VMworld 2014 Alumni

Don’t forget to sign up for the VMworld Alumni program this year as you sign up for VMworld 2014. If you have attended two or more VMworld conferences as a full paid attendee, you qualify!

When I first saw Alumni, I thought “Yes I have attended previous VMworld events”. But it is a new program this year. This alumni protal launched on 8/25/2013. You will get 25 points for signing up and 100 points for every VMworld you attended. I think these points are awarded after you attend the event. No word if you can receive 100 points for previous VMworlds attended. The link to transfer previous enrollments is currently a place holder page.

Learn more here: http://www.vmworld.com/community/conference/us/learn/programs/alumni

The alumni program allows you to earn points for merchandise rewards, various activities and special offers. I have not seen anything specific. Earn CloudCred for registering for the Alumni Portal while on site at VMworld, and earn extra CloudCred points for referring a friend! Alumni members have enjoyed a $200 discount on VMworld registration for the past several years.

Stop by the VMworld Alumni lounge located at Jillians at the Metreon. Pick up your free gift, use the free wifi, enjoy snacks and beverages and relax playing a game of pool.



PernixData and Dell – first test results

Before I go to deep into the layout of this benchmark, let me say that Frank Denneman came out with some great articles on testing SSDs. I highly recommend reading some of his posts to understand how to benchmark hardware and understand the results. To see what PernixData is all about, check out this post from Jason Nash.

I’ve been testing PernixData with Dell hardware this week, trying to find the ceiling on local SSD drives first. My plan is to test what I can place closet to the hypervisor as possible (within a blade). That’s right, I’m testing a Dell M620 blade solution with Dell Compellent storage on FC. It is more common to find add-on PCIe cards for rack mount servers when using SSD solutions, but I am looking to find what kind of performance I can get out of a blade system with SSD drives on a PERC controller. I will be testing SLC SSD drives (Toshiba MK4001GRZB) that are controlled from the local PERC H710 controller.  PernixData has a great set of documents for configuring disk controllers. I am not using the H710P controller (which has a FastPath for IO to bypass the controller cache and get committed directly to the physical disk from host RAM through the second controllers dual-core ROC processor). It sounds a little like EMC ExtremeIO, but on a much smaller scale. CTIO and FastPath provide enhanced performance benefits to SSD volumes. It is important to remember that if you are working with multiple drives on a RAID controller and JBOD is not an option, you need to configure individual disks in RAID 0, not grouped in RAID 0 (although this can be done to take advantage of the performance of both drives at once).

The tests I ran involved running 5 VM’s with IOMeter, 4K and 100% reads on a 30GB file. The queue depth is the default VMware 64. Of course all work loads are different. Not all applications are built the same. If you are looking to test something like SQL, I recommend using BenachMark factory from Quest (Dell). You can record a production workload and play it back on the test platform to see how well something like this would work in your environment. The purpose of the test is to find out how many IOPs I can get out of the solution. I would not recommend relying on something like IOMeter to benchmark something for production.

Make sure your VM guest has a separate paravirtual SCSI controller for the data drive you are testing. Also, make sure everything in the environment along the storage fabric is tuned for best performance. From the server BIOS, PERC controller, HBA cards, fiber switches, fiber interconnects and storage controllers.

Compellent Disk configurations in VMware

 My first test was with Write Back. These test results had better results of course, but only by 10K or so IOPS. I saw as high as 150K IOPS for the FVP cluster, but it usually stayed around 120K IOPS.

PD Cluster level performance 01 post 1-5 upgrade (Write Back)

PD Cluster level performance 02 post 1-5 upgrade (Write Back)

 My second test results was with write through, which is my preferred model since the data is written to the datastore at the same time. You can see that IOPS came in just under 120K IOPS. Still not bad! The dip in this chart is from me starting up another VM with the same test.

PD Cluster level performance 01 post 1-5 upgrade (Write thru)

PD Cluster level performance 02 post 1-5 upgrade (Write thru)


You can see what goes on with my Compellent storage on the back end with the same results:

PD Compellent volume last day perf (Write Back)PD Compellent SSD last day perf (Write Back)PD Compellent 15K last day perf (Write Back)PD Compellent 7K last day perf (Write Back)

All I can say is Holy Cow! SSD’s sure do give great performance when they are closer to the server! I do start to wonder what this does to the life cycle of the drives if they run at a constant rate like this. But like I said, every workload is different. I saw as high as 60K IOPS per SSD in the Dell M620 blades. Would I say this first hardware test is an enterprise solution? Perhaps, it is defiantly cost effective! It depends on your level of comfort with the hardware and your use case.

Working with the Pernix Data software is so easy! It is very simple to install and manage. It is also a breeze to remove when you are done with a POC. If you are working with iSCSI, you will need to adjust your path selection policies after it is removed. You can also use the software without any SSDs, to see what type of performance you are getting from your datastore. PernixData FVP works with block storage protocols today (FC, iSCSI, and FCoE), and will soon support NFS. FVP uses server-side flash (SSDs or PCIe cards) to increase storage performance in vSphere environments.


My next tests? I think this will involve using the Dell M620 Blade with PCIe to see what results I can get from that using PernixData. Dell is really on me to use FluidCache, but that is something down the road I will get to.

March 26th, 2014 events in Houston

Here are some of the great VMware  / IT events going on in Houston and webinars March 26th:

1. Citrix or VMware. Which VDI solution can? Which can’t? Join Citrix and Microsoft® for a half-day workshop aimed at helping you succeed with VDI. We’ll cover the answers to three essential questions you must consider during your VDI evaluation.

2. Virtual Lunch and Learn“Become a Flash Superhero”. Improving Application Performance with EMC Flash, hosted by Sam Marraccini, EMC Flash Technology Evangelist. 

Join UDI on-site for a fajita lunch at the UDI Houston Office:
10595 Westoffice Drive
Houston, TX 77095
Join us via Webex
and receive a FREE PIZZA to enjoy during the webcast!
*Must Register by March 25th
DATE: Wed. March 26th
TIME: 11:30 a.m – 1:00 p.m.

At this exclusive seminar, you will learn that not all flash solutions are alike. Find out how to put flash to work for you.

– Leverage flash for higher performance in your data center.

– Boost IT efficiency.

– Get the right functionality at the right price.

– Implement flash to enable other benefits, from server consolidation to deduplication.


– Webinars –

1. Architecting Better Customer Experiences: The Nexus of EA and CX. Find out how to put Enterprise Architecture (EA) in the driver’s seat of Customer Experience (CX) initiatives by upgrading your business process and EA practices to focus engagement, desired outcomes and user empathy.

2. The Real ROI for Network Visibility: Join Ixia and featured guest from Forrester Research in an interactive webinar discussion on ROI for network visibility.



Pluralsight VMware vSphere Security course review

I took some time to go over the VMware vSphere Security course from Pluralsight this week. This course was released on 1/14/2014 and was created by Brian Tobia.

Anyone can install vSphere. It takes a good admin or architect to take into consideration the security aspects of a deployment and how it fits into your organization.

Let me first say that the course seems very long! But each lesson kept my attention and I would find myself saying “I knew that” or “ohh, there is something new”. It is definitely worth going over once or twice.

First, Brian starts off by talking about security basics. When I first heard him mention certificates, not much was covered. I was wanting more! That comes later in vCenter Security Server. So don’t panic, you will get to see more on PKI in a later section.

The next topic goes on to talk about vSwitch security. A lot of vSphere admins may be familiar with this topic. The options have been around for a long time. I think most of this section would be on any VCP exam. Forged transmissions, MAC changes and promiscuous mode are all covered in a step by step video. Brian also explains the relation of the vSwitches and other network hardware when it comes to BPDU and spanning tree. This would be a good overview for your network admins to review as well.

We then move on to Virtual Machine security. VM template creation and deployments are covered in this section. Snapshots and disk security (persistent and non-persistent disks) are also covered. The only thing I do not recall being covered in this section is the virtual machine VMCI device. This is a VM communication interface to provide a high speed communications channel between a VM and the hypervisor. It is optional to enable VMCI between VMs. Honestly I have never seen this device used. I’m sure there is a use case for it, but I have not used it to date. If you were using a monitoring device like Gigamon to inspect VM traffic on a host, you would not see network traffic if you used the VMCI. This device would cause a big security concern if it were left in use.

Host security is covered in the following topic. This is the main topic I see covered when it comes to vSphere security. There are so many options to cover when it comes to the host. In the last few years hosts have been joining Microsoft AD. Brian does a great job on covering this step by step. Of course no security course would be complete without going over the ESXi firewall. You will see step by step options for what you can configure in the host based firewall. The firewall portion is a good topic to cover because I see many people who confuse the host firewall and how it relates to virtual machines. Want to see what Lock-down mode is all about? This is covered as well. If you have not used it before, this is your chance to see it in action. Host profiles have been around for a while. If you have not seen or used host profiles before, this may be a good evaluation of whether to use them or not.  SSL is covered just a little, but gets more in depth in the following topic.

Sever Security is my favorite topic. Brian does a great job at explaining SSL certificates and how they play a role in securing your environment. I think SSL should have received it’s own dedicated topic in this course. It would have been nice to show how the Certificate Automation tool works and how you would apply certificates to different VMware products. The vCSA is also covered in this topic. Right out of the box this Linux based appliance is locked down for security. There is a live lab that covers adding the vCSA to active directory.

Single Sign on has changed in vSphere 5.5 and this topic is covered very well. If you are looking to understand what it is all about, I highly recommend reviewing this section. The SSO add-in is an important piece if you have vCenter servers talking to each other or if you want to work with other vSphere products. I would expect vSphere 6.0 to include SSO for other products like vCloud and SRM.

The next section pretty much covers the vSphere hardening guide. This is recommended reading material for those looking to secure VMware environments. All versions can be found on the VMware site at https://www.vmware.com/support/support-resources/hardening-guides.html.

I was surprised to see a section for Log Insight. This tool is a separately license product from vSphere and vCenter. It is an excellent product for reviewing logs. This section goes over the deployment and configuration of Log Insight. The live labs show just how easy it is to configure and deploy.

And the last topic goes over Compliance Management and hardening with vCenter Configuration Manager. The vCM is another product that is licensed outside of the vSphere products. For those looking for an overview of vCM, Brian does a great job (as usual) with demonstrating how the product is deployed and how it is configured. The vCM helps with regulatory compliance and assessing host configurations. If topics outside of the vSphere suite are covered, why not vShield or NSX? Both are very lengthy topics. I’m sure PluralSight will be coming out with a video soon on the NSX.

Overall I thought this was an excellent course. I’m sure I will listen to it again on one of my drives in to work. A lot of topics are cover that will leave you wondering “should I do something about that” or “I should really look into these add-on products”.


Deploying Citrix NetScaler Insight Center on vSphere 5.x

I must have beat my head against this virtual appliance deployment for a whole day! If you are not familiar with the Citrix NetScaler Insight Center, it “delivers unprecedented visibility and enables real-time control in response to network traffic from a variety of services such as cloud, mobile and virtual desktops. Together NetScaler Insight Center and ActionAnalytics bring visibility and control to the datacenter”. To read more, follow this Citrix link for the skinny: http://www.citrix.com/products/netscaler-application-delivery-controller/features/visibility.html

The initial version of this virtual appliance did not have a version compatible with vSphere, only Citrix Xen Server. In mid June there was a press release announcing a version that would work with vSphere. Looking at the download section you will notice almost all .xva files. My initial reaction was “I need to convert this file to an OVA or OVF”. VMware converter will not convert a .xva file. Citrix XenConvert 2.3.1 is the only tool that will do the conversion to an OVA or OVF. But, the encoding for Citrix product will not work on vSphere. OVF and OVA files generated by Citrix cannot be imported by VMware due to different encoding (utf-16 vs. utf-32). If you try to import the OVA or OVF file into VMware you will get an XML error. I ran across numerous Citrix and VMware posts referring to standing up a XenServer, then do an export or convert. These methods would not work for this virtual appliance.

Looking at the deployment guide from Citrix on how to install this on VMware was a little confusing. It looks like it was written by someone who knew very little about VMware products. Why would you need the VMware OVF tool installed? Reading that made me really wonder how much effort I needed to put into this deployment.

The answer to all of this was a little simpler. Looking at the download section there is one option for a zip package.


This is the latest version that will work for the initial deployment of vSphere. Version 120.13 is what you want to use as of the date of this post. You will also notice that Citrix has posted “In order to upgrade ESX VM from builds before 120.13 release to 120.13+ builds, fresh install of the 120.13+ build is recommended”.

Within this zip file there is an OVF that is encoded to utf-32. Once you download this version it is as simple as deploying a regular virtual appliance. I recommend reviewing the Citrix Reference Architecture while planning your deployment. When you get your virtual appliance up and running, the default username and password are nsroot / nsroot.

VMware permission issues and XenDesktop 7.x

I recently setup a new XenDesktop 7 environment in tandem with my XenDesktop 5.6 FP1 and ran into permission issues. This environment consists of XenDesktop using VMware as the hosting infrastructure and MCS with PvD as the provisioning method. While in XenDesktop 7 I attempted prevision Windows 8.1 and Windows 7 desktops but was met with the following error:

DesktopStudio_ErrorId : UnknownDumScheme
Sdk Error Message : Invalid provisioning scheme
Sdk Error ID : Citrix.XDPowerShell.Broker.UnknownDumScheme,Citrix.Broker.Admin.SDK.SetBrokerCatalogCommand
ErrorCategory : ObjectNotFound
DesktopStudio_PowerShellHistory : Create Machine Catalog ‘Desktops’

Inner Exception:
System.InvalidOperationException Invalid provisioning scheme

I watched the tasks in vCenter as it created new VM’s, but then imidiatly deleted disks. I then checked for orphaned VMDK files and found base disks left over from the provisioning process. I couldn’t figure out what “Invalid provisioning scheme” was. I then went on to attempt a pool of Windows XP x86 desktops and was met with a different error:

ErrorID : Citrix.ManagedMachineAPI.NotAuthorizedForOperationException
TaskErrorInformation : Citrix.ManagedMachineAPI.NotAuthorizedForOperationException: Either the account is not granted sufficient privilege or disabled or username/password is incorrect —> Citrix.ManagedMachineAPI.NotAuthorizedForOperationException: Either the account is not granted sufficient privilege or disabled or username/password is incorrect —> System.Web.Services.Protocols.SoapException: Permission to perform this operation was denied.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at VimApi.VimService.CreateVM_Task(ManagedObjectReference _this, VirtualMachineConfigSpec config, ManagedObjectReference pool, ManagedObjectReference host)
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VmwareVmManager.CreateTargetVm(String name, Int32 memory, Int32 cpuCount, Dictionary`2 extraConfig, ManagedObjectReference datastore, String guestId, ICollection`1 deviceList, ManagedObjectReference folderRef, ManagedObjectReference resourcePoolRef, String version)
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VmwareVmManager.CreateVm(String name, IVMMetadata metadata, Int32 cpuCount, Int32 memory, String storageID, ManagedObjectReference resourcePoolRef, NetworkInterfaceDetails nics, Boolean enableNetwork, Boolean tagVm)
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VmwareVmManager.CreateCompleteVM(String name, IVMMetadata metadata, Int32 cpuCount, Int32 memory, String storageId, String dataCenterPath, ManagedObjectReference resourcePool, NetworkInterfaceDetails nics, Boolean enableNetwork, Boolean tagVms, IList`1 disks)
— End of inner exception stack trace —
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VmwareVmManager.Intercept(Exception e)
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VmwareVmManager.CreateCompleteVM(String name, IVMMetadata metadata, Int32 cpuCount, Int32 memory, String storageId, String dataCenterPath, ManagedObjectReference resourcePool, NetworkInterfaceDetails nics, Boolean enableNetwork, Boolean tagVms, IList`1 disks)
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VMwareHypervisor.<>c__DisplayClass1c.<BeginCreateCompleteVM>b__1b(VmwareVmManager manager)
at Citrix.HypervisorCommunicationsLibrary.TaskRunItem`2.Run(T manager)
at HypervisorsCommon.HCL.TaskRunner`1.Run()
— End of inner exception stack trace —
at HypervisorsCommon.HCL.TaskScheduler`1.CompleteTask(IAsyncResult result)
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VMwareHypervisor.EndCreateCompleteVM(IHostingUnitConnector hostingUnit, IAsyncResult result)
at Citrix.MachineCreation.NewProvVMSupport.NewProvVMLogic.CreateVmCallback(IAsyncResult result)

What stood out in this error is the account error. It is not very descriptive on which account it was talking about. Was it the AD machine accounts or was it the permissions to the vCenter host? It turns out both of these errors are related to the vCenter host permissions.

XenDesktop 7 requires more permissions for the vCenter host. I have a specific role in vCenter with a Citrix service account (best practice). I still had my initial permissions from my 5.6 FP1 install. Looking at the permissions list in the Citrix eDocs for integration with VMware, it seems that Citrix has added more permissions to the list. This time last year it was not the same. If you look at the permissions list for XenDesktop 7 you will notice the only difference is the “Virtual machine > Configuration > Advanced” user interface. After adding the appropriate permissions I was able to provision any type of Windows OS.

The permissions can be found here for VMware intergration:

Xendesktop 5.6 FP1 – http://support.citrix.com/proddocs/topic/xendesktop-rho/cds-vmware-rho.html

XenDesktop 7.1 – http://support.citrix.com/proddocs/topic/xendesktop-71/cds-vmware-rho.html

Upgrade Citrix license server for XenDesktop 7

I have recently went through the exercise of upgrading my license server to 11.11.1  in preparation of upgrading to XenDesktop 7. There is an addition to the process that is not really explained in the Citrix eDocs that I would like to explain. In this version of the installation they included the Simple License Service.

When you launch the install media, you will notice that it does not give you the option to run the installation for the license server. You must navigate to the Licensing folder on the install media.



When you launch the install, it will give the option to upgrade. If you do not have a license server installed, it will give you the option to install and not upgrade.



During the installation you will get a notice about Citrix article CTX135976. What this is saying is that Desktop Studio will no longer display license usage information. The screen shot below is an example of the license usage information from Desktop Studio. I am using XenDesktop 5.6 FP1 and my Desktop Studio is After the upgrade, my license information will no longer display in this window. I will edit this post is it is available in XenDesktop 7.


After the upgrade you will be prompted to configure the port for the license server. This is for the Simple License Service. You will notice the addition of the Simple License Service in the start menu.



– The Simple License Service allocates and downloads all the licenses available for a specific product. If you want to allocate and download only some of the licenses for a product, use My Citrix.
– Once you click Allocate and Download, you cannot cancel it. If the Allocate and Download fails, useMy Citrix.
– The Simple License Service does not support redownloading or reallocating of license files. For those features, use My Citrix.
– If you rename the license server, you must reallocate any license files allocated under the old license server name and reinstall the Simple License Service. You cannot use the Simple License Service to reallocate license files. For more information about reallocating files, see Reallocating License Files in Citrix eDocs – Licensing Your Product.
– If the Simple License Service is installed and you upgrade your license server, you must repair the Simple License Service before using it again.


VMware vCenter Server 5.5.0a

As of 10/31/2013 VMware release vCenter 5.5.0a. There are no other corresponding release that came out with this version. It looks like this is a patch to vCenter dealing with log on issues.

The full release notes can be found here.

Issues resolved with this release are as follows

  1. Attempts to upgrade vCenter Single Sign-On (SSO) 5.1 Update 1 to version 5.5 might fail with error code 1603
  2. Attempts to log in to the vCenter Server might be unsuccessful after you upgrade from vCenter Server 5.1 to 5.5
  3. Unable to change the vCenter SSO administrator password on Windows in the vSphere Web Client after you upgrade to vCenter Server 5.5 or VCSA 5.5
  4. VPXD service might fail due to MS SQL database deadlock for the issues with VPXD queries that run on VPX_EVENT and VPX_EVENT_ARG tables
  5. Attempts to search the inventory in vCenter Server using vSphere Web Client with proper permissions might fail to return any results
  6. vCenter Server 5.5 might fail to start after a vCenter Single Sign-On Server reboot
  7. Unable to log in to vCenter Server Appliance 5.5 using domain credentials in vSphere Web Client with proper permission when the authenticated user is associated with a group name containing parentheses
  8. Active Directory group users unable to log in to the vCenter Inventory Service 5.5 with vCenter Single Sign-On
  9. Attempts to log in to vCenter Single Sign-On and vCenter Server might fail when there are multiple users with the same common name in the OpenLDAP directory service
  10. Attempts to log in to vCenter Single Sign-On and vCenter Server might fail for OpenLDAP 2.4 directory service users who have attributes with multiple values attached to their account
  11. Attempts to Log in to vCenter Server might fail for an OpenLDAP user whose account is not configured with a universally unique identifier (UUID)
  12. Unable to add an Open LDAP provider as an identity source if the Base DN does not contain an “dc=” attribute
  13. Active Directory authentication fails when vCenter Single Sign-On 5.5 runs on Windows Server 2012 and the AD Domain Controller is also on Windows Server 2012

Windows 8.1 released today. Does it work with vSphere?

And crowds rejoice over the new Windows 8.1 release. Or do they? Lets see if things work out in a vSphere environment.

I have to honest and say that I did not even test any of the early releases of Windows 8.1 a few months ago. I decided on release day to try things out and here is what I ran in to.

I first tried Windows 8.1 enterprise. There is nothing special about the base deployment of the VM. You select the LSI Logic SAS controller and label the VM with Windows 8. I attempted to use the EFI BIOS with the VM, but it looks like Windows 8.1 is not compatible with this version. Upon setting the BIOS back to default, the VM then booted to the Windows setup fairly quickly. Unfortunately it looks like Windows 8.1 striped out the LSI Logic SAS controller drivers! Even the paravirtual drivers do not work. VMware only provides a floppy drive package for the legacy Bus Logic Parallel drivers. I even attempted to upgrade to hardware ver 9 (seemed to work on VM Workstation) and I ran in to the same issue. I experienced the same issue with Server 2012R2. I tried 8.1 Pro edition as well with no luck!

Turns out, don’t always trust downloads from Microsoft. The downloads I received were fragmented. Check out VMware KB article 1537 to verify the integrity of the download you received from Microsoft. It is best to use the download manager from Microsoft to make sure you receive a good download. Once I received a good download, everything worked great.

Windows 8.1 and 2012R2 run perfectly on vSphere, even with the EFI BIOS.