On VMware vShield Zones 4.0 limitations
Dave Convery, VMware vExpert and Virtualization Architect at Anexinet, published a short but very interesting report on current limitations of vShield Zones, the firewall that VMware acquired from Blue Lane Technologies in October 2008 and that offers for free as part of vSphere 4.0 Advanced, Enterprise and Enterprise Plus editions.
He specifically mentions three shortcomings related to:
- Networking
…there is an unprotected Port Group (ORIGINAL Network). This needs to be added to the vSwitch AFTER the vShield Agent is installed. If the ORIGINAL Network is already a part of the vSwitch, it will need to be removed BEFORE installing the vShield Agent. In order to avoid an outage, you will need to disable DRS and manually vMotion all VMs off of the ESX/ESXi host before installing the vShield Agent and modifying the port groups. - DRS/HA
…with HA disabled for the vShield Agent, there is no facility for automatic startup. There is an automatic startup setting in the startup/shutdown section of the configuration settings. First, this is an all-or-nothing setting. Second…if a host fails, HA will restart all protected VMs on different hosts. If the host comes back on line, you risk having DRS migrate protected VMs back to that host. This will cause those VMs to become disconnected because the vShield Agent will not automatically start. If a host fails, hope that it fails good enough so it won’t restart. - Maintenance Mode
…you cannot power the vShield Agent off because the protected VMs would become disconnected. You cannot migrate it to a different host because it would cause a serious conflict and cause protected VMs to become disconnected. The only thing you can do is place the host in Maintenance Mode, then MANUALLY (*GASP*) migrate all of the protected VMs and then power the vShield Agent off. So much for automated patch management
Convery closes his (very welcome) report by saying that vShield Zones is a 1.x product, implying that some of the issues above are expected in a first generation product. Unfortunately it doesn’t seem the case: well before VMware acquired Blue Lane Technologies, vShield (formerly VirtualShield) already was at its 4th generation (Sep 2007). VMware acquired the startup one year later (so it’s safe to assume that Blue Lane made significant progresses in that timeframe) and had from October 2008 to May 2009 to deliver a more integrated platform.
virtualization.info Newest articles
December 20th, 2011
Oracle has released version 4.1.8 of its virtualization platform VM VirtualBox. This version which can be considered a maintenance release can be installed on top of any VM VirtualBox 4.1.x…
December 20th, 2011
VKernel, recently acquired by Quest Software has released version 4.5. of its vOperations Suite (vOps). vOperations is a suite of products providing Performance Analysis, Capacity Management, Resource Optimization, Reporting and…
December 7th, 2011
Teradici is the developer of the PC-over-IP (PCoIP) remote desktop protocol, which is leveraged in software (by VMware view) and provided with Teradici hardware solutions which are OEM’ed by several…
December 7th, 2011
Citrix has released a whitepaper titled:"Windows 2008 R2 Optimization Guide For Desktop Virtualization with XenApp 6 / 6.5", the paper which contains 23 pages outlines optimization for XenApp 6 and…
December 6th, 2011
In November Microsoft released a public beta of the Microsoft Assessment and Planning Toolkit (MAP) version 6.5. Today Microsoft announced its release, which is the follow-up of version 6.0 which…
December 6th, 2011
Open source vendor Red Hat has released version 6.2 of its Linux distribution, Red Hat Enterprise Linux. This version is the follow-up of version 6.1 which was released in May…
December 6th, 2011
Microsoft has released version 3.2 of the Linux Integration Services for its hypervisor Hyper-V. This version is the follow-up of version 3.1 which was released in July this year.
The…
November 29th, 2011
Since its first official release beginning 2009, the Virtual Session Indexer(VSI) has gained popularity as an independent benchmarking tool. One of the projects using the VSI tool is Project Virtual…
November 21st, 2011
VMware has released version 4.1 of its desktop virtualization platform for Apple Mac: Fusion. This release is considered an minor upgrade for version 4.0 which was released in September this…
November 21st, 2011
In September VMware released a new major version of its virtualization platform Workstation 8.0 and in October it released Player 4.0. Now VMware released an update for its virtualization platform…
November 17th, 2011
VMware has released version 4.7 of of its application virtualization solution ThinApp. This version includes the ability to use ThinApp packages in combination with its Software as a Service (SaaS)…
November 17th, 2011
VKernel, provider of performance and capacity management products, has announced its acquisition by Quest Software. VKernel will operate as a independent subsidiary of Quest.
VKernel entered the virtualization market in…
November 16th, 2011
Lanamark has released a new version of its Capacity Planning platform Suite, this version is the follow up of version 2010 which was released in March last year.
Suite 2012…
November 15th, 2011
In November last year, started releasing Solaris 11 Express, the development version eventually leading to the release of Oracle Solaris 11 which was released last week. Solaris is one of…
Copyright © 2003-2012 virtualization.info. All rights reserved.
virtualization.info | cloudcomputing.info | virtualization.tv | Virtualization Congress