Most viewed posts

ESXi – Use the embedded VNC Server

12 December 2011
Comments off
Reading Time: 3 minutes

Some weeks ago I learn a new curios thing in a thread in the VMware Community: also the latest version of ESXi still have a VNC Server for the VM console that can be used with a common VNC connection as described in the old KB1246 (Using a VNC Client to Connect to Virtual Machines) related to the VMware GSX Server product!

Note: as written in the KB VMware does not support running virtual machines with a VNC client. The right client to access the VM console is still the vSphere Client (or the Web Client), and of course, protocols implemented in the guest OS.

This function is configured at VM but is provided at host level, so you must use different VNC ports for each VM that you want to manage with VNC.

To configure each VM edit the VMX file or use the vSphere Client to edit the Virtual Machine Properties to add the following lines:

  • RemoteDisplay.vnc.enabled = TRUE
    Setting this option to TRUE enables standard VNC support. This setting is valid only while the virtual machine is running. If the virtual machine is powered off, you cannot connect to it with a VNC client.
  • RemoteDisplay.vnc.port = TCP_Port
    Specify the port the VNC client uses to connect to the virtual machine (5900 is the default VNC port). If you want to connect to more than one virtual machine on the same host with a VNC client, you must specify a unique port number for each virtual machine. VMware suggests you use a port number in the range from 5900 to 5999. You can use any port number, but keep in mind that certain port numbers are used by other applications while others are privileged (meaning only the root or Administrator user can listen). For example, the VMware Management Interface uses ports 8333 and 8222; on Linux, only root can listen to ports up to port number 1024. Conflicts can occur if you specify a port in use by another application.
  • RemoteDisplay.vnc.password = password
    Support for the VNC 3.3 authentication, which is an eight character password. Use this password when you are prompted for authentication as you use the VNC client to connect to the virtual machine.

In this example, the TCP 5901 port is used and the password is set to “password” (without the quotes):

Now, on ESXi 5, you must add a new custom firewall rule, as described in William Lam post (How to Create Custom Firewall Rules in ESXi 5.0).

First step is build a new rule like this:

~ # cat /etc/vmware/firewall/vnc.xml
 

   VNC

     inbound
     tcp
     dst
     5901

     outbound
     tcp
     dst

      0
      65535

    true
    false

Then you can refresh the firewall rules and check that the new one is correctly loaded:

~ # esxcli network firewall refresh
~ # esxcli network firewall ruleset list | grep VNC
VNC                    true

Finally you can simple download a VNC client (like the TightVNC Viewer) and simple connect at the IP of the ESXi host at port 5901 (using the IP:5901 syntax).

VMware

ESXi Performance Graphs – VM Power

9 December 2011
Comments off
Reading Time: 2 minutes

There is an performance monitor at VM level that show always a null value: it’s the VM Power Graph. The same monitor at host level show the power usage of the specific host.

But by default, the power usage of the VMs are not calculated. To enable this experimental feature you must change an advanced parameter (Power.ChargeVMs) on each host (by default, as show in the picture, is zero… it must be changed to 1):

continue reading…

General

VMTN Community and Social Media

7 December 2011
Comments off
Reading Time: 5 minutes

The original post is avilable on the VMTN Community blog: Guest post: VMTN Community and Social Media

I would like to talk about how VMware Community compares with (and complements) other social networks and media. I’m a VMware Community Moderator, but I’m writing this post as a “normal” Community user. I do not consider myself a social media guru, but just a beginner.

If you want to be precise, the title of this post is not exactly correct, because the Community is just another form of social network.  However, there are differences between the Community approach versus the other tools that have become popular over the past few years, such as Facebook, Twitter, YouTube, ect.

As you noticed, the latest release of the VMware Community platform, introduced at the beginning of the year, integrates many social channels. Just look at the Twitter, Facebook, YouTube and blogs tabs on the Community home page or check out the “Share This” box on every thread. This may make you think that the world is now revolving around all these new tools, and that our Community forums are going out of fashion. But is this really true?

continue reading…

General none

VMFS5 – Upgrading vs. Fresh Install

6 December 2011
Comments off
Reading Time: 3 minutes

With a vSphere 5 upgrade there is an important vDesign decision: if you already have some VMFS3 datastores could be better upgrade them to the new version of build new datastores directly with VMFS5? The upgrade procedure is quite fast and friendly and could be applied to a live datastore, so seems that there isn’t a big different between an upgrade or a clean format.

But usually the recommendation is to re-format each LUN to VMFS-5 rather than upgrade it. This will fix a number of issues, including:

continue reading…

vStorage ,

Reclaim free space in Thin Provisioned vmdk disk

5 December 2011
Comments off
Reading Time: 3 minutes

One of the “issue” with vmdk in thin format is that they start “small” and then grow when you add new data… But when you delete some data, the vmdk file size is not reduced.

To be honest this issue is more related to the guest file systems that does never delete the block data, but only the metada (or some of them). Of course at guest OS level you will see the right disk usage, but this will probably not match the one that you see at VMware level (that usually will be bigger).

continue reading…

Highlights, vStorage ,

VCP5-DT Beta Exam

5 December 2011
Comments off
Reading Time: < 1 minute

Today has started the beta period for the VCP5-DT exam (of course on View 5).  The exam is available through December 20, 2011.

I’ve received the official invite, but unfortunately in my Country there is any free seat for the entire beta period (this because only a subset of the testing center are authorized and in my Country there is a single center).

By the way, the VCP511-DT beta exam consists of 210 questions and a short pre-exam survey consisting of 7 questions. The time limit for the beta exam is 225 minutes, with an additional 15 minutes to complete the survey questions and agreements.

vCertification , ,

VMware View 5 – Disable the certificate warning

2 December 2011
Comments off
Reading Time: 2 minutes

As described in the  release notes, one of the new features of View5 is the certificate check from the View Client (similar as the certificate check of the vSphere Client):

Updated client certificate checking for View clients – View clients now follow the well-known browser model for handling certificates, displaying errors detected in the certificate presented by View Connection Server, or in the certificate trust chain. Administrators can set the Certificate verification mode group policy to enforce strict certificate checking; if any certificate error occurs, the user cannot connect to View Connection Server. Alternatively, administrators can use the default Warn But Allow mode, which supports self-signed server certificates and lets users connect to View Connection Server with certificates that have expired or are not yet valid. If necessary, administrators can also set a No Security mode that lets users connect without certificate checking.

This feature is important for security reasons, but after a View 5 upgrade, can create some “diseases” for the users with the standard self-signed certificates. Each time that a user open the View Client a warning message is prompted (without any way to disable or permanent ignore it):

There are two different type of solution:

  • Replace the self-signed certificates with other that are signed by an official public CA (or at least by the internal CA).
  • Disable this check.

The recommend solution is replace the certificates and there are several site with the righ steps (for example see on VMware Community or on SSL certificates in VMware View environments).

But for small and simple environment, maybe could be simple disable the check. For this purpose a specific GPO rules must be enabled, as described in VMWare View 5.0 Client – Remove Certificate Warning Message at Startup.

But what’s happen for the clients that are not in the AD domain? The GPO must be applied on the side of the View Client, so a simple solution is apply the result of the GPO, by manually change the Windows Registry entries. In this case is quite simple because only a key is required (note that the Security branch may not exist in your Registry):

[HKEY_CURRENT_USERSoftwareVMware, Inc.VMware VDMClientSecurity]
“CertCheckMode”=”0”

 

VMware, vSecurity ,
© 2025-2011 vInfrastructure Blog | Disclaimer & Copyright