Tuesday, March 22, 2011

AUSkey compatibility with IE9, Chrome and Firefox.

AUSkey is the Australian Government’s attempt at Internet SSO for businesses. To use it, you need to download AUSkey software, which is available on the AUSkey Software page. At the moment, cross-browser compatibility is restricted to IE9 and Firefox. Here are the browsers I’ve tested so far.

 

AUSkey
1.4.0.3

AUSkey
1.3.18

Windows    
Microsoft Internet Explorer 9 RTM

image

image

Microsoft Internet Explorer 9 RTM (64-bit)

image

image

Google Chrome 10.0.648.151 beta

image

image

Mozilla Firefox 4

image

 

Mozilla Firefox 3.6.15

image

image

Apple    
Safari 5.0.3

image

 
Google Chrome 10.0.648.151 beta

image

 

If you’re using AUSkey 1.3.18, a straight upgrade to 1.4.0.3 works fine. Ensure you close your browsers before installation: the AUSkey installer caused Google Chrome to crash!

EDIT 24/3: Tested AUSkey on my Mac: it works for Google Chrome on Mac, but not Windows.

Thursday, March 17, 2011

How to install the Amazon EC2 VM Import Connector for VMware vCenter

Another day, another cloud development! Amazon have released a connector which allows you to V2V your VMware virtual machines to the Amazon cloud! Will there come a day where Amazon VPC (Virtual Private Cloud) reigns supreme and VMware has gone the way of the dodo? Will it be cheaper to pay Amazon a monthly fee rather than put ESXi on a Dell Chicken McPowerEdge? This product reminds me of the old VMware P2V Assistant (the predecessor to VMware Importer/VMware Converter) – clunky but an important element of a greater picture.

After importing a few VMs, I can say the Amazon EC2 VM Import Connector for VMware vCenter feels like a 1.0 product. It’s difficult to use and there’s a few strange design decisions, but one day we’ll be performing V2As (VMware2AmazonEC2) as regularly as we perform P2Vs. 

Anyway, back to reality. There are a few limitations with this tool.

  • The VM must be deployed into a network with a DHCP server! If you don’t have a DHCP server, you can’t deploy this appliance. This is annoying. YOU CANNOT DEPLOY THIS APPLIANCE WITHOUT A DHCP SERVER. You can assign a static IP later, but you need the DHCP server to complete installation.
  • No live conversions. You must power off your virtual machine before importing it to EC2.
  • Any VM you export to EC2 can’t have a virtual disk larger than 1TB
  • The disk of the Amazon EC2 VM Import Connector VM must be large enough to hold an image of the VM you want to export. Do you want to upload a 500gb VM? You’ll need another 500gb of staging space.
  • The Amazon Import Connector requires direct access to the internet. Proxies are not supported.
  • Before you perform your V2V, remember to configure the firewall correctly and enable Remote Desktop access. If you don’t, the V2V will succeed…but you’ll have no way of logging into it! Amazon doesn’t have a ‘remote console’ function yet.
  • On a slow internet connection? You have 7 days to upload your VM. That’s not a problem if you have a fast internet connection in a country with an Amazon datacentre (United States, Ireland, Singapore, Japan) but you might be waiting awhile if you’re in Australia!

To install the Amazon EC2 VM Import Connector for VMware vCenter (that’s a mouthful), perform the following tasks.

  1. Download the Amazon EC2 VM Import Connector for VMware vCenter OVA.
    At the time of writing, the latest version is Amazon-EC2-VM-Import-Connector.ova (version 1.01)
  2. In vCenter, click File then Deploy OVF Template…
  3. In the Source screen, click Browse… and select the OVA you have downloaded.

    Deploy OVF template: select the source location
  4. On the OVF Template Details, confirm you have enough disk space then click Next.

    Deploy OVF Template: Verify OVF template details
  5. On the Name and Location screen, enter the name of the VM and select an inventory location then click Next.

    Deploy OVF Template: Name and Location
  6. On the Host / Cluster screen, select the host and cluster then click Next.

    Deploy OVF Template: Which host?
  7. On the Datastore screen, select where you want to place the Amazon VM. emember, the VM is 1gb thin-provisioned and a 250gb thick-provisioned. Click Next to continue.

    Deploy OVF template: select datastore
  8. On the Disk Format screen, select whether you want the Amazon VM to be thick or thin-provisioned. If unsure, choose thick. Click Next to continue.

    Deploy OVF template: select disk format
  9. On the Network Mapping screen, select the destination network you want the Amazon VM to connect to, then click Next.

    Deploy OVF template: select network mapping
  10. On the Ready to Complete screen, click Finish to deploy the Amazon VM.

    Deploy OVF template: ready to complete
  11. When the deployment has completed, click Close.

    Deploy OVF Template: deployment completed successfully
  12. In the vCenter client, power on the Amazon VM.
    Interestingly, it appears to be a FreeBSD VM.

    Amazon EC2 VM Import Connector-1.0.1
  13. Right-click on the VM and click Open Console.
    You can see the Amazon VM starting up. Upon startup, it will attempt to get a DHCP IP address. If you don’t use DHCP, this will time out.

    DHCP discovery

    The VM will eventually reach a login screen which has a Management Website and Management Password. Record these two details for later.

    If you don’t have DHCP on your network and get a 172.x.x.x address, you will not be able to proceed - turn off the VM now and put a temporary DHCP server on your network!

    Amazon S3 Import Connector - website and password details
  14. Open a web browser and browse to the management website listed.
    Enter the Management Password then click Login.

    Amazon EC2 VM Import Connector for VMware vCenter web interface
  15. If you don’t want to use DHCP, perform the following tasks.

    Click on the Network tab then click Static Config.
    Amazon EC2 VM Import Connector for VMware vCenter network configuration

    Enter your networking details then click Configure Static IP

    Amazon EC2 VM Import Connector for VMware vCenter static network configuration

    When the networking details have been saved, a green box will appear. Click the Click to Manage link to return to the main screen.

    Amazon EC2 VM Import Connector for VMware vCenter network configuration - static IP configuration successful
  16. Click the vCenter tab then click Register.
    Enter the vCenter IP/Hostname and the username and password of a user account with access to vCenter, then click Register Connector with vCenter.

    Connector registration with vCenter

    If you enter an incorrect hostname, you will get the error message x is not a valid value for vCenter IP/Hostname.

    is not a valid value for vCenter IP/Hostname

    If you enter an incorrect username or password, you will get the error message The Username and/or Password is not correct.

    The Username and/or Password is not correct.

    If you enter a correct account that doesn’t have privileges, you’ll get the error message An Unknown error occurred. Please try again.

    An unknown error occurred. Please try again.

    If all your details are correct, you’ll get the message vCenter Connector registered with the vCenter Server successfully.

    vCenter Connector registered with the vCenter Server successfully.

    When you’re successful, you’ll receive the usual certificate warning. Install the certificate and click Ignore.

    The usual vCenter certificate warning
  17. Click on the Status tab. All elements should be marked as [OK].

    Amazon EC2 VM Import Connector Status
  18. Close the web page.
  19. Close and reopen vCenter.
  20. Open the vCenter Plug-in Manager (Plug-ins > Manage Plug-ins)

    Confirm that the EC2 Conversion Plug-in (version 0.5) is installed. There is no need to enable it.

    EC2 Conversion Plug-in in the VMware Plug-in Manager
  21. Click on any VM in your environment.
    There should be an additional tab at the top.

    Additional Import to EC2 tab on VM

Congratulations, you have installed the EC2 importer!

In the next article in this series, I’ll actually perform a V2V to Amazon!

Wednesday, March 16, 2011

Want to delete all items in your Amazon S3 bucket?

If you try to delete an S3 bucket while there are still items inside, you’ll get the error message

The bucket you tried to delete is not empty. Please delete all objects and folders in the bucket and try again.

Amazon S3: The bucket you tried to delete is not empty. Please delete all objects and folders in the bucket and try again.

If you have items are in the root folder of a bucket, you have to delete them first. Sounds easy, unless you have millions of object in your bucket! To make matters worse, there is no API to empty a bucket.

You have several options.

  1. Try to empty the bucket through the web interface: There is no Select All button, and if you try to select too many objects at once you’ll get a Loading… screen which loses your selection. And if your keys contain strings like // or \ the web interface will break.
  2. Use a client app: CloudBerry Explorer for Amazon S3 or SpaceBlock for Windows are good. Unfortunately, they are not multithreaded so deleting millions of objects can take a long time. Recommended.
  3. Write some code: delete-s3-bucket.pl written by Jonathan Kamens is extremely helpful. Maxim Veksler’s BucketDestroy Java app has got me out of trouble too. These scripts are your only option if you have keys with control characters in their names.

To avoid this problem in the future, create a folder within your bucket and place all your files there.

Monday, March 14, 2011

Error deploying Oracle Enterprise Linux using vCenter guest customizations

Do you perform your deployments using vCenter guest customizations?
Do you want to deploy your Oracle Enterprise Linux (OEL) templates with guest customizations, the same way you deploy RHEL and SUSE?

If you try, you’ll receive the following error message

Customization of the guest operating system ‘oracleLinux64Guest’ is not supported in this configuration. Microsoft Vista ™ and Linux guests with Logical Volume Manager are supported only for recent ESX host and VMware Tools versions. Refer to vCenter documentation for supported configurations.

Customization of the guest operating system ‘oracleLinux64Guest’ is not supported in this configuration. Microsoft Vista ™ and Linux guests with Logical Volume Manager are supported only for recent ESX host and VMware Tools versions. Refer to vCenter documentation for supported configurations.

Cause: Although the Oracle Enterprise Linux is supported as a guest within VMware, guest customizations aren’t supported.

Workaround: Pretend it’s a RHEL template: convert your Oracle Enterprise Linux template back to a virtual machine, change the VM OS type to Red Hat Enterprise Linux, mark it as a template and redeploy.

Lame VMware, lame!

Friday, March 11, 2011

An introduction to Internet SSO

SSO is one of those things where if it’s done well, you don’t notice it. Internet Single Sign-On (SSO) is the idea that you, the consumer, should be able to use the same username and password across multiple websites. If you’re a Hotmail or Xbox Live user, you're a user of SSO without even noticing it.

Windows Live ID was the first major Internet SSO implementation and is still the largest. I can remember using Microsoft Passport (the predecessor to Windows Live ID) a decade ago. Microsoft have consistently implemented Windows Live ID you can use your Windows Live ID to login to Microsoft web properties including Windows Live Hotmail, Messenger, SkyDrive, Xbox Live, Office Web Apps, Zune, Azure, MSDN, TechNet and HealthVault as well as a host of 3rd party sites. While Windows Live ID isn’t very popular outside Microsoft properties, it still processes a staggering one billion authentications daily.

Windows Live ID - sign in screen


Facebook Connect is the new kid on the block. The prevalence of Facebook accounts and the willingness of their users to share data has made Facebook Connect the most ubiquitous SSO on the internet. If you’ve commented on a blog lately, you’ve probably seen the ubiquitous blue “Login with Facebook” button.
 
Facebook Connect - Sign In ScreenNever used Kiva? Try it! No need to sign up, simply sign in with your Facebook account.

All things considered, I believe Facebook will overtake Windows Live ID because Facebook users are already in the habit of sharing personal data. Logging into a website they trust using a brand they trust isn’t a stretch. That, and Facebook’s login badge is more visually confident.

image image
One of these badges was designed by a committee.

Even though there are some companies don’t want to play ball and insist on keeping authentication to themselves (ie. eBay), the state of internet SSO is quite healthy and competitive.
 
In the next part in this series, I will look at the state of SSO in the Australian Government’s web properties.

Friday, March 4, 2011

Moving VMs between clusters

I received the following error message when trying to move VMs between clusters.A general system error occurred: Failed to start migration pre-copy. Error 0xbad010d. The ESX hosts failed to connect over the VMotion network. See the error stack for details on the cause of this problem.

Failed to start migration pre-copy. Error: The ESX hosts failed to connect over the VMotion network.
vMotion migration [111111111:1111111111111111] failed to create a connection with remote host <192.168.1.1: The ESX hosts failed to connect over the VMotion network.
Migration [111111111:1111111111111111] failed to connect to remote host <192.168.1.1>: Network unreachable

The long string of numbers refer to a unique vMotion event and are interchangeable.

Migrate virtual machine error - a general system error has occured. Failed to start migration pre-copy

This error was caused by a lack of network connectivity between the source and target VMs. Specifically, my two clusters had different VMotion networks. While this is a supported case, there were firewall rules blocking the VMotion traffic. Unfortunately, the Migrate Virtual Machine wizard doesn’t check for network connectivity, only if there are showstopper compatibility issues (like different CPU, target ESX host not having a VMotion network, etc.)

VMware Migrate Wizard - compatibility warning

If you get this issue, ensure your firewall isn’t blocking connectivity.