Saturday, October 11, 2008

Security hardening for VMWare ESX Server 3.x - Part 1

With the proliferation of virtaulization in the enterprise one of the questions that is on most administrators minds is; how secure is my virtual environment?

VMWare's ESX Server has a built in firewall and the virtual switching prevents systems from communicating across VLAN boundaries but what about the ESX server itself or the VMWare tools application that is inevitability installed within each guest OS. We could take the approach that the ESX server is hardened out of the box and that nothing more is required to secure our virtual environment however that assumption would leave the virtual infrastructure subject to various attacks that could impact a wide range of network services.

Sunday, September 21, 2008

VMWorld 2008

After four fulls days at VMWorld 2008, actually after the very first keynote, it has been made clear that VMWare is and will continue to be the leader in the virtualization space. The list of new VMWare product announcements for 2009 is as long as my arm and they include but are not limited to:

VMWare Fault Tolerant VM's - This is the next natural extention of VMWare HA where and admin can now protect individual VM's by enabling fault tolerance with a click on a button. Once enabled a secondary VM is created on another host with DRS ensuring that it doesn't cause any resource contraints. This secondary VM is up and running and leveraging the same technology as VMotion is kept in perfect synchronization with the primary VM. This vLockstep technology literally creates a zero downtime environment for the protected VM's. If the physical host that currently houses the primary VM fails the secondary VM recognizes the failure and because it has been kept in vLockstep can then becomes the primary VM and becomes active on the network with minimal distruption to service. In addition to that the new Primary VM then spawns a new secondary VM on another host and synchronizes the instruction logging to achieve the vLockstep state.

Wednesday, September 3, 2008

VMWare Consolidated Backup integration with Data Protector 6.0

With the rapid adoption of virtualization technologies within the enterprise comes enhanced disaster recovery options. One of these such options is VMWare consolidated backup, a license for which is included in each ESX Server edition. The only caveat is that now you must integrate the VMWare consolidated backup framework with your backup software.


Integrating VCB with Data Protector requires the completion of several key steps, the first of which is disabling Windows automatic drive letter assignment. This can be accomplished by running diskpart utility from the command line interface and entering the following commands:
  1. Run the diskpart utility by typing 'diskpart' at the command line prompt.
  2. Disable the automatic drive-letter assignment by typing 'automount disable' the following at the diskpart prompt.
  3. Clean out entries of previously mounted volumes from the registry by typing 'automount scrub' the following at the diskpart prompt.
  4. Exit the diskpart utility by typing 'exit' at the diskpart prompt.