My group is in the process of deploying multiple vCloud Director instances and as such I thought it would be a good idea to download and test out the vShield product suite, which is one of the required dependencies for vCloud Director. To date, my group has never had a need for vShield Manager as we use another software firewall to perform the same functions. I work more closely on the systems side of the house and as such I am not always involved with all the networking projects going on. With all of the problems experienced by the network team (no fault of there own) deploying software firewalls (all fault here) in the past, I thought it would be a good idea to be involved with vShield from the beginning.

vShield is comprised of one or more of the following components:

• vShield Manager (one required per vCenter Server, free) - vCenter Server like management tool for all vShield products
• vShield Zones (one per host, free) - firewall for traffic between VMs
• vShield Edge (requires license) - provides edge security including LB, NAT, and VPN as well as gateway services
• vShield App (one per host, requires license) - interior, vNIC level firewall for all traffic between VMs even if they are on the same host
• vShield Endpoint (one per host, requires license) - introspection-based antivirus solution

For testing purposes, I decided to deploy a vShield Manager appliance as well as a vShield Zones appliance. Deploying the vShield Manager appliance is simple and since the VM is small the task takes very little time to complete. I powered on the VM and was surprised to find that the VM booted to a login in prompt and no other information was displayed. It was only upon reading the quick start guide that I realized I needed to:

• Log into the VM with admin/default
• Type: enable
• Enter the admin password
• Type: setup
• Follow the prompts

I recently ran into an issue where I needed to diff two files and determine what text was different though I did not want text to be marked as different if it appeared on different lines. As an example, if I had the below two files, I wanted diff to return nothing

$ cat file1 
Some text Blah 
$ cat file2 
Blah Some text

To my surprise, when I ran diff it returned:

$ diff file1 file2 
1d0 < 
Some test 
2a2 > 
Some test

Looking at the diff man page, the only relevant option I could find was --ignore-all-space, but this flag had no impact on the result of the command. The reason why this option did not work was because it only removed spaces on the same line between the files. For example:

$ cat file3 
Some text 
$ cat file4 
S o  me tex t 
$ diff file3 file4 
1c1 < 
Some text 
--- >
S o  me tex t 
$ diff --ignore-all-space file3 file4 
$

Now, you may be wondering why I desired the functionality to diff two files with the same text on different lines. I was trying to create a configuration synchronization script, but I learned that the configuration output was different depending on what order commands were executed on the device. In my particular case, the two devices I was comparing were initially configured differently so the lines did not always match up.

So how do you compare two files where the text is the same, but the text appears on different lines?

In case my blog post a couple days ago did not give it away, I am happy to announce after four months, I am back and I have a lot to blog about! When I initially started blogging back in January of last year, it was a long time in the making and I had a goal to publish two blog posts a week. This became exceeding difficult as my job began requiring me to travel for weeks at a time. As such, I had to stop blogging for awhile and unfortunately did not even have the time to put up a post stating my second hiatus. Toward the middle of December I finally began to get some free time, but then had to work on a server migration for my site (more on this in a future post), which made it such that I could not post on my blog. The good news is that everything is back in order and I have found some time to begin blogging again. The other good news is even though I have not been blogging for the last several months, I have been taking notes on things I think would make good blog posts. This means I have plenty of material for the next few months. So for those who regularly follow me thank you and to everyone reading this stay tuned as I have a lot of interesting material that will be going up soon!

As you all know by now, ESXi comes with SSH, which VMware now refers to as Tech Support Mode, disabled. The reasons behind this include security and the removal of the service console. While the service console has been removed, a shell called BusyBox remains. According to VMware best practice, SSH should not be enabled as it should not be needed. Of course, customers require this kind of access to install agents and to troubleshoot problems. VMware's response was to enable remote access to the systems via vCenter Server, vMA, or an API and to recommend reinstalling ESXi should troubleshooting become necessary. If you want to read more about this, I would recommend seeing Duncan's post over at yellow-bricks: http://www.yellow-bricks.com/2010/03/01/disable-tech-support-on-esxi/.

Recently, I ran into an issue where several potential ESXi bugs were discovered, which required SSH access to the ESXi host as the logs were lacking information (one of the reported bugs) and the commands that needed to be executed could not be done remotely (e.g. df -h). As such, I was asked to enable SSH on 64 ESXi hosts. Performing this task manually was not an option so I turned to PowerCLI to automate the task.

This raises the question, how do you enable SSH on ESXi via PowerCLI?

It is with mixed emotions that I bid farewell to my beloved PmWiki website. At this point, the transition to Joomla is complete and I have made the decision to remove the link to my old wiki-based website. While I will continue to use PmWiki for small projects in the future, Joomla will become my platform of choice for larger website design going forward.