Most viewed posts

ESXi – How to reset the root password

19 April 2012
Comments off
Reading Time: 2 minutes

Reset the root password with ESX 3.x was quite simple, just because the service console was a partition writable a live CD… With ESX 4.x it was a little more complicated (the service console was basically a vmdk).

But with ESXi things are more complicated, due to the partition layout, that ESXi works in RAM and that all configurations files are stored in the banks it special archive files. The file containing the password hashes is called “shadow” and it is is contained in  a nested structure of archives inside the state.tgz file.

continue reading…

Highlights, VMware

Greater number is always better? For Intel maybe no

17 April 2012
Comments off
Reading Time: 3 minutes

As most people know, Intel adopt a Tick Tock model for processors development: a tick advances manufacturing technology, a tock delivers new microarchitecture. Usually this mean that a tick means processors with more frequency speed (sometimes also more cores and/or more cache) and a tock means usually new features (but not necessary more frequency speed and/or more cache/cores).

But when a new generation (tick or tock) as been introduced, after some months, this usually means cheaper processors (or at similar price) compared to previous generation.

Now a possible confusion could be generated by the Westmere family (the tick evolution of the Nehalem) that was probably much articulated with at least two big Xeon branch: the Westmere-EP (really simple to understand a just an evolution in speed of the previous models) and the Westmere-EX (the Xeon E7 series) that was much similar as a tock evolution.

To make things more complicated the tock evolution as been called Xeon E5, making diffult a comparison with the E7 (the old model) series, for several reasons: numbers does not help (E5 seems a system with lower feature compared to E7), cache is bigger on E7 (24 MB compared to 20MB), memory speed is limited on E7 (also compared with old Westmere-EP).

But price comparison is much interesting: if we compared a E5-2670 (Recommended Customer Price: $1552 – $1556) with a E7-4830 (Recommended Customer Price: $2059) price make the E5 solution much valuable (considering that also are mounted on new servers generations). With the only (little) disadvantage of the cache size. For a complate feature comparison see the datasheets at Intel web site:

Product Name Intel® Xeon® Processor E5-2670 (20M Cache, 2.60 GHz, 8.00 GT/s Intel® QPI) Intel® Xeon® Processor E7-4830 (24M Cache, 2.13 GHz, 6.40 GT/s Intel® QPI)
Code Name Sandy Bridge-EP Westmere EX
Essentials
Status Launched Launched
Launch Date Q1’12 Q2’11
Processor Number E5-2670 E7-4830
# of Cores 8 8
# of Threads 16 16
Clock Speed 2.6 GHz 2.13 GHz
Max Turbo Frequency 3.3 GHz 2.4 GHz
Cache 20 MB 24 MB Intel® Smart Cache
Bus/Core Ratio 33 16
Bus Type QPI QPI
System Bus 8 GT/s 6.4 GT/s
# of QPI Links 2
Instruction Set 64-bit 64-bit
Instruction Set Extensions AVX SSE4.1/4.2
Embedded Options Available No No
Lithography 32 nm 32 nm
Scalability 2S Only S4S
Max TDP 115 W 105 W
VID Voltage Range 0.60V-1.35V
Recommended Customer Price 2059.00
Memory Specifications
Max Memory Size (dependent on memory type) 750 GB 2048 GB
Memory Types DDR3-800/1066/1333/1600 DDR-3 800/978/1066/1333 (Max Speed 1066 MHz)
# of Memory Channels 4 4
Max Memory Bandwidth 51.2 GB/s
ECC Memory Supported Yes Yes
Expansion Options
PCI Express Revision 3.0
Package Specifications
Max CPU Configuration 2 4
TCASE 81.8°C 64°C
Package Size 52.5mm x 45.0mm 49.17mm x 56.47mm
Sockets Supported FCLGA2011 LGA1567
Low Halogen Options Available See MDDS See MDDS
Advanced Technologies
Intel® Turbo Boost Technology 2.0 Yes
Intel® vPro Technology Yes
Intel® Hyper-Threading Technology Yes Yes
Intel® Virtualization Technology (VT-x) Yes Yes
Intel® Virtualization Technology for Directed I/O (VT-d) Yes
Intel® Trusted Execution Technology Yes Yes
AES New Instructions Yes Yes
Intel® 64 Yes Yes
Idle States Yes
Enhanced Intel SpeedStep® Technology Yes Yes
Intel® Demand Based Switching Yes
Thermal Monitoring Technologies Yes Yes
Intel® Flex Memory Access Yes
Execute Disable Bit Yes Yes

For new processors (actually only for the desktop market) see also: Unofficial Intel Ivy Bridge CPU Datasheet.

General, vDesign

New certifications from Microsoft

16 April 2012
Comments off
Reading Time: 2 minutes

Microsoft has recently made some changed in certifications and also has introduced new paths, like the new MCSE: Private Cloud certification. The path has the following requirements:

  • become a MCSA: Windows Server 2008
  • pass the Exam 247: Configuring and Deploying a Private Cloud with System Center 2012 (Until January 31, 2013, Exam 70-659 may be taken in place of 70-247)
  • pass the Exam 246: Monitoring and Operating a Private Cloud with System Center 2012

Note The Private Cloud certification requires candidates to show continued ability to perform in this technology area by completing a recertification exam every three years.

As you can notice Microsoft has reintroduce some old certification names, now new meaning, but still with similar skill as in the past: MCSA and MCSE. For more information see the certification page on Microsoft site.

continue reading…

Microsoft, vCertification none

vExpert 2012

15 April 2012
Comments off
Reading Time: 2 minutes

Although the official confirmation has yet arrived via email, it seems that (also) this year I was confirmed as a vExpert. Or at least they appear on the list published on the site: Announcing vExpert 2012 title holders.

Considering the changes in the vExpert program and that I’ve tried the “Evangelist” path (probably the most “wanted” or at least desired… and where there are some really great evangelists) I be enormously honored by this confirmation. It ‘s been less than a year since the last vExpert 2011, but I seems that were only few days.

continue reading…

vCertification

KEMP Virtual LoadMaster – Load Balancing

13 April 2012
Comments off
Reading Time: 4 minutes

As written in the previous post, the management web interface is build around at the load balancer features. But most terms and concepts are the same of other solutions and at least we have:

  • Virtual Services (VS): a virtual IP or VIP (or a pair of IP and port) for a specific virtual service that will me managed by the load balancer
  • Real Servers (RS): the servers (physical or virtual) that hosts the services
  • Forwarding methods: how packets are delivered to the real servers. VLM support NAT or Direct Server Route (DSR) al L4 and NAT at L7.
  • Scheduling methods or algorithms: how the different connections are distributed to the different real servers. VLM has really a large number of methods (LoadMaster Installation & Configuration Guide pag. 18-19), with some really interesting (like Agent Based Adaptive Balancing). Not the the methods of LVS are only a limited sub-set
  • Persistence: how to be keep sessions and states (when needed, for example in https connections). This is usually a pain in most load balancer (for example in LVS you have only a time option). VLM has different methods (LoadMaster Installation & Configuration Guide pag. 21-25) included Layer 7 Persistence Methods

The setup of a new virtual service is really simple and the defaults are usually good enough: just add an IP and a port. You can also specify the type of service (HTTP/HTTPS, generic, STARTTLS or Terminal Server), but usually VLM will find the right one automatically. At this point you can add the real servers by choosing the IP, port, forward methods and weight (used in some scheduling methods). Note that the server check part is common for all the real server and can use also specific application level tests.

SSL Offload is just an option, as also L7 features. Note that persistence and the scheduler options are common both in L7 and L4 (enabled when L7 is disabled) mode.

Very interesting that you can configure the load balancer in a one-armed configuration without any specific configuration on the Real Servers (with Linux Virtual Server and Direct Route you need some tweaks on the the RS…). For example, I’ve tried a configuration with a load balancer in the same network of the real servers, and also with VIP in the same network: all was fine with L7, both when clients where in the same network and also when client where outside and an external NAT was used to reach the VPI (in this second case the option “L7 Transparency” has to be un-flagged).

To be honest, if you use L4 and DSR you still need to modify the configuration of the real servers (exactly as in Linux Virtual Server with Direct Route): The VIP address on a Real Servers must be configured so that the server does not respond to arp requests on the VIP address (see LoadMaster Installation & Configuration Guide at pages 137-147).

Conclusions

The KEMP product is complete and powerful, but also quite simple to be deployed and used in few minutes. Probably is one of the best solution for load balancing features. Really interesting the limited footprint and the speed of the appliance. It’s a pitty the missing integration with VMware Tools (or Integration Services in Hyper-V).

Although it include also some other features like filtering and proxy-cache, those are still related only with load balancing features, so it does not replace firewall or proxy server.

Previous posts

General none

KEMP Virtual LoadMaster – Configuration

12 April 2012
Comments off
Reading Time: 4 minutes

As written in the previous post, there are two vNIC in the VLM appliance, because there are two different scenarios of network topologies (well described in the LoadMaster Installation & Configuration Guide at pages 12-13): one-armed (similar to a bastion host firewall configuration) or two-armed (similar to a firewall dual-homed).

Looking at those configurations, and comparing with Linux Virtual Server, seems that the forward methods (Direct Server Return and NAT) are bounded with the network topology. But for VLM there is no correlation and you can use the preferred forward methods (although DRS remain the common solution in the 1-armed and NAT in the 2-armed). The only limit is when is choose the L7 load balanced, in this case only the NAT method can be used.

The first step for the appliance configuration is connect to it using a web browser or the console and using the default credential (bal/1fourall). You can use both the network interfaces (by default the management is active on both) and the documentation tells that can be auto-configured with DHCP (but in my environment this has not work, and was not clear which IP has been set… in this case the VMware Tools integration was a good source of information). Although there is a default IP for eth0 (192.168.1.101), I’ve switch to the console come that is really fast and easy (just follow the Quick Setup menu).

One note about the network configuration: either the conventional four-octet method (such as 255.255.255.0 for a Class C) or the CIDR format (where the Class C would be represented as /24) are supported. But in my case only the CIDR has worked well, with the other (maybe I’ve just used a wrong format) the interfaces has not been configured at all.

At this point is now possible use the web management interfaces with a standard browser (I’ve tried both with MSIE and Firefox without issues). Note that you cannot use it until you do not change the standard password!

The web interface is quite simple and smart with a powerful statistics page that include several counters and also the status of the servers and the services.

As you can notice, by the menu entries, the management interface is all around the load balancing features. All other features are just sub-menu or options. I think that this organization if quite clear and service oriented.

The official guide is quite complete, but exist also a contextual help (in my opinion it’s not so intuitive), using a tool-tip that can be displayed by pointing the mouse on a option and wait some seconds:

HA Configuration

As written in the previous post, this appliance use 2 vCPU  (although I’ve tested with a single vCPU and for small load it work well), for this reason VMware FT is not usable to improve is availability. The reboot time is quite slow, so for simple environment maybe VMware HA could be enough.

But of business-critical or environment with really high availability level a specific configuration can be used to have a HA “cluster” of two VLM in a active/standby configuration (more details are available in the LoadMaster Installation & Configuration Guide at pages 14-17).

VMware none

KEMP Virtual LoadMaster – Installation

11 April 2012
Comments off
Reading Time: 3 minutes

KEMP Virtual LoadMaster (VLM) is available in three format: one for Microsoft Hyper-V (just a zip with all the required files) and two for VMware (one for vSphere and one for Workstation format). All are quite small (less than 40MB), so really fast to download and deploy.

I have tried the the vSphere version that is just a compressed file with a folder including an OFV and a VMDK file. Really simple to deploy as most of the virtual appliances (maybe a single file could be more simple).

The Step 1 is get the software from the virtual-loadbalancer download site and select the hypervisor platform:

The Step 2 depend on the type of source, but basically is just deploy and power-on the virtual appliance. TheVLM will obtain a DHCP address (strange but in my case, on ESXi 5 it has not work) or a statically assigned 192.168.1.101. At this point you can access the VLM using HTTPS:// or via VMware console and you will be prompted for a license key. On the same screen, an Access Code will be displayed. Record that Access Code for Step 3.

The Step 3 is just obtain a license key, also for the trial mode. Note that is generated on the Access Code that probably depend on some environment information (for sure the vNIC MAC Addresses, if you change them the appliance will restart in default setting without the license). The virtual hardware version seems not relevant to the activation (I’ve upgrade the appliance to v8 without any issues).

Now some configurations are needed in the guest level as described in the Quick start guide (the user and the password are also documented here).

About the VM it is basically and hardened Ubuntu Linux (32 bit) with 1 GB of vRAM (usage may depend by the type of services) and two vCPU. This choice probably is required for some services like SSL offload and/or proxy and/or IDS, but of course make not possible use VMware FT for a high availability environment (but don’t worry because there are specific configuration to have two VLM in HA configuration). About the disk it will be deployed as a thin disk of 512 MB and it will start will really few space (note the used space and remember that 1 GB is the VM swap file). About the virtual networking two vNIC are defined to be used in different type of configuration (described in the next post).

Note that VMware Tools are missing and this is (IMHO) a big lack, considereing that they can help also in the VM management (like snapshot or guest shutdown/reboot). For the shutdown seems that also the web procedure does not really power-down the VM (you have to force the shutdown from vSphere Client).

One curious think that I’ve notice during the reboot/shutdown test is that the browser keept the authentintication, so probably it is stored in some cookies or persisten session data.

For more information about the KEMP LoadMaster see the previous post.

General none
© 2025-2011 vInfrastructure Blog | Disclaimer & Copyright