Nuffnang

Sunday, September 22, 2013

vSphere 5.5 : Technical Details


Improved Security

There's no longer a dependency on a shared root account when using the ESXi Shell. Local users who are assigned administrative privileges automatically have full shell access—there's no need to "su" to run commands as the root user.

Extensive Logging and Auditing

vSphere 5.5 logs all user activity from both the Shell and the Direct Console User Interface under the user's account. This logging ensures user accountability and makes it easy to audit user activity.

Enhanced vMotion

Live virtual machine migration allows you to combine vMotion and Storage vMotion into a single operation. For small virtual infrastructure implementations, combined vMotion migration means that the entire virtual machine (memory, CPU and disk) moves from one host to another. In larger environments, enhanced vMotion means that you can live-migrate entire virtual machines from one cluster to another, even if those clusters don't share storage.

New Virtual Hardware

vSphere 5.5 introduces a new generation of virtual hardware with virtual machine hardware version 9, which includes the following features:

    Virtual machines can now support up to 64 virtual CPUs.
    Virtual machines can support up to 1 TB of RAM.
    New Advanced Host Controller Interface (AHCI) supports up to 120 devices per virtual machine.
    Maximum VMDK size increased to 62TB.
    Guest OS Storage Reclamation returns disk space to the storage pool when it's de-allocated from within the guest OS.
    Improved CPU virtualization by exposing more information about the host CPU architecture to virtual machines. This improved CPU exposure allows for better debugging, tuning and troubleshooting of operating systems and applications within the virtual machine.

Active Directory Integration

You can join vSphere hosts to your Active Directory domain. Once added, Active Directory handles user authentication and removes the need to create user accounts on each host.
Centralized Management of Host Image and Configuration via Auto Deploy

Combining the features of host profiles, Image Builder and PXE, vSphere Auto Deploy simplifies host installation and upgrade. The Auto Deploy library centrally stores all vSphere host images. Administrators can automatically provision new hosts based on user-defined rules and host rebuilds are as simple as a reboot.

Stateless Firewall

vSphere ESXi now features a service-oriented and stateless firewall, which you can configure using the vSphere client or at the command line with ESXCLI. The new firewall engine eliminates the use of IPTABLES and allows administrators to define port rules for services. Additionally, you can specify IP ranges or individual IP addresses that can connect to host services.

Saturday, September 14, 2013

Protect DNS

Best practice protection approaches for DNS software are as follows:
• Running the latest version of name server software, or an earlier version with appropriate patches
• Running name server software with restricted privileges
• Isolating name server software
• Setting up a dedicated name server instance for each function
• Removing name server software from nondesignated hosts
• Creating a topological and geographic dispersion of authoritative name servers for fault tolerance
• Limiting IT resource information exposure through two different zone files in the same physical name server (termed as split DNS) or through separate name servers for different client classes.

Sunday, September 8, 2013

What versions of BSD are available

In contrast to the numerous Linux distributions, there are only four major open source BSDs. Each BSD project maintains its own source tree and its own kernel. In practice, though, there appear to be fewer divergences between the userland code of the projects than there is in Linux.

It is difficult to categorize the goals of each project: the differences are very subjective. Basically,
  • FreeBSD aims for high performance and ease of use by end users, and is a favourite of web content providers. It runs on a number of platforms, including i386™ based systems (PCs), systems based on the AMD 64-bit processors, UltraSPARC® based systems, systems based on Compaq's Alpha processors and systems based around the NEC PC-98 specification. The FreeBSD project has significantly more users than the other projects.
  • NetBSD aims for maximum portability: of course it runs NetBSD. It runs on machines from palmtops to large servers, and has even been used on NASA space missions. It is a particularly good choice for running on old non-Intel® hardware.
  • OpenBSD aims for security and code purity: it uses a combination of the open source concept and rigorous code reviews to create a system which is demonstrably correct, making it the choice of security-conscious organizations such as banks, stock exchanges and US Government departments. Like NetBSD, it runs on a number of platforms.
  • DragonFlyBSD aims for high performance and scalability under everything from a single-node UP system to a massively clustered system. DragonFlyBSD has several long-range technical goals, but focus lies on providing a SMP-capable infrastructure that is easy to understand, maintain and develop for.