Rynardt Spies

Rynardt Spies


I am delighted to say that I have received confirmation that I had been awarded a VMware vExpert 2010 award. I am humbled and honored to be included in the program for a second year running. Thank you VMware!


According to the vEXPERT Landing Page  "The VMware vExpert Award is given to individuals who have significantly contributed to the community of VMware users over the past year. vExperts are book authors, bloggers, VMUG leaders, tool builders, and other IT professionals who share their knowledge and passion with others. These vExperts have gone above and beyond their day jobs to share their technical expertise and communicate the value of VMware and virtualization to their colleagues and community."


Well, it seems like telecoms has become yet another obstacle again for www.virtualvcp.com. Today I've had to make a call to BT (the main UK landline provider) as my ADSL line picked up a fault over the weekend. For this reason, I regret to say that www.virtualvcp.com might be unavailable at times as the ADSL connection might drop off every now and then. BT is due to fix the issue tomorrow.

I am glad to report that BT Openreach has fixed the problem with the ADSL line that supports virtualvcp.com. The site is back online now!

Tagged under

This article forms part of the Replacing vSphere SSL Certificates series.

Before you continue with the following procedure, ensure that you have completed Step 1: Prepare OpenSSL and Microsoft CS

We will be using OpenSSL to generate a new RSA key. We will then use this key to generate a new SSL Certificate Request that we can submit to the Microsoft Certificate Authority that we have created in Step 1.

 On the SSL Server that we have prepared in Step 1, Open a new command prompt window and change directory to the “C:\OpenSSL-Win32\bin” directory.

Published in VMware vSphere
Tagged under

This article forms part of the Replacing vSphere SSL Certificates series.

In order to request and self sign new SSL certificates for VMware vCenter Server 4.x and VMware Update Manager we will need to get a certificate authority up and running. For this lab, we will use a Microsoft Windows 2003 Server running Microsoft Certificate Services as our Certificate Authority. Although we will be using Microsoft Certificate Services to sign the new SSL Certificates, OpenSSL will be used to generate the SSL Certificate Requests that will be submitted to the Microsoft Certificate Authority.

To build the SSL CA Server we will need to have the following software components:

  • A Windows 2003 Server
  • Microsoft Internet Information Services (IIS) enabled
  • Microsoft Certificate Services Installed
  • Visual C++ Redistibutable (Download this from here )
  • Win32 OpenSSL V1.0.0 Lite (Download this from here) 

For this example I have prepared a Windows 2003 Server called LABSSL01 and I've also added the server to the LABS.UK.VIRTUALVCP.COM domain. So, the FQDN of our SSL Certificate Authority server for this example will be: labssl01.labs.uk.virtualvcp.com.

Preparing the server for Microsoft Certificate Services

The first thing that we will need to get in place is IIS. We will use IIS to access the Microsoft Certificate Services Web Portal. The web portal will be handy to:

  • Submit new SSL Certificate Requests to the Microsoft CA
  • Download the signed SSL Certificates
  • Download the CA Root Certificate to client machines

We will be installing the IIS and Certificate Services components at the same time.

Using Add or Remove Programs from the Windows Control Panel, Click the Add/Remove Windows Components Button:


Select "Application Server" and click "Details". Then select the following components under "Application Server"

  • Application Server Console
  • Enable network COM+ access
  • Internet Information Services


Once the components have been selected, Click OK.

With the IIS components now selected, we can go ahead and select the Certificate Services components as well.

Select "Certificate Services", then click "Details"


The Certificate Services components dialog opens. Select the following components before clicking "OK":

  • Certificate Services CA
  • Certificate Services Web Enrollment Support


When Certificate Services CA is selected, the following message will appear. Click "Yes" to continue


Now that both IIS and Certificate Services components have been selected, click "Next".


As we are installing a new Certificate Authority, we need to provide some information for the new Certificate Authority.

For the CA type, select "Stand-alone root CA" and click "Next" 


Now it's time to supply information that will identify the new Certificate Authority. The information provided here will also be included in each SSL certificate that the new CA will sign in the future.

At least the "Common Name for this CA" field should be completed as well as the "Validity period" field.


At the Certificate Database Settings dialog, keep the default settings and click "Next"


A message will appear stating that in order to complete the installation, Internet Information Services must be restarted. Click "Yes" to acknowledge this message.


You may also be presented with a message requesting that ASP be enabled. Click "Yes" to enable ASP now.


During the installation, you may be prompted for the Windows 2003 Installation CD. Please make sure that you have this handy in order to complete the installation of IIS and Certificate Services.

When the above steps have been completed, your server will be an ASP Web Server as well as a Certificate Authority capable of signing new SSL Certificates. However we will still need to install OpenSSL for Windows. OpenSSL is used to generate new SSL Certificate requests that will be submitted to the new Microsoft Certificate Authority. In this example, our Certificate Authority is called "VirtualVCP SelfSign Certificate Authority"


 In order for your client machines to verify the authenticity of any certificates signed by your new CA, you will have to download and install the CA root certificate on each client machine. The new CA root certificate can be downloaded from http://<your-ca-server>/certserv

Installing Win32 OpenSSL V1.0.0 Lite

NOTE: Before installing Win32 OpenSSL V1.0.0 Lite, please download and install Visual C++ Redistibutable from the Microsoft Website.

Download Win32 OpenSSL V1.0.0 Lite from here

Run the Win32 OpenSSL Light installer. At the Welcome dialog, click “Next”


Select “I accept the agreement” and click “Next”


Keep the default Destination Location as “C:\OpenSSL-Win32” and click “Next”


Select "The OpenSSL binaries (/bin) directory" and click "Next"


Click "Finish" to complete the installation


This then completes the SSL Server preparation. However, as we will be issuing new SSL certificates using the SSL Certificate Authority installed on this server, we will have to import the CA's root certificate into the Trusted Root Certification Authorities store of each of the client computers that will be using the vSphere client to connect to vCenter and VUM.

Continue to the next step: Generate a new SSL Certificate Request


The following patches have been released by VMware on 27 May 2010 for VMware ESX 4 and ESXi 4. Out of the 14 patches released, 1 is rated critical:


ID: ESX400-201005401-SG  Impact: HostSecurity  Release date: 2010-05-27  Products: esx 4.0.0 Updates vmkernel64, scripts, tools etc

ID: ESX400-201005402-SG  Impact: HostSecurity  Release date: 2010-05-27  Products: esx 4.0.0 Updates VMware-webCenter-esx

ID: ESX400-201005403-SG  Impact: HostSecurity  Release date: 2010-05-27  Products: esx 4.0.0 Updates Expat

ID: ESX400-201005404-SG  Impact: HostSecurity  Release date: 2010-05-27  Products: esx 4.0.0 Updates NTP

ID: ESX400-201005405-SG  Impact: HostSecurity  Release date: 2010-05-27  Products: esx 4.0.0 Updates gzip

ID: ESX400-201005406-SG  Impact: HostSecurity  Release date: 2010-05-27  Products: esx 4.0.0 Updates krb5 and pam_krb5

ID: ESX400-201005407-SG  Impact: HostSecurity  Release date: 2010-05-27  Products: esx 4.0.0 Updates gcc packages

ID: ESX400-201005408-SG  Impact: HostSecurity  Release date: 2010-05-27  Products: esx 4.0.0 Updates bind-libs and bind-utils

ID: ESX400-201005409-SG  Impact: HostSecurity  Release date: 2010-05-27  Products: esx 4.0.0 Updates sudo

ID: ESXi400-201005401-SG  Impact: HostSecurity  Release date: 2010-05-27  Products: embeddedEsx 4.0.0 Updates Firmware

ID: ESXi400-201005402-BG  Impact: Critical  Release date: 2010-05-27  Products: embeddedEsx 4.0.0 Updates VMware Tools

ID: VEM400-201005001-BG  Impact: HostGeneral  Release date: 2010-05-27  Products: embeddedEsx 4.0.0, esx 4.0.0 Cisco Nexus 1000V VEM

ID: VEM400-201005011-BG  Impact: HostGeneral  Release date: 2010-05-27  Products: embeddedEsx 4.0.0, esx 4.0.0 Cisco Nexus 1000V VEM

ID: VEM400-201005021-BG  Impact: HostGeneral  Release date: 2010-05-27  Products: embeddedEsx 4.0.0, esx 4.0.0 Cisco Nexus 1000V VEM


Image Source: PHD Virtual

PHD Virtual continues to extend our product family to meet the expanding needs of the virtualization community. On May 6th, we announced PHD Virtual Backup for Citrix XenServer.  We are also happy to tell you that as of September, 2010 we will also offer support for VMware ESXI.

Learn more about how we  can support your current VMware backup and recovery as well as your future requirements by contacting a PHD Representative today at 1.866.710.1882!

As we continue to build on robust legacy of the award-winning esXpress 4.0, PHD Virtual’s products meet enterprise requirements for flexibility and scalability by using the virtual appliance itself to perform backups, in less time, more reliably, and at a lower cost. We are the only enterprise data protection solutions that operate independent of the hypervisor offering greater stability and more security.

PHD Virtual also provides a collaborative path to integrate with all major physical backup solutions (including products from Data Domain, Quantum, Symantec, EMC, HP, IBM, etc.) for end-to-end data protection throughout the enterprise.  Today, thousands of customers worldwide trust their mission critical data to PHD Virtual’s solutions.

Learn more about our currents products, as well as our new offering for Citrix by attending a webinar on May 19 at 2 pm EST


Last week, a colleague of mine was informed by VMware of an issue with VMware ESX 4.0 Update 1 hosting 32-bit Windows 2003 Virtual Machines with more than 3GB of RAM. the issue causes VMs with the configuration specified below to crash upon reboot.


EVER WONDER where we are headed...
Why the sun lightens our hair,  but darkens our skin?
Why women can't put on mascara  with their mouth closed? 

Why you don't ever see the headline:
"Psychic Wins Lottery"? 

Why "abbreviated" is such a long word? 

Why Doctors call what they do “practice"? 

Why you have to click on "Start"
to stop Windows XP? 

Why lemon juice is made with artificial flavour, while dishwashing liquid is made with real lemons? 

Why the man who invests all your money is called a "Broker"? 

Why there isn't mouse flavoured cat food? 

Who tastes dog food when it has a
"new & improved" flavour? 

Why Noah didn't swat those two mosquitoes? 

Why do they sterilize the needle for lethal injections?
Why they don't make the whole plane out of the material used for the indestructible black box?

Why sheep don't shrink when it rains?
Why they are called apartments when
they are all stuck together?
If con is the opposite of pro, is Congress the opposite of progress?
Why they call the airport "the terminal"
if flying is so safe? 

Tagged under

If you have seen my Chinwag with Mike Laverick, you would know that we spoke about the complexity that comes with Cisco UCS and HP Matrix. Well, I have just registered for the HP Virtual Connect Webinar Series that starts today. As we’re already got a lot of Virtual Connect customers and are likely to have plenty more in the coming months, I thought that it would be wise to familiarise myself more with the technology.  


Learn about HP Virtual Connect technology directly from the HP's experts, as they take a deep dive into the technology and innovations. See first-hand how Virtual Connect technology can simplify and converge your server edge connections, integrate into any standards based networking infrastructure and reduce complexity, while cutting your costs.


The webinars in this series will be:

  • March 30, 2010
    Virtual Connect Flex-10 Management of Connections and Bandwidth
    • HP Virtual Connect Flex-10 technology is a foundation for the virtualization capabilities offered by HP. These capabilities enable HP to provide a Converged Infrastructure without compromises. In this session, we will discuss how VC enables Insight Dynamics for ProLiant and HP/IO, how to manage the connections and bandwidth to quickly respond to change in workload. We will also discuss the economics of HP Virtual Connect Flex-10.
  • April 15, 2010
    Server Edge Virtualization
    • The evolution of the data center architecture has seen shifts towards consolidation and virtualization. HP's Converged Infrastructure vision includes a view that all infrastructure resources should be virtualized. Server edge virtualization is a key technology that can help customers simplify the way servers connect to external networks.
  • May 18, 2010
    Squashing the Myths
    • Virtual Connect is loved by customers and feared by competitors. So, let's talk about the best way to answer objections inspired by competitors.
  • June 8, 2010
    HP Virtual Connect for FlexFabric
    • In this session, you will learn how to build a Converged Infrastructure with Virtual Connect to simplify your connection environment and reduce equipment, power, cooling and management costs. Find out how Virtual Connect for HP FlexFabric uniquely converges the BladeSystem server edge using Flex-10 technology with industry standard Ethernet and Fibre Channel, without compromising your existing infrastructure and operations.
  • June 22, 2010
    Converging fabrics and reducing costs at the server edge
    • From its introduction, HP BladeSystem has delivered unprecedented innovation in the areas of data center infrastructure simplification and reduced TCO. In this session, you will hear how HP FlexFabric and Flex-10 technology enhancements will allow you to dramatically reduce the complexity, power and cost of connecting server blade enclosures to data center networks.
  • July 13, 2010
    Managing data center connections and workloads with Virtual Connect Enterprise Manager (VCEM)
    • This month's webinar will examine how Virtual Connect Enterprise Manager (VCEM) helps to streamline IT operations and improve response times by centrally managing network connections, server workloads and Virtual Connect configurations for up to thousands of servers across the datacenter. The session will include live demonstrations of core VCEM functionality.
  • August 10, 2010
    VC in small to mid-sized environments: Remote Branch, Remote office how to's
    • Virtual Connect isn't just for big data centers! It solves lots of problems for shops where the lone guy wears three hats. Or, the channel partner providing IT support for small customers. We'll show how it fits wherever you need servers connected.
  • September 14, 2010
    Server I/O virtualization in your environment
    • With millions of ports shipped, HP Virtual Connect has demonstrated unique value in simplifying the way servers are connected to networks. In this session, you will hear about the latest innovations to server I/O virtualization and how they can improve operations of server, network and storage teams with blade and rack-mount server infrastructure environments across your data center.
  • September 28, 2010
    Implementing Virtual Connect in your environment
    • Virtual Connect is the simplest way to connect servers to networks. Come learn how to deploy a converged Virtual Connect infrastructure with minimal disruption to existing data and storage networks. You will hear how to transition to a converged server edge so that you can dramatically improve the way you connect and manage servers across your data center.

If you are interested, you may go and register for the series at www.hp.com/go/VirtualConnectWebinars. Registration is free.


This may be old news but now, but for those of you who didn't know, PHD Virtual released esXpress 4.0 recently. The full press release is below:


PHD Virtual Delivers New esXpress VM Backup Solution Designed for Large Virtualization Environments

Dedicated Virtual Machine (VM) Backup Company, PHD Virtual, Offers Dramatic Performance, Ease of Use and Scalability to Seamlessly Protect Large Virtual Infrastructures 



MOUNT ARLINGTON, N.J. – March 24, 2010 —PHD Virtual Technologies, award winning provider of esXpress VM Backup, today announced the latest release of esXpress, the industry’s fastest multi-VM backup and restore solution on the market. With the unique architecture of esXpress, customers have access to the only backup and restore solution available that was custom built for large virtualized deployments.  This architecture provides customers with scalability to meet their needs along with heightened reliability when compared to other solutions in the marketplace.  This new version, developed by the only company dedicated to virtual machine backup technology, runs backups up to 20 times faster through an enhanced, single-click backup interface and simplifies restore processes through a centralized web-based restore engine that offers concurrent use by multiple users.


“PHD Virtual is laser focused on the backup and recovery needs of today’s large virtual environments,” said Thomas Charlton, president and CEO, PHD Virtual. “As a result, we have developed esXpress to be the industry’s fastest and most scalable data protection solution for the virtual enterprise. This latest release is packed with features for lightening fast performance, simplified usability and extensibility into physical backup environments with support for traditional backup solutions.”


esXpress creates small virtual machines – virtual backup appliances (VBAs) – which uniquely use the virtual environment itself to perform the backups, eliminating the need for added hardware or software resources. This latest release adds Change Block Tracking (CBT) to this powerful VBA foundation for dramatic backup and recovery performance. By reading only the blocks that have changed, and not scanning the entire virtual disk each time a backup is performed, esXpress shortens the backup window and uses considerably less data I/O while also reducing overall loads on network and SAN resources.


esXpress uniquely delivers:

  • Linear scalability – With its ability to offer 16 concurrent backups, esXpress offers unmatched performance and scalability to meet critical backup windows
  • Verifiable and Measurable Deduplication – esXpress delivers source-side deduplication to reduce network traffic, offer one-pass restores, and deduplicate data across an entire storage target.
  • Reliable Change Block Tracking (CBT) –esXpress is the only virtual backup solution that validates the CBT data for each backup, ensuring data integrity and reliability.
  • Distributed Architecture / Fault Tolerance – esXpress features a distributed architecture which does not rely on Virtual Center or any other single application to run backups, making it the only truly fault tolerant backup solution available.


Pricing and Availability

The new esXpress 4.0 is available now with pricing starting at $1,000 per host for four concurrent backup streams delivering the best price/performance for data recovery and protection in virtual environments. The product supports unlimited sockets and unlimited cores per host and no additional hardware is required.