Posted on

vShield Zones – Some Serious Gotchas

OK..I’ll admit it: I am spoiled by the capabilities of vSphere. What other platform lets you schedule system updates that will occur unattended and without outages of the applications being used? I don’t mean the winders patches, they require a monthly reboot. I am talking about the hypervisor updates. VMware Update Manager coordinates all of this for you. Then along comes vShield Zones to break it all.

First, let me explain what I am trying to do. To simplify things, vShield Zones is a firewall for vSphere Virtual Machines. Rather than regurgitate how it works, take a look at Rodney’s excellent post. A customer has decided to use vShield Zones to help with PCI Compliance. The desire is that only certain VMs will be allowed to communicate with certain other VMs using specific network ports, and to audit that traffic. ’nuff said.

vShield Zones seems to be the perfect solution for this. It works almost seamlessly with vCenter and the underlying ESXi hosts. It provides hardened Linux Virtual Appliances (vShield Agents) to provide the firewalling. It provides a fairly nice management interface to create the firewall rules and distribute them to the vShield Agents. Best of all, IT’S FREE! At least for vSphere Advanced versions and above. Keep in mind, that this is still considered a 1.x release and some things need to be worked out.

Now, on to the gotchas.

Continue reading “vShield Zones – Some Serious Gotchas”

Posted on

ESX vs ESXi which is better(Revisited vSphere 4.0)

Back in April I wrote a blog aimed and the differences between ESX and ESXi. The original post was written for ESX 3.5 and with the introduction of vSphere I think it’s about time i have revisited this topic and looked at the pros and cons of ESX4 and ESX4i. Now before we dig into the technical details there is one big thing you should all be aware of. The FAQ page published by VMware states “VMware ESXi is the recommended platform for both new and existing customers. Future hypervisor releases will solely be based on this architecture.

For most that should be enough said. After reading that I would seriously start rolling out ESXi in a lab and start figuring out how I could maintain my needs without the service console most of us have become to know and love. I would also start brushing up on the RCLI as well as the PowerCLI if you are currently dependent on scripts that run in the service console. The good news is almost everything you do today in the service console can be achieved one way or another with ESXi as well. OK with that said lets talk about some of the other limitations.

Continue reading “ESX vs ESXi which is better(Revisited vSphere 4.0)”

Posted on

VMware SDK and Visual Studio 2008

I went to install the VMware SDK for vSphere 4.0 on to my desktop running Windows 7 64-bit, Visual Studio 2008, and .Net 3.5 SP1 and discovered the SDK setup is not friendly with these versions.  According to VMware you need Visual Studio 2005 and .Net 2.0 if you want to run the SDK.

So like most of you reading this I turned to my trusted adviser…google to find the answer I was looking for.  Much to my disappointment after 5 minutes of searching around I didn’t find any instant gratification for my problem so I decided to just go ahead and figure it out on my own.

It turned out to be a relatively easy task once I discovered what was causing my issues.  There are two windows cmd scripts that need to be edited to point to the proper locations of your installations.  I have included the modified cmd files in our downloads section for those of you that would like them.  These files are built to support my specific configuration but they are very easily edited to support your configuration.

Continue reading “VMware SDK and Visual Studio 2008”