Service Console isolation Clarification

Similar Questions

• VMkernel and Service Console in the same vSwitch?

  Hello

  Be aware that this may have been covered elsewhere (and I should be grateful if you would be redirected to the correct answer), but I need clarification on the installer to our servers ESX 4.1. I have a switch virtual vswitch1 with webcam live and test port groups running through a NIC 4 etherchannel trunk to a Cisco switch stack with load balancing of the IP Hash for our virtual machines (works fine).

  Due to limited network adapters, I wanted to know if I could have the VMKernel (vmotion) and the Service Console on the same virtual switch (vSwitch0) but separated by VLAN ID in 2 groups of ports, run through an another etherchannel to our Cisco switches (mounting similar to vswitch1 etherchannel trunk). Are these two functions OK on the same vSwitch?

  I say with this configuration, we will have redundancy with 2 network cards in vswitch0 and traffic will be isolated between the SC and vmotion with VLAN. Im not sure if best practices should have the VMkernel SC on separate vSwitches, or even if the VMkernel and HC would work even as a separate Exchange with an ID vswitch1 VLANS separated to release 2 network cards.

  As a result, I read elsewhere, that a default installation with a switch distributed (that we want to use in the near future) would use a dvSwitch for VMs and a vSwitch for SC and functions VMKernel, separating them, so at this point would be a good idea.

  Any advice would be welcome.

  Thank you

  John

  When I have 2 NICs for network management and vMotion, I use usually 1 vSwitch for them. I configure ports of physical switch as connection ports (no etherchannel), set the VLAN ID on port groups and configure groups of two ports for active / standby. For example, the management network has active vmnic0, Eve and vMotion active vmnic1 vmnic0 a vmnic1, as yesterday. In this way each "service" uses its dedicated uplink unless there is a failure.

  BTW, you should consider installing instead of ESX ESXi, ESX 4.1 is the latest version of ESX. ESXi will only be available in the future and transition from ESX to ESXi requires a fresh install of the hosts.

  André

• Trade rules do not appear in the Regional service console

  Guru HI

  We use the Application confort Hyperion Planning 11.1.2.2.

  We have created business rules for our planning application using Calc Manager and they work very well.

  But my doubt is that calculations do appear in the essbase.

  WT could be the reason for this... Please suggest.

  Thank you.

  Hello

  The Regional service console will show you only the calculation scripts, not the rules for calculation of the Manager. This is a technical limitation.

  Prior to version 11.1.2.3, we also had business rules. These were available in the Regional service console. Then, you had a section in the view of the company next to Administration, servers Essbase called Business Rules. I usually call them Hyperion Business rules (HBR) because users easily get confused with all the scripts and rules.

  In planning, you can see the calculation scripts and rules for calculation of the Manager.

  I hope that clarifies the situation and will help you.

  Kind regards

  Philip Hulsebosch

• Service Console network requirements

  Hello

  I searched the internet, forums and documents best practices vSphere but couldn't find which are the characteristics of network for the Service Console speed. My management network will be a complete isolated physical switch. I won't use it vMotione etc so it will only be used for H.A. and basic (pulsation of hypervisors, vCenter server connection) operations.

  For this, a network of 100 Mb/s should be fine. But if I want to copy a virtual machine offline data to another store, it will pass through the management network? If Yes, then I should get a 1 GB switch.

  Thank you!

  It is advisable to have gigabit ethernet adapter for service console

  copy of the data of the esx datastore Management Office and between the data store will be done by the network of mgmt

  concerning

  Maniac

• HA and 2nd service console

  I had just a console single service in each of my clusters for too long.  I want to install a 2nd / backup service console, only to improve resilience/accuracy of HA.  HA is configured on my cluster right now, with 'VM leave it on"since I'm paranoid about false positives. It happened twice in as many years.

  Service primary or existing console is on vSwitch0 (typical of course) which NIC access network 10.25.13.0.

  Is it not better to add a console/service gateway secondary on a network other than the primary?  If so, vSwitch1 (in use by my VMs) access network 10.25.20.0 so can't I just 'Add Networking' / Service Console / use vSwitch1 and add IP/gateway, etc and do with it?  Again, I have only this want to another path for HA heartbeat and don't have (or really even need) a NETWORK card dedicated for this purpose.

  Sound good?  The warnings I share with this approach?

  Then I can set the HA to do that HA is REALLY supposed to - detect what is almost certainly a host FAILURE and restart the virtual machines on other host in the cluster.  I find this 'interesting' VMware added option 'VMs letting' turned on only for the host isolation response, because it is not more or less defeat the purpose and/or is not an admission that HA is prone to false positives that get undesirable results?  Secondary service consoles, taking other paths (physically, nic to pass) AND to other subnets would seem to be an absolute requirement for the ideal/real 'stop VM' (and restart on hosts alt) implementation of the AH.

  I think that what is meant by the tip to maintain the network label, it is similarly to name the second service even console on each host in the cluster, not name - it the same as the first service console.

  Think of the second service console to provide connectivity redundant heatbeat mainly between the hosts, not really of another interface to check the addresses of isolation after the heartbeats are lost.  Use of the second service console if it is placed on the redundant network links well & switches must ensure that when a problem is detected, it is a failure of another host and the additional verification of isolation on a single interface would be enough to determine that the local host is not the issue.

• VLAN for Service Console

  Hi guys.

  Ive been through the strengthening of the security/best practice document and working my way through it.

  I understand that its best practices to isolate the service console using a vlan separate but the problem I have with this is things like NTP and DNS does not work as the console will be completely isolated. I have only one Layer2 switch and im wondering what is the best way for acheving this is. Perhaps something like an Hytrust appliance?

  Any suggestions, tales of wisdom tor welcome

  Thank you

  I have to disagree with this statement since Andre, that we have found that when you run a scanner security on the management network (port), and especially against the VMotion network (port), you can stop the services, disable VMotion and so, by default, disabling of DRS.

  I used HyTrust and found valuable by adding an extra layer of security.

  FYI HyTrust works to implement authentication 2 factor for ESX and vCenter as part of the management functions of the access of the HyTrust Appliance for their next version 1.1.  This is for the connections of management vCenter both direct-to-host using Virtual Infrastructure Client or ssh.  They are currently seeking to implement for RSA SecureID, smart card, RADIUS and kerberos.

  b

• Own VLAN for the Service console

  Hello

  I was reading the esx3 best practices document and saw in it that it was recommended to the Service console on its own VLAN. I was wondering why... I can see why this with vMotion, but I'm not sure for the SC.

  Thank you

  The Service Console is a VM with access to the ESX kernel. If it is compromised, the attacker a free course on your virtual machines and VMFS leading to back and potential data theft. Using a VLAN independent is a way to strengthen security for the Service Console with the isolation.

• Remote Access Service Console

  Is there a way to access the VMware host service console remotely?

  Try to run the command "dcui" in an SSH session...

  Direct Console User Interface (DCUI) since a SSH session access (2039638). VMware KB

  / Rubeck

• Please explain number maximum support of the virtual machine by exsi 5.5 and exsi 6 service console

  Please explain number maximum support of the virtual machine by exsi 5.5 and exsi 6 service console

  What exactly do you want to know?

  For supported máxima, see one of the following documents:

  https://www.VMware.com/PDF/vsphere5/R55/vSphere-55-configuration-maximums.PDF

  https://www.VMware.com/PDF/vsphere6/R60/vSphere-60-configuration-maximums.PDF

  Full documentation can be found at:

  https://www.VMware.com/support/pubs/vSphere-ESXi-vCenter-Server-pubs.html

  https://www.VMware.com/support/pubs/vSphere-ESXi-vCenter-Server-6-pubs.html

  André

• What is the cause of the message "Waiting for Service ' Console CVD activity

  I have two related questions.

  basis, I just started centralizing 200 computers ish, all except 2 appears fine, 2 questions, one below and another with VSS errors.  This message is just for the question "in waiting for the Service.

  1. What is the cause of the message "Waiting for Service ' Console CVD activity and is there anywhere that documents these meanings of status.
  2. No idea where I should start troubleshooting the message "Waiting for Service ' I get to the computer below.

  I have a computer with this status which comes to have installed the client and will not be to centralize.  Other computers seem to work properly (centralized).

  The computer is to ping requests, but appears as disconnected in the console.

  I deleted the CVD and restarted the centralization CVD using a different policy on a different volume without change.

  Journal of the history of CVD below

  Description of the Type of weather

  31/01/2014-08:52:32 AUDIT_EVENT assign device, device: PC30866 (1995), cardiovascular disease: 11614, political CVD: don't Default - every 4hrs - no drive D (1.1)

  02/05/2014-13:53:58 politics AUDIT_EVENT assign CVD, CVD: PC30866 (11614), CVD policy: Migration Post-quotidien (1.0)

  31/01/2014 General Office EVENT 20:44:46 service error

  31/01/2014 General Office service EVENT 17:39:04 error

  31/01/2014 14:44:34 EVENT has not finished downloading, internal error, exception attached

  31/01/2014 General error from the EVENT 13:05:15 service office

  31/01/2014-12:30:37 TRANSACTION_START PC30866 - centralize endpoint

  the transaction log has an inscription mentioning a failure (not sure if it is the server or PC related) disc.

  Diseases cardiovascular diseases cardiovascular name Type State layer size (MB) data transferred (MB) branch reflector savings start time end time transfer (MB)

  Of the endpoint PC30866 centralize 11614 reading disc failed 169648 1531 0 31/01/2014 12:30:37 05 d 04:16:52

  The next event is in the application event log and the Mirage event log for the failed computer. (there were not all other errors in the paper since the deployment of mirage customer and there is no errors in the system event log)

  Event type: error
  Event source: VMware Horizon Mirage customer
  Event category: no
  Event ID: 0
  Date: 31/01/2014
  Time: 20:44:46
  User: n/a
  Computer: PC30866
  Description:
  Error general service office
  Unexpected exception taken (sender Name:Wanova.Desktop.Service.exe
  There is no policy context.
  , the object exception System.OutOfMemoryException: Exception of type 'System.OutOfMemoryException' was thrown.
  System.Collections.Generic.List to ' 1.set_Capacity (Int32 value)
  System.Collections.Generic.List to ' 1.EnsureCapacity (Int32 min)
  to System.Collections.Generic.List' 1. Add (T item)
  at Wanova.Net.DataTransfer.TransferStreams.SignatureResponseStream.ProcessChunk (ChunkInfo chunkInfo)
  at Wanova.Net.DataTransfer.TransferStreams.ChunkInfoDecodingStream.BeginWrite (Byte [] buffer, TransferStreamWriteCallback onWriteComplete)
  at Wanova.Net.DataTransfer.DataHandler.ExecuteDataStreamTask (DataHandlerExecutionTask task, MarkCompletionCallback markCompletionCallback)
  at Wanova.Net.DataTransfer.DataHandler.ExecuteTask (IExecutionTask task, MarkCompletionCallback markCompletionCallback)
  Wanova.Net.DataTransfer.ExecutionController.QueueListener (Group IExecutionTask)
  to Wanova.Common.ThreadUtils.ParamaterizedWorkItem'1.Run (object fakeParam)
  at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context (Object state)
  at System.Threading.ExecutionContext.Run (ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
  at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem)
  at System.Threading.ThreadPoolWorkQueue.Dispatch)
  at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback (), ends at True)

  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

  It turns out that this computer seems to have hard drive errors, so not a matter of mirage.

• Unable to connect to the administration via the regional service console server after 11.1.2.2 installation

  Hi gurus,

  I have installed and configured the services foundation, eas and essbase in windows 2003 server, afteEA r configuration I have observed that there are no tables for eas schema then I found that it was a bug and applied patch and set up again it has been successfully configured.

  When I tried to connect to the administration via the regional service console server. He States unable to connect to the administration server. everything else works.

  I see only 4 services in services.msc

  Oracle hyperion configuration manager

  EMP web server application

  opmn services

  OSH services

  all services are started with the exception of oracle hyperion configuration manager. I tried to start, but it does not start... is - this service has an impact on the administration server.

  I checked the logs, I can't find anything in easserver.log.

  any suggestions?

  Kind regards

  Kumar

  Looks like you have deployed web applications to a single managed server that is running on a port by default of 9000, then try to add the server to the Regional service as servername:9000

  See you soon

  John

  http://John-Goodwin.blogspot.com/

• Essbase Cluster node not get is expanding in the Regional service console

  Dear all,

  We use version Hyperion 11.1.2.1. I faced a new problem in Regional service console. The Essbase Cluster-1 node in the service console Regional expanding not when I tied to drilled her. For this reason, I am unable to view the applications, calculation scripts, etc. We need to run calc scripts and to add new members in the application.  Any body experienced this before? Kindly guide me to solve this problem issue.

  Thank you

  SC

  If you use the web console EAS, then make sure you are using a supported Java version, if it is supported, and then try adding the server essbase with the hostname instead of cluster.

  See you soon

  John

  http://John-Goodwin.blogspot.com/

• How to create users in bulk in Hpyerion Shared Services Console

  Hi all

  I need to create users in bulk in the Shared Services Console. Since I have many users, so I don't want to use Front End. Instead, I prefer to download a CSV of things sort.

  For this I export the console shared services and open the file Users.csv.

  Now my plan is to add all my users here and then going to import this backup of the Shared Services Console.

  The only point where I am confused is that how should I indicate the passwords encrypted in the file Users.csv and also what should I write in the column "internal_id."

  If you use LCM and native users then you should be able to enter a uncrypted password and when it is imported, it must be encrypted.

  Leave empty internal id column for new users, by creating a new test user.

  See you soon

  John

  http://John-Goodwin.blogspot.com/

• Command not found in the service console ESX 4.0 u2

  Hi all

  I have a very simple question.

  I have haven´t access to the service console ESX 4.0 for some time and today I need run commands to verify information on some host bus adapters.

  I logged a user then used 'su root' to switch to the ROOT user.

  I use Putty to connect to the Service Console.

  But when I try to execute the following commands it said "Command Not Found":

  vmkload_mod

  esxcfg-module

  I read VMware KBs, that say to use these commands for this version of ESX, but I can´t do run.

  I think the answer is something very simple, but I can´t find it.

  Anyone have any ideas?

  Thank you

  Mark

  Try this command:

  quo

  as documented in http://kb.vmware.com/kb/1006573

• How to access the ESX service console

  Hi all.

  I'm a TV engineer trying to solve a problem of network with our equipment. I'm not a network engineer.

  I'm trying to follow the VMWareKB: "Troubleshooting connection problems network using the Protocol ARP (Address Resolution)" I'm just trying to check the ARP table exists on our ESX Server and has some entries.

  KB said running 'arp - a' for a list of the ARP table.

  To do this, I need to open a service console. I have now read articles 3 or 4 on the use of the Service Console but I am still unable to open it to run the command. I do not understand what I am doing wrong, I am incredibly stupid or miss me something completely.

  An article said, press 'Alt F1"exactly where I am doing this? A virtual machine is connected to the ESX? An article said "to VIM summary screen' I tried logging on the virtual machine and point a web browser on the server, I get a screen of welcome of ESX with link"Connecting to Web Access", when I click on it I get"Internet Explorer Can t Open The Web page.

  I had a look at VIM, I can see the details of the Vswitch network on the configuration page, including the IP address of the console service. Can't see how to open a service console. VIM of pointing at the address for service console is unable to do anything.

  I just need to know how to open the Service console and check the tables of ARP based on the KB.

  Please dumb down of your responses to me!

  The fundamental problem is about some units of electric distribution that we use to power the equipment in the racks. They have a network connection which we track using Virtual Machines to the report of a third person of monitoring and control software. The virtual machines are running alarm software driver used to report to the third party. The virtual machine is on a blade server.

  We have a problem where a unit of the IML has been replaced but configured with incorrect default gateway address. In the hours to do so, the monitoring and control software lost connection to ILM and one by one, all units of the IML began to send the ARP requests - "who has 10.172.248.254'.

  Finally, the MDU constantly send ARP requests and the MDU have lost connectivity to the virtual computer. If we open the VM machine, follow up and a MUD, the ping command ping fails, if we put a laptop in place an ILM and ping the machine VM, the ping works fine.

  If power us off/on the ILM voltage they are good, but we are a 24/7 operation and power cycling the MDU is considered risky.

  We have had this problem before and the only solution was to rebuild the virtual machine and assign all MDU to a new network address.

  All switches ILM is connected (foundry Falstron GS) have been verified by the support of our network guys and we are told are all good. The blade server hosts about 20 VM and they work just fine from other systems SNMP traffic monitoring.

  If anyone has any ideas I'm all ears.

  Hello

  As stated, the console is the administration interface that you can use directly on the hardware. It is not a VM (as such) that connect you with the standard management GUI. You can SSH in the network or you can be "physically connected" as you say (I would use HP SIM or the ILO to connect directly to the blade). Once you have that screen upward, press 'Alt + F1' and you connect. Then you should be able to follow the KB to check the ARP table.

  See you soon,.