Installing VMware vSphere ESXi 5.5 on an Intel (Haswell) NUC (D34010WYH1)

Intel NUC

My vSphere hardware has long been due an update and I have finally got my hands on an Intel NUC ! Here is my (completely un-supported) parts list:

The D34010WYH1 NUC gives me the option of storing virtual machines on a 2.5 inch HDD or SSD inside the NUC (and the 1TB WD Red drive gives me a good amount of local storage to play around with). The RAM is low voltage (1.35v) which is required. The 32 Gb USB 3 flash drive is over-kill (only 4GB is required for vSphere 5.5) but it is very small (and pretty fast too). I needed the HDMI adapter to connect the NUC to my HDTV during vSphere installation.

The installation process is quite straight-forward and you will need the following:

Before installing vSphere we need to create a custom .iso image that includes the two .vib drivers that we downloaded. This is done using ESXi Customizer.

ESXi-Customizer 01

The first time you run ESXi Customizer select the vSphere 5.5 ,iso image and the network driver (net-e1000e-2.3.2.x86_64.vib) to create a customized image.

Run ESXi Customizer again and this time select the customized .iso image and add the sata driver (sata-xahci-1.10-1.x86_64.vib) to create a final customized .iso image.

I chose to burn my customized .iso to CD and install using a USB DVD drive – if you want to use a flash drive to install you will need to use UNetbootin.

UNetbootin

In UNetbootin select the Diskimage radio button and then browse to the location of your final custom .iso. Select the flash drive to copy files to and then click the OK button.

In the BIOS of my NUC I disabled the UEFI option in the Boot menu. After that I booted from my USB DVD drive and installed vSphere to a USB 3 flash drive.

[I did test installing from one flash drive to another too and this also worked without any issues].

Sources:

http://trainingrevolution.wordpress.com/2013/12/30/installing-vsphere-esxi-5-5-on-an-intel-nuc-d54250wyk/

http://www.virten.net/2013/09/esxi-5-x-installation-on-intel-nuc-fails-with-no-network-adapters/

Advertisements

2013 Potential Hardware for vSphere Home Nanolab and NAS Refresh

hardware-logo

My current VMware vSphere white-box will be 5 years old in August. It has an AMD Athlon X2 BE-2400 Brisbane @2.3GHz and 8Gb of RAM – and these days 8Gb of RAM is just not enough.

The hardware for my NAS is more recent – a HP Microsever N40L with 6Gb of RAM, running FreeNAS 8.x.

The cpubenchmark score for my vSphere box is 1333 – the score for the N40L is 979.

While I still need to look at the performance of ZFS on the N40L (it is OK but not exactly where I would like it to be) I know that a lot more CPU is not desperately needed for new vSphere hardware (but it would be nice).

I have been considering the Intel NUC (Next Unit of Computing) as an alternative to having a tower PC to run vSphere for a while now. It maxes out at 16Gb of RAM and it really shines in terms of its power efficiency (13-27 watts) and diminutive size (4″ x 4″). The i3 -3217U DC3217IYE NUC (Ivy Bridge architecture) is the current NUC that I have my eye on.

The Intel i3 NUC
The Intel i3 NUC

The issue with the NUC though is storage – I can either install an msata SSD in the NUC or use shared storage on my NAS (or both). I would like to use local storage on the NUC for speed and back up VMs to my NAS – the cost of SSDs will limit my local storage capacity though.

The next generation of NUCs are based on the Haswell architecture and include Core i5 (Horse Canyon) and i7 (Skull Canyon) CPUs. The i5-3427U offering (cpu benchmark: 3580) is of interest to me here as it includes Intel vPro remote management capabilities.

This still leaves us with the 3rd generation of NUCs (also Haswell) which have an on-board sata and sata power connector – these are slated to arrive in Q3 2013.

3rd Gen Intel NUC
3rd Gen Intel NUC

The other option for a diminutive vSphere box is the Gigabtye take on the NUC called Brix. It looks like Gigabyte plans to offer Intel (i3 – i7) CPUs and AMD Kabini (E1-2100, E1-2500 & E2-3000 dual core, and A4-5000 quad core) CPUs.

I think it will be worth keeping an eye on the Brix offerings to see where they differ from the NUC. The key areas for me will be efficiency, pricing and storage – what if Brix offers a 2.5 or 3.5″ internal drive bay, for example? I imagine that the AMD offerings will be cheaper than the Intel NUC – but we will have to wait and see.

On the home NAS side of things HP very recently updated their Microserver (Gen 8) with Celeron and Pentium models:

  • Intel® Celeron® G1610T (2 core, 2.3 GHz, 2MB, 35W)
  • Intel® Pentium® G2020T (2 core, 2.5 GHz, 3MB, 35W)

This does potentially make the Microserver a better vSphere candidate too, especially as the supported RAM has been upped to 16Gb.

The other good news is the built in iLO support, dual gigabit NICs and USB 3.0 ports (as seen on the beta unit, at least):

HP Microserver (Gen 8) rear panel - courtesy of
HP Microserver (Gen 8) rear panel – courtesy of blog.themonsta.id.au

So I’ll be keeping an eye on the new generation of Microserver too. The additional CPU and RAM are quite welcome (especially for ZFS). I am also keen to know the power consumption for these machines as a whole.

Either way with both the NUC and the Microserver I can build a power efficient and much smaller lab.

If I can score a couple of NUCs and another Microserver by the end of the year, I will be a happy man!

Qubes Beta 1 – Verifying the Integrity of the Qubes Beta 1 DVD on Ubuntu

Originally this post was going to cover the basics of what Qubes is along with a summary consisting of installation and basic use. Unfortunately it seems that I do not have the appropriate hardware to successfully install Qubes. I tried installing Qubes in a Virtual Machine (which hung identifying hardware) and also on my desktop (where the graphical installer hung identifying basic storage). I did however document the process for verifying the integrity of the Qubes .iso that I downloaded (which may be of use to some people).

Qubes is is an open source operating system designed to provide strong security for desktop computing. Based on Xen, the X Window System, and Linux, Qubes can run most Linux applications and drivers.

In Qubes OS programs are divided between different “domains” such as work, personal, banking and so on – effectively sand-boxing applications. While users can securely copy and paste and transfer files between domains each domain remains isolated from the others. Even the networking and storage subsystems reside in different virtual machines. If a virus is acquired in your ‘browsing’ domain for example it will have no access to the online banking session that you have open in your ‘banking; domain.

The minimum hardware requirements for Qubes is as follows:

  • 4GB of RAM
  • 64-bit Intel or AMD processor
  • Intel GPU strongly recommended (if you have Nvidia GPU, prepare for some troubleshooting – ATI hardware has not been tested yet)
  • 10GB of disk (Note that it is possible to install Qubes on an external USB disk but bear in mind that USB disks are usually slow!)

Note: it is not recommended that you try installing Qubes in a Virtual Machine.

With the basics out of the way download the Qubes.iso and .asc files to your home directory from here.

The security conscious will want to verify the integrity of the Qubus .iso which is done as follows.

Click Applications, Accessories and then Terminal.

Download the public portion of the Qubes Master Signing Key (0x36879494):

gpg --recv-keys 0x36879494

The fingerprint of the Master Key is published here (as duplicated below):

pub   4096R/36879494 2010-04-01
      Key fingerprint = 427F 11FD 0FAA 4B08 0123  F01C DDFA 1A3E 3687 9494
uid   Qubes Master Signing Key

We can verify the fingerprint of the Master Key as follows:

gpg --fingerprint 0x36879494

As we can see the fingerprints match.

Now we can import the Master Key and set its trust level so that it can be used to verify other Qubes keys:

gpg --edit-key 0x36879494

You will now see a Command> prompt in the terminal:

Enter the command trust and press Enter:

Press the number 5 key for ultimate trust and then press Enter. At the question Do you really want to set this key to ultimate trust? press the Y key and then press Enter again.

You will be returned to the Command> prompt – press the Q key to exit.

Now that we have imported the Master Key we can download the Qubes OS Release 1 Signing Key:

gpg --recv-keys AC1BF9B3

With the Qubes OS Release 1 Key we can now verify the Qubes .iso with the following command:

gpg -v Qubes-R1-Beta1-x86_64-DVD.iso.asc

As you can see we have successfully verified the integrity of the Qubes OS .iso.

Burn the .iso to a DVD to install or follow the instructions here to install to a USB drive.

This is what Qubes will look like if you get it running – it is certainly something that I would like to take a look at again (hardware permitting) especially once it reaches a stable release (hopefully later this year). Windows are colored according to their domain:

There is also a good overview of Qubes OS on geek.com.

Sources:

http://virtualization.info/en/news/2011/04/release-qubes-beta-1-0.html

http://wiki.qubes-os.org/trac/wiki/InstallationGuide

http://wiki.qubes-os.org/trac/wiki/VerifyingSignatures

Ubuntu 10.4 Lucid – Installing VirtualBox

Anyone looking to virtualize guest operating systems on an Ubuntu desktop really can’t go wrong with VirtualBox. For personal use you can either install the Open Source or the more fully featured Full edition. I will be installing the later as it has support for USB and some 3D acceleration (among its many other features).

Installation in Lucid is as follows:

Open the Terminal and edit your /etc/apt/sources.list adding this line:

deb http://download.virtualbox.org/virtualbox/debian lucid contrib

Download and register the public key:

wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc 
-O- | sudo apt-key add -

Install VirtualBox:

sudo apt-get update
sudo apt-get install virtualbox-4.0

Click Applications, System Tools and Oracle VM VirtualBox to run the application.

Here you can see VirtualBox running with a Windows 7 virtual machine that I have already installed.

Source:

VirtualBox Wiki

VMware Thinapp – An Introduction To Application Virtualization

VMware Thinapp is a suite of components that work together to virtualize applications. In basic terms Thinapp abstracts the file system and registry of a given application into a single executable file – decoupling it from the host Operating System (OS).

The Thinapp 'Suite' of Applications

This independence from the host OS has many benefits and a few drawbacks (depending on how you look at things).

Obviously isolating applications from the OS has security benefits, especially when something like a virus or malware is confined to a sandbox. The fact that applications can be configured before deployment is another great benefit from a standard installation. Probably the greatest benefit of application virtualization is conflict free application delivery. Need to run multiple applications with different versions of Java Runtime Environment? Not a problem!

The downside is that there are simply applications that Thinapp cannot virtualize – examples include Antivirus software, firewalls and device drivers. Other applications with shell integration might suffer from reduced functionality, for example an application that integrates its own menus into Windows Explorer. This is not an exhaustive list by any means so consult the Thinapp User Guide if you need more clarification.

Thinapp has a wizard driven interface that belies the potential complexity that you might encounter virtualizing something like Office 2007. Best practise is to run Thinapp on a “clean” virtual machine – which basically means a virtual machine with just the OS. You can install Thinapp on your virtual machine or run it from an available file share. I would recommend using VMware Workstation or vSphere for hosting the clean virtual machine as these products support multiple snapshots (which means that you will be able to revert your virtual machine to its original state to virtualize another application).

So how does Thinapp work? Well, Thinapp first performs a prescan of the clean virtual machine. Then you install your chosen application. Thinapp will then perform a postscan which identifies the changes made to the prescan baseline. After this you configure various settings and (optionally) build your virtual application.

Showing you each step of the process through the Thinapp wizard would be a little tedious so I am going to show you the most important screenshots with a brief discussion of each. At this point in the Thinapp wizard I have completed the prescan, installed Firefox and completed the postscan.

Application entry points are basically the executables that you want to be available in your virtualized application. So for Firefox we would obviously need Firefox.exe and probably want the safe mode executable too. The entry points for debugging will give you shortcuts to a command prompt, regedit and Internet Explorer that can all be used to debug your virtual application.

Entry Points

Isolation modes effect how much access the virtual application has to the host OS file system. As you can see the WriteCopy isolation mode is the most tightly sandboxed mode having access to only the Desktop and My Documents folders on the host.

Isolation Modes

After this you choose where the virtual application’s sandbox will exist (but that is not very exciting) so we’ll move on to package settings. Here we select the primary entry point – essentially this is the main executable that Thinapp will produce. If the application is large it will be split between this executable and a separate .dat file. For Firefox we would want the primary entry point to be Firefox.exe or Mozilla Firefox.exe. The next option is to produce an .msi package – this is an installer for your virtualized application that will register file associations and shortcuts to the application. You will want to compress the final build of your Thinapp applications.

Package Settings

The final screen in the wizard is the Ready to Build screen. Here we can access the project folder that contains the virtualized file system and registry of our target application. We can also configure more advanced Thinapp options if we need to in the package.ini file.

Ready to build

This is what the project folder for Firefox 3.6.3 looks like:

As you can clearly see there is a virtual file system that includes (amongst other things) a Program Files directory – and a virtual registry that includes windows registry hives in plain text (.txt) form.

Conceptually we end up with something like this once we have built our Thinapp application:

Inside a Thinapp package is a small Virtual Operating System (VOS) that is roughly 400k on disk and about 2Mb in RAM. Thinapp virtualizes the registry and file system of the target application and links it to the VOS within a single compressed .exe file.

Well that’s it for my introduction to Thinapp – for reference I used Thinapp 4.5, Windows 7 and vSphere.

The current version of Thinapp, version 4.5 supports Windows 7 and a 60 day trial is available from VMware: http://www.vmware.com/products/thinapp/.