VMware finally supports NFS version 4.1 and even allows Kerberos authentication. This now allows administrators to use features that were brought to the NFS kernel back in 2010. The biggest advantage in my mind is the ability to have “Multi-pathing” on your shares. You can now have multiple IP addresses associated with a single NFS mount for redundancy. In addition you can now provide more authentication for the mounts other then IP Addressing. You can now use Kerberos to authenticate the ESXi hosts. Now you must be using AD and that the ESXi host must joined to the domain, and that you’ve specified the NFS Authentication Credentials (which are in System -> Authentication Credentials on each host).
So for those who didn’t know, ESXi 5.5 u1 had a pretty seveare issue relating to NFS.
So occasionally any connections to NFS storage would end up in an All Paths Down (APD) condition. This is obviously pretty poor as things tend to break when the storage is ripped out from underneath the VMs running on the hosts.
This has been a known bug by VMware. This issue had absolutely nothing to do with Network or Storage hardware, however NetApp had come out with a patch that would help prevent the issue.
In addition ESXi 5.5 was vulnerable to the Heartbleed issues. If you read that and are confused, well you must have lived under a rock.
VMware has released 5.5 U1b that has the patches baked in. If you don’t want to do a full update, the patch is here, http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2077361
A collegue of mine has create a script that you can run on your ESXi hosts to update the server if you don’t have VUM installed. You must enable SSH to the host.
# open firewall for outgoing http requests:
esxcli network firewall ruleset set -e true -r httpClient
# Install the ESXi 5.5 pre-U1 Heartbleed Fix Image Profile from the VMware Online depot
esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-5.5.0-20140401020s-standard --allow-downgrades
# Reboot your host
Well i know i was supossed to start writing more, but things have been nuts between rebuilding our lab at work and my home life i haven’t had time.
I’m going to list my upcoming topics so that maybe i actually remember to write them….
iSCSI vs NFS Testing results on ESX 4.1
Discovery of correlation between vCPU count and VMFS write speed
Properly enabling iSCSI and connecting targets in RHEL 5
DataDomain and BOOST
My PrivateCloud Lab
Discovered issues with vCenter as a VM and running dvSwitches