Home > Blogs > VMware Go Blog > Monthly Archives: May 2012

Monthly Archives: May 2012

Heat Maps, Virtualization Wizards, and More: Prepare for the 10 Days of VMware Go!

By: Arun Lal

It’s been a busy few months for the VMware Go team. We’ve been working hard on a new version of VMware Go, which will be incorporating a number of exciting new features.

The new version is largely based off of feedback from customers; we’ve had some great discussions with our current user base in recent months and have heavily incorporated their feedback in this upcoming version. We’ve tailored this entirely to the needs of IT administrators at SMBs that lack the resources of larger enterprise shops. We understand the crunch you’re facing on a daily basis, and we’ve aimed to automate and better organize a number of critical processes to streamline tasks like patch management and system rebooting (as well as virtualization, of course).

Check back here early next week, when we’ll officially kick off our “10 Days of VMware Go” series. We’ll be announcing a new feature each business day for 10 consecutive days.

Easing the Challenge of Virtualization for SMBs

By: Matt Sarrel

Many enterprises are reaping the benefits of virtualization, e.g. a flexible infrastructure that can significantly simplify daily operations, reduced risk and cost and higher value and greater ROI over the old single app/ single server mentality. However, SMBs have been a bit slow on the uptake of virtualization technologies for a number of reasons.

Cost Effective Virtualization

When SMB IT departments launch server or desktop virtualization projects, they are often surprised to discover that the anticipated savings were consumed by a heavy up-front investment in software, hardware, training, and administration overhead.  While large enterprise IT shops can go back to the CFO and ask for another 10% to help support the project, this would be akin to signing one’s own death warrant in today’s cash-strapped SMB environment.

However, virtualization can reduce costs related to underutilized physical servers.  Many SMBs purchase high-capacity servers with the plan that use will grow to fit the resources – “if our application uses 5% of resources today then we'll be good for a few years as it grows to 50%.”  But, this means that you're overspending by paying for tomorrow's resources today (and we know technology resources get cheaper over time so this spare capacity is basically wasted.)  Instead, running a number of virtual machines on a single physical machine allows IT departments to use that spare capacity. Running multiple virtual machines on a single physical machine also consolidates the physical server footprint in the datacenter.  Fewer physical servers equal less rack space, energy consumed and heat produced, plus the accompanying reduction in administration costs.

In addition, virtualization provides a great deal of flexibility by divorcing the OS/applications from the server hardware.  You can add or remove resources from the virtual machine without shutting down the physical server and disassembling it.  Remember the agony of the last time you had a business critical application jeopardized by failing hardware?  In a virtualized environment the application's virtual machine could simply be pushed to different hardware.  This flexibility facilitates more efficient scaling of server environments as business needs grow. 

Minimizing Risk

Many SMBs see risk in virtualization.  Whereas slow applications on physical servers can usually be isolated to a single server or application, this is far more difficult in the virtual world.  “Which piece of which app is running on which virtual server on which physical server” can be a daunting question in an environment prone to virtual sprawl.  Virtualization allows for consolidation of network infrastructure and storage infrastructure as well, so now troubleshooting a single app could require troubleshooting every piece of virtual and physical equipment in a datacenter.  A lot of businesses may not be willing to tolerate the disruption of existing services in order to go virtual.

The shift from a physical infrastructure to a virtual infrastructure requires changes in conceptualization, architecture, and process.  Many SMBs have gone with the model of direct attached storage for their physical server environment.  Much to their chagrin, virtual servers and applications run best from shared storage, not from direct attached storage.  It’s a lot to ask the average small business IT guy to grapple with the added of complexity of now having to manage a shared storage infrastructure (for example, a SAN) instead of simply popping a new drive into a local drive array.

SMBs may question the need for a complex virtual environment.  Can a company running only a dozen apps truly reap the benefits of server and application consolidation on their own?  Or would this small business be better off simply moving everything into the cloud?  Why build something from scratch when you could easily leverage someone else’s infrastructure?  Few companies actually want to manage greater numbers of more complex systems, and even fewer want to shell out big bucks on a whole new infrastructure that is supposed to save them time and money.  SMB’s must weigh the cost savings might of virtualizing into the cloud versus building their own environment and then having to maintain it. 

Benefits vs. Challenges

Small businesses can reap many benefits from virtualization, but the perception that only enterprises can benefit from server consolidation and cloud architectures has kept virtualization off the radar for many SMB IT personnel.  What’s worse, there’s still a great deal of perceived uncertainty regarding the application and value of virtualization on the part of IT.  Capacity planning is no longer merely a matter of 1 app = 1 machine, and while this is more efficient it is also more complex. 

SMB IT personnel have found, up front planning is difficult to achieve in an environment where you’re constantly putting out fires.  Even though virtualization is intended to simplify IT management, deploying a virtual infrastructure can be an arduous task, especially if you’ve never done it before. 

VMware Go Can Help

Fortunately, there’s actually a tool out there that can make at least the deployment and management of virtualized machines significantly easier. 

The VMware Go vSphere Hypervisor allows you to create virtual machines by leveraging the configuration of an existing physical server using the built in VMware P2V converter tool. The vSphere Hypervisor can also install a pre-packaged, reliable and secure virtual appliance that is immediately ready to run in production. 

After creating the virtual machines, VMware Go can help you monitor the VM’s for performance and resource utilization through a straightforward web interface.  While there’s a lot to consider and get done when virtualizing in an SMB (cost, scalability, risk), once you decide to go virtual, VMware Go can definitely simplify the initial setup and ongoing management of your new environment.

IT Confessional Series: IT Admins and Game of Thrones Have More in Common Than You Think

By: Andy the Angry IT Guy

Editor’s note: This is the sixth installment in our ongoing series featuring “Andy,” an anonymous IT administrator at a small- to mid-sized organization located somewhere in the American Midwest. When we last left Andy, he was espousing the benefits of automated patch upgrades while trying to contain his excitement about the release of Diablo III.

Today, Andy continues on the topic of patch management and debunks a commonly held myth that only Microsoft applications should be regularly patched.

Like many of you, I’ve been watching Game of Thrones, HBO’s hit new series that’s capitalizing on a series of fantasy novels that had previously been written off as “uncool” by the majority of readers (and yes, I’ve been religiously following A Song of Fire and Ice since it first came out in 1996. What else was I supposed to do between episodes of the X-Files?).

One of my favorite plot lines in Game of Thrones is that of the Night’s Watch – an ancient military order that guards the Seven Kingdoms from the great unknown that lurks in the wild beyond the wall that surrounds their domain. I’ve increasingly come to believe that the Night’s Watch is a thinly-veiled allegory for IT professionals. Think about the parallels:

  • Both groups protect a wider, largely oblivious population from unknown evils that lurk just beyond the wall (or, in the case of IT, a firewall);
  • Both groups perform arduous tasks that go beyond the grasp of most people’s basic comprehension. And they do so at the expense of meeting/socializing with members of the opposite sex;
  • While both groups perform selfless tasks in the name of protecting their peers, their exploits will largely go unrecognized and uncompensated.

The last point is particularly prescient when describing the primary responsibilities of an IT administrator, especially at a smaller organization that lacks the deep resources of a Fortune 500-type company. Your job is to make sure that things work and promptly fix them when they don’t. Most of the time, no news is good news and you’ll only hear from people when something is wrong.

After nearly a decade in IT, I can safely say that the single biggest thing you can do to control your own destiny in this area is ensuring that you stay on top of all patch updates. Yes, I mean ALL patch updates – not just the Microsoft ones. Malware has evolved beyond its early, Microsoft-hating days and will now target nearly any vulnerability on almost any application.

To that end, the only way to stay ahead of the curve – and remain gainfully employed as an IT administrator – is ensuring you’re up to date on all major updates. To expand on that point, here are a few handy tips I’ve picked up on over the years:

No Browser is Safe From Malware

Not only that, but the much-maligned Internet Explorer isn’t even the most vulnerable. According to the National Vulnerability Database, Safari (81), Chrome (61), and Firefox (44) all had more vulnerabilities than IE (34) in Q1 and Q2 2010[MC1] . Web browers are the most commonly targeted applications, so it’s critical to stay as up-to-date as possible with patches.

Third-Party Applications – Not the OS – Are the Biggest Security Risks Today

While common knowledge holds that the operating system (and Microsoft) are the biggest vulnerabilities in your IT infrastructure, it’s simply not the case. In recent years, third-party apps have emerged as the single greatest threat – that includes those from Adobe, Apple, Java, Mozilla, and Oracle, among others.

Automation Increases Accountability

While some people claim it’s the lazy admin that automates as many tasks as possible, I say it’s the smart, efficient one that does so. I invite anybody that thinks IT admins are lazy to spend a day in my shoes – you try dealing with a never-ending stream of angry help tickets while simultaneously keeping IT operations up and running. If you can automate any portions of the patch management process, I strongly recommend doing so; it’s the single best way to ensure that all machines in your network are up-to-date and not vulnerable to malicious software.

I’ve said it before and I’ll say it again: IT is a thankless job, and there’s always going to be someone looking to blame you for even the slightest misstep. Like the brave men of the Night’s Watch, we have to stay constantly alert and a step ahead of our enemies to ensure the continued welfare of our organization.  

If you’re interested in diving into this topic a bit deeper, take a look at The Importance of Patching Non-Microsoft Applications, a technical white paper from VMware.

IT Confessional Series: Oops… Good Thing That Patch Update Was Automated!

By: Andy the Angry IT Guy

Editor’s note: This is the fifth installment in our ongoing series featuring “Andy,” an anonymous IT administrator at a small- to mid-sized organization located somewhere in the American Midwest. When we last left Andy, he was emulating one of his all-time favorite TV heroes (non-Star Trek division), Jack Bauer, with 9 – a heart-racing, minute-by-minute account of a standard day at work for him.

Today, Andy talks about how he dodged a major bullet by automating a critical patch update that would have otherwise gone uninstalled and would have left his anonymous small- to mid-sized organization vulnerable to malicious attacks from a cavalcade of villainous internet hackers.

In preparation for the imminent, decade-in-the-making release of Diablo III (May 15, you CANNOT come quickly enough), I recently dusted off my old copy of Diablo II to get excited. I forgot how addicting that game was; outside of work, I’ve pretty much been playing it non-stop for the past week. Last weekend, I didn’t even leave my house – OK, my mom’s basement.

Yesterday (Monday) was a typically crazy day at the office for me. Between helping half of the office connect to the new printer because they didn’t choose to read my step-by-step instructional email and managing other trouble tickets, the day flew by in a typically hectic style. Naturally, all I could think about when I got home was getting back to my game.

I think it was somewhere between defeating the evil lord Baal in the second act and preparing to face off with the even more sinister Mephisto in the third act (after returning to Tristram to refill my inventory, obviously) that I realized it was after 4:00 AM, and I had to be to work in less than four hours. So, I resolved to take a quick nap to get at least some rest.

Tuesday promised to be a busy day at the office: there were critical patch updates for Adobe, Mozilla, and Outlook, respectively, and they all needed to be downloaded ASAP to eradicate existing vulnerabilities and ensure that my company didn’t become the next target of Anonymous.

It was about 11:15 AM on Tuesday by the time I realized all of this. That’s right, I slept through my alarm, head resting on my keyboard for well over seven hours. This was going to be a disastrous day.

I got a horrible feeling in the pit of my stomach and proceeded to root through my closet to find my old Best Buy t-shirt. If I screwed up this patch update, it would most certainly be the end of my tenure at my current job and back to the Geek Squad. My current boss already seemed to have it in for me, and I had no doubt that screwing this up would be all he needed to finally get rid of me.  

Looking in the mirror after finally pulling my trusty royal blue Best Buy polo out of my closet, I realized I’d put on a few pounds since I last worked there. Damn you, Diablo II and a general lack of exercise!

And that’s when it hit me.

I had automated the patch updates last week with VMware Go Pro! I wasn’t going back to Best Buy after all – and better yet, I could continue to wear my more loose-fitting sweaters that better conceal my ever-expanding gut so that my coworkers (namely, Liz from accounting) wouldn’t notice!

Here’s what happened: I had had a burst of productivity the previous week. While I was playing around with the patch management features in VMware Go Pro, I noticed that I could automate the scan and deploy process for individual patch updates. I saw that there were a number of big patch updates coming the following week, and decided to be proactive (for once) and set up the process so that it would occur automatically first thing on Tuesday morning.

To allay any lingering concerns I had about the patches, I pulled up my VMware Go Pro from home to confirm that the updates did in fact go through – it was easy to do remotely, since Go is browser controlled. I was able do so by both name and machine group to be extra safe. All was OK, and my day was made. Automation really is a beautiful thing.

Seriously, though, I have no idea how I’m going to keep my job once Diablo III comes out. At least I won’t have to worry about patch updates…

Have a Happier Patch Tuesday with VMware Go Pro

By: Matt Sarrel

Patch Tuesday is the name we use to refer to that blessed day when Microsoft rains patches down on us from above.  OK, technically it is the second Tuesday of each month and the patches come across the Internet, but for an IT administrator it may feel like it’s raining patches.

This month Patch Tuesday is May 8.  Microsoft issued a notice yesterday that three of the patches are critical and four are important.  The three critical patches focus on preventing remote code execution attacks as do two of the important patches.  The other two important patches are intended to prevent privilege escalation.  These patches should be applied to all current versions of Windows.

The secret to surviving Patch Tuesdays is to have solid patch management policies and procedures in place beforehand.  VMware Go Pro is tremendously helpful in establishing and maintaining a strong patch management program.  IT Advisor scans the network to discover physical and virtual assets, and then inspects them to find missing Microsoft and third party patches.  Missing patches are prioritized based on the risk they present and then deployed.

Plus, the whole thing can be automated, which gives me a small shameful pleasure at how easy deploying patches has become.  I remember having to run around and apply patches from floppy disks, so this kind of set and forget functionality is light years ahead of that.  Automated patching can save a tremendous amount of time and resources for many small businesses.

After scanning my test workstation, I can easily see what needs to be patched and how important that patching is.  The Patch Summary screen presents this info concisely and shares the latest News from Patch Patrol.  Please note that these screen shots do not include the patches for May 8, 2012 because I’m writing this post in advance.

  1

I simply click the Deploy Missing Patches button and VMware Go Pro walks me through the process.  First I choose machines to target:

  2

It’s worth noting that I can put machines in groups and then schedule scans and deployment on a group level, for example, all desktops get scanned and patched on Tuesday night, all laptops get scanned and patched on Wednesday morning when they return to the office.  I’m only going to patch one machine for now, and I’m going to apply all the patches; if I wanted to I could select them patch by patch.

The last step is deciding how the patches should be deployed.  It’s a good practice to reboot machines after deployment so I’ll leave that checked.  And I might as well go ahead and deploy using my current credentials because they’ll work on my test machine.

3
 
After clicking the Start Patch Deployment button I’m asked to verify my settings, plus VMware Go makes it very clear that machines will reboot!  I can sit back and watch, or go get another double espresso. 

4

I can tell that it is running because I see this at the top of the screen:\

  5

And clicking on the “1” displays more information:

  6

It seems like the next logical step is to schedule patch deployment so I don’t have to do this manually from now on.  I click Schedule Deployment and I’m prompted to create a new schedule.

7

My installation is simple so I don’t have any machine groups, but it’s a good idea to start creating them.  When I’m running VMware Go for my whole lab it will make sense to have machine groups to spread the load around a little. 

8

This is so easy, all I have to do is select a day and a time for the job to start.  I’ve selected Tuesday at 2 AM.

9
 
Now Patch Tuesday should be fully automated.  No more users complaining on Wednesday morning about waiting for all the patches to deploy.

IT Confessional Series: 9: A Day in the Life

By: Andy the Angry IT Guy

Editor’s note: This is the fourth installment in a series of posts from “Andy,” an anonymous IT administrator working for a mid-sized organization located somewhere in the American Midwest. When we last left Andy, he was debating the merits of virtualization – and how it helped ensure he’d never miss another Star Trek marathon – with his friend Pratik. 

Today, Andy channels his inner Jack Bauer, describing the trials and travails he encounters on a typical Tuesday – and how VMware Go helps him combat the day.

__________________________________________________________________________________________Screen shot 2012-05-03 at 9.38.18 AMThe following takes place between the hours of 8:00 AM CT and 5:00 PM CT.

Screen shot 2012-05-03 at 9.38.28 AMShoot – I’m running late again! Did I really need to stop for that coffee and triple espresso? Yes, yes I did. I work in IT; going to work without caffeine for me is simply out of the question. Oh well, on to another day – time to check my email…Screen shot 2012-05-03 at 9.38.35 AM13 new messages down, 71 to go. Based on a quick scan, it looks like at least 12 more have “HELP! URGENT!” in the subject line, and 7 more have some combination of “mission critical” and “fail.”Screen shot 2012-05-03 at 9.38.44 AM Drats! There’s a new Outlook security patch that has to be installed today. And I’m still staring down the inbox from hell. I don’t know how I’m going to get through this day.Screen shot 2012-05-03 at 9.38.50 AM Just realized I can automate the patch scan to identify which machines still need this patch with VMware Go Pro! I just saved myself a solid two hours. Now back to my inbox…Screen shot 2012-05-03 at 9.38.55 AMFinally starting to see the light at the end of the tunnel with my inbox. And since I saved all that time by automating the patch update, I’m going to make a meme!Screen shot 2012-05-03 at 9.39.05 AMBoss (who knows NOTHING about IT, by the way) just swung by my desk. He asked for a breakdown of EVERY piece of software we have deployed in our ENTIRE network. Oh, and he wants it by EOD. No big deal, right?

/pounds head against deskScreen shot 2012-05-03 at 9.39.11 AMThis is too good to be true! I can automatically scan all of the physical and virtual machines in my network with VMware Go Pro. I can even scan for idle machines and remove them, so I included that in my report as well. That’s what you call managing up! Crisis, averted.

Screen shot 2012-05-03 at 9.39.18 AM Uh oh. Email inbox is starting to fill up with frantic requests again. There really should be an IT edition of the “Darwin Awards.Screen shot 2012-05-03 at 9.39.26 AMPermit me a moment to rant: FOR THE LOVE OF GOD, MARCIA, YOUR LAPTOP IS NOT BROKEN, YOUR BATTERY IS JUST DEAD! AT THIS RATE, YOU’RE ON A FAST TRACK TO JOIN THE RANKS OF MISS SOUTH CAROLINA AND THIS GUY!!!Screen shot 2012-05-03 at 9.39.33 AMOK, after taking a few deep breaths, sipping some chamomile tea and listening to my favorite indie-rock-band-that-you’ve-probably-never-heard-of, I think I’m going to be alright.Screen shot 2012-05-03 at 9.39.40 AMPatch update nearly complete! Time to escape for lunch – before the next crisis of the day strikes.

Screen shot 2012-05-03 at 9.39.46 AMBack from lunch. Got a reuben – light on the Russian dressing (trying to watch my girlish figure, you know how it is). I’m not normally one for executive lunch hours, but since I’m not manually checking a patch update for once, I figured why not? Better yet, looks like this patch update has completed, and only one machine has yet to install. Tsk, tsk.Screen shot 2012-05-03 at 9.39.54 AM Ohmygod! The one machine that has yet to install belongs to none other than… Liz from Accounts Receivable, my secret office crush! Time to take a few deep breaths and go talk to her…Screen shot 2012-05-03 at 9.40.01 AMThat went better than I could have ever hoped! Not only did Liz seamlessly install the Outlook patch, she also complimented me on how fast our network has been running lately! After that, we got to talking about our mutual appreciation for trashy reality TV shows on TLC. I was this close to asking her if she’d be up for a coffee after work, when I realized that I still had some Russian dressing on my shirt. Not the right time.Screen shot 2012-05-03 at 9.40.07 AMJust when I thought this day was taking a turn for the better – my evil boss strikes again! Apparently he just read a story on virtualization in BusinessWeek and wants to know why 100% of our apps aren’t virtual. First up: our Oracle Financials DB.Screen shot 2012-05-03 at 9.40.14 AMNot only that, but he “needs a launch timeline on his desk by EOD.” Does he just not realize I’m the only IT guy here – and that these things take time, especially when Jerry from shipping is complaining that I’m “out to get him” because he can’t log into his email??? I need a new job.Screen shot 2012-05-03 at 9.40.20 AM A ray of light, courtesy of VMware Go Pro: since we’re going to be running vSphere 5, I can leverage the configuration of our existing physical servers using the VMware P2V Converter tool, which is built into the platform.Screen shot 2012-05-03 at 9.40.27 AMThank you, IT Advisor! I just got a heads up on an upcoming patch for Adobe that will be released tomorrow. Time to craft a staff-wide email and pray that people can take 30 seconds out of their precious days of playing solitaire and IMing with their friends about how they’d rather be outside to actually download the update.Screen shot 2012-05-03 at 9.40.32 AMCounting down the seconds to 5:00. Could this really be one of the rare days that I leave on time? My inbox is sitting at zero, and today’s patch updates are complete. Tick, tock…Screen shot 2012-05-03 at 9.40.39 AM FREE AT LAST! Automating those patch updates and scanning the configuration for our financials DB saved me a clean 4 hours. VMware Go Pro, I think this is the beginning of a beautiful friendship…

Virtualization Woes? VMware Go Pro Can Help!

By: Matt Sarrel

Virtual environments need to be managed in much the same way that physical environments do.  Most IT departments have established procedures and controls for creating and running virtual machines, although installing and spinning up virtual machines is so easy these days that it’s quite possible that not every VM is being managed up to corporate standards for security controls and patch management.

This is of particular importance to IT departments at SMBs that may or may not already have management procedures in place.  Many of these businesses are in the process of evaluating and rolling out virtualization platforms and need an easy way to speed adoption and start managing VMs.  VMware Go makes this especially easy because you can use it to manage existing devices, hypervisors, and software as well as deploy new vSphere instances.

Taking control of your virtual environment should begin with a full audit of physical and virtual environments.  It’s the old “you need to know what you have before you can manage it” thing.  VMware Go is a great tool to inventory, manage, and enhance your virtual resources. 

I recently got started with VMware Go and all went smoothly.  Here’s what to expect:

After launching VMware Go I was presented with the IT Advisor offering to scan my environment.  I clicked the big green start button.

1

I got an informative pop-up explaining what was about to happen so the IT Advisor could run and then clicked Install Now.

  2

From there I just followed the instructions and everything went smoothly.  It’s comforting to see that the setup files were securely downloaded via https.

3

4

After the short download of the setup application, I downloaded the 10 MB client files.

  5

The software asked me which browser I use, something I always like to see because I enjoy browser freedom.

  6

Firefox installed the VMware OpsCloud Assistant.  So far this installation has been effortless.

  7

IT Advisor opened in my browser:

  8

I could see that a scan was running in the header at the top of the page. I’m about to toggle to another window and select which network to scan and inventory.  I get status reports so I know my network information is being harvested properly. 

9

After three or four minutes I got a pop up telling me the scan was complete:

10

This time when I log into VMware Go I see recommendations.  In my case, it’s clear that I need to patch my systems.  I can tell this by the big red “patch” button under Recommendations, plus my patch pro score is lacking, not to mention that patch advisor over on the right tells me that I’m behind by about twice as many patches as my peers.

11

Now that I’ve gone through the installation and run my first complete scan I can schedule patch scans to take place on a schedule.  VMware Go will scan my network once a week looking for missing patches and then automatically deploy them.

  12