Punching Clouds

To anyone who loves animals, and has a big heart, from my wife.

To all my friends,

This is an urgent plea for your help. While I was in the Dominican Republic last week, I rescued a tiny little puppy the size of my two hands from drowning (see pix below). We managed to get the puppy back to New York, where my dad had agreed to raise her (since I just adopted another dog just last week), but unfortunately the poor little thing has taken a turn for the worst. She is currently in critical condition, and is in an ER vet clinic getting tests. Only an hour ago she stopped breathing, and when the vet called my dad to tell him, little August started breathing again and lifted up her head. I am so sorry for asking for help, but Rolo and I are sort of hurting for $$ right now, after the wedding and all.

Here’s how the story goes:

It was last Friday, August 20th, my birthday and the day before my wedding. I decided to take a peaceful run on the beach to clear my head, and spend some time being introspective and reflective. I had ran about two miles, when a little dark object caught my eye along a stretch of rocky shore. As I got closer, I recognized immediately that it was a puppy, being swept out by the tide, and then struggling helplessly everytime it washed up. I ran over and lifted it immediately from the warm waters. She collapsed in my hands. I asked some men who were preparing to sail out on their boat if it was their “perro,” but the shook their heads and asked me in spanish if it was mine and if I wanted it.

I poured the water I had with me into my hand, and she refused because she thought it was salt water. Without a question in my mind, I turned around in my tracks and walked back as fast as I could to the hotel. I felt like I couldn’t go fast enough. I stopped a few times to cover her in the shade of my body because it was so hot. I said outloud, “It’s gonna be okay, August.” (naming her after my old dog April who we had named after the month we had rescued her).

Luckily, outside the hotel, I met two of my friends, one who took the shirt off her back so that I could sneak her into the resort (that did not allow pets). I called room service for milk, improvised my cutting a straw in half from a juice box in the mini bar, and began feeding her milk through the straw. To my relief, she lapped it up immediately.

To summarize the rest of the story, Rolo and I spent the rest of my birthday finding a vet to take August in and administer shots, as well as get the right paper work. On Tuesday, my dad and mom and Rawlinson’s mom took the dog back to NY, making a 2 hour stop in the Agriculture office in the airport. Last night, as I flew back to LA, my dad woke up to hear August whimpering in pain, and he rushed her to the vet at 3am. She is currently there undergoing treatment and tests.

The vet has told me that they have to do a battery of tests. The estimate is completely unaffordable for us at this time, so I am asking you all out of the kindnesses of your hearts to donate whatever you can to August’s treatment. People had asked Rolo and I what we needed or wanted for our wedding, since we didn’t register anywhere. For us, gifts and money are not important…it was having our friends be at the wedding, and receiving all the phone calls and well wishes on facebook that counted. Now, however, I am asking that if you would like to give us something…please give us whatever you can to help save this little dog. That’s all that matters to us right now. Please make any contributions to Rawlinson’s PayPal account: rawls27@msn.com. Seriously, anything will help: $1, $5, whatever….Please pass this along to anyone who you think would like to donate to this cause.

Here is the link to see August pics on Facebook

Thank you from the bottom of our hearts,

Mollie and Rawlinson

Head’s up Folks, here is a bit of useful information for all VMware SRM, and NetApp customers. I’ve been informed about a very serious issue that was detected with the NetApp SRA 1.4.3. As a result of this issue VMware has pulled that version of the SRA from their download site so that customers are not able to download that version of the NetApp SRA in order to protect them from possible failures with BC/DR scenarios. At the current time it’s recommended not to use that version of the NetApp SRA until the issue is corrected, and given a green light for usage by VMware, and NetApp.  At the current I don’t have any details on what the actual issues is, so if any you guys know of anything please post some feed back.

In the mean time it is recommended to use the previous version of the SAN or NFS SRA. I will post updates when things change. Thanks to Michael White from VMware for the heads up on this issue.

This just in! The dates and location for VMworld 2010 have been set, so mark it on your calendars. If you didn’t make it to VMworld 2009 in San Francisco or VMworld 2009 Europe, you don’t want to miss this one. The event will return to the  Moscone Center in San Francisco from August 30th to September, and it will trave to the Bella Center in Copenhagen from October 12th to the 14th. Start saving now,VMworld and planning for this event.

I’ve posted a link below to the pre-registration link below.

VMworld 2010 Pre-Registration

I’ve been asked by a few customers about the location of the VMware ESX\ESXi LUN masking feature and how the LUN masking is done at the VMware ESX\ESXi level in version 4.
In VMware ESX 3.0/3.5 the settings for LUN masking were available in the UI via the Advance Software settings under Disk -> Disk.MaskLUNs as shown in screenshot below.

VMware ESX\ESXi 3.x Disk.MaxLUNs Settings

Well, here is the reason why you can’t find the Disk.MaskLUNs in the UI of ESX\ESXi 4. The component is no longer accessible under the ESX\ESXi’s 4 UI. The chance is implemented as a result of the re-architecture of the storage stack. The VMware Pluggable Storage Architecture (PSA)  is completely new. Old code and features were left behind in order to provide better, faster, and more reliable options and features. The Disk.MaskLUNs access via the UI was one of those left behind.

I agree with the point of taking the LUN masking feature out of the UI. Most vSphere administrators shouldn’t be manipulating those settings, unless they also happen to be in charge of the SAN environment, which hopefully means that there is a good amount of experience with storage technologies. The masking of LUN’s is something that should should be handled by the SAN team and executed on the hardware side.  For configurations such as the presentation and removal of LUN’s and Volumes, it’s best to simply contact the SAN team and ask for a certain LUN or certain range of LUN’s not to be presented to the servers. LUN masking is less error-prone at the storage array than at the hosts.

One reason as to why someone would want to configure software LUN masking (ESX\ESXi) is to protect against screw-up’s by SAN administrators. In boot from SAN scenarios this would be beneficial in order to keep the ESX Servers from seeing each others booting LUN and corrupting them.  With that said, as you can’t configure LUN masking from the UI in ESX\ESXi 4, you’ll have to do it from the Service Console, vCLI or vMA appliance. The new procedures on how to achieve LUN masking in ESX\ESXi 4 are listed below.

vCLI LUN Masking Procedure:

You can prevent the ESX/ESXi host from accessing storage devices or LUNs or from using individual paths to a LUN. Use the vSphere CLI commands to mask the paths. When you mask paths, you create claim rules that assign the MASK_PATH plug-in to the specified paths.

Configuration Steps

1- Check what the next available rule ID is. The claim rules that you use to mask paths should have rule IDs in the range of 101 – 200. If this command shows that rule 101 and 102  already exist, you can specify 103 for the rule to add.

esxcli corestorage claimrule list

2- Assign the MASK_PATH plug-in to a path by creating a new claim rule for the plug-in.

esxcli corestorage claimrule add -r <claimrule_ID> -t <type> <required_option> -P <MASK_PATH>

3- Load the MASK_PATH claim rule into your system.

esxcli corestorage claimrule load

4- Verify that the MASK_PATH claim rule was added correctly.

esxcli corestorage claimrule list

5- If a claim rule for the masked path exists, remove the rule.

esxcli corestorage claiming unclaim <type> <required_option>

6- Run the path claiming rules.

esxcli corestorage claimrule run

After you assign the MASK_PATH plug-in to a path, the path state becomes irrelevant and is no longer maintained by the host. As a result, commands that display the masked path’s information might show the path state as dead.

Implementation Example:

This example masks the LUN 20 on targets T1 and T2 accessed through storage adapters vmhba2 and vmhba3.

#esxcli corestorage claimrule list
#esxcli corestorage claimrule add -P MASK_PATH -r 109 -t location -A vmhba2 -C 0 -T 1 -L 20
#esxcli corestorage claimrule add -P MASK_PATH -r 110 -t location -A vmhba3 -C 0 -T 1 -L 20
#esxcli corestorage claimrule add -P MASK_PATH -r 111 -t location -A vmhba2 -C 0 -T 2 -L 20
#esxcli corestorage claimrule add -P MASK_PATH -r 112 -t location -A vmhba3 -C 0 -T 2 -L 20
#esxcli corestorage claimrule load
#esxcli corestorage claimrule list
#esxcli corestorage claiming unclaim -t location -A vmhba2
#esxcli corestorage claiming unclaim -t location -A vmhba3
#esxcli corestorage claimrule run

For more on Storage masking, check out Duncan Epping’s post on Storage Masking best practice at Yellow-Brick.com. Enjoy!

Yesterday afternoon I was out with few friends enjoying a nice sunny day away from my computers. After having a few beers at a great pub, my mind was far away from work and I began to live in real life again.  My eyes began to readjust and their veiny red lines began to recede.  The carpel tunnel of my hands began to wear off. A fresh blush of color began to bleed into my cheeks.  In short,  I no longer looked like I was a vampire waiting to strike.  All was well… that was, until THEY walked in to the pub looking for a fight.

The four douche bags sat next to us and they began saying things that really got to me.  No, they weren’t talking smack about my Yankees.  No, they weren’t bantering under their breath about my hot girlfriend.  They were talking about security Hyper-V and VMware… and they wore their lack of knowledge on their sleeves (which, I might add led up to some seriously popped collars).

At first I thought my friend was trying to punk me. I looked around for cameras or Ashton – No sign of either. So, these dudes started talking about deploying some solution and how they have to provide the highest level of security and all this nonsense. I remained quiet and managed to mind my own business as they had their chat until the topic hit VMware. My blood began to boil when one of them (the Security Know-It-All Dude – or just The Dude, as I like to call him) started to talk about VMware security flaws. The Dude even mentioned something about a vulnerability with VMotion and how it’s not very secure and all that crap. As the Dude (the main douche bag) mentioned this, I could see myself teaching my next class with a missing tooth, bloodied lip, and black eye a-la Fight Club.  Believe me, the Dude would look much worse.  I fought my instincts not to get into their discussion (or jump out of my barstool), but I was two Guinness down and incapable of staying quiet about what was going on. So, I jumped in on the conversation in order to school these douche bags about VMware and true security. No fisticuffs. I would just run good old fashion geek circles around the Dude and his pals.  What I told him was the truth:

VMware has made a great deal of changes in the architecture of their platform in a load of different areas. Those advancements have been happening since the Virtual Infrastructure 3 and even more so with vSphere 4. I want to take this moment and inform everyone that follows Punching Clouds about a few major security changes that I informed the douche bags about in regards to the re-architecture of the new ESX/ESXi 4.0:

• The Service Console is now based on the 64-bit version of the Linux 2.6 kernel.
• The VMkernel now runs and owns the device drivers
• The Service Console (what Microsoft calls Parent Partition or Management Operating System for Hyper-V in the Windows Server 2008 version) is enhanced with Address Space Layout Randomization (ASLR), a method which is used to load software in memory in a way that attackers can’t really predict where the software is going to be store in memory when they try to hijack it with attacks.
• Support for Trusted Platform Module (TPM) chips as another way to control the authenticity of drivers signatures. and to make it even better, they’ve removed
• All development environments and libraries like GCC, and anything that can be used to compile code and run it against it has been removed.

The Security Super Douche tried to counter with something about about footprint size and all, and I asked him if he’d been living under a rock because he seemed to have missed the news about ESXi. To address his tirade on VMotion and its security vulnerability, I pointed out that any security issues were resolved and in any case, the VMotion network should always be isolated whenever possible as VMware recommends.  I combined that left punch with a quick right, when I told him about how you can now encrypt the VMotion traffic for added security (The actual configuration is shown in the screenshot below. vCenter Server 4.0 provides the interface where you can configure that)

Then I knocked his ass out by firing out some info about vShield Zones, VMsafe and all the good stuff that quelled their security concerns real quick.  So, they bowed down to me. Fatality. They turned tail and quickly realized the superior nature of VMware security.  Ok, ok – it didn’t turn out quite like that.  But I did get two rounds of beers out of those dudes, which to me was a sign that they had started to believe that VMware security was no joke… or at least they had started to see that if they messed with its players, they were messing with the wrong team.

I returned to my barstool. The beer tasted a little sweeter.  The sun felt a little warmer.  Life was good.

To all you nonbelievers and naysayers, as my boy The notorious B.I.G said: So if you don’t know, now you know!