Latest Posts



Translate

Total Pageviews

Tuesday, 25 June 2013

Thin Provisioned Disk and Microsoft Operating System

When using thin provisioned disks with Microsoft operating systems such as Windows 2008 or Windows 7, if you perform a Full Format of the disk, this will inflate the thin provisioned disk to the full size. To avoid this situation, select the option to perform a Quick Format. For more information, see the Microsoft article 941961.

Sample Configuration - Network Load Balancing (NLB) Multicast Mode Configuration (1006558)

Purpose

Setting up NLB Multicast Mode

Multicast mode does not have the problem that unicast operation does since the servers can communicate with each other via the original addresses of their NLB network cards.
Each server's NLB network card operating in multicast mode has two MAC addresses (the original one and the virtual one for the cluster), which causes some problems. Most routers reject the ARP replies sent by hosts in the cluster, since the router sees the response to the ARP request that contains a unicast IP address with a multicast MAC address. The router considers this to be invalid and rejects the update to the ARP table. In this case, you need to manually Configure Static ARP Resolution at the switch or router for each port connecting to ESX's NICs. For related information, see Sample Configuration - Network Load Balancing (NLB) Multicast mode over routed subnet - Cisco Switch Static ARP Configuration (1006525).

Resolution

These versions of Windows are recommended:
  • Microsoft Windows 2008 Server
  • Microsoft Windows 2008 R2
  • Microsoft Windows 2003 Server and later
  • Microsoft Windows 2000 Server with Load Balancing
Note: To troubleshoot issues related NLB, contact Microsoft Support.
To configure NLB in Windows Server 2003:
Note: Each NLB cluster node is required to have NLB enabled and configured with the same cluster IP address and FQDN.
  1. Go to Local Area Connection Properties > General tab > Check Network Load Balancing.
  2. Click Properties.
  3. Click the Cluster Parameters tab.
  4. Enter the Cluster IP address.
  5. Select the Multicast option.



    Note
    : Click to enlarge image.
  6. Click the Host Parameters tab
  7. Set the Priority (unique host identifier).
  8. Enter the dedicated host IP. This is the same as the NIC IP. (From the example above this would be 192.168.1.10 for the first host)
  9. Click OK.

     

    Note
    : Click to enlarge image.
  10. Select Networking Protocols TCP/IP
  11. Enter the dedicated host IP specified in Step 8.
  12. Click Advanced.
  13. Click Add.
  14. Enter the Cluster IP.
  15. Click OK.



    Note
    : Click to enlarge image.
For more information on weak and strong host behavior in Windows, see the Microsoft Technet articlehttp://technet.microsoft.com/en-us/magazine/2007.09.cableguy.aspx.
For more information on configuring Network Load Balancing (NLB) on Windows Server 2008, see the Microsoft Technet article http://technet.microsoft.com/en-us/library/cc771300(WS.10).aspx.
 
Note: The preceding links were correct as of December 16, 2011. If you find a link is broken, provide feedback and a VMware employee will update the link.

Source:-

Sample Configuration - Network Load Balancing (NLB) unicast mode configuration (1006778)

Purpose

Requirements and notes for setting up NLB unicast mode:
  • Two machines running Windows Server 2003 or later
  • Each machine should have at least two network cards and at least one fixed IP address
  • VMware recommends two adapters in each machine for best performance
  • One adapter mapped to the real IP address (Microsoft calls this the Dedicated IP), and one mapped to the virtual IP address (Microsoft calls this the Cluster IP)
  • A second network card is required for communication between the servers
Notes:
  • A benefit of unicast mode is that it works out of the box with all routers and switches (since each network card only has one MAC address)
  • In unicast mode, since all hosts in the cluster have the same MAC and IP address, they do not have the ability to communicate with each other via their NLB network card

Resolution

To configure NLB unicast mode:

  1. NLB unicast mode requires two NICs.
  2. Add two virtual NICs to NLB-configured virtual machines.
  3. Use the Add New Hardware wizard to add new hardware to the virtual machine. The virtual hardware that you add appears in the hardware list displayed in the Virtual Machine Properties wizard. The selected guest operating system determines the devices that are available to be added to a given virtual machine.
  4. Add an Ethernet adapter (NIC):

    1. Start the Add Hardware wizard.
    2. Click Ethernet Adapter, and click Next.
    3. In the Network connection panel, choose either a named network with a specified label or a legacy network.
    4. To connect the virtual NIC when the virtual machine is powered on, select Connect at power on.
    5. To complete the wizard, click Finish.
Notes:
  • ESXi/ESX vSwitch properties Notify Switches = NO
  • Unicast mode reassigns the station (MAC) address of the network adapter for which it is enabled and all cluster hosts are assigned the same MAC (media access control) address, you cannot have ESXi/ESX send ARP or RARP to update the physical switch port with the actual MAC address of the NICs as this break the the unicast NLB communication
  • ESXi/ESX vSwitch security properties must be set to default, Forged Transmits = Accept.
  • VMware recommends configuring the cluster to use NLB multicast mode even though NLB unicast mode should function correctly if you complete these steps. This recommendation is based on the possibility that the settings described in these steps might affect vMotion operations on virtual machines. Also, unicast mode forces the physical switches on the LAN to broadcast all NLB cluster traffic to every machine on the LAN. For more information on the differences, seeMicrosoft Network Load Balancing Multicast and Unicast operation modes (1006580). If you plan to use NLB unicast mode, note that:

    • All members of the NLB cluster must be running on the same ESXi/ESX host.
    • All members of the NLB cluster must be connected to the single portgroup on the virtual switch
    • vMotion for unicast NLB virtual machines is not supported (unless you want to migrate all NLB members to a different ESXi/ESX host)
  • For troubleshooting information see: Microsoft NLB not working properly in Unicast Mode (1556).
  • Unicast NLB is not supported on the Cisco Nexus 1000V Switches, except version 4.2(1) SV1(5.1) and later.

    Note: The preceding link was correct as of December 4, 2012. If you find the link is broken, provide feedback and a VMware employee will update the link.

Example screen shots:



Additional Information

Weak and strong host behavior in Windows

Windows XP and Windows Server 2003 use the weak host model for sends and receives for all IPv4 interfaces, and the strong host model for sends and receives for all IPv6 interfaces. You cannot configure this behavior.

The Next Generation TCP/IP stack in Windows Vista and Windows Server 2008 supports strong host sends and receives for both IPv4 and IPv6 by default on all interfaces, except the Teredo tunneling interface for a Teredo host-specific relay. For more information, see Strong and Weak Host Models on the Microsoft TechNet site.

Note: The preceding link was correct as of December 4, 2012. If you find the link is broken, provide feedback and a VMware employee will update the link.

To change this behavior and revert to the weak host model (which was used in Server 2003), open a Windows command prompt and run these commands:

netsh interface ipv4 set interface "Local Area Connection" weakhostreceive=enable
netsh interface ipv4 set interface "Local Area Connection" weakhostsend=enable


To verify that the changes are in effect, run this command:

netsh interface ipv4 show interface "Local Area Connection"

Where Local Area Connection is the name of the network interface obtained from running ipconfig /all from a Windows command prompt.
Source:-

Configuring CHAP Parameters for iSCSI Adapters

CHAP uses a three-way handshake algorithm to verify the identity of your host and, if applicable, of the iSCSI target when the host and target establish a connection. The verification is based on a predefined private value, or CHAP secret, that the initiator and target share.
ESXi supports CHAP authentication at the adapter level. In this case, all targets receive the same CHAP name and secret from the iSCSI initiator. For software and dependent hardware iSCSI adapters, ESXi also supports per-target CHAP authentication, which allows you to configure different credentials for each target to achieve greater level of security.
ESXi supports one-way CHAP for all types of iSCSI initiators, and mutual CHAP for software and dependent hardware iSCSI.
Before configuring CHAP, check whether CHAP is enabled at the iSCSI storage system and check the CHAP authentication method the system supports. If CHAP is enabled, enable it for your initiators, making sure that the CHAP authentication credentials match the credentials on the iSCSI storage.
ESXi supports the following CHAP authentication methods:
One-way CHAP
In one-way CHAP authentication, also called unidirectional, the target authenticates the initiator, but the initiator does not authenticate the target.
Mutual CHAP
In mutual CHAP authentication, also called bidirectional, an additional level of security enables the initiator to authenticate the target. VMware supports this method for software and dependent hardware iSCSI adapters only.
For software and dependent hardware iSCSI adapters, you can set one-way CHAP and mutual CHAP for each initiator or at the target level. Independent hardware iSCSI supports CHAP only at the initiator level.
When you set the CHAP parameters, specify a security level for CHAP.
Note
When you specify the CHAP security level, how the storage array responds depends on the array’s CHAP implementation and is vendor specific. For example, when you select Use CHAP unless prohibited by target, some storage arrays use CHAP in response, while others do not. For information on CHAP authentication behavior in different initiator and target configurations, consult the array documentation.
CHAP Security Level
CHAP Security Level
Description
Supported
Do not use CHAP
The host does not use CHAP authentication. Select this option to disable authentication if it is currently enabled.
Software iSCSI
Dependent hardware iSCSI
Independent hardware iSCSI
Do not use CHAP unless required by target
The host prefers a non-CHAP connection, but can use a CHAP connection if required by the target.
Software iSCSI
Dependent hardware iSCSI
Use CHAP unless prohibited by target
The host prefers CHAP, but can use non-CHAP connections if the target does not support CHAP.
Software iSCSI
Dependent hardware iSCSI
Independent hardware iSCSI
Use CHAP
The host requires successful CHAP authentication. The connection fails if CHAP negotiation fails.
Software iSCSI
Dependent hardware iSCSI
You can set up all targets to receive the same CHAP name and secret from the iSCSI initiator at the initiator level. By default, all discovery addresses or static targets inherit CHAP parameters that you set up at the initiator level.
The CHAP name should not exceed 511 alphanumeric characters and the CHAP secret should not exceed 255 alphanumeric characters. Some adapters, for example the QLogic adapter, might have lower limits, 255 for the CHAP name and 100 for the CHAP secret.
Before setting up CHAP parameters for software or dependent hardware iSCSI, determine whether to configure one-way or mutual CHAP. Independent hardware iSCSI adapters do not support mutual CHAP.
In one-way CHAP, the target authenticates the initiator.
In mutual CHAP, both the target and the initiator authenticate each other. Use different secrets for CHAP and mutual CHAP.
When you configure CHAP parameters, verify that they match the parameters on the storage side.
Required privilege: Host.Configuration.Storage Partition Configuration
1
Access the iSCSI Initiator Properties dialog box.
2
On the General tab, click CHAP.
3
To configure one-way CHAP, under CHAP specify the following:
a
Select the CHAP security level.
Do not use CHAP unless required by target (software and dependent hardware iSCSI only)
Use CHAP unless prohibited by target
Use CHAP (software and dependent hardware iSCSI only). To configure mutual CHAP, you must select this option.
b
Specify the CHAP name.
Make sure that the name you specify matches the name configured on the storage side.
To set the CHAP name to the iSCSI initiator name, select Use initiator name.
To set the CHAP name to anything other than the iSCSI initiator name, deselect Use initiator name and type a name in the Name text box.
c
Enter a one-way CHAP secret to be used as part of authentication. Use the same secret that you enter on the storage side.
4
To configure mutual CHAP, first configure one-way CHAP by following the directions in Step 3.
Make sure to select Use CHAP as an option for one-way CHAP. Then, specify the following under Mutual CHAP:
a
Select Use CHAP.
b
Specify the mutual CHAP name.
c
Enter the mutual CHAP secret. Make sure to use different secrets for the one-way CHAP and mutual CHAP.
5
Click OK.
6
Rescan the initiator.
If you change the CHAP or mutual CHAP parameters, they are used for new iSCSI sessions. For existing sessions, new settings are not used until you log out and log in again.
For software and dependent hardware iSCSI adapters, you can configure different CHAP credentials for each discovery address or static target.
When configuring CHAP parameters, make sure that they match the parameters on the storage side. The CHAP name should not exceed 511 and the CHAP secret 255 alphanumeric characters.
Required privilege: Host.Configuration.Storage Partition Configuration
Before setting up CHAP parameters for software and dependent hardware iSCSI, determine whether to configure one-way or mutual CHAP.
In one-way CHAP, the target authenticates the initiator.
In mutual CHAP, both the target and initiator authenticate each other. Make sure to use different secrets for CHAP and mutual CHAP.
1
Access the iSCSI Initiator Properties dialog box.
2
Select either Dynamic Discovery tab or Static Discovery tab.
3
From the list of available targets, select a target you want to configure and click Settings > CHAP.
4
Configure one-way CHAP in the CHAP area.
a
Deselect Inherit from parent.
b
Select one of the following options:
Do not use CHAP unless required by target
Use CHAP unless prohibited by target
Use CHAP. To be able to configure mutual CHAP, you must select this option.
c
Specify the CHAP name.
Make sure that the name you specify matches the name configured on the storage side.
To set the CHAP name to the iSCSI initiator name, select Use initiator name.
To set the CHAP name to anything other than the iSCSI initiator name, deselect Use initiator name and enter a name in the Name field.
d
Enter a one-way CHAP secret to be used as part of authentication. Make sure to use the same secret that you enter on the storage side.
5
To configure mutual CHAP, first configure one-way CHAP by following directions in Step 4.
Make sure to select Use CHAP as an option for one-way CHAP. Then, specify the following in the Mutual CHAP area:
a
Deselect Inherit from parent.
b
Select Use CHAP.
c
Specify the mutual CHAP name.
d
Enter the mutual CHAP secret. Make sure to use different secrets for the one-way CHAP and mutual CHAP.
6
Click OK.
7
Rescan the initiator.
If you change the CHAP or mutual CHAP parameters, they are used for new iSCSI sessions. For existing sessions, new settings are not used until you log out and login again.
You can disable CHAP if your storage system does not require it.
If you disable CHAP on a system that requires CHAP authentication, existing iSCSI sessions remain active until you reboot your host, end the session through the command line, or the storage system forces a logout. After the session ends, you can no longer connect to targets that require CHAP.
Required privilege: Host.Configuration.Storage Partition Configuration
1
Open the CHAP Credentials dialog box.
2
For software and dependent hardware iSCSI adapters, to disable just the mutual CHAP and leave the one-way CHAP, select Do not use CHAP in the Mutual CHAP area.
3
To disable one-way CHAP, select Do not use CHAP in the CHAP area.
The mutual CHAP, if set up, automatically turns to Do not use CHAP when you disable the one-way CHAP.
4
Click OK.

Thanks to Vmware Documentation