Home > Blogs > VMware vSphere Blog > Category Archives: vCenter Server

Category Archives: vCenter Server

Load Balancing vSphere Clusters with DRS

Recently, a customer reported that DRS was not working to load balance the cluster. Under normal circumstances, a minor imbalance is nothing to be concerned about. This is because the main objective for DRS is not to balance the load perfectly across every host. Rather, DRS monitors the resource demand and works to ensure that every VM is getting the resources entitled. When DRS determines that a better host exists for the VM, it make a recommendation to move that VM.

However, some customers still prefer to have an even distribution of utilization across all hosts within a cluster. This article is intended to provide recommendations to accomplish this goal, bearing in mind that in most cases this will result in additional vMotion activity.

Continue reading

vSphere HTML5 Web Client Fling v1.2 (h5client) – Moving away from Client Integration Plugin (CIP)

Today we’re pleased to announce our second full update to the h5client fling.  Once again, in case you missed it, this blog post helps introduce how to install the first version of the fling (These instructions should all still apply if you’re installing from scratch): http://blogs.vmware.com/vsphere/2016/03/vsphere-html5-web-client-fling-getting-started.html

Update instructions are available at the fling page (Instruction’s tab): https://labs.vmware.com/flings/vsphere-html5-web-client


You can read more detailed notes about version 1.2 on the Fling page, but this week we want to highlight something very different: Avoiding dependency on the Client Integration Plugin (CIP).  One of the new features this week is the ability to browse Datastores, and download a file.  In the vSphere 6.0 Web Client, doing so required the installation and running of CIP, which has had its own problems, separate from the Flash runtime.  File download has been implemented within the h5client without any external plugin dependency.

File download is only one of the features that requires CIP, so we still have a ways to go in order to remove all the dependencies on CIP, but we’re making this a strong goal.  We are definitely interested to hear your feedback about this direction, and if you can preface your Feedback tool submissions with “CIP:” that would be very helpful too.

Separately, we’re also incredibly interested in learning more about your deployments.  Please take 5 minutes to fill out this survey:


Of highest interest is learning more anyone that has deployed into Production in a large environment.  Please include your email address in the survey so that we can contact you for further feedback.

New features in v1.2:

  • Browse files in a Datastore ([Datastore] -> Manage -> Files)
  • Download a file from a Datastore
  • URL redirects: your old bookmarked URLs now work, simplifying adoption of h5client.  Examples (base URL only)

https://<h5client ip or domain name>/vsphere-client

https://<h5client ip or domain name>:9443/vsphere-client

Will now automatically redirect to the h5client standard:

https://<ip or domain name>:9443/ui

The port redirection requires running the “firewall.sh” script, which is step 5 in the updated fling Instructions

Interested in announcements and providing more feedback to VMware on this project?  Sign up for our mailing list here: http://goo.gl/forms/IqGJ5twYHf

Dennis Lu & Vishwa Srikaanth

Product Managers, vSphere Web Client


Supported vSphere vCenter and ESXi Ciphers

Hi everyone,

One question that comes up regularly is “What ciphers are supported on vCenter and ESXi?”. I’m happy to share that we have published a VMware Knowledge Base article outlining the supported ciphers!

With all of the challenges around SSL/TLS the past year or two, having a solid idea of what ciphers are being used is becoming critical information that is necessary for IT and security teams to do their jobs.

Rather than list the ciphers here, I’ll just point you at the KB as it will be the central repository for this information and will be updated as necessary.

Please note that on some products like VCSA you’ll find more than one OpenSSL binary. For example, the VCSA will ship with a default OpenSSL binary from SUSE, the OS provider and from VMware. VMware uses OpenSSL we develop and ship and not the OS binaries. When this list was created it was done using the VMware binaries. This is helpful to understand in case your scanning tools only check against the OS binaries and report a false positive.

If you have questions, please respond directly to the KB using the provided feedback mechanism at the end of the KB article.

Thanks for reading!

If you liked these posts, please let me know! If you have comments, please reply here, to @vspheresecurity or @mikefoley on Twitter or via email to mfoley@VMware.com or mike@yelof.com

Platform Services Controller Topology Decision Tree

There have been several common themes recently when we’ve been talking to Customers, Partners, and our colleagues within VMware. One of those themes is that there has been quite an uptick in Customers planning their move to vSphere 6. A side effect of this is that there have been a deluge of discussions and questions around the Platform Services Controller. One of the many areas where we’re trying to do better at providing prescriptive information is with helping Customers design their vSphere 6 environment including the PSC.

Introducing the Platform Services Controller Topology Decision Tree

Continue reading

vSphere HTML5 Web Client Fling v1.1 – h5client Continuous Improvement

Today we’re pleased to announce our first full update to the h5client fling.  In case you missed it, this blog post helps introduce how to install the first version of the fling (These instructions should all still apply if you’re installing from scratch): http://blogs.vmware.com/vsphere/2016/03/vsphere-html5-web-client-fling-getting-started.html

You can read more detailed notes about version 1.1 on the Fling page Change Log, but in this space we’d like to highlight one particular thing: Our focus on continuous improvements for h5client.  Releasing as a Fling gives us the opportunity to take user feedback faster, but a very important component of this tight cycle is making it easy for you to stay current.

Making an OVA deployment was the first step.  The second step is to provide the in-place upgrade flow that you’ll now find on the Fling’s Instructions page (https://labs.vmware.com/flings/vsphere-html5-web-client).  Some of you have already tested this flow, and we thank you for your help!  

Please sign up for our mailing list if you’re interested http://goo.gl/forms/IqGJ5twYHf

We will make further improvements to the upgrade flow (upgrade notifications in the UI, easily upgrade from the UI, etc), so this is only the beginning.  The biggest thing we need is your help in sticking with the mindset of always staying current with the h5client.

We’d also love to hear about how you’ve deployed the h5client.  We have heard of at least one very large customer that has deployed the Fling directly into their Production environment.  We’d like to hear more stories like this, so please take 5 minutes to fill out this survey: http://goo.gl/forms/wmOvmLVwV4

New features in v1.1:

  • Add Devices (CD/DVD Drive, Network Adapter, Hard Disk)
  • Migrate to cluster (and set migration priority)
  • Add new cluster (basic)
  • Bug fixes
  • Minor improvements to existing flows

Stay tuned to this space for more news about h5client.  You won’t want to miss our next update.

Dennis Lu & Vishwa Srikaanth

Product Managers, vSphere Web Client

vSphere 6.0 Update 2 – What’s New

VMware just recently released Update 2 for vSphere 6.0. Update 2 is full of new features and bug fixes for both ESXi and vCenter Server. For a complete list of features and bug fixes make sure to review the release notes for ESXi and vCenter Server. There are few features that stood out to me in this update. The Embedded Host Client is now integrated into ESXi and fully supported as of Update 2. VSAN 6.2 is feature rich with everything but the kitchen sink in this release. Two factor authentication support for the vSphere Web Client is now available in the PSC UI. Here’s a breakdown of what’s new in vSphere 6.0 Update 2.​


VMware Embedded Host Client (EHC)

The Embedded Host Client (EHC) started out as a fling and now is a supported product in vSphere 6.0 Update 2. The EHC is now installed as part of ESXi 6.0U2 and provides the ability to manage any ESXi host using a web browser. After a host is installed with or upgraded to 6.0 U2, open a web browser and enter https://<FQDN or IP of host>/ui.  More information on the Embedded Host Client can be found by reviewing the release notes.

vSphere 6.0 Update 2 - What's New ESXi EHC

Virtual SAN 6.2 (VSAN)

Note: VSAN is a separate product and is licensed separately

If you thought this update couldn’t get any bigger, think again. Virtual SAN 6.2 is here and Jam-packed with new features. This release of VSAN now supports compression and deduplication. When enabled on a disk group redundant copies of data are reduced to single copy. There’re also new services related to performance, space savings and health of the cluster.  The Health service monitors the VSAN cluster for issues and provides diagnostics. Performance service collects and analyzes performance statistics.  Performance service starts at the cluster down the to the disk level. You want space savings reports, that’s included. Space reporting displays information of used and free space with a detailed breakdown. These are just a few of the new features in Virtual SAN 6.2. For more information check out the Virtual Blocks blog.

vSphere APIs for I/O filtering (VAIO) Enhancement

vSphere 6.0 Update 2 also includes updates to vSphere APIs for I/O filtering (VAIO). If you are not familiar with VAIO I highly recommend you read the following blog post by Ken Werneburg.

  • VASA provider in a pure IPv6 environment
  • VMIOF 1.0 and 1.1

High Ethernet Link Speed

ESXi hosts can now support 25G and 50G ethernet speeds.

vCenter Server

Two-factor authentication for vSphere Web client

vCenter Single Sign On allows authentication to the vSphere Web Client via username and password. vSphere 6.0 Update 2 introduces two-factor authentication supporting RSA SecurID and Smart card.  RSA SecurID is configured using the SSO-Config utility. It also requires RSA Authentication Manager in your environment. Once setup, login to the vSphere Web Client with your username and RSA passcode.  Mike Foley has an excellent two part blog post walking through RSA SecurID setup.

Smart card authentication as mentioned above is also supported. Many large enterprises and government agencies use smart cards to meet security regulations. Smart Cards such as Common Access Card (CAC) are used at a machines with a smart card reader. Smart Card Authentication can be configured from the Platform Services Controller UI or using SSO-Config utility. Stay tuned as Mike Foley will be discussing Smart card authentication in a future post.

vSphere 6.0 Update 2 - What's New Smart Card

In addition to two factor authentication, the vSphere Web Client now supports the ability to add a login banner.  The Login Banner can be configured from the Platform Services Controller UI by adding a title and message.

vSphere 6.0 Update 2 - What's New Login Banner

An added layer of consent ensures the user can not login without acknowledging the Login Banner.

vSphere 6.0 Update 2 - What's New Login Banner Consent

vCenter Server Appliance update status might be stuck at 70 percent

vSphere 6.0 Update 1b had a bug when using the virtual appliance management interface (VAMI) to update. The UI would hang at 70 percent, although the update had completed. The only way to verify the status of the upgrade was by checking the update log – /var/log/vmware/applmgmt/software-packages.log. This bug has been fixed in vSphere 6.0 Update 2 displaying 100 percent in the VAMI when the update is complete.

Support to change vSphere ESX Agent Manger Logging Level

vSphere Web Client support for Windows 10 operating system

vCenter Server now supports the following external databases

  • Microsoft SQL Server 2012 Service Pack 3
  • Microsoft SQL Server 2014 Service Pack 1

vCenter Server now supports multiple embedded to multiple PSC migrations in a single SSO domain

vSphere 6.0 Update 1 introduced the ability to reconfigure and repoint using CMSSO-UTIL. This is handy when going from a vCenter with an embedded PSC to an external PSC deployment in the same SSO domain. vSphere 6.0 Update 1 would not allow having two external PSCs and trying to repoint. The result was the following error:

vSphere 6.0 Update 2 - What's New ESXi EHC Repoint Error

vSphere 6.0 U2 now allows having multiple external PSCs with the use of the repoint command. The diagram below represent two embedded deployments replicating to each other. This deployment model is considered deprecated. The term deprecated means the topology will be supported in vSphere 6.0 but not in future releases. To get out of this deprecated topology two external Platform Services Controllers have been deployed. Now we can using the reconfigure command in CMSSO-Util to remove the embedded PSC and repoint vCenter Server to the external PSC.

vSphere 6.0 Update 2 - What's New Deprecated Embedded to External PSC

As you can see vSphere 6.0 U2 is loaded with lots of new features, go download and give them a try.

Two Factor Authentication for vSphere – RSA SecurID – Part 1


This is Part 1 of a 2 part blog series. In this post we’ll talk about setting up RSA SecurID Authentication Manager, some architectural assumptions and what you’ll need to take with you to Part 2.

Two Factor Authentication

Two factor authentication (2FA) has become ubiquitous nowadays. For those of you still in the Dark Ages where you have your password written on a Post-It Note stuck to the bottom of your keyboard, 2FA is “something you have”, like a hardware or software token and “something you know” which would be a secret PIN.

Continue reading

vSphere HTML5 Web Client Fling – Getting Started

vSphere HTML5 Web Client FlingUpdate 3/30/16 – Added requirement of IP Pool for vSphere Client

VMware announced the first step towards making a HTML5 Web Client a reality, the vSphere HTML5 Web Client Fling. This first release of the Fling will focus primarily on VM management, with more updates coming.  Here is a list of the features and operations available in this first release:

  • VM power operations
  • VM Edit Settings (simple CPU, Memory, Disk changes)
  • VM Console
  • VM and Host Summary pages
  • VM Migration (only to a Host)
  • Clone to Template/ VM
  • Create VM on a Host (limited)
  • Additional monitoring views: Performance charts, Tasks, Event
  • Global Views: Recent tasks, Alarms (view only)
  • Integrated Feedback Tool

Continue reading

vSphere HTML5 Web Client Fling

Today we are excited to announce the release of the vSphere HTML5 Web Client Fling. The decision to go with Flash was made years ago, before HTML5 and developer tools were ready. The situation has changed, and we’ve been working very hard on removing the dependency on Flash to improve performance, stability, and security.

The Web Client is a huge application with a lot of features,and making the switch to HTML5 will take some time. This first version of the Fling does not contain all the features of the existing Web Client. We focused on providing the most commonly used workflows/features (centering around VMs and Hosts) in this version.

This Fling is distributed as an appliance (OVA), so you can easily deploy it within your existing environments. This Fling has been designed to work with your existing vSphere 6.0 environments. You can find browser requirements, download, and installation instructions from our Fling website: https://labs.vmware.com/flings/vsphere-html5-web-client


Html5_webclient_image1 2016-03-07_1803_H5client_-_screenshot12016-03-07_1804_H5client_-_screenshot2


Here are list of the most important features/workflows available:

– VM power operations (common cases)p>

– VM Edit Settings (simple CPU, Memory, Disk changes)

– VM Console

– VM and Host Summary pages

– VM Migration (only to a Host)

– Clone to Template/VM

– Create VM on a Host (limited)

– Additional monitoring views: Performance charts, Tasks, Events

– Global Views: Recent tasks, Alarms (view only)

– Feedback Tool (New feature to collect feedbacks from you)

– And many more.

We are explicitly seeking feedback on the Fling to help us in further development. We have also integrated a feedback tool into the web client. You can submit your feedback along with annotated screenshots using this feature. You can also provide feedback through the VMware community web site: https://communities.vmware.com/community/vmtn/vcenter

At this stage, we welcome feedback through all the channels (Feedback tool, Fling web site, VMware Community website etc) so that we can make the HTML5 Web Client better. You can also share your thoughts about the HTML5 Web Client on social media using #h5client.

We wanted to thank the entire vSphere Web Client team for bringing this HTML5 Web Client to the customers. We also wanted to thank all the customers who helped us in giving valuable feedback that resulted in the development of HTML5 Web Client.

We eagerly await your feedback to help direct our development and shape future versions of the Fling. If you would like to receive email updates and surveys from us regarding this fling, sign up here: http://goo.gl/forms/IqGJ5twYHf.

Vishwa Srikaanth & Dennis Lu

Product Managers, vSphere Web Client

Getting Comfortable with vPostgres and the vCenter Server Appliance – Part 1

A High Level Overview of vPostgresvPostgres

This blog post beings a multi-part series which aims to help customers better understand the vCenter Server Appliance (vCSA) and its vPostgres database. We believe the vCSA should be the deployment model of choice but there are many misconceptions and myths about the vCSA and its components. In this first blog post we’ll focus on the database technology used in the vCSA – vPostgres. By the end of this post we hope that you will have a much better understanding of the vCSA’s database and how it differs from the traditional operating model with MSSQL and Oracle.

The release of vSphere 6.0 brought with it many enhancements including scale & feature parity for the vCSA when compared to its Windows-based counterpart. Prior to vSphere 6.0, customers were only able to use the vCSA and its embedded vPostgres database to manage up to 100 hosts and 3000 VMs whereas a Windows-based vCenter could manage up to 1000 Hosts and 10,000 VMs. While it was possible to leverage an external Oracle DB with the vCSA to reach the same scale numbers as a Windows vCenter, the overarching goal of the appliance model is to decrease deployment and operational complexity. So, to say it another way, we want the appliance to be self-contained and not rely on external databases. With vSphere 6.0 we now have that scale parity with the embedded vPostgres database.

Continue reading