Tag Archives: ESXi

Performance impact of snapshots

VMware recommends using a snapshot for a maximum of three days. The main reason for justifying this recommendation is related to disk space: snapshots can grow quickly on disk-intensive virtual machines.

But if you read carefully you can also find some performance-related risks. Interesting! We all know more or less that disk performance can be impacted by snapshots. But in which proportions? In order to get some clues, we are going to run some tests and evaluate the performance impact of snapshots by ourselves.

You might be surprised!

Continue reading

The future of Transparent Page Sharing

A recent research study has unveiled a security risk in Transparent Page Sharing (TPS), as acknowledged by VMware in kb2080735.

The researchers were able to discover that from a virtual machine A, an AES encryption key could be retrieved from machine B. While the steps to achieve this seem difficult to reproduce, the risk is real. In fact, the risk is so real that VMware decided to disable TPS for all future versions of ESXi, as well as all current versions for the next update release.

For example, version 5.5 is currently in update 2: TPS will be disabled with update 3. More exactly, inter-vm page sharing will be disabled per default. Pages can still be deduplicated within a virtual machine world, for a much smaller benefit of course.

Until these new releases hit the market, patches are available for those who wish to disable TPS in versions 5.5 and 5.1. And a patch is coming for version 5.0.

Continue reading

Automate the reset of the IPMI System Event Log

Last time we discovered a new localcli command to clear the IPMI SEL Event Log after the “”Host IPMI Event Log Status” error. This time, we are going to automate this command with a script, so that future errors will be handled automatically.

Basically, the script is going to:

  • identify which servers have the IPMI alarm active.
  • for these servers, enable SSH.
  • connect with plink (think: putty on command line) and run the commands that will reset the IPMI System Even Log.
  • disable SSH.

Continue reading