update

Updated HAProxy Load Balancer Virtual Appliance

July 3, 2013 by Josh Townsend 9 Comments

Last year I shared a free load balancer virtual appliance for VMware View that I created on SuSE Studio. The load balancer uses HAProxy and came with a very basic configuration for use with VMware Horizon View Connection Servers or Security Servers. The appliance has been downloaded a few hundred times and has been useful to me in my own home lab.

Since publishing the appliance I have made several changes to the configuration and thought I would share those updates.

You can download the latest version of the appliance in OVF format here: https://susestudio.com/a/R42GDM/vmtoday-vmware-view-load-balancer.

Instructions for setting up and configuring the appliance are on the original post here: https://vmtoday.com/2012/09/free-vmware-view-load-balancer-using-suse-studio-and-haproxy/.

I’ve been asked whether or not this is appropriate for production use; that’s a hard one to answer. My intent was to provide a simple way to set up load balancing for test/pilot environments. Here are some thoughts on running this for production/internet facing use:

HAProxy is stable and used by many organizations (Reddit, Instagram, Egnyte, RedHat OpenShift, Twitter).
I am not a linux guy and as such have not done anything to harden this virtual appliance other than enable the firewall, but a good *nix admin could probably tighten it up a bit.
This is a single point of failure unless you create a second instance and use something like keepalived and maybe mercurial to keep configs in sync.
No commercial support for my build. I’ll do what I can to help if you ask nicely, but I do have a day job and family.
Logging is not very robust in my build – you would probably want to implement Logwatch, syslog or another mechanism to monitor it.

I’ll leave it up to you to weigh the pros and cons of running my appliance in an internet facing role or in production.

I’ve also been asked if this appliance can support SSL offloading. The short answer is no. The long answer is that HAProxy 1.5 (still in development) will offer SSL Offloading, SSL health checks, ACLs and a bunch of other features. I have also heard of people using Pound with HAProxy to handle SSL offloading, but have not done it myself. I’m working on a couple articles that describe architectures and options for Horizon View Security Servers and Connection Servers with load balancers and DMZs. You may find that SSL offloading for VMware Horizon View is not a requirement (at least for those who are using this appliance in a test environment).

Change Log (as of 0.2.16 of the appliance)

Updated HAProxy to 1.4.24-1 as the older version had some vulnerabilities (CVE-2013-2175). I built the RPM from source for this version as it was not in any public repositories for SLES 11. Previous versions of my appliance used HAProxy version 1.4.21-3.1.
Cleaned up some of the extraneous packages and old repositories for a leaner build.
Updated VMware Tools to the latest version.
Updated the HAProxy config to:

Establish a proper frontend / backend configuration – this will help with the web based admin interface to enable/disable Connection / Security servers during maintenance windows.

Removed session stickyness – not working well and really not needed

Switched to source-based balancing instead of round robin as some folks reported problems

Added some comments to help with configuration.

Here’s the updated configuration for anyone who is rolling their own HAproxy:

### VMware Horizon View LoadBalancer vApp
### HAproxy config by Josh Townsend
### Visit http://vmtoday.com for more info

global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
pidfile /var/run/haproxy.pid
maxconn 4096
user haproxy
group haproxy
daemon
stats socket /var/run/haproxy.stat mode 600

defaults
log global
mode tcp
option tcplog
option dontlognull
retries 3
option redispatch
maxconn 3000
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s

userlist UsersFor_HAProxyStatistics
group admin users haproxy
user haproxy insecure-password HA@VmView5
user stats insecure-password letmein

listen stats *:1936
mode http
stats enable
#stats scope http
#stats scope www
#stats scope static
#stats scope static_httpclose
#stats realm Haproxy\ Statistics
stats uri /haproxy?stats
#stats auth haproxy:HA@VmView5
stats refresh 20s
stats show-node
stats show-legends
acl AuthOkay_ReadOnly http_auth(UsersFor_HAProxyStatistics)
acl AuthOkay_Admin http_auth_group(UsersFor_HAProxyStatistics) admin
stats http-request auth realm HAProxy-Statistics unless AuthOkay_ReadOnly
stats admin if AuthOkay_Admin

#————–FRONTEND———————————————–
#———————————————————————
# redirect http to https as View Security Servers don’t listen on 80
# change URL to the DNS name your users use to connect to View
#———————————————————————
frontend inbound-http *:80
mode http
redirect location https://desktop.example.com/
option http-server-close
option forwardfor except 127.0.0.0/8
option httplog
#———————————————————————
# listen for View HTTPS inbound
# use OpenSSL to create cert request, import .pem, uncomment #ssl crt
#———————————————————————
frontend inbound-https
bind :443 #ssl crt ./my_view_cert.pem
mode tcp
option tcplog
default_backend view_https

#———————————————————————
# listen for View PCoIP inbound <- ignore, we don't blanace UDP # PCoIP Secure Gateway Config will tell client which broker to talk to #--------------------------------------------------------------------- #frontend inbound-pcoip # bind :4172 # mode tcp # default_backend view_pcoip #--------------------------------------------------------------------- # listen for View RDP inbound #--------------------------------------------------------------------- #frontend inbound-rdp # bind :3389 # mode tcp # default_backend view_rdp #-----------BACKEND--------------------------------------------------- #--------------------------------------------------------------------- # Define your View Security or Connection Servers here # balance source will use source IP to send to a backend - this may not # be the most equally balanced, but it works reliably. Play with roundrobin # if you are the adventerous type. #--------------------------------------------------------------------- backend view_https mode tcp option tcplog option ssl-hello-chk #make sure we can talk SSL, not just TCP balance source #-- Balance roundrobin with stickyness with 3 lines below------------ #balance roundrobin #stick store-request src #stick-table type ip size 200k expire 30m #--------------------------------------------------------------------- # Add View Security and/or Connection Servers below and uncomment #--------------------------------------------------------------------- #server ALIAS HOSTNAME_OR_IP:443 check id 1 inter 10s rise 5 fall 2 #server ALIAS HOSTNAME_OR_IP:443 check id 2 inter 10s rise 5 fall 2 #server ALIAS HOSTNAME_OR_IP:443 check id 3 inter 10s rise 5 fall 2 #No need for this in my configuration.... #backend view_pcoip # mode tcp # option tcplog # balance roundrobin #--------------------------------------------------------------------- #Next line sticks clients that enter through https-backend to same server for PCoIP. #Session sticking doesn't quite work the way I want, and View is flexible to let me #define a PCoIP Secure Gateway without having to pass thru my load balancer, so #I'll just comment this out and ignore until (if?) I get HAproxy 1.5 with SSL support #when I'll be able to run everything through HAproxy #stick match src table view_https #--------------------------------------------------------------------- # Add View Security and/or Connection Servers below and uncomment #--------------------------------------------------------------------- #server ALIAS HOSTNAME_OR_IP:4172 check id 1 #server ALIAS HOSTNAME_OR_IP:4172 check id 2 #server ALIAS HOSTNAME_OR_IP:4172 check id 3 #No need for this in my configuration....you can play with different protocols if you want... #backend view_rdp # mode tcp # option tcplog # balance roundrobin # stick-table type ip size 200k expire 30m # stick on src #--------------------------------------------------------------------- # Add View Security and/or Connection Servers below and uncomment #--------------------------------------------------------------------- #server ALIAS HOSTNAME_OR_IP:4172 check id 1 #server ALIAS HOSTNAME_OR_IP:4172 check id 2 #server ALIAS HOSTNAME_OR_IP:4172 check id 3 [/sourcecode] The source for my HAProxy RPM build, HAProxy cfg and other files for the appliance are now in a GitHub Repository if you want to check it out or fork it.

One final note – when you import the OVF into vSphere, you may get a warning stating that “The specified operating system identifier “(id:83)” is not supported on the selected host.” I’m not sure why, but this is easily fixed. Don’t power up the VM on import. After the import is completed, edit the settings of your VM. On the Options tab, click General Options, then change the Linux Version to SuSE Linux Enterprise 11 (64-bit). Power up your VM and everything should be just fine.

Special thanks to Mark K for some suggestions for improving the configuration. Let me know if you have any problems, questions, or suggestions for improvement. Also feel free to leave a comment below to let me know of some creative ways you are using this appliance.

VMware Product Updates – April 2013

May 7, 2013 by Josh Townsend Leave a Comment

VMware has released updates to several products over the past couple weeks. Many of the updates take the version 5.1 products announced at VMworld 2012 to Update 1 (i.e. the first major service pack). The updates, spanning vSphere (ESXi and vCenter), vCloud Director, vCenter Operations, vCenter Orchestrator, vCenter Site Recovery Manager (SRM), vSphere Data Protection, and the vSphere Storage Appliance, include bug fixes, security fixes, and functionality changes. Here’s what you need to know about the updates, including a few upgrade bugs that you need to know about before you pull the upgrade trigger.

ESXi 5.1 Update 1

VMware vSphere ESXi 5.1 Update 1 contains some functionality changes, a bunch of bug fixes, and some administrative changes.

First, ESXi support for several guest operating systems will be deprecated after this release. Those guest OSs include:

Windows NT
All 16-bit Windows and DOS releases (Windows 98, Windows 95, Windows 3.1)
Debian 4.0 and 5.0
Red Hat Enterprise Linux 2.1
SUSE Linux Enterprise 8
SUSE Linux Enterprise 9 prior to SP4
SUSE Linux Enterprise 10 prior to SP3
SUSE Linux Enterprise 11 Prior to SP1
Ubuntu releases 8.04, 8.10, 9.04, 9.10 and 10.10
All releases of Novell Netware
All releases of IBM OS/2
Guest customization of Windows 2000 will also be deprecated in releases after Update 1, but running Windows 2000 guests will still be supported for a bit longer.

In ESXi 5.1 U1, support for certain host server CPU models will be eliminated with the requirement of SAHF and LAHF support on the CPU. While most processors produced after 2006 will support these instruction sets, it is possible that your test/dev or home labs could not run ESXi. For more on LAHF/SAHF, read here: https://vsphere-land.com/news/what-is-sahf-and-lahf-and-why-do-i-need-it-to-install-vsphere-51.html.

Fixes and resolved issues in ESXi 5.1 U1 include improved SNMP trap handling, better support for Mac OS X VMs running hardware version 9, purple screen and guest blue screen fixes, a unicast flooding condition with long running vMotion operations, improved Host Profiles functionality, and improved ESXi Upgrades.

Added functionality in Update 1 includes Component-based logging to enhance log detail for simplified troubleshooting, and an increased VMFS Heap size to allow ESXi hosts to address more than 60TB of open files on VMFS5 (more on that in this post: https://vmtoday.com/2013/04/is-spanning-vmdks-using-windows-dynamic-disks-a-good-idea/).

You can find the release notes for ESXi 5.1 Update 1 here: https://www.vmware.com/support/vsphere5/doc/vsphere-esxi-51u1-release-notes.html

vCenter 5.1 Update 1

vCenter Server 5.1 Update 1 supports installation on Windows Server 2012 with SQL Server 2012 and 2008 R2.

Guest customization of Windows 8, Windows Server 2012, Ubuntu 12.04, and RHEL 5.9 are no also supported.

This release (release notes here: https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-51u1-release-notes.html) has a ton of bug fixes for everything from a minor VMs display a red warning icon in the VM inventory list when there is no alarm triggered, to more substantial issues like vCenter and SSO services failing to start.

There is a known issue with this release that causes account lockouts when a vCenter SSO enabled user who is in many domain groups attempts to log in. If you might be in this situation, hold off on the upgrade until VMware releases a fix. More on the issue here: https://blogs.vmware.com/kb/2013/04/alert-login-issue-after-updating-to-vcenter-5-1-update-1.html

If you are planning to upgrade to vSphere (ESXi and vCenter) 5.1 Update1, VMware has published a knowledgebase article at https://kb.vmware.com/kb/2037630 that covers the complete upgrade sequence and product compatibility. Not all solutions are compatible with the new 5.1 Update 1 release. VMware View 5.1.x, for example, is not compatible with vSphere 5.1 Update 1. If you run Horizon View and want to go to vSphere 5.1 Update 1, you’ll have to first update View to v5.2 You should also review the VMware Compatibility Matrix at https://www.vmware.com/resources/compatibility/search.php and the Product Interoperability Matrix at https://partnerweb.vmware.com/comp_guide2/sim/interop_matrix.php to verify that your hardware and VMware software elements are compatible with this release. If you run into problems or have questions, drop us a comment and we’ll be happy to help!

vCloud Director 5.1.2

vCloud Director was rev’d to version 5.1.2. Among the functional changes in vCloud Director 5.1.2 are:

Support for Microsoft SQL Server 2012 databases
Support for guest customization of Microsoft Windows Server 2012
vCloud Director can now be installed on Red Hat Enterprise Linux (RHEL) 6.3
Enhancements to the role based permissions to allow administrators to grant vCloud users rights for working with vApp snapshots (creating, reverting and removing).
Changes to resource allocation models for Organization Virtual Datacenters to control how elastic Allocation Policies function. See this post for more information on this topic: https://fojta.wordpress.com/2013/04/30/allocation-pool-organization-vdc-changes-in-vcloud-director-5-1-2/.

Bug fixes in 5.1.2 include database error fixes, networking fixes, and virtual machine/vApp. Full release notes for vCloud Director 5.1.2 can be found here: https://www.vmware.com/support/vcd/doc/rel_notes_vcloud_director_512.html.

VMware vSphere Storage Appliance 5.1.3

VMware vSphere Storage Appliance 5.1.3 provides a distributed shared storage solution that abstracts the computing and internal hard disk resources of two or three ESXi hosts to form a VSA cluster. The VSA cluster enables vSphere High Availability and vSphere vMotion.

If you are running VSA and upgrade to vCenter 5.1 Update 1, you must upgrade your VSA to 5.1.3 due to know compatibility issues. Beyond making VSA compatible with vSphere 5.1 U1, VSA 5.1.3 adds functionality that improves performance and scalability of the solution.

Notable improvements include the ability to add storage capacity of an existing VSA cluster, the ability to manage multiple VSA clusters from a single vCenter, and the ability to install VSA on hosts that already have VMs running on their local storage.

Release notes for vSphere Storage Appliance 5.1.3 can be found here: https://www.vmware.com/support/vsa/doc/vsphere-storage-appliance-513-release-notes.html

vSphere Data Protection (VDP) Version 5.1.10

vSphere Data Protection is VMware’s built-in full VM backup solution, based on EMC Avamar technology. This release includes a bunch of usability improvements, with additional options presented for backup and restore operations, as well as additional options for VM configuration post-restore (connect the NIC, auto power on, etc.).

VDP 5.1.10 also includes a migration utility that automates the process of moving from the old vSphere Data Recovery (vDR) solution if you happen to be running that.

You can find the full release notes here: https://www.vmware.com/support/vdr/doc/vdp_5110_releasenotes.html

VMware vCenter Orchestrator 5.1 Update 1

vCenter Orchestrator is a automation tool that allows administrators to develop complex workflows for vSphere, as well as other systems. Orchestrator is included with vCenter Server. Orchestrator automates deployment and customization of VMs, as well as additional tasks like creating VMFS datastores, adding VMs to Active Directory, and updating third-party change management databases. VCO is an incredibly powerful tool with hundreds of built-in workflows to get you started.

If you want to learn more about VCO, check out the documentation here: https://www.vmware.com/support/pubs/orchestrator_pubs.html

VMware vCenter Site Recovery Manager 5.1.1 & vSphere Replication 5.1.1

SRM 5.1.1 and VR both received minor updates. While no new functionality was introduced in these releases, both include a host of stability and performance improvements. Among the fixes are:

SRM 5.1.1 also includes logic that allows upgrades from SRM 5.0.2 – there was previously no logic written into the code to support upgrades.
Recovery of a Windows Server 2012 Domain Controller protected by VR is fixed.

Release notes for SRM 5.1.1 are here: https://www.vmware.com/support/srm/srm-releasenotes-5-1-1.html

Release notes for VR 5.1.1 are here: https://www.vmware.com/support/vsphere5/doc/vsphere-replication-511-release-notes.html

VMware vCenter Operations 5.7

Jason Shiplett covered the release of vCenter Operations (vCOps) 5.7 in an earlier blog post here: https://blog.shiplett.org/vcenter-operations-manager-5-7-whats-new-and-how-to-upgrade/. vCOps 5.7 includes new views, policies, and improved usability. Read Jason’s post for more information on vCenter Operations 5.6.

VMware End-User Computing Announcements

February 28, 2013 by Josh Townsend

VMware announced this week the launch of several new products in the growing portfolio of End-User Computing (EUC) solutions, under the VMware Horizon family of products. The expansion of EUC products across the industry is being fueled by increasing demands for IT solutions for business users to be delivered ‘as-a-service’, as well as by the growing trend of Bring Your Own Device (BYOD). The ability of technology departments to deliver applications, user data, and desktop as a service, while maintaining user mobility and freedom must be balanced against the need to standardize and secure delivery of corporate information assets. That’s just what these new releases aim for.

First up is VMware Horizon View 5.2. View has been a VMware offering for some time, and is now falling under the Horizon name. View is VMware’s Virtual Desktop Infrastructure (VDI) solution. View provides centralized execution of Windows desktops running on VMware vSphere in the datacenter. With View, IT can deliver desktop as a service by leveraging View’s ability to rapidly deploy standardized desktops to business users. New in View 5.2 is support for Windows 8 desktops, hardware accelerated 3D graphics to support applications like AutoCAD, RevIt, and Microstation, greater scalability by allowing clusters of up to 32 ESXi hosts using VMFS, PCoIP enhancements, and clientless HTML5 access to View desktops. In addition, View 5.2 desktops can now take advantage of the new vSphere 5.1 Space Efficient (SE) Sparse disk format to reclaim whitespace within user desktops for greater efficiency. Many other small features were added to View 5.2, including an improved administration console, syslog support, multi-touch gesture-based control of View desktops for touch-based devices, and faster provisioning of desktops through View Composer. While virtual desktops can be a great solution for many types of users, it is not a perfect fit for frequently offline mobile users, power users who require a great deal of freedom in customizing their PC experience, or where legacy hardware or software demands a traditional PC.

To help address these use cases, VMware has announced the launch of Horizon Mirage 4.0. Mirage is an endpoint centralization and layering solution aimed at providing greater flexibility and manageability of corporate PC’s. Centralization capabilities allow the endpoint state, including OS, departmental applications, user-installed apps, and user data to be maintained in a central repository, providing near-CDP of the entire endpoint. Layering breaks out the elements of a desktop state, from what has traditionally been either a monolithic image or an unmanaged endpoint, into individually managed layers including OS, driver, departmental application, user applications, and user data. Each layer is centralized and easily updated, replaced, or migrated in real-time with little to no user impact. With layering and centralization combined, some very interesting use cases emerge beyond simple management and patching.

For example, total endpoint centralization provides the ability to move a user’s entire endpoint state from a traditional PC to a VMware Horizon View based desktop by simply changing the driver layer from the physical endpoint to a VM Hardware set of drivers. By managing the operating system layer, we can swap out the OS while leaving applications and user data intact. This allows seamless migrations from an older operating system such as Windows XP to a newer OS like Windows 7. By layering and centralizing the user data layer, IT can backup and allow user restoration of user data on dispersed endpoints. Horizon View and Mirage are in many ways about giving IT more control of endpoints, while simplifying administration and improving quality of service to our users. But with the commercialization of IT, users are demanding self-service, anywhere/anytime/any-device access to enterprise apps and their data.

To address these demands, VMware has launched VMware Horizon Workspace. Workspace includes several feature sets, including:

Horizon Application Manager, allowing IT to create an enterprise ‘app store’ where users can provision, on-demand, any application to which they are entitled. These apps can be legacy Windows applications that have been packaged with VMware ThinApp, SaaS applications where Horizon can pass single sign-on (SSO) credentials from your Active Directory to the cloud-based application, and mobile device apps for Android and Apple phones and tablets.

Personal file storage via Horizon Data, providing a centralized, easily accessible personal file storage. The Horizon Workspace mobile app (for Android or Apple), PC-based Horizon agent, and rich web interface provide easy access to all data users have stored in Horizon, with the ability to preview and share files and folders with any user – internal or external – with IT controlled policies and class of service rules.

Desktop as an app, presenting View-based Windows desktops to users, accessible through native HTML5. With desktop as an app, users can connect to a Windows PC to use legacy applications, then return to a personal device to continue their work in other applications presented through Horizon.

These are just a sampling of the capabilities across the products in the VMware Horizon launch. With VMware Horizon, IT can re-imagine and reinvigorate endpoint management to deliver cutting-edge services and flexibility to our user base while maintaining control and security of corporate assets. Clearpath has been running beta versions of these products in our lab – we’re happy to provide demos of the VMware Horizon Suite of products or to help you plan how to best leverage View, Mirage and Workspace in your environment.

Microsoft KB2661254 and VMware

October 9, 2012 by Josh Townsend Leave a Comment

Microsoft today is pushing an update to Windows via Windows Updates that increases the bit length requirements for RSA certificates. With this update, Microsoft is requiring RSA certificates to have a key length of 1024 bits. Some applications do not yet use a 1024 or greater key length and could be impacted by this updated. Some examples:

Internal Microsoft Certificate Authority servers that were built with a less than 1024 key will not start after the update – this will make certification validation for internally generated certs fail (could impact Outlook Web Access, vCenter server, intranet sites, etc.)

Internet Explorer will not allow users to connect to sites secured with less than 1024-bit RSA cert

Installation packages signed with less than 1024-bits will not run without a ‘Unknown Publisher’ security warning being acknowledged.

Microsoft has a list of known issues for this update here: https://support.microsoft.com/kb/2661254

Be on the lookout for this update causing other issues as it is applied across your environments – I suspect the list of known issues is not complete. Many apps use lower strength keys to sign communications (e.g. – VMware View uses a 512-bit signed RSA cert for Java Messaging Service to communicate between Connection Servers. Note – I haven’t heard any issues specific to View and this update, just the first example I thought up).

There is a known issue with VMware vCenter 4.0 and KB 2661254. VMware covers the issue in their KB 2037082 – After installation of Microsoft Security Advisory update (KB2661254), connection to vCenter Server 4.0.x web services may fail. This is due to the vCenter 4.0 self-signed certificate having a key length of 512-bits. After MS KB2661254 is applied to the vCenter Server or to clients accessing the vCenter Server, connections to vCenter Web Services (Managed Object Browser, WebAccess) fails, redirection of http to https fails, (not confirmed – but I suspect is true) some plugins such as vCenter Update Manager that are signed by shorter bit-length certificates will be disabled, and other VMware components such as View Composer and View Connection Servers may not function correctly against a vCenter with an invalidated certificate. To correct the issue, you will need to replace the default Self-Signed certificate with a new certificate. The new cert can be a new Self-Signed, or can be issued from a CA (internal Microsoft Certification Authority or Commercial Third-Party).

vCenter Servers 4.1 and later are 2048 keys by default. However, if you upgrade from a previous version of vCenter and did not apply new certificates, the upgrade may have carried the old 512-bit certificate (which is now invalid due to Microsoft’s update). This means it is possible for vCenter 4.1, 5.0 and 5.1 to have invalidated certificates.

vSphere 5.1 Announcement, Features, and Specifications

August 27, 2012 by Josh Townsend Leave a Comment

Today at VMworld 2012 in San Francisco, VMware announced the new version of their flagship product vSphere 5.1. Version 5.1 builds on the success of vSphere 5, enabling more flexibility, scalability, and automation for running your private cloud of storage, network and compute resources. There’s lots of coverage of vSphere 5.1 by the tech media, bloggers, and VMware, so I won’t cover all of the nitty gritty details, but I do want to highlight several that are of interest. I’m saving some of the features for more in-depth posts, so stay tuned for more!

vSphere vMotion no longer requires shared storage. Since the feature first debuted, shared (SAN and then NFS) storage was a requirement. In vSphere 5.1, vSphere no longer requires shared storage. This opens the door for SMB’s who don’t have the budget for shared storage to enjoy vMotion for proactive ESXi host evacuation. The dropping of the shared storage requirement also implies that vMotion and Storage vMotion have converged into a single operation. Being able to vMotion without shared storage opens new opportunities for using local storage (DAS) for VMware View (including SSD’s), and more vMotion support for stretched clusters and non-converged datacenters. As of today, I’d still recommend shared storage, as a non-shared-storage vMotion of a VM of any significant size is potentially a long running operation as the whole VMDK must be moved from the originating host to the target host.

An updated vSphere Distributed Switch (VDS), with enhancements such as Network Health Check for end-to-end verification of VLAN, Jumbo Frame and teaming configurations (LACP is now a supported teaming config with 5.1), Configuration Backup and Restore, Roll Back and Recovery, and NetFlow 10, NetDump, and BPDU support for better diagnostics and monitoring.

vShield Endpoint is now included for free with vSphere 5.1. VMware vShield Endpoint enables 3rd party endpoint security solutions to eliminate the agent footprint from the virtual machines, offload intelligence to a security virtual appliance, and run scans with minimal impact. Not only does this reduce resource consumption within the virtual datacenter, but it places security services much closer to the physical entities we’re actually trying to protect – CPU, Memory, Disk and Network – by leveraging the unique vantage point of the hypervisor in the compute stack.

Larger virtual machine support – VM’s with up to 64 virtual CPU’s, 1TB of RAM per VM, and over 1 million IOPS per virtual machine. This allows pretty much any workload to run on top of vSphere. These extended sizing attributes are available when you upgrade a VM’s compatibility mode (previously known as VM Hardware Version) to version 9 on a vSphere 5.1 cluster.

vCenter Web Client has greatly improved in this version, making administration a breeze, simplifying 3rd party plugins to vCenter, and making cross-platform administration a reality.

There’s plenty more features, these are just some of the highlights. Certainly an exciting time to be a VMware professional!

update

Updated HAProxy Load Balancer Virtual Appliance