Data Loss Prevention - kreditne karty

Problematika bezpecnosti kreditnych kariet:
http://vimeo.com/8869477

Ako bude vyzerat Desktop buducnosti

Desktop buducnosti - Link

Forrester report: “Demystifying Client Virtualization”

Forrester report: “Demystifying Client Virtualization”
http://media.netapp.com/documents/forrester-demystifying-client-virtualization.pdf

RSA Data Loss Prevention v spojeni s VMware a Cisco Ironport

Zaujimave linky ohladne RSA DLP:

Securing Sensitive Information – How MSIT uses ADRMS + RSA DLP
http://edge.technet.com/Media/Securing-Sensitive-Information--How-MSIT-uses-ADRMS--RSA-DLP/

VMware VMworld 2009: EMC RSA DLP integration with VMsafe, vShield Zones and Nexus 1000v Demo
http://www.youtube.com/watch?v=mL9e49MDeOk

VMware VMworld RSA DLP Demo
http://www.youtube.com/watch?v=Iz-m382NYiY

RSA DLP a Cisco IronPort Email Security Appliance
http://www.youtube.com/watch?v=9b3OzBw0jZo

RSA DLP a Cisco IronPort Web Security Appliance
http://www.youtube.com/watch?v=Qw_Fc66Y0AI

Security: Data Loss Prevention
http://www.youtube.com/watch?v=TwLC6aCNA2U

VMware Fault Tolerance

FT replikuje iba input vstupy klavesnice, mysi, resp. interrupts. Tie su nahravane a na druhej strane znova zrealizovane voci Secondary VM.
Just feed inputs v rovnakom case ako boli vstupy na primary site.
Sekvencne citanie vyraba najviac latencie. Da sa riesit spustanim aktivneho Disk Read pre Secondary VM na cieli. Default je diskove citanie na Secondary VM vypnute, pretoze znamena zdvojenie citacich operacii na poli.
Pri FT sa nepouziva Binarny Preklad! Pre FT musi byt pouzivana Hardware Assisted Virtualization od AMD, resp. Intel.
Pozor spomalenie secondary VM na sekundarnom ESX znamena spomalenie primarnej nody FT.
Ked nemoze posielat primarna VM, FT sa zastavi.
FT CPU overhead je zanedbatelny! :)

Uroven sietovej prevadzky medzi primarnym a sekundarnym ESX pri neaktivnych beziacich virtualizovanych OS:
RHEL (1000Hz) - 1,43 Mbit/sec FT logging traffic
SLES (250Hz) - 0,68 Mbit/sec FT logging traffic
Win 2003 (82Hz) - 0,15 Mbit/sec FT logging traffic

99% CPU/Memory intensive benchmark SPEC
RHEL 1,5 Mbit/sec FT logging traffic
Idle 1,43 Mbit/sec FT logging traffic

Kernel compile 100% 3 Mbit/sec FT logging traffic

Network
64 K packet a 8K message size
Tx FT 60 Mbit/sec FT logging traffic, only acks
Rx FT 990 Mbit/sec FT logging traffic
depends on direction

Netperf

Filebench
lot file reads, huge FT
2k 155 Mbit/sec FT logging traffic,
2kw 3,6 Mbit/sec FT logging traffic
64k 1400 Mbit/sec FT logging traffic
64kw 2 Mbit/sec FT logging traffic

FT zvysuje disk latenciu zanedbatelne - 3,4 mikro seconds!!! :)))

Enterprise Applications:

Oracle 11g - 1CPU dnes urobi na novom hardware viac ako dva stare CPU. Vykon noveho CPU je dvojnasobny. 80 users Swingbench FT log 12Mbit, latency nebadatelna

MS-SQL 2005 - reading from CPU, velmi casto - FT 18Mbits - Response time 65msec na 100ms, throughput bez vyraznej degradacie

Exchange 2007 - latency response - 55ms sa zvysi na 70ms

VMmark - multitier benchmark - 5 VMs, dalsich 5VMs more and more, z inymi workloads. Mail server Exchange, MS-SQL, 65 VMs on one ESX, 20 VMs pod FT. 10,11 FT VMs na jednom ESX je optimalne maximum. 4 VMs max on one ESX recommended, pretoze nieje dobre koncentrovat vela kritickych VMs na jednom ESX.

Roundtrip between ESX servers requirement 1ms. Generalne pre LAN je 1ms maximum roudtrip inac je problem na sieti LAN.

Podpora pre SMP - v najblizsom case urcite nie. Pri SMP sa musia riesit i pristupy do pamate, co je velmi narocne. Pracuje sa na tom, vyvija sa, ale zatial to nevyzera realne na najblizsiu dobu.

Zdroj: http://www.vmworld.com/docs/DOC-3484

http://www.vmware.com/files/pdf/perf-vsphere-fault_tolerance.pdf

http://www.vmware.com/files/pdf/resources/ft_virtualization_wp.pdf

NetApp a VMware SRM

Zaujimave video Konfiguracia NetApp s VMware SRM:

http://searchvmware.bitpipe.com/detail/RES/1271184800_706.html

VMware Toolbar

VMware vydal listu do internet prehliadacov Firefox, IE a Safari:

http://blogs.vmware.com/kb/2010/04/vmware-toolbar-announcement.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+VmwareKnowledgebaseBlog+%28Support+Insider%29

Zalohovanie vo VMware

Zaujimava Knowledge Base linka na platene i free zalohovacie nastroje pre VMware:

Zdroj: http://communities.vmware.com/docs/DOC-10780;jsessionid=0C3128D598470C0556085940A9D73CC3

Virtualizovany Eval Windows 7 sa automaticky vypina

Pred nejakym casom som zinstaloval Eval Windows 7. Po nejakej dobe som zistil, ze sa stroj sam vypina. Najprv som hladal suvis s Power Settings:

http://blog.enterpriseitplanet.com/green/blog/2009/01/how-to-manage-windows-7-power-settings.html

Ale problem je inde: treba aktivizovat Windows. Akonahle som OS aktivizoval, prebehla online kontrola a nasledne sa zahajila 90 dnova trial perioda.

Ako funguje PCoIP

Zaujimavy popis fungovania PCoIP:

…As part of image decomposition, the PCoIP protocol makes use of motion estimation and compensation. The host side attempts to detect groups of pixels that have moved between screen changes. This is called motion estimation for some subtle technical reasons, but it’s probably easier to think of it as motion detection. The details of any detected motion are sent to the client device which copies the pixels from their original location to their new location. This is a form of caching, but currently only applies to pixels that were visible in the immediate prior screen.
As you can imagine, motion detection could be very CPU-intensive if you search every possible position on the screen (e.g. 2+ million comparisons for each pixel block for a 19x10 screen). Since it is much more likely that a block of pixels has moved only a small distance between screens, most motion estimation algorithms limit their search to a region of nearby pixels rather than the full screen…

Zdroj: http://www.virtualization.info/2010/04/tech-vmware-explains-pcoip-approach.html

Zaujimavy rozhovor z Teradici ohladne PCoIP, uverejneny na BrianMadden:
http://www.brianmadden.com/blogs/gabeknuth/archive/2010/04/08/PC_2D00_over_2D00_IP-email-interview-with-VMware_2700_s-Warren-Ponder-and-Teradici_2700_s-Randy-Groves.aspx

Zaciatky VMware na burze

Takto zacinal VMware na burze

Transparent Page Sharing a virtualizacia Terminal Server

Vyznam vypnutia Transparent Page Sharing pri virtualizovani Microsoft Terminal Server:

Transparent Page Sharing

vSphere’s ability to overcommit VM memory and memory de-duplication through transparent page sharing (TPS) is highly useful for the consolidation of many VMs onto a single server. Nevertheless, one of the older Terminal Server best practices floating around the Internet communities was to disable TPS. And in fact Project VRC phase 1 showed that disabling TPS actually improved performance by 5-10%. This makes sense since TPS is made possible via a background process which scans and reallocates memory, consuming a modest amount of CPU in the process.

When it is the primary objective to maximize the amount of users with Terminal Server workloads and there is enough physical memory available, we still recommend disabling TPS. As a result, all Project VRC tests were conducted with TPS disabled, unless stated otherwise.

However, this VRC recommendation should not be understood as an overall recommendation to disable TPS. For instance, when the main goal is to maximize the number of VMs is (which is quite common, e.g. VDI and rather typical server consolidation efforts), TPS can be very helpful and is recommended.

Zdroj: http://www.brianmadden.com/blogs/jeroenvandekamp/archive/2010/01/09/best-practices-for-virtualizing-terminal-servers-from-project-vrc-phase-2.aspx

Aligning diskov

http://www.yellow-bricks.com/2010/04/08/aligning-your-vms-virtual-harddisks/#header

Frantisek Ferencik

Poslane z mojho iPhone / Sent from my iPhone

Microsoft SID a VMware View s pouzitim QuickPrep

In a domain, a computer's SID is almost irrelevant since domain accounts have SID's based on the domain's SID. Therefore, with a few exceptions, the only time a SID is really important is in a workgroup scenario where a workgroup might not be able to determine security based on the local accounts SID which was not the case here.

Zdroj: http://www.tcpdump.com/kb/virtual-desktop/time-synchronization-and-vmware-view.html

VMware View direct connection

Tu je vysvetlenie Direct Connection:

If you choose Driect Connection:

1.) The client talks to the server SSL/HTTPS when this is configured. Otherwise only HTTPS. The user enters his credentials and will be authenticated by the server.
2.) The server delivers the list of entitled desktops to the user
3.) in direct mode: the client uses a direct RDP connection to the agent (virtual desktop) the session is still controlled by the broker due to the server-agent connection. (The RDP traffic goes NOT through the broker)
In tunneled mode: everything between client/server is tunneled through HTTPS/SSL. The server talks RDP to the agent/virtual desktop

Zdroj: http://communities.vmware.com/thread/196130

Ako dostat Win7 do View 4

Navod ako dostat virtualizovany Windows 7, ktory je zatial len ako "Tech Preview", do View4:

http://blog.virtualarchitect.nl/2009/03/how-to-add-windows-7-to-vmware-view/

90 dnovy Eval pre Windows 7

Tu je odkaz pre stiahnutie 90 dnovej Eval Verzie Windows 7:

http://windowsteamblog.com/blogs/springboard/archive/2009/09/01/windows-7-enterprise-90-day-evaluation-now-available.aspx

Tuning Windows 7 pre VMware View 4.5

Tu su tuning tipy pre vyladenie Windows 7 pre VMware View 4.5:

So without further introduction here is my list!

* Create VM
* Attach drive to another VM and create a disk partition that it is aligned. Yes still do this if you are using NFS. Storage VMotion and proper tiering mean we need to plan on the VM being different places. (don’t format or anything else just use diskpart to create the volume)
o Diskpart select disk 1
o Diskpart create partition align=64
* Set Virtual Video Card RAM to 128Meg (edit the properties of the VM)
* Install Windows
* Install VMware Tools
* Install All Windows Updates
* Then Set Windows Updates to NOT check for updates
* Join to Domain
* Install VMware View Agent
* Configure the default color setting for RDP by making the following change in the registry:
o HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp – Change the color depth to 4
* Disable COM and LPT ports (In VM)
* Set Backgroup to Solid Color
* Set Screen Saver to None
* Set Sounds to No Sounds
* Set to Windows 7 Basic Theme
* Uninstall Tablet PC Components (unless needed)
* Disable NetBIOS over TCP/IP
* Disable IPv6 unless needed
* Open Windows Media Player and use default settings
* Open IE8 and do not use “suggested sites”
* Set home page to internal website or bing or google (something light)
* Change IE to prevent programs from suggesting a change of the search provider
* remove Webslice gallery and suggested sites from Toolbars on IE
* Install Adobe Flash Player
* Install Adobe Reader (update to latest from within app) then set to “Do not download or install updates automatically)
* Install Microsoft Silverlight
* Turn off Messages about Virus protection if using floating desktops
* Turn Automatic Computer Maintenance off
* Disable Allow users to browse for troubleshooters
* Disable Allow troubleshooting to begin immediately when started
* Change Visual Effects to Adjust for best performance
* Change power settings to High performance with no sleep timer
* Right click on C:\ Drive and Disable Indexing “allow files on this drive to have contents indexed in addition to file properties” Do all folders and sub folder
* Turn off System Protection on C:\
* run msconfig.exe
o set no GUI boot Set Base Video on
o under startup disable Adobe Acrobat and Reader
* At the command line enter the following: fsutil behavior set disablelastaccess 1 (Requires reboot)
* Find the Disk TimeOutValue by following the path [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Disk]
o Change the key “TimeOutValue”=REG_DWORD:0×000000be(190)
* Run Disk Clean up and remove everything you can
* Run defragmentation and turn off defragmentation schedule
* Delete all events logs.
* Disable the Windows Firewall (only for floating desktops)
* Make sure to Activate Windows Online or you will get an error (16) with no detail as to what is the problem really is in the view console

Zdroj: http://www.creedtek.com/?p=37

Vyborna prirucka pre rychle zinstalovanie VMware View

Super dokument pre rychle nasadenie VMware View
http://vmware.com/go/view4evalguide

VMware integruje profilovanie do VDI riesenia View

VMware zakupil cast spolocnosti RTO Software, ktora sa zameriava na VDI prostredia.

Acquisition Details
VMware has acquired certain assets from RTO Software, a provider of user profile management for Windows desktops and application/performance monitoring tools for desktop virtualization, to enable effective persona management for VMware View.

About RTO Software
RTO Software is a company with core expertise in user profile management and application-focused performance monitoring tools that improve user experience and performance of VDI or terminal server environments. RTO Software solutions are used on thousands of servers around the world in a variety of industries, including financial management, manufacturing, healthcare, telecommunications, and government. RTO Software products include:
• Virtual Profiles – profile management
• PinPoint – application performance monitoring targeting Citrix solutions
• Discover – IT assets management solution
• TScale – application memory optimization for terminal server environments

Company Overview
• Founded: 2000
• Headquarters: Alpharetta, GA
• Employees: 12 employees total, 5 in R&D

Zdroj:
http://www.vmware.com/files/pdf/VMware-RTO-acquisition-FAQ.pdf
http://www.rtosoft.com/vmware-transition.htm

Ako postavit monitoring virtualizacneho prostredia

Super video prezentacie z VMware Partner Exchange 2010 Las Vegas, vysvetlujuce parametre, ktore treba monitorovat vo virtualizacnom prostredi. Prezentujuci rozprava rychlo, takze je potrebne sustredenie! :)
V 41 minute zacne hovorit clovek o SDK implementacii.
Zakladom druhej casti je:
zbieraj len to, co potrebujes!!!!! V opacnom pripade nastanu problemy!

Building Performance Monitoring Tools using vSphere APIs from heyitspablo on Vimeo.

Zdroj: http://blogs.vmware.com/developer/2010/04/new-video-buildging-vsphere-performance-monitoring-tools.html

Na konci prezentacie su linky na stiahnutie zdrojoveho kodu StatsFeeder, VMware Developer komunita, Sample codes a VMware Developer Blog.

Link na stiahnutie StatsFeeder: http://communities.vmware.com/docs/DOC-11933
Link na Developer Forum vSphere Web Services SDK: http://communities.vmware.com/community/developer/forums/managementapi
Link na Code Samples: http://communities.vmware.com/community/developer/codecentral
Link na Developer Blog: http://blogs.vmware.com/developer/

Storage load balancing - ALUA, TPGS

Super blog, ktory pojednava o storage load balancingu:

Zdroj: http://frankdenneman.nl/2010/03/esx4-alua-and-hp-continuous-access/

VMware Consolidated Backup - podstatne informacie z IBM Redbook

Podstatne informacie o VCB z IBM Redbooku:

Overview of a VCB proxied environment in the sample configuration that we will use to demonstrate VCB features with Tivoli Storage Manager.



File-level backup of VMware guests
File-level backup allows the file systems of Windows (only, at the time of writing) guests in a VMware ESX server to be presented across the storage network to another physical (non-virtualized) Windows 2003 system used specifically for backup. This system is referred to as the proxy node.


Root of a guest’s C: drive, which is mounted on the proxy node during a snapshot operation.

Although from this view of Windows Explorer these folders look like local files, they are actually mounted as a virtual mount point on the proxy. This means that they are not copied and do not occupy any disk space on the proxy.
After backup to Tivoli Storage Manager, the filespaces created are associated with the actual guest’s nodename (not the proxy nodename), and the Tivoli Storage Manager database therefore records and expires these files individually. Files and other objects appear as belonging to the Tivoli Storage Manager node registered for that guest (not to the proxy), so from the Tivoli Storage Manager server perspective, the guests each look like they have been backed up from a locally installed client on the guest. A corollary is that individual files from a particular guest can, if desired, be restored by a backup-archive client on that guest.

Full backup of VMware guests
Full backup of VMware guests means that the guest’s disk files are backed up as a single entity. Similarly, the entire image can then be restored to VMware.

Even though it is an image-type backup, full backup creates a small number of large objects, rather than one enormous object. It also presents the various log files and settings files that accompany the guest. The images are sliced into manageable sized chunks of (by default) approximately 2 GB.

Full backup works well with Tivoli Storage Manager adaptive differencing (subfile backup) technology, which eliminates much of the backup overhead of taking full images at the client side, before they ever make it to the Tivoli Storage Manager server. This makes the backup very efficient both from the client processing required, as well as overall storage utilization on the Tivoli Storage Manager server.

Planning for VCB with Tivoli Storage Manager V5.5
As always, there are a number of important planning considerations for VCB. The principal items to consider are:
Is there a VirtualCenter (VC) server, or will the Tivoli Storage Manager client connect (via the VCB framework) to the ESX servers individually?
Typically, for a VMware farm of more than a few instances of ESX server, having a VC server makes the solution easier to manage. It is also a useful tool for problem diagnosis.
Our example uses a VC server called KCW09B.
Is LAN-free backup required and, if so, will it be effective?
LAN-free backup involves backing up objects straight to tape. When dealing with many
thousands of small files (in a file-level backup), it may be more appropriate to back these up to a Tivoli Storage Manager diskpool, which is then migrated to tape.
The storage network infrastructure should be sufficient to provide the speeds required.
As we have said, the proxy node must have visibility to the external disks containing the VMware guest images. However, it is not supported to use a multipath driver such as SDD or RDAC to load-balance across multiple HBAs. It may therefore be useful to invest in a single, faster HBA than multiple slower ones. This depends on the speed of the disk being backed up and the backup window available. The storage network design itself will have to be up to the job (for example, non-blocked and where fanout is applied, it should have enough bandwidth to accomplish the job).
Security controls of the backup proxy machine are important.
Since VCB file-level backup presents the NTFS file systems of the guests from the ESX server to the proxy node, this effectively bypasses the security controls on each guest operating system. Therefore, the proxy node should be appropriately secured according to enterprise policy and practice from unauthorized access.

Hardware infrastructure guidance

For the proxy node
The proxy node will move all the backup data either out onto the network, or via the SAN straight to tape. The proxy node must be running Windows 2003 SP1 with an HBA that is supported for access to the SAN disk where the guest images are installed. The proxy node must have visibility to the SAN disk. In our case we created a mapping on the SVC between the proxy node and the virtual disk.



We strongly recommend separating SAN disk and tape traffic on the proxy node to dedicated HBAs. It should also be a powerful enough system to cope with the performance requirements required, often hundreds of MB per second. A presentation from VMware is available at:
http://communities.vmware.com/docs/DOC-1793.pdf;jsessionid=DCF8C8B0E0B4BE25B13F393
8E9FF0015
This includes excellent recommendations for designing a VCB solution. A typical minimum configuration would be a dual core CPU and 2 GB memory.
Performing full VM backups and restores requires actual disk space on the proxy node. The actual amount required varies according to the number of simultaneous full VM backups to be performed and the size of the images generated. You should plan on having storage space sufficient to keep the largest guest, plus some extra, and to increase this if you will make multiple simultaneous full snapshots. If you will only perform file-level backup, disk space is not required on the proxy node, since the guest file systems are attached as virtual mount points. We strongly recommend pre-production prototyping of VCB solutions in order to more accurately predict resource requirements for your particular environment.

Note that at the time of writing, there is not support for using any multipathing software on the proxy node, such as RDAC or SDD. The proxy node must also not be allowed to write a disk label on the SAN disk, as this could corrupt the VM images.

Zdroj: IBM Redbook http://www.redbooks.ibm.com/redbooks/pdfs/sg247447.pdf