest OS. For correctness, they must pass through the virtualized infrastructure which can add latency and decrease performance and small message sizes. Again, we need to measure all of this ourselves with our own products to assess where we stand and where improvements are needed.
It is also important to note that the above bypass approach punches right through the virtual machine abstraction and lets a guest operating system see a real piece of hardware in the system. Doing so either degrades or destroys the ability to live migrate workloads from machine to machine, which in turn makes it impossible to deliver several of the valuable capabilities for HPC outlined earlier in this piece. Whether we can mitigate the impact and do so in a way that is acceptable to VMware engineering and business owners remains to be seen. More study is needed in this area specifically.
The above observations regarding interrupts are also valid in a broader context that includes storage and networking. In cases where runtimes include a large amount of time spent in the transfer of primarily fine-grained messages, this may also lead to a degradation in application performance.
Summary
In this introductory piece, I’ve given you the flavor of the argument for how virtualization might be used today for some parts of HPC and also touched on some of the performance issues, both promising and concerning, related to virtualizing HPC. In subsequent posts I’ll share more details on performance, on discoveries we make as we continue to experiment, and on progress we are making on delivering the value of virtualization for HPC. We are at the beginning of a journey to a very interesting future for HPC – please join me!Tuesday iPad Raffle Winner - VMworld Tech Exchange - Bill Dall !
Folks,
Its always hard saying good bye to these wonderful devices but we are happy they are going to a good home. Please help me congratulate Bill Dall ! Bill is the guy you want to go to Las Vegas with.
Best Regards,
Pablo Roesch - vSphere SDKs / CLIs Product Marketing
The PowerCLI Universe Continues to Expand - New session added to VMworld
| Time | Room | ||
| Tuesday 11:00 AM |
Moscone North Room 133
|
||
|
Wednesday 10:30 AM
|
Moscone South Room 103 <= Just added | ||
| Thursday 10:30 AM | Moscone South Room 302 |
Come visit us at the PowerCLI / API Demo Booth - VMworld Tech Exchange
Folks,
We managed to get most of our SDK and PM teams to hang out and meet you guys at our booth during VMworld. Please note peoples schedules subject to change due to the nature of the event.
Latest updates @VMdeveloperday
Demo Location: Moscone Solutions Floor: vPod C112
Demo Description Overview: The demo will target System Administrators and Developers interested in using the vSphere APIs to manage the vSphere Platform.
|
Monday August 30, 2010 | |||
|
AM Shift |
NA |
NA |
NA |
|
PM Shift |
4:00 – 7:00 |
Pablo Roesch |
vSphere SDK Product Marketing |
|
Sia Yiu |
Sr. Product Manager PowerCLI | ||
|
Sidharth Surana |
SDK MTS Ecosystem Engineering | ||
|
Steve Jin |
Sr. MTS Ecosystem Engineering | ||
|
Tuesday August 31, 2010 | |||
|
AM Shift |
11:00 – 2:30 |
Yavor Boychev |
VMware Engineering Mng. |
|
Sidharth Surana |
SDK MTS Ecosystem Engineering | ||
|
PM Shift |
2:30 – 6:00 |
Dildip Kaur |
SDK Dev Support Engineering |
|
Angela Soni |
SDK Dev Support Engineering | ||
|
Wednesday September 1, 2010 | |||
|
AM Shift |
10:00 – 2:00 |
Vladmir Goranov |
VMware Engineering Manager - PowerCLI |
|
Yavor Boychev |
VMware Engineering Manager - PowerCLI | ||
|
Sidharth Surana |
SDK MTS Ecosystem Engineering | ||
|
PM Shift |
2:00 – 6:00 |
Dildip Kaur |
SDK Dev Support Engineering |
|
Angela Soni |
SDK Dev Support Engineering | ||
|
Rajesh Kamal |
SDK MTS Ecosystem Engineering | ||
|
Thursday September 2, 2010 | |||
|
AM Shift Only |
10:00 – 2:00 |
Sidharth Surana |
SDK MTS Ecosystem Engineering |
|
Rajesh Kamal |
SDK MTS Ecosystem Engineering | ||
Top 20 Articles for August 2010
Here is our Top 20 KB list for the past month. The list is ranked by the number of times a Technical Support case was resolved by following the steps in a published Knowledgebase article.
Hardware Health Monitoring via CIM, part 7
In this installment, we'll look at one of the most complex, and yet perhaps the most powerful aspect of CIM - asynchronous events, or as they're officially named, CIM Indications. In this post we'll talk a little about how the plumbing works to subscribe for and receive indications, and then look at a real-life event using the included example code. With these examples, you should be able to quickly build up your own custom datacenter monitoring solutions for hardware health event detection.
The exact mechanism of subscribing for and receiving events in CIM depends on which wire protocol you're using. In this example, since I'm using CIM XML, we'll focus on how that plumbing works. If you use WS-Management, then there's a slightly different approach. First, lets look at the theory behind how CIM XML based indications work.
With indications, the consumer first has to subscribe for indications and tell the server what sorts of events they're interested in. As part of that subscription, the consumer has to tell the server where to send the indications, which we call the listener. In the CIM XML model, the listener is really nothing more than a primitive web server that can handle HTTP POST operations, and parse and respond to CIM XML payloads. So in essence, the client becomes the server, and the actual server becomes the client when delivering events. When an event occurs on the server that matches the subscription, the server will open an outgoing socket to the listeners address and port number, and send the indication encoded in CIM XML over an HTTP POST operation. This of course means this model doesn't work if you have a firewall in between the client and server without jumping through hoops setting up proxies or port forwarding somehow.
At present, pywbem does not include a generic listener, but that's OK because python does have all the primitives we need to build this up with ease. In under 150 lines of python we can whip up a fairly functional indication listener. I'm not going to devote space in this post describing exactly how the listener is implemented -- you can read through the attached code in detail if you like. The code is written to work either standalone, where it will just dump out the indications it receives to the terminal, or you can import it into another script and wire up callbacks that will be called when an indication is received. If you're comfortable writing your own python scripts, then leveraging this listener would look something like this:
import indicationListener
import threading
portnumber = 1234 # Pick any number
def myCallbackRoutine(listener, instance):
# do something interesting here with the indication instance
indicationListener.SimpleCIMXMLListener.registerCallback(myCallbackRoutine)
t = threading.Thread(target=indicationListener.runListenerForever, args=[portnumber])
t.start()
Once we have a listener working on a known port, then we have to subscribe. Subscription in CIM XML requires creating instances of two endpoint classes, and an association. I've attached another python module to this post that does all the heavy lifting for you, so all you have to do is specify some arguments and it will take care of the rest. Again, like the listener, you can either run this as a stand-alone tool, or import it and run it within your own scripts. Continuing from the snippet of code above, if we wanted to import this as a module and use it within another script, the code might look something like this.
import indicationSubscriber
myhostname = 'xxx' # replace with local host name (name of listener)
import pywbem
classname = 'VMware_CIMHeartbeat'
client = pywbem.WBEMConnection('https://myserver', ('root', 'password'), 'root/cimv2')
indicationSubscriber.subscribe(client, 'myserver', classname, myhostname, portnumber)
And you should start seeing a steady stream of "heartbeats" from the ESX system. If you call the subscribe routine with an additional "True" at the end that tells it to unsubscribe only - by default it unsubscribes first to clear out any old subscriptions, and then subscribes. (Note: These heartbeat indications are really only meant to be a debugging/setup aid. I wouldn't recommend using them as a real-life heartbeat, as the frequency is too high and will cause network load issues if you have a large number of hosts.)
So now that we've got the plumbing out of the way, lets explore some "real" indications on the system. One approach is to use formal documentation to figure out what classes to subscribe for. To do this for the VMware implemented classes, take a look at the API Reference doc, click on "All Classes" in the upper left, and then search for classes with "Indication" in the classname in the lower left. Alternatively, you can use a live system to figure this out on the fly. Here's a simple block of code to display all the implementation classes that might be of interest given a starting classname (it hides all the superclasses that have some derived class.)
def dumpLeafClasses(client, classname):
list = client.EnumerateClasses(ClassName=classname, DeepInheritance=True)
superclasses = set()
allclasses = set()
for theClass in list:
allclasses.add(theClass.classname)
if theClass.superclass is not None:
superclasses.add(theClass.superclass)
return sorted(allclasses - superclasses)
If we call that with the class 'CIM_Indication' then we'll get all the indications that are available on the system, in the given namespace. Lets try this on a live system with a client connection pointed at the 'root/cimv2' namespace:
>>> dumpLeafClasses(client, 'CIM_Indication')
[u'OMC_IpmiAlertIndication', u'VMware_CIMHeartbeat', u'VMware_ConcreteJobCreation', u'VMware_ConcreteJobDeletion', u'VMware_ConcreteJobModification', u'VMware_HHRCAlertIndication', u'VMware_KernelIPChangedIndication']
>>>
We could then do a GetClass on any of these to inspect their Description qualifiers to get some more details on what they're for. The one that we'll look at in this post is the OMC_IpmiAlertIndication, which is sent when a change is detected in the IPMI subsystem. In the sequence below, I'll use the CLI versions, but you can do the same via scripts as described above.
First we'll start the listener (if we don't specify a port number, it picks one at random):
% ./indicationListener.py
Listener started on port 2578
Then we'll subscribe for the indications (using the port number it just gave us):
% ./indicationSubscriber.py -P 2578 -H listener -c OMC_IpmiAlertIndication -s esxbox -u root -p ''
Cleaning up old registrations
Could not delete subscription CIMError(5, u'Class not found')
Could not delete handler CIMError(6, u'The requested object could not be found')
Could not delete filter CIMError(6, u'The requested object could not be found')
Creating handler
Creating filter
Creating subscription
Done - events are enabled for listener:2578
%
You can safely ignore the "could not delete" warnings - that just tells us we didn't have a previous subscription from this host.
Then we'll cause something to happen on the system. On many systems (Dell for example) there's usually a chassis intrusion sensor that will detect if you open the case. I find that to be one of the simplest indications to get to fire if you want to test to make sure you have everything wired up correctly. (If you have redundant power supplies, unplugging one of them from the wall is another easy test scenario.) Within about 15 seconds or so (the interval at which the system scans IPMI for events), on the listener window we'll see events appear:
esxbox - - [09/Jul/2010 14:07:47] "POST /test HTTP/1.1" 200 -
OMC_IpmiAlertIndication
AlertType = 8
AlertingElementFormat = 2
AlertingManagedElement = root/cimv2:OMC_DiscreteSensor.DeviceID="115.0.32.0",CreationClassName="OMC_DiscreteSensor",SystemName="44454c4c-5100-1051-8039-b3c04f464e31",SystemCreationClassName="OMC_UnitaryComputerSystem"
CorrelatedIndications = None
Description = Assert + Physical Security General Chassis intrusion
EventID = None
EventTime = 20100709160722.000000+000
IndicationFilterName = None
IndicationIdentifier = None
IndicationTime = 20100709160735.766255+000
Message = None
MessageArguments = None
MessageID = None
OtherAlertType = None
OtherAlertingElementFormat = None
OtherSeverity = None
OwningEntity = None
PerceivedSeverity = 0
ProbableCause = None
ProbableCauseDescription = None
ProviderName = RawIpmiProvider
RecommendedActions = None
SystemCreationClassName = OMC_UnitaryComputerSystem
SystemName = 44454c4c-5100-1051-8039-b3c04f464e31
Trending = Non
If we close the chassis, then we'll get the corresponding event telling us the problem has been resolved
esxhost - - [09/Jul/2010 14:08:12] "POST /test HTTP/1.1" 200 -
OMC_IpmiAlertIndication
AlertType = 8
AlertingElementFormat = 2
AlertingManagedElement = root/cimv2:OMC_DiscreteSensor.DeviceID="115.0.32.0",CreationClassName="OMC_DiscreteSensor",SystemName="44454c4c-5100-1051-8039-b3c04f464e31",SystemCreationClassName="OMC_UnitaryComputerSystem"
CorrelatedIndications = None
Description = Deassert + Physical Security General Chassis intrusion
EventID = None
EventTime = 20100709160747.000000+000
IndicationFilterName = None
IndicationIdentifier = None
IndicationTime = 20100709160801.404661+000
Message = None
MessageArguments = None
MessageID = None
OtherAlertType = None
OtherAlertingElementFormat = None
OtherSeverity = None
OwningEntity = None
PerceivedSeverity = 0
ProbableCause = None
ProbableCauseDescription = None
ProviderName = RawIpmiProvider
RecommendedActions = None
SystemCreationClassName = OMC_UnitaryComputerSystem
SystemName = 44454c4c-5100-1051-8039-b3c04f464e31
Trending = None
If you look closely at the output, you'll notice there are a few fields that are numeric types that have special meaning. This listener was written so it doesn't require a connection (and therefore credentials) on the host that's the source of the indication. If you want to pretty print the value maps, you can modify the code to follow the same approach as I described in the 3rd blog post in this series, but that will require a client connection back to at least one ESX host that has the given classes implemented.
If you've got an LSI based RAID card on your system, try subscribing for VMware_HHRCAlertIndication and simulate some failures (assuming you have a RAID level that provides redundancy, you can pull a drive and see events fire.)
VMworld 2010 (San Francisco) Video/Photo Contest
Calling all VMworld 2010 San Francisco attendees...
We're all experiencing an epic event here at VMworld 2010 San Francisco. Now, let's share this out to the world. We're looking for video clips and photos from attendees taken at the conference.
If you have a video clip of footage from the conference, please upload it to YouTube so it can be shared. Post the YouTube link on our VMworld Facebook page. Of course, if you have other video sources, that will work too. And please post your video on our VMworld Video page as well using your VMworld account login.
If you have a great photo or series of photos from the conference, please post them to our VMworld Facebook page. This can be a link to Flickr, Picassa, or added as an attachment. And please post your video on our VMworld Photo page as well using your VMworld account login.
The video that receives the most "Like" entries between now and the end of Wednesday at midnight (PST), will be our video winner. The photo that receives the most "Like" entries between now and the end of Wednesday at midnight (PST), will be our photo winner.
To be eligible to win...
1) You must be an actual attendee here at VMworld 2010 San Francisco to be eligible.
2) Your video or photo must be taken here or near the San Francisco Moscone center
3) Your video or photo must be posted to our VMworld Facebook page.
4) Your video of photo must be your own creation (not posting for someone else)
4) You must be at VMworld 2010 on Thursday and come by the Social Media & Blogger Lounge to claim your prize.
Video winner prize:
A vintage collection of VMworld bags from 2007, 2008 and 2009 + 1 "free" VMworld 2010 Subscription ($699 value)
Photo winner prize:
1 "free" VMworld 2010 Subscription ($699 value)
Note: This contest is primarily intended to share VMworld 2010 experiences with our VMworld followers and those who couldn't make it to the conference. Prizes are fun, but not intended to be that "killer" giveaway...so have fun with it and spread the word. Of course, not all attendees are Facebook fans (yes, we know that)...but this is the quickest way to run this in a short time.
August 31, 2010
The vCloud SDK for Java is here - VMworld Tech Exchange
Folks,
We have been really busy this week. We are extremely proud to announce the availability of the vCloud SDK for Java. Prasad gives us an nice introduction to the SDK and we invite you to attend his session at Technology Exchange for Developers PPC-14 Wednesday at Noon - Moscone West
Session Title: PPC-14 - vCloud API - SDK to Improve Efficiency when Building Your Clouds
Time: Wed 12:00 - 1:00 PM
Location: Moscone West Room 3009
Please remember this is a special event and it is for Tech Exchange Attendees - the VMworld only Pass will not get you in you will need a Tech Exchange Pass - $299 with VMworld Pass, $399 with out VMworld Pass. http://www.vmworld.com/community/conferences/techexchange
How to fold your PowerCLI Poster - Diagram
Folks,
Just in case you were wondering how you were going to get your poster home we added a liitle diagram in the upper right hand side. Sia suggested we add an Origami option for the folks out there who like to get creative.
Enjoy
Pablo Roesch
Bag Alert - VMworld Tech Exchange
Folks,
We just got notice that a few people are having problems with the handles on the bags (including me) If you have any problems with your bag PLEASE stop by Materials Pick Up. The friendly staff there will give you another bag.
Hope you are enjoying our event.
Regards,
Meet the Engineer: VMware vCloud Director Security with Serge Maskalik.
|
Meet the Engineer: VMware vCloud Director Security with Serge Maskalik. Multi-tenancy and isolation are very important requirements in the cloud. |
From:
vmwaretv
Views:
137
![]() 0
ratings | |
| Time: 04:18 | More in Science & Technology |
Meet the Engineer: VMware vCloud Director Resource Management with Tichomir Tenev.
|
Meet the Engineer: VMware vCloud Director Resource Management with Tichomir Tenev. Fully abstract your underlying hardware using Virtual Datacenters. |
From:
vmwaretv
Views:
55
![]() 1
ratings | |
| Time: 04:26 | More in Science & Technology |
Meet the Engineer: VMware vCloud Director Networking with Anupam Dalal.
|
Meet the Engineer: VMware vCloud Director Networking with Anupam Dalal. VMware vCloud Director allows you to create External Networks, Organization Networks and vApp Networks. |
From:
vmwaretv
Views:
106
![]() 1
ratings | |
| Time: 04:40 | More in Science & Technology |
Meet the Engineer: VMware vCloud Director Catalogs with Orran Krieger
|
Meet the Engineer: VMware vCloud Director Catalogs with Orran Krieger. Package multi-tier applications into the vApp standard using VMware vCloud Director. |
From:
vmwaretv
Views:
95
![]() 1
ratings | |
| Time: 03:21 | More in Science & Technology |
VMworld 2010 Labs "Realtime" Fast Facts

Some interesting lab stats:
- Number of VMs deployed: over 50k and growing fast
- Number of Labs completed: over 5,200
- Average number of VMs being deployed and un-deployed per hour: 3865
Top five labs out of the 30 lab Topics being offered:
1. View 4.5 Install and Configure
2. ESX 4.1 New Features
3. VMware Performance and Tuning
4. Basic vSphere Install & Configure
5. VMware Cloud Director
If you are at VMworld 2010 San Francisco, be sure to jump in and get you're feet wet!
Reporting to you live...
~Tony (@tony_dunn)
Your PowerCLI Posters - VMworld Tech Exchange
Folks,
We have plenty of PowerCLI 4.1 Posters available, come by our Labs in Moscone West and PowerCLI Demo Booth in the Solutions Floor. Also we made the posters so you can fold them up and take them home. See diagram in upper right hand corner. Enjoy
Pablo Roesch
VMware Fusion at VMworld 2010
The Community Swarms
We’ve seen from Twitter and Foursquare that many of you have swarmed to San Francisco and joined us at the Welcome Reception at VMworld 2010 yesterday. We just wanted to share a quick post about what’s going on with VMware Fusion so you don’t miss out on all the fun.
Visit the VMware Fusion Pod at the VMware Booth and get a “<3 VMware” Sticker for your Mac.
If you’re as excited as we are by these stickers, make sure to stop by our pod at the VMware Booth and pick up your sticker now through Thursday (while supplies last). When you stop by, feel free to ask us any questions you might have or pick our brains for anything related to VMware Fusion.
VMware Fusion Sessions
"Put VMware Fusion to Work for Your Business"
Wednesday, September 1, 2010 at 10:30am
Moscone West Room 2003
Stephan Somogyi from Team VMware Fusion will be sharing some information on how VMware Fusion can be used in a work environment. Join us to learn about deploying Macs in the work environment with the help of VMware Fusion.
This session will provide attendees with an overview on VMware Fusion 3.1, its features, competitive advantages and typical use cases. It will also provide some guidance on how to plan for a wide deployment of VMware Fusion, related support options and tips and tricks.
and
"VMware Fusion Birds of a Feather"
Tuesday, August 31, 2010 at 2:00pm
Moscone West Alcove 4
If you don't already know what a BoF is, check out this great summary on Wikipedia. Eric Tung, a VMware Fusion engineer, will be leading this informal session and answering questions about VMware Fusion 3.1.1.
Looking forward to connecting with many of you this week!
-Team VMware Fusion
VMware Product Survey
If you ever wished you could:
· - Influence the direction of a VMware product or feature
· - Accelerate the development of new features and functionality
· - Provide input directly to the Product Management team
·
And here's the fun part -- possibly win an Apple iPad or a free pass for VMworld 2011
Take any one of the following surveys to help us to understand your needs better to make the best possible product that will suit your needs. You only have to answer one of the surveys below in order to be entered into the iPad prize drawing. However, the more surveys you complete the better your odds are for winning!
Management and Automation - Provide feedback on how you manage your environment, including everything from how you deploy virtual machines to performance!
ESX/ESXi Convergence - Have you already upgraded to ESXi? Thinking about it? Share your thoughts on the process of moving to the most advanced yet!
Storage – Designed for managers of storage solutions within virtualized environments!
Networking – Do you manage the network components within your environment? If so, this survey will be of great interest to you!
Applications – Tell us about what applications you use within your virtual environment and what applications you don’t. If you have any thoughts on Java based applications, this is the survey you want!
vCenter – Use vCenter much? This survey covers a wide range of concepts focused on vCenter. Everything from upgrades and management to providing high availability of vCenter is covered here!
Distributed Systems (HA and Disaster Recovery) – If you are interested in providing the highest levels of availability for your mission critical applications this is your survey! Topics include VMware HA, VMware FT, replication and managing applications within a highly available capable environment.
Converged Data Center – Tell us a bit about how you manage your converged data center!
Security – Interested in firewalls, vShield, and general security? This survey has it all!
VMworld
Kevin Mitts and myself Rick Blythe from Global Services and Support just got out of the General Session presentation from CEO Paul Maritz and Steve Harrod. I was in awe at the size of the crowd, the size of the stage and the three massive video backdrops. How many thousands are attending this one session? Wow! Here's a short video clip I took minutes before the session began.
Lots of announcements today. I won't cover them all here; this is a Technical Support blog after all, but one huge announcement was of VMware vCloud Director. The Knowledgebase team has been busy preparing for this launch and I can tell you we have prepared and produced 13 KBTV videos ready for imminent release on our YouTube channel here.
We'll be showing these videos at our busy booth (Social Support) right behind the Genius Bar at the conference through Thursday. We're going to be giving away some Starbucks gift cards too so stop and say hello!
Bloggers & vExperts at VMworld
As Day #2 starts here at VMworld 2010, if you are a blogger or vExpert, drop by the Social Media & Bloggers Lounge. Along with saying hi, you can get your blogger and vExpert buttons.
The blogger buttons, aside from letting people know that you are a VIP and should get free iPads, will also give you access to the media briefing activities that are going on at the event. (These are in the South Moscone East Mezzanine - follow the signs to the press area.) You can also get access to the Press Working Room and Press Wifi (ask me for details on these).
The orange vExpert button with the cloudy brain is also available. The blue button for vExperts will get you into our event Weds 5:30pm. Pick those up by giving your name to Registration Customer Service in North Moscone. Ask for the CTO Reception Invitation. (Sorry, vExperts only and strictly one per customer!)
-- John Troyer
Here are the press events you might be interested in:
VMworld 2010 Media Roundtable Schedule of Events
Tuesday, August 31, 2010
10:45 - 11:30 am: Post Keynote: CEO Q&A Session
Location: Theater 2, East Mezzanine, Moscone South
Speaker: Paul Maritz, CEO, VMware
11:30 - 12:15 pm: Media Roundtable: End User Computing
Location: Theater 2, East Mezzanine, Moscone South
Speakers:
Vittorio Viarengo, VP, End User Computing Products, VMware
Noah Wasmer, Director, Product Management, Advanced Development, VMware
1:00 - 1:45 pm: Media Roundtable: Private Cloud
Location: Theater 2, East Mezzanine, Moscone South
Speakers:
Bogomil Balkansky, VP, Product Marketing, Server Business Unit, VMware
Jordan Janeczko, Program Manager SIS Cloud Initiative, Siemens
Glenn Harper, VP, Chief Infrastructure Architect, Sabre Holdings
2:00 - 2:45 pm: Media Roundtable: Public Cloud
Location: Theater 2, East Mezzanine, Moscone South
Speakers:
Brian Byun, VP and GM, Cloud Applications and Services, VMware
Mark Leonard, CIO, Colt Managed Services
Kerry Bailey, Executive Director, IT Solutions, Verizon Business
Wednesday, September 1, 2010
9:00 - 9:45 am: Media Roundtable: Application Platform
Theater 2: East Mezzanine, Moscone South
Speaker: Shaun Connolly, VP, Product Management, SpringSource Division of VMware
1:00 - 1:45 pm: Media Roundtable: Security
Theater 1: East Mezzanine, Moscone South
Speakers:
Neil MacDonald, Gartner
Venu Aravamudan, Senior Director, Product Marketing, Security, VMware
Anil Karmel, Solutions Architect, Los Alamos National Laboratory
2:00 - 2:45 pm: Media Roundtable: OEM Partners
Theater 1:East Mezzanine, Moscone South
Speakers:
Ed Bugnion, CTO and VP, Server and Access Virtualization Technology Group, Cisco
Timothy D. Webb, Director, Global Data Center and Enterprise Architecture Consulting Practices, Dell
Paul Miller, VP, Solutions and Strategic Alliances, Enterprise Servers, Storage and Networking, HP
Jan Jackman, VP, Global Cloud Services, IBM Global Technology Services, IBM
3:00 - 3:45 pm: Media Roundtable: Zimbra
Theater 1, East Mezzanine, Moscone South
Speakers:
Jim Morrisroe, GM, Zimbra Division of VMware
John Robb, Senior Director, Products and Marketing, Zimbra Division of VMware
View 4.5 & The Journey Towards Enabling the Consumer Cloud Experience for the Enterprise
User expectations of their business computing environments are changing, being driven by their experiences as consumers. New state of the art devices and user interfaces, cloud computing and the associated SaaS-based applications, ubiquitous connectivity. These trends are converging and when combined are profoundly influencing the direction of end-user computing.
What are some of the traits of this consumer cloud experience?
· A better user experience – simplicity;
· Instant gratification, multiple devices;
· Always available – my apps and data are backed up, replicated or synched;
· Ubiquitous access;
· Personalized – small, engaging applications (at least the client part is small);
· Pay as you go;
· Excitement and anticipation for the next great device or application.
In the technology sense, what does this mean?
· Self-service;
· Encapsulation and isolation between applications;
· Rock solid data protection;
· Simple and easy.
Sound familiar? It should as these are VMware’s core competencies.
The challenge for enterprise IT will be to meet these expectations in the corporate environment while maintaining corporate policy, delivering on SLAs and flexible delivery at low cost. And to do so at the appropriate user and application granularity, all the while bridging to the world of Windows applications and desktops.
Delivering this consumer cloud experience for the enterprise is our mission at VMware’s End-User Computing Products Group (read more about our vision in today’s End-User Computing announcement) and our vision for user-centric IT, which I first described in my vision blog exactly one year ago.
VMware View 4.5
The first step on this vision is to modernize the Windows desktop – encapsulate and isolate the elements of a Windows environment to make them more manageable and user-centric. Today, I’m really glad that I am finally able to talk openly about this next phase of our User-Centric Computing journey and I am pleased to announce the very significant View 4.5 release. First let me be clear about the 4.5 nomenclature; naming aside, this release is as broad in scope as any .0 product and really delivers on the promise of virtualization to modernize today’s desktop environment.
Today I want to offer a tour through some of the View 4.5 technologies:
Modernizing the Desktop:
In my vision blog, I spoke about the notion of composited desktops. To reiterate and provide context, both Server and Client VMs achieve much of their value through encapsulation and isolation from the physical hardware used to execute them. However, Client VMs also differ from their more static Server VM cousins in that they can be more complex to manage; running lots of different applications, many ad-hoc and stateful. I postulated that separating such a Client VM into a set of isolated virtual layers would ultimately be a better architecture for managing them. Well, now this abstract idea is available commercially and we call the result “Modular Desktops”, a major step towards a more modern desktop architecture.
In View 4.5, we have 3 layers in our Modular Desktops, the Operating System, the Applications and the User Persona and each of these layers has an optimized management technology geared to the unique characteristics of its respective layer. Best of all, these optimized layer management tools are all seamlessly integrated and controlled via the common View Manager interface.
View Composer is the technology we use to manage the OS layer. Now View Composer is not new, but what is new are significant functional enhancements that make it far more effective. We are introducing tiered storage support for View Composer, which enables the separation of the read-only gold master image, the redo log snapshots and even the guest OS paging file onto separate storage LUNs. This is very powerful – the read-only gold master is ideally suited for storage on SSD/flash drives, and by doing so time oriented I/O storms can be very cost effectively avoided.
For example, with this architecture, if many desktop VMs boot at the same time the OS images are all now loaded from cache-like SSDs, not via spinning media. Also, by moving the paging file and system temp files to separate “disposable” storage, a major cause of storage space consumption in the redo logs is eliminated, reducing the need to frequently regenerate the images. Paging files can even be moved off the SAN entirely and use local disks – these are transient and do not need to be preserved. This disposable storage is discarded after every user session.
View Composer also has added Sysprep support, enabling automatic generation of a unique SID for each cloned VM. Lastly, Persistent Disks (formerly known as UDD) are now first-class manageable objects, independent of the base VM and can be detached, migrated, reattach or even archived. With Persistent Disks, 4.5 begins to deliver the benefits of User Persona virtualization for stateful desktops. There’s more to come here once we complete integration of the RTO Virtual Profiles technology that I blogged about back in February into the View platform.
View leverages another product release we announced today – ThinApp 4.6 – for application virtualization, separating applications from the Guest OS and isolating them from each other. It is a robust technology in widespread use and with View 4.5 we’ve added integration and management through the View Manager console. ThinApp applications can now be packaged and stored on a network file share in what we call a repository and these repositories can be imported into View Manager. Once there, applications can be assigned to selected individual desktops or designated pools of desktops.
You can choose to have them streamed via a “shortcut” or have the ThinApp’ed EXE/MSI deployed locally onto the VM. ThinApp 4.6 has a myriad of great new features in its own right, but I wanted to explicitly call out one critical capability - our ThinApp Windows 7 support enables virtualization of legacy apps on older Windows platforms for deployment to Windows 7. This has been a major stumbling block for enterprises as they have considered migration to Windows 7. With ThinApp 4.6 we ease this pain point.
And these technologies that comprise View 4.5’s modular desktops are all exposed and managed through one integrated console, View Manager.
View Client:
In my January blog on our thick client strategy, I introduced the View Client with Local Mode architecture for running View Managed VMs on unmanaged end-points. I said this was the ideal architecture for the Employee-Owned IT (EOIT/BYOPC) trend and that we would deliver it “soon”. Well, soon meant View 4.5 and View Client with Local Mode enables checkout and execution of View Managed VMs on almost any modern laptop. View Client with Local Mode, the industry’s first integrated offline virtual desktop solution enables users to access their virtual desktop even while disconnected from the network.
These VMs are usable when disconnected from the network. The VM is transferred to the end point and changes are efficiently replicated back to the data center in a sophisticated, fine grained manner when connected. VMs are encrypted using AES 128 or 256 bit modes and of course centrally managed through View Manager.
View Client with Local Mode brings all of the operational benefits – Business Continuity/Disaster Recovery, Rapid Provisioning, Security as well as Centralized Management and control to mobile users who require the freedom to work online and off the grid. And since it is based on common technology from the VMware Workstation product line, View Client with Local Mode even supports advanced graphics requirements including Win7 Aeroglass effects, DirectX 9 with 3D and sound and multimedia.
Also new in this release is a native Mac Client to allow Mac users to access their View virtual desktops expanding the number of uses cases that can benefit from View. The current release of this client uses RDP and will be supported with Mac OS 10.5 and above. Of course, subsequent versions will incorporate PCoIP.
We’ve added simplified sign on and authentication for virtual desktops over PCoIP channels supporting various authentication mechanisms including Windows username/password, smart cards/proximity cards, USB-connected biometric devices and a new “kiosk-mode” enabling MAC address-based authentication for fully unattended View Client operation. The release also supports “Tap and Go” functionality from our partner SSO Vendors – Imprivata, Sentillion, Juniper, etc.
These were some of the most passionate requests that came from our customers and we think that they will appreciate the new functionality.
View Manager:
Our integrated View Manager console is a critical part of the View experience and prompted Brian Madden to state in his geek week write-up that “Really it’s like View is a giant “easy button.” With View 4.5, we’re not resting on our laurels and have continued to improve our already best in class management interface. View now sports a rich new management console look and feel based on Adobe Flex, that displays tens of thousands VMs and related objects in one consolidated view. An important enhancement is delegated role-based administration, allowing the View administrator to create different roles with different access to View Manager by users/groups/virtual machines. This way IT can delegate tasks among different levels of staff while maintaining control over admin access.
We’ve also created a unified view of event logs across entire View infrastructure – no more logging into each view broker separately to get information. Events are now formally defined with unique identifiers and standard attributes including module, user, desktops. Historical events can be stored in a configurable database that is accessed via VMware View Administrator. Report on events in the database using third-party reporting tools such as Crystal Reports to run audit reports.
As part of the extensibility of View, we have included a management pack for MSFT SCOM. This allows organizations that use SCOM to discover the View virtual environment which was not possible before. Now IT can use SCOM to discover, monitor their entire operation (physical and virtual) Including the ability to start/restart View services from SCOM console and enabling desktop administrators to receive SCOM View alerts indicating when and why something is in trouble with View servers. We’ve also added compatibility with Powershell, enabling extended management and scripting capabilities of the View environment through Powershell commands.
Finally, the new View manager UI delivers a comprehensive dashboard that provides quick insights into the current status of systems (View and vCenter) and virtual desktops and is scalable to larger configurations than previous releases. With vSphere and our block/pod based architecture, we continue to scale the View infrastructure modularly and horizontally. And now with View 4.5 there have been numerous improvements behind the scenes to the View Manager and its connection broker architecture yielding improved performance and scalability of the management interface; enabling management of a dramatically larger set of Desktop VMs through a single pane of glass.
I’m really pleased that I was able to share with you, for the first time publicly, what our View engineering team has been up to over this past year. They’ve sure been busy! I’m confident that you’ll agree with me that View 4.5 is a major step forward in virtual desktop technology, bringing a new level of modernization in desktop architecture to the marketplace and we’re looking forward to putting it in our customer’s hands in September.
Oh, and one more thing… If you think this is cool, just wait until you learn more at VMworld about our plans beyond the desktop…
Onyx 2.0 is here!
We just released Onyx 2.0.
If you haven't heard of Onyx before - it's a tool that generates code based on the mouse clicks you make in the vSphere Client. Onyx makes it easy to see what is happening behind the covers and can help with development of scripts and automation solutions.
Here are the new features at a glance:
- More output formats – the new output formats are: raw SOAP messages, C#, and vCO JavaScript code.
- Easier to start – you can launch vSphere Client and PowerCLI directly from Onyx.
- New settings – you can configure which methods are ignored via the Settings dialog.
- Support for vSphere 4.1 – the new methods introduced in vSphere 4.1 API are available in the ouput.
- Many “invisible” changes – bug fixes, performance improvements, etc.
You can download and try the new release right away.
Project Onyx has arrived !
Folks,
Latest version of Project Onyx Tech Preview is now available, congratulations to the team !
Onyx official Website http://vmware.com/go/onyx
VMware vCloud Director officially available
As the Product Marketing Manager for VMware vCloud Director, I am very excited to announce that as of Monday, August 30, VMware vCloud Director is generally available (GA) to the public.
This is a groundbreaking product. The technology under the covers is unabashedly complex, yet the user experience is fantastically simple. And this is reflective of the very magic underlying the product – the creation of complete logical separation between the consumption of IT services and the delivery and management of the infrastructure that supports them. IT can give users self-service access to their own isolated “virtual datacenters,” new units of consumption in the cloud that represent pools of compute, storage, and networking resources. Users deploy into these pools using standardized infrastructure service catalogs through a Flash-based web UI. On the back-end, IT can manage and architect the datacenter in the most efficient way, without unnecessarily siloed infrastructure.
In this way, VMware vCloud Director is the first product that truly enables cloud computing in existing datacenters. While public clouds have a number of great benefits – most notably instant access to on-demand capacity – most of our customers need a solution that provides these same benefits with the security, control, and long-term cost efficiency of their existing datacenter. And let’s not forget existing applications, hardware investments, people and skills. For most customers, the most pragmatic path to cloud computing is a dual-pronged approach that includes evolving existing datacenters into private clouds and using public cloud resources where necessary. In fact, we believe most customers will find that a hybrid environment using both public and private clouds is the best fit.
And when it comes to hybrid clouds – only VMware provides a clear and pragmatic path. It’s not enough to say that you have a private cloud and a public cloud - managing this sort of “mixed” cloud might actually be more complex than before. Instead, VMware's vCloud Director provides a common, consistent platform for both internal private clouds as well as external public clouds. In our hybrid cloud vision, customers have the ability to migrate workloads between clouds and interact with all clouds through the same set of programmatic interfaces and management tools. By VMware vCloud Director leveraging open standards such the VMware vCloudTM API and the Open Virtualization Format (.ovf), and being used by a massive network of over 1,700 VMware vCloud service provider partners, we enabled customers to easily extend their datacenter capacity and manage public cloud capacity as easily as their own private cloud. And this week, we also launched VMware vCloud Datacenter Services, our solution to ensure customers have access to trusted, secure, and compatible public clouds that are ready for the hybrid cloud.
Over the past few months, I’ve worked with some of our most ambitious customers, building full private clouds on pre-release versions of vCloud Director, vCenter Chargeback, vShield Edge, vSphere Enterprise Plus, and vCenter Server. All of the pilots were successes, and the customers found a number of great uses for the product:
- Enabling the sales force to set up demos of complex software products to customers on the fly
- Consolidating datacenters and vCenter silos onto a shared infrastructure
- Providing developers and researchers a virtual sandbox for their applications
- Segregating and offloading data onto secure public clouds
- Simplifying compliance by standardizing on pre-approved infrastructure and application templates
- Enabling the easy transfer of workloads within an enterprise’s two datacenters
- Transforming a business model away from selling software on managed servers to providing convenient access to centrally hosted resources
Stay tuned on ReThink IT for more discussions on how VMware is leading the way with cloud computing to take the complexity out of IT. My colleague, Murthy, has been exploring many of these issues around cloud computing and, with his literary acumen, can explain even the most complex technology concept to a pre-schooler. I encourage you to join the conversation here and on the VMware Communities site for VMware vCloud Director.
And by the way, check out the article in the Wall Street Journal featuring VMware vCloud Director.
Greg
VMware vShield Secures IT as a Service
I’m Venu Aravaduman, Sr. Director of product marketing for our security, storage and business-critical applications solutions. Today, at VMworld, we announced the availability of VMware vShield Edge, vShield App and vvShield Endpoint ! This marks a watershed moment for customers on the path toward IT as a Service. The VMware vShield family of products is designed to remove barriers to IT as a Service by delivering adaptive, cost effective and simple-to-manage security services.
Why is VMware focusing on security?
Traditional IT security tends to be rigid, brittle, expensive, and was not developed to be aware of virtualization and dynamic IT environments. As customers move towards building private clouds, traditional security models become very limiting. Today, it takes long lead times and a lot of pain to change ANYTHING around security policies and implementation. So, we asked ourselves: shouldn’t security be able to adapt instantaneously to changing business and infrastructure needs? This is precisely why VMware has a significant investment in enabling the next generation of IT security! And, guess what? Independent surveys of our customers show that they rank VMware very highly as someone capable of enabling and delivering this next generation of security solutions!
We are introducing 3 products to the market at VMworld 2010 – these are
· vShield Edge – Provides comprehensive network security and services for the edge of virtual datacenters
· vShield App - Protects applications in the virtual datacenter from network-based threats
· vShield Endpoint - Enables offloading of antivirus and anti-malware processing to security-hardened virtual machines delivered by VMware partners, strengthens security for virtual machines and their hosts while improving performance by orders of magnitude for endpoint protection.
We are also updating and upgrading out vShield Zones technology -- a feature of vSphere 4.1. The upgrade version now includes a more robust vNIC-level firewall, and this has complete control over inter-VM network traffic – a really important enhancement. vShield App builds on top of this capability. To read more about these products , visit http://www.vmware.com/products/vshield/
So, what’s the latest on VMsafe?
As you know, a couple of years ago we introduced the VMsafe program and set of APIs as the enablement for our first generation of introspection based solutions. There are currently 6 VMsafe partners, offering 7 solutions - for more information on VMsafe visit http://www.vmware.com/technical-resources/security/vmsafe.html. VMware is fully committed to supporting these solutions for our mutual customers. To summarize, we are building on the VMsafe foundation, and making this better for our partners and our customers!
Based on customer and partner feedback, VMware is now introducing our second generation of introspection based solutions; the first instantiation of this technology is in vShield Endpoint. This next-generation introspection platform brings additional benefits over the VMsafe investments, specifically
1) Broader integration of management frameworks with our partners
2) Better abstraction of lower level APIs, more ease of integration for partner solutions
3) More scalable partner based integration efforts, easier certification
We are building on the VMsafe foundation, and making this better for our partners and our customers. For example, Trend Micro is showcasing the first such solution to market in their Deep Security product, focusing on offloaded AV/anti-malware. We are also working closely with additional strategic partners such as RSA, Symantec, McAfee to enable solutions for offloaded AV and additional classes of endpoint solutions such as Data Leak Prevention, File Integrity Monitoring etc. Our longer-term direction is to drive this next-generation introspection capability to serve broad classes of solutions for endpoint and host protection solutions.
We have worked very closely with Cisco to ensure that our vShield solutions integrate well with Cisco UCS based deployments, as well as full support for the Nexus 1000 v. We are working closely with Intel to ensure that we can leverage Intel’s Trusted Execution Technology for attestation and compliance of cloud based platforms.
With our strategic industry partners, VMware is committed to delivering the infrastructure and security tools necessary to deliver IT as a Service to our customers. Please continue to watch for additional security updates from VMware.
Modernizing the Desktop Architecture with VMware View 4.5
By Raj Mallempati - Director, Product Marketing
Today, at VMworld 2010 in San Francisco, the VMware End-User Computing team is extremely excited to announce the launch of VMware View 4.5. This release is chock full of new features which enables customers to deploy desktop virtualization in a broad scale across the enterprise and address an increasing range of use cases.
In fact, Chris Wolf from Gartner has already declared View 4.5 as an enterprise ready desktop virtualization solution.
For those of you at VMworld, you will hear Paul Maritz and Steve Herrod detail our vision for the future of End-User Computing during the keynote. Our vision centers around the idea of delivering a consumer cloud computing experience within the enterprise while maintaining corporate policy, flexible service delivery at lower costs. You can read more about our strategy in today’s announcement.
A key first step to achieve this vision is to enable customers to modernize their existing desktop architecture so they can easily move from a more modern, user-centric model where users can access their applications and data from any device while providing IT with greater control and the ability to deliver increased efficiencies that maximize time and resources.
Here are some of the key features we have incorporated in View 4.5 to enable this vision:
Enhanced User Experience
- View Client with Local Mode – The industry’s first integrated offline and server hosted solution for desktop virtualization. End-user can check their virtual desktop out of the datacenter and work without a connection to the network efficiently and securely. Furthermore, the checked out virtual desktop will run on all existing and new PCs unlike other solutions. Additionally the checked out virtual machine is fully encrypted and has policies associated with it. This will enable organizations rapidly deploy desktop virtualization for BYOPC or EOIT (Employee Owned IT) use cases.
- Full Windows 7 support – Now with the full support for Windows 7, in View 4.5 and ThinApp 4.6, organizations can migrate to Windows 7 at half the cost and time. To further help our customers with their Windows 7 migration journey, a key new feature we are introducing in ThinApp 4.6 is the ability to virtualize IE6 and run it in Windows 7. Migrating your IE6 based applications cannot be any easier.
- View Client for Mac OS X - With View 4.5 we are further extending support for a diverse set of end user devices including Mac clients. This enables Mac users to access hosted Windows virtual desktops thereby extending the BYOPC or EOIT use cases to Mac users
- Integrated Application Assignment – Simplify the delivery of virtualized applications to end-users through the View Manager console. This integration enables ThinApp applications to be centrally managed and easily delivered to pools or individual desktops.
- Rich Graphical Dashboards – Simplify management and monitoring through improved reporting and diagnostics
- Role Based Administration – allows the distribution of IT tasks to the right administrator.
- Integration with Microsoft SCOM and PowerShell – Enable IT organizations to plug into existing management infrastructure and further simplify the management of View virtual desktops.
- Support for vSphere 4.1 and vCenter 4.1 – Deliver integration with the most widely deployed desktop virtualization platform in the industry and taking advantage of optimizations for View virtual desktops.
- Increased scalability –Customers can now deploy 10,000 virtual desktops per pod and use this modular architecture to scale out across their organization.
- Optimized Anti-virus Protection – Integration of vShield Endpoint enables the centralization of anti-virus and malware scanning to optimize virtual environment performance, simplify AV management and improve desktop security.
- Tiered storage support in View 4.5 – With the introduction of tiered storage, VMware View 4.5 helps reduce the cost of storage by enabling customers to take advantage of multiple storage tiers including high performance and locally attached storage. This helps to not only optimize performance but also allows organizations to reduce the cost associated with storage requirement for virtual desktop environments.
- Lowest Cost Reference Architectures – VMware has worked with partners such as Dell, HP, Cisco, NetApp and EMC to provide prescriptive Reference Architectures which enable customers to deploy a desktop virtualization solution that is both scalable and cost effective. For the first time in the desktop virtualization space our customers can deploy a virtual desktop solution which costs less than $500. Read more in the Reference Architecture here.
For more information on the enhancements above and the other features in the View 4.5 release be sure to check out the following:
View Point Blog: View 4.5 - Modernizing the Window's Desktop - a more technical look at the View 4.5 release
View Home Page - updated with new information related to the View 4.5 release
View Community Page - keep up with the conversations, ask questions and learn more about View 4.5
We’re also proud to be joined by our ecosystem of partners, many of whom have put out press releases today with solutions and technology that support the View 4.5 release.
General availability for the View 4.5 release is set for early September but in the meantime you’ll find a lot of information available for you to learn more about this release from the links above. You can also sign up for a free 60 day evaluation of VMware View 4.5 by going to the VMware View evaluation page and don’t forget to keep up with us on Twitter by following @vmwareview.
The Enterprise Hybrid Cloud, Delivered
We’re excited about announcing vCloud Datacenter Services at VMworld 2010 because they're the first examples of a globally consistent enterprise-class hybrid clouds. Let me explain what that means and why it’s important.
In a nutshell, vCloud Datacenter Services -- offered globally by leading service providers -- marry the dynamic, on-demand nature of public cloud services with the compatibility, security and control that enterprise computing requires. A hybrid cloud is defined as two or more clouds that offer data and application portability.
We did a great deal of research with our customers – talking to those who were considering external clouds into their computing environment. We learned a lot from these conversations and I’ll be writing about them in a series of future posts.
Agility
There was a consistency to what we heard: enterprises of all sizes that loved the promise of the dynamic, on-demand nature of public clouds – the ability to get computing capacity quickly, with no up-front investment and few restrictions in the types of operating systems and software that could be deployed.
Some of you were finding it a bit uncomfortable, in fact, because there was now an external yardstick for the price of on-demand, commodity computing and storage capacity -- which drove focus and learning around the benefits that cloud computing might bring to your organizations. This led to another critical insight: access to on-demand computing as a commodity was not enough by itself.
Portability and compatibility
Why? The first challenge is both economic and technical: we learned that a lot of pilot cloud projects were brand new applications, largely because it was technically difficult to take an existing application and make it work in an external cloud. Existing systems are what an organization depends upon, and in economic terms they represent sunk cost. So the extra cost of re-writing or porting an existing system to work in a shiny new cloud environment is often a non-starter.
At the same time, you were very conscious that the majority of IT dollars go into keeping the lights on for existing systems – so the cloud’s ability to reduce some of those costs or avoid new ones (e.g. a datacenter build out) was attractive.
As a result, a key feature of all vCloud Datacenter services is VMware-certified compatibility and portability: you can take existing virtualized applications and move them to the a public cloud provider of their choice with little or no rework.
Much as I wish there was no rework at all, some systems have assumptions about the operating environment baked into them – such as IP address ranges – which means there is some work to remove those assumptions. But, with systems that don’t have that kind of restriction – and there are lots of those – there is no need to wait for an internal cloud deployment. You can start getting cloud computing benefits right away using the virtualization technology you’re already familiar with: VMware.
Security
Another important area that we heard about time and again was security. Consequently, security is a key part of vCloud Datacenter services. There are three parts to this: the security of the cloud infrastructure itself, the applications running in the cloud, and the access and authentication rights for cloud users within your organization.
You told us it wasn’t enough that the infrastructure and apps are protected; security teams and auditors need to be able to verify and document it too. To deliver on that, vCloud Datacenter service infrastructure has to meet a strict set of physical and logical security controls, with all logs available for inspection by third party auditors. We developed a control set derived from ISO 27001 and consistent with SAS70 Type II for that purpose, which our service provider partners implement.
We also took advantage of the new vShield Edge and vCloud Director “follow the app” virtual security, which provides a full stateful firewall (again, the logs are available for audit), virtual Layer 2 networking, and full Layer 2 network isolation. As a result, security policy and implementation automatically follow the app, regardless of where it lands physically. (There will be more on this in another blog post.)You also get full role-based access control, authenticated against your own enterprise directory so that you have the kind of access and authorization security you’re used to.
In short, we think the enterprise cloud is about three things: agility for computing services, portability of existing virtualized applications, and security – not just the protection you expect, but also the transparency required to pass audit.
I’ll be writing more about our experiences working with customers who are building enterprise cloud environments in future blog posts. In the meantime you’ll find more details on vmware.com
Welcome vCenter Converter SDK Developers !
Folks,
Lots of great news this week at VMworld Tech Exchange. We are extremely happy to announce the creation of the vCenter Convertor SDK community. We welcome all developers to join the discussion, ask questions, provide feedback and participate.
The official URL for the Converter Community is http://vmware.com/go/convertersdk. A big thanks to our friends around the world that made this happen.
VMworld 2010 session on Orchestrating the Cloud
Hey everyone I just got back to the hotel after a nice 13 hour day at VMworld! I'm working labs 11-15 and am Co-Presenting the Orchestrating the Cloud session Monday, Tuesday, and Wednesday. Today's session from 3pm-4pm had over 130 people checked in and felt like it went pretty well. The session was intended to be discussion heavy around using VMware vCenter Orchestrator (vCO) to to perform cloud automation. As such, we presented a short series of 3 videos that highlight the usage of an upcoming vCO plug-in for VMware vCloud Director! There were plenty of questions throughout the session. If you happened to be at the session today and are stopping by to check out the site, please feel free to register and comment on this article and/or use the "Contact Us" form to provide us with feedback - and don't forget to fill out the online form for the Orchestrating the Cloud session at VMworld!
With over 16,000 (17,000) people in attendance this year, the labs are rockin' and people are excited :) Hope to see you here!
For those of you who managed to make it in on Monday - THANK YOU VERY MUCH for stopping by. If you missed Monday's session, we have 2 more sessions: 1 on Tuesday morning and a final one on Wednesday morning.
UPDATE: FYI - Day two of the labs saw the total labs deployed counter roll right past 8,000 labs!!! And we still have a couple days left!
by webmaster@vcoteam.info (Burke Azbill) at August 31, 2010 04:45 AM
August 30, 2010
Welcome!
So what is my role here at VMware?
Well, in part, I am the connection between the Office of the CTO at VMware and VMware's partners, customers and field organization in EMEA.
From an outbound perspective I will be sharing VMware’s vision, strategy and direction, helping everyone understand the technology journey that we, as an industry, are on, how that is transforming IT and the businesses that IT supports, and how VMware is a key part of it. I will also be sharing VMware’s and its partners’ and customers’ experiences, enabling pragmatic implementations that not only deliver value today but provide the foundations for delivering and/or refining IT as a Service in the future.
From an inbound perspective it is also my job to listen and learn from our customers, partners and field organization. To take your needs (current and anticipated) and experiences back into VMware so that we can continue to innovate and deliver compelling new solutions, products and services, as well as improving and refining our existing offerings.
Of course, it is not in my role, nor my nature, to be a passive communicator. So I will also be helping to shape VMware’s vision, strategy and products, based on my interactions with you, and based upon my past experience as both an architect and operator of infrastructure and infrastructure tooling. I’ve spent many, many years working on how to deliver services on complex distributed infrastructure, a.k.a. Clouds. It is my personal mission to drive the development of technology that hides the inherent complexity within such infrastructure so that IT can focus on the high level task of managing business services, delivering the right Quality of Service, with the appropriate business agility, at the right price.
So bearing all of this in mind, please interact with me. Engage in a dialog. Comment on my blog. Discuss. Come up and talk to me if you see me at an event.
Cheers
Paul
Come See vSphere 4.1 at VMworld 2010!
The show has already started and we are excited to show you everything vSphere 4.1 has to offer. At the VMware booth we will be showing:
-Storage I/O Control and vStorage APIs for Array Integration
-Network I/O Control
-Memory Compression
-ESXI Hypervisor Architecture
-Availability Enhancements
If you get a chance, join me for an overview of vSphere 4.1 both today (12pm) and tomorrow (3:30). My session is TA9420.
Enjoy the show! See our keynotes and other video on demand here
Session Update PRU-02 VMworld Tech Exchange
Hello Technology Exchange Attendee,
Update in the Program Guide for Technology Exchange. Please see the following description of PRU-02 (Enhancing Partner Benefits – Update on the Re-Designed TAP Program) session. The session is at 3 pm today in Rm 3009, Moscone West. We look forward to seeing you there.
PRU-02 (Enhancing Partner Benefits – Update on the Re-Designed TAP Program)We are launching the re-designed TAP Program at Tech Exchange. Join us to learn about the new and updated benefits - broader set of licenses, enhanced business benefits, streamlined certification and support, and new tiering. These benefits address several key asks from our partners.
Look forward to seeing you there.
iPad Give Away - Details VMworld Tech Exchange
Folks,
As a special treat for you we will be giving away an iPad loaded with select sessions from event. Winners will be announced on this blog and @VMdeveloperday.Your names will be pulled randomly from our registration and survey lists. Please note you must be present to win and collect your prize.
Winner will be announced around 3:00 PM and iPad will be handed out in front of Room 2009 in Moscone West. Please bring your id - and good luck
New articles published for week ending 8/29/2010
VMware Knowledge Base Weekly Digest
August 29, 2010
Visit the Big Red Truck!
Hello everyone,
I saw at Yellow Bricks today some great shots that Duncan shared with everyone of the lab he is working in at this VMworld. I thought I would do the same! Mine are a little different:
And the datacenter that my rack is from is:
In the picture at the start of this blog, all of the blue lights signify the hosts that we are using to power the POD's that are in use on the other side of the truck to demonstrate things like Site Recovery Manager, ESXi, View and High Availability. All of this is live, and not canned, and we have specialists ready to demo or answer questions.
Have a great VMworld!
Michael
August 28, 2010
How to create an all in one vCO dev server on Windows 2008 64-bit
The recently released vCenter Orchestrator 4.1 requires and takes advantage of a 64-bit OS. For development purposes, it can be desirable to have a single server to perform the following roles:
- Windows Domain Controller (Active Directory)
- E-mail Server (POP3/SMTP)
- Database Server
- vCenter Server
- vCO Server
- vCO Client
This short article is intended to help you get all these services running on a single server. Setting up these features in an incorrect order may result in conflicting ports and/or the inability to get some of the software installed.
Base Operating System
For simplicity, I have installed Windows 2008 Server Enterprise 64-bit edition in a Virtual Machine. After installation and activation, apply all current security patches and software updates.
NOTE: DO NOT MAKE THIS SERVER JOIN A DOMAIN OR BECOME A DOMAIN CONTROLLER YET. This will be done at a later step.
I have my dev machine configured with the following hardware:
- Single CPU
- 3 GB Memory
- 40 GB Disk
VMware vCenter Installation
After your base operating system has been installed, you should go ahead and get VMware vCenter 4.1.x installed next. When installing vCenter, an instance of LDAP and SQLExpress (DB Instance name will be "SQLEXP_VIM") will be used to manage local authentication and data.
IMPORTANT: During installation, on the "Configure Ports" screen, change the LDAP port from 389 to 3899 and the SSL port from 636 to 6369. These changes from the defaults are required to prevent port conflicts when the server is promoted to a Domain Controller.
Microsoft SQL Server Management Studio Express for 2005
During the vCenter 4.1.x installation, an instance of SQL Express 2005 was installed. We'll use this instance for the databases for vCO and the mail server coming up in the next steps... You'll need to get the SQL Server Management Studio Express for 2005 so that you can create the necessary databases. You can download it from here: Download SQL Server Management Studio Express for 2005.
NOTE: You'll need to be logged in as the "administrator" account or run a command prompt as the "administrator" account, then execute the msi installer, otherwise the installation will fail at the end.
Create a database for vCenter Orchestrator named "VCO" and a database for your e-mail server if you choose to use hMailServer for e-mail.
Install Active Directory
Now that vCenter is installed, you can run "dcpromo" on the server to create a domain controller! Perform this step before continuing on to the vCO and mail server installations.
Install an e-mail server capable of POP3 and SMTP
For an e-mail server, you'll want something capable of at least 5 accounts (possibly more depending on your test scenarios.) For my test/dev server, I chose hMailServer and have it installed. The installation is pretty simple and straightforward.
VMware vCenter Orchestrator (vCO) installation
Your base requirements are all set for a dev vCenter Orchestrator server so it is now safe to install vCenter Orchestrator 4.1.
The installation and configuration of vCenter 4.1 is nearly identical to that of vCenter 4.0. Please reference these articles for step-by-step instructions:
Utilities and Other Programs
Your core dev server is ready, but you may want to grab a few other programs and tools to make your test/dev experience better. Some of my personal favorites are as follows:
- File/Directory comparison: WinMerge
- SCP File Transfer: WinSCP
- SSH Client: Putty
- Text Editor: PSPad
- Server Wallpaper Info: BGInfo
- CVS Client: Tortois CVS
- SVN Client: Tortois SVN
- Log Tailing/following: Baretail
- All around development environment: SpringSource Tool Suite / Eclipse
- E-mail Client: Zimbra Desktop / Thunderbird (Both clients are available for MAC OSX, Linux, and Windows!)
by webmaster@vcoteam.info (Burke Azbill) at August 28, 2010 11:38 PM
Social Media & Blogger Lounge with Live Video Coverage
New this year, the lounge will be located outside of the Solutions Exchange for extended hours. The lounge is located in the lobby (near the bookstore) of Moscone South. Come by early before morning sessions to blog, tweet, network or relax with other bloggers, vExperts, social media contributors and VMware community members. The VMworld Social Media & Blogger Lounge will be the center of all the social media action at VMworld 2010 (blogging, tweeting, live video streaming, interviews, networking and other gatherings.
VMworld Live! brought to you by VMware and SiliconANGLE "The Cube"
The teams at VMware and SiliconANGLE have planned live video coverage of VMworld 2010, providing continuous editorial coverage of the conference. We will have the industry's top executives, experts and customers streaming live to discuss VMworld, key announcements and proof points for virtualization and cloud computing.
Whether you're at VMworld in San Francisco or back at your home or office, you can watch on the VMworld homepage or:
VMworld Video page > (you can post your own videos here as well)
There will also be an opportunity to ask live questions via Twitter. Use these hashtags:
#thecube (questions for the hosts and speakers)
#vmworld (main VMworld hashtag to broadcast to everyone)
Hosts: John Furrier, Founder SiliconANGLE & Dave Vellante, Founder Wikibon Project
Executive Producers: John Troyer, VMware & John Furrier, SiliconANGLE
Content Programming: John Troyer, VMware; John Furrier, SiliconANGLE; Dave Vellante & Stu Miniman, Wikibon.org
For the latest schedule of speakers and times, please read the SiliconANGLE blog post >
August 27, 2010
Quick preview of security sessions at VMworld 2010
The keynotes from Paul and Steve are always insightful - this year, in addition, there is a bit to talk about in the area of security, so do tune in!
I have a couple of sessions:
SE8389 - Architectural Overview of Virtualization Security for the Private Cloud
SE8520 - Panel Discussion - Private Cloud - Virtualization Security and Compliance, Meeting PCI Standards
I will be hosting three familiar experts in the virtualization and cloud security space:
Bret Hartman, CTO RSA/EMC EMC fellow
Christopher Hoff, Director of Cloud & Virtualization Solutions, Cisco (and blogger extraordinaire!)
Neil MacDonald, VP & Fellow, Gartner
So, this should be an insightful session. Come prepared with your questions - we'll keep this interactive.
We have also lined up several sessions on security:.
SE7811 - VMware View Security Architecture and Best Practices
SE7813 - vShield Edge & Application Protection - Architecture and Use cases
SE7835 - Securing your Cloud
SE8206 - Security Hardening Guidelines for vSphere
SE8378 - Compliance-Ready Virtual Infrastructure, Addressing PCI Security Standard for Virtualized Deployments
SE8421 - Hypervisor-based antivirus and endpoint security
SE8640 - How does Intel® Trusted Execution Technology address Cloud Computing security issues at hardware platform level
So, do visit us. And we do appreciate your ongoing feedback, as we chart a new course here.
/Allwyn
August 26, 2010
Foursquare at VMworld 2010
Foursquare is going to be a big part of VMworld 2010 this year. You will be able to check-in locations all over the place!
First up, what is this Foursquare thing?
From Business insider:
"Foursquare is primarily for letting your friends know where you are and figuring out where they are. Secondarily, it's for collecting points, prize "badges," and eventually, coupons, for going about your everyday business."
Read more: http://www.businessinsider.com/how-hit-location-based-social-app-foursquare-works-2010-1#ixzz0xkh15URk
As you can see, this can be great fun at a conference because you can see where your friends are and get tips about the cool things going on at the show. Many sponsors are offering special deals and tips for checking into their spaces. Most sponsors have setup their booths in Foursquare and you can quickly learn about them from the list below.
If you find a booth that is not on the list please enter it using the following format.
Name: [Company Name] VMworld Booth #[1232]
Address: 747 Howard Street
Cross street: Booth #[1232]
City, State, Zip: San Francisco, California, 94103
Twitter: [Main VMworld Twitter Account]
Hopefully by keeping this format everyone will be able to find it and check-in.
Please be sure to:
1) add VMworld as a friend to your Foursquare account:
http://foursquare.com/user/vmwareevents
![]()
2) add #VMworld to your shout when you check in
3) Add a Tip to places that you check into to share cool info with others!
Some places to check-in:
VMworld 2010 http://foursquare.com/venue/6595319
VMware's Booth #701 http://foursquare.com/venue/8114024
VMware Blogger Lounge (where the social media team will be) http://foursquare.com/venue/8117418
Cisco Booth #801 http://foursquare.com/venue/8114101
Dell Booth #401 http://foursquare.com/venue/8115160
EMC Corporation Booth #1001 http://foursquare.com/venue/8115364
NetApp Booth #601 http://foursquare.com/venue/8115450
Compellent Technologies Booth #1022 http://foursquare.com/venue/8115509
CSC Booth #1014 http://foursquare.com/venue/8115598
HP Booth #1008 http://foursquare.com/venue/8115666
IBM Booth #709 http://foursquare.com/venue/8116304
Intel Booth #509 http://foursquare.com/venue/8116350
Novell Booth #931 http://foursquare.com/venue/8116395
Symantec Corporation Booth #513 http://foursquare.com/venue/8116841
VCE Booth #809 http://foursquare.com/venue/8116919
Wyse Technology Booth #521 http://foursquare.com/venue/8116999
Brocade Booth #1307 http://foursquare.com/venue/8219476
Please send me the URL and I will add the "Make sure you add #VMworld to your shout when you check in!" tip from the VMworld Account to encourage the booth check in to appear in the main #VMworld hash stream. Happy checking in!
Questions, comments and anything else you can reach me at: Twitter: @lkilpatrick
See you at VMworld!
Luke Kilpatrick
VMware Labs "Flings Station"
It is that easy. By the way, you may get to meet some of the authors of those cool Flings. Catch a Fling (demo) or just hang out with VMware Community folks. We hope to see you there!
Follow VMware Labs on Twitter: @vmwarelabs or become a fan on Facebook: VMware Labs

Virtualization and Cloud Management at VMworld 2010
Hello, this is Martin Klaus again from the vCenter Product Marketing team. VMworld San Francisco is less than one week away and it’s bound to be an awesome event for virtualization and cloud management. We have more than 20 management sessions, and the buzz around management is heating up -- as Dan Kusnetzky pointed out in his blog. As a track owner for the Private Cloud Management track I get to work with all the presenters of these sessions, and from what I’ve seen I can tell you that each and every session delivers thought provoking, high-quality content. There are too many diverse sessions to summarize in a few sentences, but here are some highlights that you cannot afford to miss:
Management Vision and Strategy Super Session
- SS1040 - VMware Vision for a New Generation for IT Management (Tuesday, Aug 31, 5:00pm)
Ramin Sayar, Vice President of Products, Enterprise Management will discuss VMware’s vision for virtualization and cloud management. This is _the_ session to attend if you would like to understand how VMware’s approach provides purpose-built and policy-driven automation for dynamic environments to reduce management complexity and accelerate your journey to the cloud.
Management and Private Cloud Customer Panels and Presentations
- MA9789 – Virtualization Management Customer Panel (Wednesday, Sept , 12:00pm)
Yours truly will be hosting managers and architects from three leading IT organizations who will share best practices and results from tools and processes they have implemented to achieve 800:1 VM per admin ratios, faster service delivery turnaround times, and 30:1 consolidation ratios for production systems generating an additional $750K in savings on Microsoft license fees. - MA8338 – Hear From Several VMware Customers Who Have Successfully Built and Deployed a Private Cloud (Wednesday, Sept 1, 1:30pm)
My colleague, Greg Bybee, will be hosting a panel of customers who have successfully implemented early access releases of upcoming technology releases to dramatically simplify the implementation of a private cloud architecture.
Analyst’s Perspective
- MA8092 -- Cloud Futures: The Infrastructure Authority (Tuesday, Aug 31, 5:00pm)
Gartner’s Research VP Chris Wolf explores the emerging role of an “Infrastructure Authority” to be in charge of the growing need to meet security, regulatory and organizational policy constraints of private cloud infrastructure.
Technical Deep-dive Sessions
- MA7140 - vCloud Architecture Design Strategies and Design Considerations (Tue, Aug 31, 11:00am)
- MA8317 – vCenter Chargeback (Monday, Aug 30, 10:30am)
- MA8330 – 10 Best Free Tools for vSphere Management (Mon, Aug 30, 10:30am)
- MA8940 – Self-Service and Workflow Automation for the Private Cloud (Mon, Aug 30, 3:00pm)
- MA8181 – vCenter CapacityIQ (Tuesday, Aug 31, 11:00am)
- MA8649 – vCenter Configuration Manager (Tuesday, Aug 31, 1:30pm)
Again, this is only a short list with some of the management-related sessions at VMworld. Be sure to check out the complete content catalog on www.vmworld.com.
Hope to see you in San Francisco next week!
Getting to Know vCloud (Part II)
Matthew D. Sarrel, Sarrel Group
Previously, I wrote about my experimentation with Terremark’s vCloud Express. I found it insanely easy to create a VM from one of Terremark’s templates. Yet, as we know, simply creating VM’s isn’t the end of the story.
I had a bunch of false starts trying to connect directly to my servers. The best documentation I could find is here.
The steps involved are basically to download and install the SSL VPN client and then RDP (or SSH) into the VM directly. It sounds easy enough but there’s more to it than that. The right way to do this is to click the VPN Connect button from the Servers page. Much to my chagrin this appears to work only in IE. I added the vCloud and the SSL VPN servers to my Trusted Sites:
Then I installed an ActiveX component, upgraded Java, and installed the SSL VPN client.
I ultimate arrived at this screen – remember this because it means you’re good to go.
I launched the RDP client and connected to the IP address (you can find this by clicking on the server and at the bottom of the screen it shows the “Detected IP”). And voila, I was sitting at my desk controlling the mouse and keyboard of a VM located somewhere out in the cloud.
From here on it’s pretty straightforward. I can install software either by downloading it directly to the server or by sharing my local drive with the server. Alternately, I could connect to the server by selecting it and clicking the “Connect” button. This basically launches a remote session in the browser (again IE only).
It’s important to use the CD/DVD drop down list to mount and install VMware Tools. I could also use the same drop down list to mount an .ISO or map a local drive – very useful when installing software for test purposes.
If you’re just getting starting on vCloud, let us know how it’s going and share your own experiences. I’ll be happy to post examples of common challenges, use cases, and lessons learned as you ramp up your working knowledge of the public cloud!
Matthew D. Sarrel (or Matt Sarrel) is executive director of Sarrel Group, a technology product testing, editorial services, and technical marketing consulting company. He also holds editorial positions at pcmag.com, eweek, GigaOM, and Allbusiness.com, and blogs at TopTechDog.
August 25, 2010
Welcome to VMware’s CTO Office Community
These are indeed interesting times for all of us, particularly so for IT as it undergoes one of the bigger changes in its young history. And this change permeates all aspects of IT: datacenters, clients, and even application development. The goal of this new community site is to provide a forum for discussing these changes. My hope is that we’ll all be able to help the industry navigate through and fully benefit from this transition.
Next Tuesday I have the privilege of presenting the VMworld kickoff keynote with our CEO Paul Maritz. We’ll share our vision for cloud computing and how the “New IT Stack” must be delivered across three distinct layers:
- Integrated Infrastructure
- An Application Platform
- A New User-Provisioning Layer
This inaugural post is longer than future ones will be, as I’d like to share the motivating backdrop for this discussion, based on numerous customer and partner anecdotes.
The Rise of Enterprise Cloud Computing
As stated earlier, we are clearly experiencing the rise of a new era in IT, a shift as big as the one that moved us from mainframe to client-server computing to the web. The web completely changed the way we think about consuming services over the Internet, but that was only half of the picture. The other half is how those services are delivered. That is the focus of cloud computing, and that is the focus of VMware.What is the origin of this change? Certainly the prevalence of powerful processors, more ubiquitous networking, and virtualization have enabled it, but I believe it is actually more of the business aspects of IT driving the change. Companies typically spend 70% of their IT budgets just on keeping their datacenters going… replacing failed components, troubleshooting outages, repelling security attacks, and doing other tasks that aren’t core to the mission of the business. Particularly during recent years of recession, this waste has become even more evident with CEOs and CFOs clearly wanting change. The allure of cloud computing is to shift much of this 70% towards activities that move the business forward… creating new applications that generate revenue, make them more competitive, or improve the quality of life for employees.
There are other changes also driving the move to cloud computing. First, the rise of public cloud offerings such as Amazon’s EC2 have, for the first time, made a rate card for basic IT services publicly available. For 7 cents an hour, you can have compute resources and for 10 cents per month you can have a GB of storage. These numbers push CEOs to ask awkward questions of the IT department… how much do you cost for these same services? Could I do better by pulling these services out of my IT department?
Secondly, these new services are “pay as you go”. Rather than make a large up-front capital outlay, you pay only for those resources that you consume. This is particularly attractive to new companies who can launch their businesses and more easily grow as they begin to make revenue.
And thirdly, we’re all experiencing a radical change in our personal consumption of computing capabilities. I can now instantly buy music, movies, and applications for my client devices. I can instantly sign up for email, and I can obtain goods with an online swipe of my credit card. This self-service ability is incredible. I don’t have to wait on anyone and have near instant gratification. The contrast between this and self-service and how IT works for many employees is stark. It can take days or even weeks from the time I request a server, some storage, or a new development environment until it is available for me. We’re expecting our IT departments to be more like these consumer services that we’re using, and this is also a promise of cloud computing.
Now, while there are these consumption needs driving IT to change, there is also a growing set of challenges for IT to deal with in production of these services. First, IT is held responsible for the availability and performance of IT-supported applications. In a world where more applications are served from datacenters outside of IT’s direct control, it’s harder to guarantee these service levels. Perhaps more top of mind are the security implications of putting company data and intellectual property outside of the direct control of the company. Right or wrong, there is concern that others may have access to critical company resources in this new world, and that causes many to hesitate. Related, there are more and more regulations facing many industries… SOX, HIPAA, and PCI, for example. In many cases, the organizations that provide these certifications are not ready for the brave new world of data living outside of the company’s direct ownership. And behind all of this is a requirement that existing application and infrastructure investments aren’t thrown out as we move to a brave new world. Quite a daunting set of challenges
Private, Public, or a Mix?
For these reasons and others, we’ve seen the rise of many different sorts of clouds. Most commonly discussed are public clouds, offerings from outside of a company’s datacenter walls that serve the business. The worries over service levels, security, and compliance have led to discussions of private clouds, new approaches to traditional IT where applications still run within the company’s datacenter walls, but are consumed in more of a public cloud-like fashion. It seems fairly clear that most mid- and large-sized enterprises will have a hybrid cloud environment and that each will manage this split differently; they’ll create their own private cloud that makes them more efficient and responsive while still maintaining the control that they require. They’ll also leverage public cloud offerings as the economics make sense and as the vendors offer higher levels of compatibility and control. With VMs as the lingua franca of both cloud types, each company will be able to choose the split between private and public clouds that best meets their needs, and move to cloud computing in an evolutionary way.VMware’s Approach to Integrated Infrastructure
So how does VMware plan to attack this? We refer to our efforts here as VMware Cloud Infrastructure and Management, and we have three primary activities under way:- Turn existing datacenters into “private clouds”: Virtualization goes a long way towards making today’s datacenters more efficient, elastic, and scalable. We are building offerings upon this virtualized foundation that deliver on the additional key traits of clouds, namely self-service consumption models and chargeback or metered-usage. We are focused on servers and blades based on industry-standard x86 processors to provide the horsepower for these clouds. The end result will be the creation of a “private cloud” that brings many of the benefits of cloud computing to the enterprise while still giving CIOs complete control over their applications and data where control includes the ability to provide availability and performance guarantees AND to keep all of their data and IP in-house. This ability to reap the benefits of cloud computing without re-writing applications or relinquishing control allows the adoption of new technology in a more evolutionary way than previously possible.
- Create an ecosystem of compatible “public clouds”: The next leg of our strategy is to offer software to hosters, service providers, telcos, outsourcers, and other owners of external datacenters that lets them offer computational capabilities to the enterprise. We base this software offering on the same VMware vSphere and vCenter product offerings as well, and the beauty of this approach is that it is compatible with what companies are doing within their own datacenters. VMs are completely portable to these “public clouds”, and they’ll get the same levels of availability and performance guarantees when they run them here. Along the way, we get to incorporate the learnings that come with being used in these public clouds, ultimately helping our products perform in the private cloud context.
- Develop technologies that connect private and public clouds: It’s clear that most IT departments will have a mix of public and private cloud assets under their purview; VMware itself runs our private cloud for many business applications, but we also leverage more than 20 Software-as-a-Service (SaaS) offerings that complement the ones we’re running ourselves. We see a great opportunity to connect the private and public clouds in interesting ways including common management and monitoring tools, via storage replication, and with seamless network naming. The end goal will be even more choice for a company as to how much of their infrastructure runs inside and outside of their datacenter, and an ability to maintain appropriate levels of control as they do so.
And Beyond the Integrated Infrastructure…
The above discussion largely focuses on the datacenter and traditional server-based applications. The move towards cloud computing changes far more than just this space. In subsequent articles I’ll be discussing radical transitions that are also occurring in the next two layers of the stack… a new platform for cloud application development as well as a new approach to provisioning applications to users, regardless of where they are or what devices and gadgets they are using.I hope you enjoy the exciting times ahead, and thanks again for participating in the VMware CTO Office community… with the keyword being “participating”!






