Wednesday, July 11, 2012

Understanding VM Snapshot

See the link below for how snapshot works and it effect your current state of Virtual Machine..

On this link there is a link to download presentation download and see this, really informative and helpful to understand the snapshot concept.

Cloud Computing Private, Public and Hybrid

Public cloud:

 In Public cloud the computing infrastructure is hosted by the cloud vendor at the vendor’s premises. The customer has no visibility and control over where the computing infrastructure is hosted. The computing infrastructure is shared between any organizations (sharing the infrastructure).

Private cloud: 

The computing infrastructure is dedicated to a particular organization and not shared with other organizations. Some experts consider that private clouds are not real examples of cloud computing. Private clouds are more expensive and more secure when compared to public clouds.
 Private clouds are of two types
  1. On-premise private clouds and externally hosted private clouds.
  2.  Externally hosted private clouds are also exclusively used by one organization, but are hosted by a third party specializing in cloud infrastructure. Externally hosted private clouds are cheaper than On-premise private clouds.

Hybrid cloud 

Organizations may host critical applications on private clouds and applications with relatively less security concerns on the public cloud. The usage of both private and public clouds together is called hybrid cloud. A related term is Cloud Bursting. In Cloud bursting organization use their own computing infrastructure for normal usage, but access the cloud for high/peak load requirements. This ensures that a sudden increase in computing requirement is handled gracefully. 

Tuesday, July 10, 2012

Auditing ESXi Shell logins and commands in ESXi 5.x (History of executed commands in ESXi)

ESXi maintains a history of all commands entered in the ESXi Shell. This shell command history is maintained in the shell.logfile. Within the transcription of commands, the command issuer is identified only by the process or world ID, rather than by username or client address. This article describes how to correlate authentication information from the auth.log file with the history of commands executed in the ESXi Shell.
For more information on the locations of the log files described, see Location of ESXi 5.0 log files (2004201) and Location of log files for VMware products (1021806).


To determine the commands executed in the ESXi Shell, and which user and client issued the request:
  1. Obtain access to the auth.log and shell.log log files.
    • Log in to the ESXi Shell, and open each log using the less command.
    • Use a web browser to access https://ESXiHostnameOrIP/host/auth.log andhttps://ESXiHostnameOrIP/host/shell.log.
    • Use the vifs command line utility in the vCLI to copy the logs to a client, and review them there.
    • Read the files from within a vm-support log bundle.
  2. Open the log file /var/log/auth.log in a text viewer.
  3. Identify the authentication record, including the Username, Timestamp, and World ID for the session:

    • ESXi Shell login at the console appears similar to:

      2011-08-29T18:01:00Z login[64386]: root login on 'char/tty/1'
    • ESXi Shell login via interactive SSH appears similar to:

      2011-08-29T18:01:00Z sshd[12345]: Connection from port 2605
      2011-08-29T18:01:00Z sshd[12345]: Accepted keyboard-interactive/pam for root from10.11.12.13 port 2605 ssh22011-08-29T18:01:00Z sshd[64386]: Session opened for 'root' on /dev/char/pty/t02011-08-29T18:01:00Z sshd[12345]: Session closed for 'root' on /dev/char/pty/t0
      2011-08-29T18:35:05Z sshd[
      12345]: Session closed for 'root' 2
    • ESXi Shell login via SSH with public key appears similar to:

      2011-08-29T18:01:00Z sshd[12345]: Connection from port 2605
      2011-08-29T18:01:00Z sshd[12345]: Accepted publickey for root from port 2605ssh22011-08-29T18:01:00Z sshd[64386]: Session opened for 'root' on /dev/char/pty/t02011-08-29T18:01:00Z sshd[12345]: Session closed for 'root' on /dev/char/pty/t0
      2011-08-29T18:35:05Z sshd[
      12345]: Session closed for 'root' 2

    Each of these authentication records indicate a successful authentication for the user root on August 29th at 18:01 GMT. The SSH methods also include the IP address tha the connection was initated from. The shell session is being handled by world 64386.
  4. Close the log file /var/log/auth.log.
  5. Open the log file /var/log/shell.log in a text editor or viewer.
  6. Identify commands entered which contain the same World ID as identified in Step 3, appearing similar to:

    2011-08-29T18:01:01Z shell[64386]: Interactive shell session started2011-08-29T18:05:02Z shell[64386]: cd /var/log
    2011-08-29T18:05:03Z shell[64386]: ls
    2011-08-29T18:13:04Z shell[64386]: vmware -v
    2011-08-29T18:35:05Z shell[64386]: exit

    Since the commands were entered in the console session handled by world ID 64386, we know that they correspond to the authentication session established by user root as described in Step 3.