Service Console network requirements
Hello
I searched the internet, forums and documents best practices vSphere but couldn't find which are the characteristics of network for the Service Console speed. My management network will be a complete isolated physical switch. I won't use it vMotione etc so it will only be used for H.A. and basic (pulsation of hypervisors, vCenter server connection) operations.
For this, a network of 100 Mb/s should be fine. But if I want to copy a virtual machine offline data to another store, it will pass through the management network? If Yes, then I should get a 1 GB switch.
Thank you!
It is advisable to have gigabit ethernet adapter for service console
copy of the data of the esx datastore Management Office and between the data store will be done by the network of mgmt
concerning
Maniac
Tags: VMware
Similar Questions
-
VCenter server: tolerance on failure service console network
Hello world!
I have question about network service on the vCenter Server console. In my server, I have 4 free NIC and I want to lay off the witch NIC network service management console. Is it a good choice for the team this free with other NIC with Intel Advanced Network Services ( http://www.intel.com/support/network/sb/cs-009747.htm )?
My 2 vShpere host is configured as scenario 4 illustrated on this page:
http://kensvirtualreality.WordPress.com/2009/03/09/when-is-it-OK-to-default-on-your-VI/
My idea is to connect the NIC primary service on the Vcenter Server console to the single switch and the other to the other switch and then the 2 NIC teaming
Is the right choice?
Thank you
You should be able to accomplish what you want by using the NIC software from the manufacturer of your NETWORK adapter in combination.
Connect the second NETWORK card on pSwitch 2, using the NETWORK card software create a team. Assign the two network cards (same make and model, I hope) to the team. Give the SC IP network to the NIC BIA - clear move the existing IP of the network card.
If one of the NIC in the server VC port fails and/or a pSwitch fails, your VC server should always be in place.
Everything else seems good.
----
-
public network for virtual machines, private storage and the service console?
Hello
So far I had a pretty small facility with 2 servers with 4 physical network adapters each running ESX 3.5, a small box of EqualLogic SAN to shared storage and a few virtual machines on our network of regular reinforcement, routed, not on a private. The network config was really simple. I just put everything on real IP addresses on our network of building.
Now I want to move the SAN and the traffic on a private service console network, but I don't know how to do this.
Right now I use 2 NETWORK cards on each server:
vmnic0 is configured on vSwitch0 and has the network of the VM on it that all my use of VMS to talk to the outside world, and it also has the Service Console that uses Virtual Center and I use ssh to it.
vmnic1 is configured on vSwitch1 and a VMKernel Port and also a Service Console Port for iSCSI Software to talk to my SAN. (never been clear on why both are needed to talk to the SAN, but doctors say they are)
My plan is to set up a vSwitch2 and bind it to vmnic2 and implemented a VMKernel Port and the Service Console Port for software iSCSI on the 10.x.x.x network, set up my new (larger) SAN box on the 10.x.x.x network and simply use Storage vMotion to move virtual machines to the new storage space. As soon as I did this, I would like to not use the Service Console on vSwitch2 and not a Console Service at all on vSwitch0. Is it possible to delete the one on vSwitch0 and just use a new vSwitch2 for Virtual Center and ssh access?
So my proposed configuration would be:
vSwitch0: VM network only, used by the VM guests for oriented public access network, no construction of Network Service Console, linked to vmnic0
vSwitch1: superfluous once I do storage vMotion of everything on my old SAN, will eventually remove and pair vmnic 1 with vmnic0, linked to vmnic1
vSwitch2: VMKernel and Service Console on the network 10.x.x.x, used to access the new SAN, used by Virtual Center to access the ESX, used to SSH in to ESX on private network, associated vmnic2
If it works?
Thank you.
Hello
VMkernel ports cannot live on the same subnet. So if you have 3 vmkernel ports say: vMotion, iSCSI and NFS. You really need 3 subnets. 1 for each vmkernel port.
Otherwise how does he know all send properly?
Best regards
Edward L. Haletky VMware communities user moderator, VMware vExpert 2009, url = http://www.virtualizationpractice.comvirtualization practical analyst [url]
"Now available: url = http://www.astroarch.com/wiki/index.php/VMware_Virtual_Infrastructure_Security' VMware vSphere (TM) and Virtual Infrastructure Security: securing the virtual environment ' [url]
Also available url = http://www.astroarch.com/wiki/index.php/VMWare_ESX_Server_in_the_Enterprise"VMWare ESX Server in the enterprise" [url]
[url =http://www.astroarch.com/wiki/index.php/Blog_Roll] SearchVMware Pro [url] | URL = http://www.astroarch.com/blog Blue Gears [url] | URL = http://www.astroarch.com/wiki/index.php/Top_Virtualization_Security_Links Top security virtualization [url] links | URL = http://www.astroarch.com/wiki/index.php/Virtualization_Security_Round_Table_Podcast Virtualization Security Table round Podcast [url] -
Service Console isolation Clarification
I have read the Security Hardening Guide but I have some questions about the isolation of isolation of service console.
1. What are the security risks? I found that newspapers are sent clear test that represents a risk, but in a fully routed network once newspapers leave the service console network they may be captured or read on the syslog network, unless an ipsec tunnel is created between the two systems. Another risk I've read is that if the console service is on the same vswitch as an internet workstation or network type VM service console could be exposed to the internet. Other risks?
2. If the service console is isolated on its own vswitch/network, but the network outside the vm environment has other systems not necessarily vm systems is always considered a risk or the physical environment also must be isolated to only management traffic? In order to clarify if the service console is located on a network 192.168.1.0/24 and this network have physical systems connected to this same 192.168.1.0/24 network is the console service at risk? Again, what are the risks and that no matter the fully active physical network and uses the isolation of port? If a company has a fully routed network isolation really provides increased security? To be compliant with the Safety Guide is the key to keep isolated from the internet access management network/traffic?
For some reason, I'm having trouble getting this concept and the security risks. Thanks in advance for the help in the understanding of console service isolation.
Also remember that if your service console came down, you could lose the ability to manage all the virtual machines that reside on this ESX host.
-
ESX 3.5: copy files using the service console from a network share to the esx host data store
Hello
I wonder. Is there a command that I can run the service console that would allow me to copy a file from a network share on the data store on the esx host?
Eric
If sharing is a Windows, you can also use smbclient within the service console and ride sharing.
André
* If you found this device or any other answer useful please consider awarding points for correct or helpful answers
-
Determine good network card PCI bus for Service Console?
Are the bus PCI in hexadecimal or decimal?
I ask because I put the Service Console on the bad NIC (0b.00.00) and I want to know which is the NIC low to move it to.
I have the following:
Card internal Broadcom: 03.00.00 and 05.00.00 - I want these to become vmic0 and vmnic1
Map external Intel: 0b.00.00 and 0b.00.0 - I want these to become vmic3 and vmnic4
Am I right that 03.00.00 is the bus PCI NIC plus small number?
Once I know that, I'll add this 03.00.00 vmnic to the current SC vSwitch reassign SC him then remove the other vmNIC to it.
In addition, how is it possible to re - assign vmnic numbers to different network adapters?
Say vmnic0 is on the NIC 0b.00.00 and I really want to vmnic0 on 03.00.00, how do I do? -command and syntax?
Thank you, Tom
Yes, 03:00 is the smallest address PCI - 05:00's next, b 0:00: #'s next - his numbered in hexadecimal - you can reinstall ESX and select the correct network adapter or you can check out here how to renumber - http://vmware-land.com/Vmware_Tips.html#Net4
If you find this or any other answer useful please consider awarding points marking the answer correct or useful
-
Set up a VLAN tagging for service without interruption of network service console
I currently have an ESX Server that has vSwitch with a single NETWORK card for the console service with no trunking VLAN. The vmkernel is a separate vSwitch also with a single network ADAPTER with no trunking VLAN, but in one VLAN separate from the NIC service console I would like to group the virtual physical switches in a single vSwitch, trunking 2 network cards and marking management. Is there a way to do it without causing a failure of service console; that is, a PuTTY session distance?
Well you can work it so that the spare IP is not used for a long time.
-
VMkernel and Service Console in the same vSwitch?
Hello
Be aware that this may have been covered elsewhere (and I should be grateful if you would be redirected to the correct answer), but I need clarification on the installer to our servers ESX 4.1. I have a switch virtual vswitch1 with webcam live and test port groups running through a NIC 4 etherchannel trunk to a Cisco switch stack with load balancing of the IP Hash for our virtual machines (works fine).
Due to limited network adapters, I wanted to know if I could have the VMKernel (vmotion) and the Service Console on the same virtual switch (vSwitch0) but separated by VLAN ID in 2 groups of ports, run through an another etherchannel to our Cisco switches (mounting similar to vswitch1 etherchannel trunk). Are these two functions OK on the same vSwitch?
I say with this configuration, we will have redundancy with 2 network cards in vswitch0 and traffic will be isolated between the SC and vmotion with VLAN. Im not sure if best practices should have the VMkernel SC on separate vSwitches, or even if the VMkernel and HC would work even as a separate Exchange with an ID vswitch1 VLANS separated to release 2 network cards.
As a result, I read elsewhere, that a default installation with a switch distributed (that we want to use in the near future) would use a dvSwitch for VMs and a vSwitch for SC and functions VMKernel, separating them, so at this point would be a good idea.
Any advice would be welcome.
Thank you
John
When I have 2 NICs for network management and vMotion, I use usually 1 vSwitch for them. I configure ports of physical switch as connection ports (no etherchannel), set the VLAN ID on port groups and configure groups of two ports for active / standby. For example, the management network has active vmnic0, Eve and vMotion active vmnic1 vmnic0 a vmnic1, as yesterday. In this way each "service" uses its dedicated uplink unless there is a failure.
BTW, you should consider installing instead of ESX ESXi, ESX 4.1 is the latest version of ESX. ESXi will only be available in the future and transition from ESX to ESXi requires a fresh install of the hosts.
André
-
Create the new service console, remove old
The first service console has a DHCP address and I created a new SC with a static address, but when I try and remove the original CD, it gives an error:
The 'vswif0' resource is in use. I use vSphere Client to do this. We do use vcenter server. What is the way easiest to migrate static IP from the DHCP server on these consoles of service?
Here's a message to somebody else who had some problems by removing an old console of the VI client. As always be careful when it comes to the consoles of service you could easly remove the console off of the network and require a console to finish working on it.
http://communities.VMware.com/thread/62232
If you have found this device or any other useful post please consider the use of buttons useful/correct to award points
-
I had just a console single service in each of my clusters for too long. I want to install a 2nd / backup service console, only to improve resilience/accuracy of HA. HA is configured on my cluster right now, with 'VM leave it on"since I'm paranoid about false positives. It happened twice in as many years.
Service primary or existing console is on vSwitch0 (typical of course) which NIC access network 10.25.13.0.
Is it not better to add a console/service gateway secondary on a network other than the primary? If so, vSwitch1 (in use by my VMs) access network 10.25.20.0 so can't I just 'Add Networking' / Service Console / use vSwitch1 and add IP/gateway, etc and do with it? Again, I have only this want to another path for HA heartbeat and don't have (or really even need) a NETWORK card dedicated for this purpose.
Sound good? The warnings I share with this approach?
Then I can set the HA to do that HA is REALLY supposed to - detect what is almost certainly a host FAILURE and restart the virtual machines on other host in the cluster. I find this 'interesting' VMware added option 'VMs letting' turned on only for the host isolation response, because it is not more or less defeat the purpose and/or is not an admission that HA is prone to false positives that get undesirable results? Secondary service consoles, taking other paths (physically, nic to pass) AND to other subnets would seem to be an absolute requirement for the ideal/real 'stop VM' (and restart on hosts alt) implementation of the AH.
I think that what is meant by the tip to maintain the network label, it is similarly to name the second service even console on each host in the cluster, not name - it the same as the first service console.
Think of the second service console to provide connectivity redundant heatbeat mainly between the hosts, not really of another interface to check the addresses of isolation after the heartbeats are lost. Use of the second service console if it is placed on the redundant network links well & switches must ensure that when a problem is detected, it is a failure of another host and the additional verification of isolation on a single interface would be enough to determine that the local host is not the issue.
-
IPv6 can not ping 2nd service console
I configured a new vswitch with a service console and a vmkernel to use IPv6 and IPv4.
I can ping to the service console and vmkernel IPv4 address. But I can only ping the service console IPv4 address.
Why something like that happens? I checked to see if it was a duplicate address, and he wasn't.
Thank you
Is it using vSphere4? There is no requirement for the ports of service console to use iSCSI, now.
Can you provide the output of esxcfg-vswitch - and esxcfg-vmknic - l that I can see what looks like your network config?
In addition, you will be able to ping the ESX storage use the command vmkping?
If you are able to ping both directions, getting newspapers in storage and the ESX host around time of discovery would be the next piece of useful information.
Thank you
Andy
-
How to access the ESX service console
Hi all.
I'm a TV engineer trying to solve a problem of network with our equipment. I'm not a network engineer.
I'm trying to follow the VMWareKB: "Troubleshooting connection problems network using the Protocol ARP (Address Resolution)" I'm just trying to check the ARP table exists on our ESX Server and has some entries.
KB said running 'arp - a' for a list of the ARP table.
To do this, I need to open a service console. I have now read articles 3 or 4 on the use of the Service Console but I am still unable to open it to run the command. I do not understand what I am doing wrong, I am incredibly stupid or miss me something completely.
An article said, press 'Alt F1"exactly where I am doing this? A virtual machine is connected to the ESX? An article said "to VIM summary screen' I tried logging on the virtual machine and point a web browser on the server, I get a screen of welcome of ESX with link"Connecting to Web Access", when I click on it I get"Internet Explorer Can t Open The Web page.
I had a look at VIM, I can see the details of the Vswitch network on the configuration page, including the IP address of the console service. Can't see how to open a service console. VIM of pointing at the address for service console is unable to do anything.
I just need to know how to open the Service console and check the tables of ARP based on the KB.
Please dumb down of your responses to me!
The fundamental problem is about some units of electric distribution that we use to power the equipment in the racks. They have a network connection which we track using Virtual Machines to the report of a third person of monitoring and control software. The virtual machines are running alarm software driver used to report to the third party. The virtual machine is on a blade server.
We have a problem where a unit of the IML has been replaced but configured with incorrect default gateway address. In the hours to do so, the monitoring and control software lost connection to ILM and one by one, all units of the IML began to send the ARP requests - "who has 10.172.248.254'.
Finally, the MDU constantly send ARP requests and the MDU have lost connectivity to the virtual computer. If we open the VM machine, follow up and a MUD, the ping command ping fails, if we put a laptop in place an ILM and ping the machine VM, the ping works fine.
If power us off/on the ILM voltage they are good, but we are a 24/7 operation and power cycling the MDU is considered risky.
We have had this problem before and the only solution was to rebuild the virtual machine and assign all MDU to a new network address.
All switches ILM is connected (foundry Falstron GS) have been verified by the support of our network guys and we are told are all good. The blade server hosts about 20 VM and they work just fine from other systems SNMP traffic monitoring.
If anyone has any ideas I'm all ears.
Hello
As stated, the console is the administration interface that you can use directly on the hardware. It is not a VM (as such) that connect you with the standard management GUI. You can SSH in the network or you can be "physically connected" as you say (I would use HP SIM or the ILO to connect directly to the blade). Once you have that screen upward, press 'Alt + F1' and you connect. Then you should be able to follow the KB to check the ARP table.
See you soon,.
-
Slow performance NFS (16 MB/s) of the Service Console
I'm trying to set up an environment with ghettoVCB but I have problems with the flow to the NFS share.
My configuration:
ESXi host:
ESXi 4.0.0 164009
Reference Dell R710 with 8x300GB 10 k SAS.
NAS server:
Nexenta 3.1.0
Dell PE2950 with 6x2TB Sata
Local write on the nas performance is around 230 Mbps. tested by running these two commands in two different sessions of PuTTY:
zpool iostat tank 5 dd if=/dev/zero of=sometestfile2 bs=1024000 count=5000
Zpool iostat output:
capacity operations bandwidth pool alloc free read write read write ---------- ----- ----- ----- ----- ----- ----- tank 7.59G 10.9T 0 0 0 0 tank 6.74G 10.9T 0 709 0 64.2M tank 8.11G 10.9T 0 2.06K 0 235M tank 9.62G 10.9T 0 2.07K 0 254M tank 10.8G 10.9T 0 1.81K 0 219M
Switch dedicated for storage area network:
Cisco 3750 with mtu 9000 system
Nexenta hosts both ESXi are connected to the switch with network cards with Jumbo enabled frames.
I created an NFS share and mounted as a data store in ESXi. When I run the command "dd" even the service console, I get this:
tank 6.94G 10.9T 0 178 0 16.9M tank 7.03G 10.9T 0 190 0 16.2M tank 7.11G 10.9T 0 180 0 17.0M
To test another way, I created a vmnic in the vSwitch dedicated for nfs and then attached this nic to a guest vm under Debian. I mounted the same nfs share and run the same command "dd":
splunk01:mount 192.168.XXX.XXX:/volumes/tank/vmbackup /mnt/nas0 splunk01:/mnt/nas0# dd if=/dev/zero of=sometestfile4 bs=1024000 count=5000 5000+0 records in 5000+0 records out 5120000000 bytes (5.1 GB) copied, 56.1965 s, 91.1 MB/s splunk01:/mnt/nas0#
zpool iostat output:
admin@nas0:~$ zpool iostat tank 5 capacity operations bandwidth pool alloc free read write read write ---------- ----- ----- ----- ----- ----- ----- tank 8.73G 10.9T 0 1 5.72K 143K tank 8.73G 10.9T 0 0 0 0 tank 8.73G 10.9T 0 389 0 47.5M tank 9.49G 10.9T 0 684 0 80.7M tank 4.24G 10.9T 0 702 0 84.6M tank 4.63G 10.9T 0 780 0 92.7M tank 4.63G 10.9T 0 750 0 91.1M tank 5.74G 10.9T 0 820 0 98.4M tank 6.27G 10.9T 0 729 0 87.9M tank 6.27G 10.9T 0 756 0 91.1M tank 7.28G 10.9T 0 785 0 94.9M tank 7.80G 10.9T 0 694 0 83.6M tank 7.80G 10.9T 0 801 0 96.6M tank 8.74G 10.9T 0 595 0 69.2M tank 8.74G 10.9T 0 0 0 0
So there is clearly no problem on the side of Nexenta.
What I am doing wrong?
Is there a problem with this build exakt?
Andreas
Hello
you try this optimalizations in the GUI:
1 / disable ZIL
Settings-> preferences-> system
Sys_zfs_nocacheflush Yes (default: No.)
WARNING: it is dangerous without UPS2 / disable Nagel algoritm
Settings-> preferences-> network
Net_tcp_naglim_def 1 (default: 4095)3 / adapt for HDD SATA
Settings-> preferences-> system
Sys_zfs_vdev_max_pending 1 (default: 10)4 / disabling synchronization
Data-> actions-> folder xxx management
Turning off synchronization (default: Standard)
-
separate the vlan for the service console and vkernel
Hi all
I need to restructure my environment uat and dev, keeping both under vcenter even. I run the machine with 4 NICs (currently using 2 each for sc + vk & vm port with eather channel gp). The reason behind this is that we have stored separately (using nfs) in uat and dev segment to be used by the servers (virtual and physical) in the respective segment. I'll take 2 clusters as uat and dev. wanted to help the same regardeing
- wanted to know if I can get my service console and vmkernel running on VLANs separate as shown below
- UAT cluster
- SC - 10.10.11.x
- VK - 10.10.12.x
- dev cluster
- SC - 10.10.11.x
- VK - 10.10.50.x
- UAT cluster
kindly let me know for further information on above, any other suggestion on above will be useful
Yes your SC and VMkernel networks running on different VLANS will work - it is a best practice.
- wanted to know if I can get my service console and vmkernel running on VLANs separate as shown below
-
Can I create a second service console in ESX 2.5.5?
Can I create a second service console in ESX 2.5.5?
Yes, I did in ESX 3. +, but I can not find/check it's ok in ESX 2.5.
Procedures, orders or comments appreciated.
ALL POINTS WILL BE AWARDED.
No, you can not - the service in ESX 2.x actuallys console loads before the vmkernel and has control over its own NETWORK card and the physical memory - in esx 3.x (vSphere) the VMkernel charge first and provides these resources to the service console allowing you to create several service console ports -
If you find this or any other answer useful please consider awarding points marking the answer correct or useful
Maybe you are looking for
-
I want to use my old imac as a screen for my new macbook pro. Should what cable I use?
My imac has a port mini screen but my macbook pro is not, however, it has a bolt of lightning and a HDMI port. What is the best way to connect them?
-
Satellite P100-426 - which audio driver I need for Windows 7 64 bit?
Hello I installed Windows 7 64 bit for my P100-426. It was no problem but I can not foud a driver for the sound chip and I do not know the sound chip that is on board. Maybe someone can help me. Thank you very much. sven_lee
-
Satellite C screen goes blank and only the visible mouse pointer
Hello My laptop Windows 8 is a couple of months Today, when I try to start it shows the splash screen and then the screen turns black with only the pointer of the mouse showing. I can move the pointer on the screen, but windows does not load.
-
Compaq 6370 b: sp54179 graphic driver HP package has Trojan
Yesterday, I downloaded HP Graphics Driver package sp54179 for my laptop Compaq 6370 b (Windows 7 Pro x 64 with SP1). After installing this package of HP, Microsoft Security Essentials antivirus detected and auto-supprimer this Trojan:Win32 / Peals.
-
Search for Tungsten E2 drivers for Vista 64-bit of the system
Please can someone help me find the drivers for a Palm Tungsten E2 load the Windows Vista 64-bit operating system? I have a lot of drivers loaded on my computer that work well with my Vista 64-bit operating system. What is so difficult for the creati