Quantcast
Channel: VMware Communities: Message List
Viewing all 212807 articles
Browse latest View live

DMZ Setup - Separate vSwitch or Port Group Better?

December 13, 2019, 7:19 am
$
0
0

Please see attached images.  Example A is a single port group, and example B is using two separate vSwitches. Are there any advantages to creating a separate vSwitch just for DMZ traffic over just placing DMZ traffic in a separate port group and using overrides to assign specific pNICs to each port group?

 

We can assume that proper redundancy will be present everywhere, and that the same ESXi host will serve both production and DMZ traffic.  Also assume that the DMZ traffic will be plugged into a physical firewall.  Each port group is a separate VLAN.  Again, if a single vSwitch would be used, we would dedicate specific pNICs to each port group appropriately via overrides so that the DMZ port group could not share the pNICs of the others.

 

I suppose I don't see any real difference in having a separate vSwitch vs doing port group overrides.  I don't believe one is any more secure than the other, but happy to learn otherwise!  Perhaps this is just preference and whatever is easier to manage?  I can imagine if I had 10 different DMZ VLANs that extra configuration would be required if the same vSwitch is used over just sticking those port groups on the switch and not worrying about where each pNIC was connected.  Any articles specific to security would be appreciated!

 

Thanks!

Search

Re: Slow login/Performance App volumes with Symantec client installed

December 13, 2019, 7:22 am
$
0
0

Hi, everybody,

 

I am a little pleased to hear that we are not the only ones with this problem.

 

After a few months of troubleshooting we have only achieved small results. From the current support calls of Symantec and VMware no rootcause has been found yet. We have delivered many gb of logfiles and videos. Procmon, WPA,XPerf, Wireshark. You name it... 

 

Both Symantec and VMware indicated that no other support calls are registred with this specific problem. Well that was not true, but maybe difficult to find?  For now the only thing what is seen is there are extremely high CPU spikes and Symantec scans a lot of registry entries. The filter drivers of Symantec, App Volumes and DEM all want to use their resources probably at the same time. Due to the spectre and meltdown patch the performance degradation in this combination is severe. 

 

By accident we found out that symantec didn't work at all !!  Every thing looked fine. The client was healthy from de management server point of view, but stopping and then starting the smc.exe resulted in a crash. A simple EICAR virus test was not even detected !! Through exceptions in the snapvol.cfg we got symantec working properly.  We want to have these exceptions validated by VMware. There is a PR opened up for this.

 

Since Symantec is working now we see better (not optimal) startup times of thinapps in an app stack . Login times unfortunately not. We declared all de collected log files to be unreliable, because the symantec client did not work at all. And so the exceptions and exclusions may not have worked at all.  We collected all log files again recently.

 

I will update you when we hear something back from Symantec or VMware.

Re: Output in Invoke-VMScript unreadable

December 13, 2019, 7:27 am
$
0
0

My script text very simple, but not working:

 

-Scripttext "net use Y: \\10.2.0.254\D /user:Administrator Mypass /persistent:no
mkdir C:\rollup
copy Y\* C:\rollup"

 

the problem is that net use does not work. I see only unreadable output, like

ScriptOutput

-----------------------------------------------------------------------------------------------------------------------|  ���।�������� ������: &

.

-----------------------------------------------------------------------------------------------------------------------

 

This output is Cyrillic

Re: Can't boot into Android VM in VMWare Fusion on Mac

December 13, 2019, 7:35 am
$
0
0

Awesome, Wila!  I got it to work that was as well.

Can't connect, but I think that's due to my work laptop and how things are locked down.  I'll have to try at home.  Got it to boot into the GUI and start the whole Android welcome process at least. 

Re: Force Data Collection via REST API

December 13, 2019, 7:37 am
$
0
0

OK, I made some progress.  Actually the syntax is closer to what Ilian recommended,

 

When I entered the body like this

{

"parameters": [

    {

      "value": {

        "sdk-object": {

          "type": "vCAC:VCACHost",

          "href": "https://vraportal.ssilab.local:443/vco/api/catalog/vCAC/VCACHost/2c3e62cb-d874-40d9-afa1-893456ff7c0d/",

          "id": "2c3e62cb-d874-40d9-afa1-893456ff7c0d"

        }

      },

      "type": "vCAC:VCACHost",

      "name": "host",

      "scope": "local"

    }

  ]

}

 

I get a 202 return.  And I can see the script executed.  But it failed with the following errors:'

 

2019-12-13 10:35:08.797] [E] Error in (Workflow:Force data collection synchronous / Scriptable task (item1)#4) java.lang.NullPointerException

[2019-12-13 10:35:08.813] [E] Workflow execution stack:

***

item: 'Force data collection synchronous/item1', state: 'failed', business state: 'null', exception: 'java.lang.NullPointerException (Workflow:Force data collection synchronous / Scriptable task (item1)#4)'

workflow: 'Force data collection synchronous' (3d4ad4fc-1461-47e0-ad43-59b4c431016f)

|  'input': name=host type=vCAC:VCACHost value=dunes://service.dunes.ch/CustomSDKObject?id='2c3e62cb-d874-40d9-afa1-893456ff7c0d'&dunesName='vCAC:VCACHost'

|  'no outputs'

|  'no attributes'

*** End of execution stack.

 

So it seems the script wants to know about output parameters and attributes.  But when I provide them I get and error 400

Re: Slow login/Performance App volumes with Symantec client installed

December 13, 2019, 7:42 am
$
0
0

Hi Scarlito,

 

I was wondering what would happen if you tried to stop your SEP client with the smc.exe -stop command and then try to start it again (smc.exe -start)?

When I do this in our environment I see that the SEP client will not start up anymore.

 

I'm not exactly sure but I think the service was running in service.msc, but the client said something different. The only way to start the client was rebooting.

 

We also saw that a simple EICAR test virus was not detected even when the SEP client was running and the GUI indicating that the computer was protected. Can you try this as well?

 

Because of all these behavior we added some exceptions in the snapvol.cfg for the SEP client. These exceptions have solved the problem that the client could be restarted/stopped and also that a test virus was detected again.

 

As a result of these actions the performance improved when starting applications (30+ to 14~18 seconds) and very minimal when logging in. Maybe it reacts differently for you.

 

By the way, is your case closed at Symantec or is it still under investigation?

 

I look forward to your response.

Re: Output in Invoke-VMScript unreadable

December 13, 2019, 7:43 am
$
0
0

On the Windows 2008 R2 cmd what return results from wmic os get locale, oslanguage, codeset ?

two vra/vro instance in the same vcenter

December 13, 2019, 7:45 am
$
0
0

Hello,

 

I have a simply question,

i have searched in the documentation for this case but not result

It's possible to have 2 instance of vra/vro (7.3) connected on  the same vCenter (6.0u3)

There is no incompatibility ?

 

Thanks

Search

Re:help with calling ServiceInstance: retrieveInternalContent() using pyvmomi

December 13, 2019, 7:45 am
$
0
0
I think retrieveInternalContent() is not public. Only this can be retrived: 

RetrieveServiceContent

Re: Force Data Collection via REST API

December 13, 2019, 7:45 am
$
0
0

I finally got it working.  It seems my ID of my sdk-object was wrong.  Studying vRO i could deduce this and now the script can execute successfully

 

{

"parameters": [

    {

      "value": {

        "sdk-object": {

          "type": "vCAC:VCACHost",

          "id": "cd4edfad-5154-4f80-bdcc-11b902693ce4"

        }

      },

      "type": "vCAC:VCACHost",

      "name": "host",

      "scope": "local"

    }

  ]

}

 

Thanks all for your helpful posts

Re: Force Data Collection via REST API

December 13, 2019, 7:47 am
$
0
0

As you already figured out, there are some small but important differences in the body when you start an execution vs when you examine an existing execution (eg. "parameters" vs "input-parameters"/"output-parameters").

 

When you start a new workflow execution, you have to provide only the input parameters, using "parameters" element.

 

The last failure you got reports that there is a null pointer exception on the fourth (fifth, in fact) line in the scripting code of scriptable task element item1 in this workflow. To continue further, you need to check:

  • what's on this line in this particular scriptable task (this could give some ideas what could be the problem)
  • check the vRO server.log file to see if there is a Java exception trace for this error (this could point to the exact location in the code where the error is thrown)

Re: two vra/vro instance in the same vcenter

December 13, 2019, 7:47 am

Re: Output in Invoke-VMScript unreadable

December 13, 2019, 7:55 am
$
0
0

LucD

I use Windows Server!

 

DCasota

Codeset    Locale   OSLanguage

1251         0419      1049    

Re: DMZ Setup - Separate vSwitch or Port Group Better?

December 13, 2019, 7:56 am
$
0
0

You can indeed configure this in both ways.

However, since - from what I understand - the DMZ vmnics are plugged into the physical firewall, i.e. not into the same physical switches as the other vmnics, I'd create a separate vSwitch.


André

Re: could i install vCSA 6.7 in ESXI 6.5 environment?

December 13, 2019, 7:56 am
Search

Re: Output in Invoke-VMScript unreadable

December 13, 2019, 8:05 am
$
0
0

Is the return result from the guest OS VM or from the Invoke-VMScript side ?

Re: Output in Invoke-VMScript unreadable

December 13, 2019, 8:17 am
$
0
0

You may give a try to Powershell and Cyrillic in the console (updated) . To work on a Linux box (as assumed from @LucD !) might avoid culprit of Powershell ISE visualization of Cyrillic on a Windows box.

However, it has nothing to do with the net use error you mentioned before. Check connectivity, IP, share with user privileges set.

VHA file from Health Analyzer

December 13, 2019, 8:24 am
$
0
0

What program do you use to open this file?

Re: Dead keyboard & trackpad upon wake from sleep after Catalina upgrade

December 13, 2019, 8:28 am
$
0
0

This is probably a reasonable idea (disabling Bluetooth sharing) for desktop machines. But I don't believe the keyboard/trackpad in a MacBook is bluetooth-connected. (Someone correct me if wrong.)

 

Either way, I took it a step further and have started outright removing the USB controllers from my VMs. So far so good, but the unreliable nature of this bug obviously makes it hard to prove my method is foolproof.

Re: Dead keyboard & trackpad upon wake from sleep after Catalina upgrade

December 13, 2019, 8:35 am
$
0
0

Hi,

 

No it isn't, neither is anybody complaining about their bluetooth devices no longer working, but there's a bluetooth error when the problem is happening.

I mentioned this as it looks like the bluetooth stack is part of the USB logic for VMware and there's a reasonable chance that it is blocking in certain cases.

For example because there's no bluetooth at the host, the code gets locked up in the bluetooth detection logic and thereby causes trouble for your keyboard & trackpad to function.

I've also seen a few other bluetooth problems pop up here at the forum for the 11.5.x release.

 

My suggestion is less invasive to test and would isolate the issue a bit more (if it helped).

However if you're not using USB in your guest then I guess your solution works too.

At least it appears to point into the correct direction.

--

Wil

Viewing all 212807 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>