Do you need disk encryption for hosted VMs?

Nowadays disk encryption is a common practice with mobile personal devices, because it prevents unauthorized access to sensitive data when such a device is lost or stolen. I was also aware of the virtual machine encryption capabilities that are built into the VMware Personal Desktop products (Workstation and Fusion) although I never used them ..., but - until recently - I never thought about encrypting a VM that runs on a hosted hypervisor in a data center.

Then this happened:

Useful PowerCLI scripts for storage migrations with RDMs

I'm currently supporting a large VMware Storage migration project affecting MS Exchange 2010 server VMs that use lots of Raw Device Mappings (RDM) for mailbox storage. This was a good opportunity to further improve my Powershell / PowerCLI skills - I wrote some scripts to gather the data needed in a friendly format, and I thought it would be a good idea to share them here.

Sponsor news 02/2014

This is the second edition of my 2014 random blog sponsor news. This time we get greener - I'm glad to welcome a new sponsor, and that is ...

CPU microcode update needed to fix VM crashes with certain Intel Xeon E5/E7 v2 processors

In their recently released KB2073791 article VMware describes an issue that affects ESXi 5.x installations on hosts with an Intel E5 v2 series processor: VMs running Windows 2008 R2 or Solaris 10 (64bit) experience random blue screens resp. kernel crashes.

The root cause is a known bug in the CPU microcode of the mentioned processors. It leads to incorrect memory page translations when the EPT (Extended Page Tables) feature of the CPU is enabled and is mentioned as Erratum CA135 in an Intel specification update of the E5 v2 CPU family. EPT is an important CPU virtualization feature and helps to offload the VM memory address translation to the CPU which can significantly increase a VM's performance. So this bug is rather critical! How can it be fixed?

New ESXi 5.5 patch fixes NFS bug and another serious OpenSSL bug!

Yesterday VMware finally released a fix for the nasty NFS bug that was introduced with ESXi 5.5 Update 1. Customers who were waiting to update to U1 because of this bug can now safely update their hosts and will also get protection from the OpenSSL Heartbleed bug.

But there is another reason why you should update your ESXi 5.5 hosts with this patch very soon - even if you are not affected by the NFS bug and have already applied the Heartbleed fix!

How to download individual VIBs from the VMware Online Depot

Lately I was troubleshooting a PSOD issue on one of our ESXi 5.0 hosts with VMware Support, and they advised me to downgrade the bnx2 driver to the ESXi builtin version (I had a newer HP supplied version installed because it was HP hardware). Later it turned out that this was a wrong advice, but at that time I wondered: How do you do this?

The support guy pointed me to the well known KB article Installing async drivers on VMware ESXi 5.0, 5.1 and 5.5, but the instructions there assume that you have downloaded an Offline bundle of the new driver from somewhere. However, the version of the net-bnx2 package that I was advised to install (2.0.15g.v50.11-5) was not available for download anywhere ...

When Onboard Administrators go bad ... - an important heads-up for HP Blade Enclosure users

We recently had a very unpleasant event with one of our HP Blade Enclosures. Four of the eight ProLiant BL620c G7 servers suddenly lost access to the SAN storage for no apparent reason. By looking at the logs of the Onboard Administrators (OA) and Virtual Connect (VC) FlexFabric modules we found out that something really bad happened inside the enclosure, and it took us some time and the help of HP Support to permanently fix that.

Free backup for free ESXi: Thinware vBackup vs. Trilead VM Explorer

VMware ESXi with the free license (also known as vSphere Hypervisor) is a great way to get started with server virtualization and run your own hypervisor at home or in small environments. As soon as you have some sort of "production" workload running in VMs you will start thinking about how to protect them from data loss. You need backup ... but unfortunately with the free ESXi license VMware has disabled some functionality that is important for efficient backups of VMs: VADP (vStorage APIs for Data Protection) and CBT (Changed Block Tracking) are the features that all modern software products for VM backups make use of.

Nevertheless there are several solutions available to back up VMs running on free ESXi. And best of all these are available for free themselves. Here are your options.