Thursday, August 22, 2013

VMworld 2013 Live



Won’t be able to come to VMworld 2013 in San Francisco ?
It does not mean you cannot know at first hand all the news.

Register atVMware NOW to listen online the Keynote with VMware’s CEO Pat Gelsinger and learn how VMware’s latest offering will help you radically simplify IT.

Date: August 26, 2013
Time: 9:00 AM PDT

Friday, August 16, 2013

Missing users on vCloud Director

Right after my last VMware vCloud Director implementation, the client stated their users were not available.

That’s what happened:

When trying to share a vApp with another user or even changing the ownership of it, they realize that the user they want to transfer the privilege to is not available or even worst, no user is displayed at all.


 They are using the best practices for managing privileges, granting privileges on their Org based on a LPAD user’s group, but the members of that groups is also empty.



Don’t PANIC, it’s the default behavior of VMware vCloud Director, those members will just be populated and become available once they login at least once on your Organization.

Just ask them to login and soon you will see it’s name available on the group.


then you will be able to grant them the privileges you need.


If you think about it for a second, it makes perfect sense, there’s no need for vCloud to load all the users of a LDAP group for every Org upfront, just synchronizing and uploading them when they really make use of the Cloud.

Friday, August 2, 2013

Resource Intensive Operations at VMware vCloud


Part of a successfully Cloud solution is it’s level of availability and reliability.

As you might imagine, there are several layers on the solution where you need to put some thought on about it, but, today I will cover only how to prevent from a Deny of Service attack (DoS) on VMware vCloud Director from legitimate users, and with legitimate I mean users with the privilege to log in and use your Cloud, not about their intention.

What I will discuss here might be more critical to Public Clouds but it will also apply to Private Clouds.

Let’s start with an example how someone could compromise your Cloud solution:

Imagine a user that is going to deploy 50 VMs at once on their vApp.
It will probably take some time, a lot of resources will be consumed and depending on your underlying infrastructure it would fail.
Now, imagine if you have others users at the same time trying to deploy new vApps as well, you figure it out already, right ?!?!?

It could be even worst, some intentionally bad user could create a script using the VMware vCloud APIs to create internal users (assuming it’s an Org Admin) and then each user deploys dozens of VMs….. suddenly  your Cloud will be flood with requests and probably you will start facing DoS and nobody else will be able to make use of your Cloud. Big problem….

Well, VMware vCloud Director has a mechanism to prevent this kind of behavior. It’s through limiting the amount of resource intensive operations a user and an organization can perform simultaneously.

But what are the resource intensive operations in VMware vCloud ?
- Add to My Cloud
- Add to Catalog
- Copy a VM
- Move a VM

Basically everything related with provisioning and creation of new VMs.

You can set up these limits during the creation of an Organization (by default it’s set as unlimited), or you can set it later under the Org properties (Policies tab).


 There are just a few considerations you should take into account:

First, is to understand the limits of your environment. How many intensive operations your environment supports simultaneously ?

Amount of organizations you will have, let’s say your environment can support 50 simultaneous operations and you have 5 Orgs, it wise to set them with a maximum of 10 per Org.

Take into account how many simultaneous users will be deploying VMs to determine the maximum resource intensive operations per organization.

The maximum resource intensive operations per user should not be smaller than the number of VM’s you have on your biggest vApps, it’s because if your vApp contains 4 VMs and your maximum operations is 3, you would not be able to deploy it completely.

Lastly, if someone tries to run an intensive operation when the maximum has been reached, they will receive a message and will need to wait a little bit and try it again later.

I hope this helps to make your Cloud more available and reliable.

Who am I

My photo
I’m an IT specialist with over 15 years of experience, working from IT infrastructure to management products, troubleshooting and project management skills from medium to large environments. Nowadays I'm working for VMware as a Consulting Architect, helping customers to embrace the Cloud Era and make them successfully on their journey. Despite the fact I'm a VMware employee these postings reflect my own opinion and do not represents VMware's position, strategies or opinions. Reach me at @dumeirell

Most Viewed Posts

Blog Archive