vmconsole so slow – you will hear this from windows admins

The sad fact is that perception rules..

So when a windows admin consoles into a vm and the mouse moves at mach 0.00001 and is almost unusable they will bag out vmware and get an uneasy feeling about how the operating system is working underneath that gorgeous telly tubby splash screen of theirs.

And truth be told who could blame them, I would hate to admin a server like that where a simple 5 minute process can take your twenty +.

Sadly and I dont understand why but these have not been fixed up as part of the vmtools install.

So a couple of manual steps to take in order to get rid of the old dog slow console.

  1. Stop using your console to admin boxes it is unsecure (other people with console access can piggy back and see what you are doing) and it consumes resources on the esxhost.
  • definalty do not use the console tab in vcenter (the only way to end the console session is to close your viclient session) this is a pet hate of mine.
  • For brain surgeons, using the console client is like Neo jacking in to go to the toilet and then jacking out. But wait, if he is jacked in then he is virtual and does not need to go to the toilet… mmm confused now… lol
  • But would he just piss himself whilst in the chair, like a dream where you need to go to the toilet and mmm warm… oh man that gets crazy, what about sex — anyway I digress
  • Use the console to set an ip and remote desktop settings / permissions and then leave it alone.

2. Do this… after you have installed vmtools – yeah I should have zoomed in but hey the world turns fast and the boat has sailed.



vmtools – sick of argueing the benefits so lets splunk in.

Are you sick to death of asking your Windows Admins, Linux admins, and on occasion your security team to install vmtools.

I know I am.

So I thought once and for all I would benchmark the difference.

A couple of easy to read comparison charts before we start.


The scenario.

ESX 4.1 build 8000380

Two Windows 2008 R2 (X64) servers sitting on the same esxhost ESX 4.1connected through a dvswitch.

Each Windows server is setup as follows.

1 cpu

8 Gb ram

Local Storage SAS 6GB

Host specs

Host used

Benchmark tool used

The trusty old iometer

Each test was 5 minutes per payload allowing for peaks and troughs.

Network – all figures are in mbps (unless specified otherwise)

Test 1 – No VMTOOLS – network e1000 mtu 1500 


VMTOOLS – network e1000 mtu 1500


Test 2 – No VMTOOLS – network e1000 dvswitch 9000


VMTOOLS – network e1000 dvswitch 9000

e1000-comparision3 - dvswitch 9000

Test 3 – No VMTOOLS – network e1000 – nic + dvswitch 9000


VMTOOLS – network e1000 – nic + dvswitch 9000

e1000-comparision3 - dvswitch 9000 - nic

Tests coming soon.

Test 4 – No VMTOOLS – network e1000 – nic + dvswitch 9000


VMTOOLS – network vmxnet3 – nic + dvswitch 9000

e1000-comparision4 -vmxnet3 - nic dvswitch 9000

Test 5 – No VMTOOLS – network e1000 – dvswitch 9000 (nic 1500)


VMTOOLS – network vmxnet3 – dvswitch 9000 (nic 1500)

e1000-comparision4 -vmxnet3 - dvswitch 9000

DISK (Read performance only)

Test 1 – No VMTools – Disk IO


VMTools – Disk IOdisc - vmtools vs no vmtools

Test 2 – No VMTools – Disk IO


VMTools – Disk IO Paravirtual

disc - vmtools para vs no vmtools


Okay so I am a bit suprised by the results.

Most definalty vmxnet3 is the way to go if you have two servers that are chatty and can put them on the same host to utilise 10Gb through the vswitch or dvswitch. The graphs really sell that point.

But vmtools for disc performance, wow it almost seems like vmtools slows the thing down. However the boot up speed is quicker and general feel seems much quicker on windows 2008 R2 after switching to paravirtual scsi. The numbers do not lie though.

Keeping in mind……..

The big benefit of vmtools is that the ESX Host does not need to put an emulation layer between the guest and the device, so with vmtools installed we do save on resources on the ESX Host meaning we can run more on the host.

But if you like me use to get frustrated with admins about upgrading vmtools, we now know it really is not that important.


You have start up and shutdown scripts. – not power off but guest shutdown.

Run RVTOOLS to gather information about your virtual environments – IP settings and partition info for example.

Like your ESX environment to run at its peak efficiency..


vmware’s vma 4.1 and splunk working together

So I stumbled across a post by Chris Chadwell on setting up vmware syslog and splunk on vMA (vmware managemnet appliance) and thought hell yeah..

So here is my twist on this gem of an idea.

This should not take long at all provided a few things are done first.

  1. Know a spare IP and your hostname, Subnet mask and Gateway that can access your ESX(i) hosts, or Vcenter.
  2. Have vma 4.1 dowloaded and extracted from the iso so you have the ovf available.
  3. Grab a redbull, mother, monster, power juice, boost to get yourself full throttle.

The end goal is to have the dashboard below for your environment.

– without the errors of course.

A good environment… still some work can be done to clean the errors, mainly ha errors.


A bad environment… – keeping in mind that in the following screen we would get some alarms every now and then but other than that it seemed to be working… the people who administered this environment thought it was fine until I showed them this dashboard.


The two methods…

Automated path…

    • Download vma from vmware
    • Unzip with your weapon of choice, 7zip is my fav at the moment.
    • Logon to your vcenter
    • Choose a suitable location – if you are a junior admin or it is not your environment get permission!
    • File, deploy OVF template
    • Browse to the extracted folder from step 2 and select vMA**.ovf
    • Next
    • Next
    • Accept – after reading of course
    • Next
    • Enter hostname
    • Choose Folder
    • Next
    • Choose Resource Pool
    • Next
    • Choose Datastore
    • Next
    • Thick or Thin your call
    • Next
    • Choose network vlan
    • Next
    • Finish
    • Right click and upgrade hardware – this allows you to specify the below setting and get vmxnet3
    • Edit virtual machine, Options, change Other Linux to Other 2.6x Linux (32-bit)
    • Remove network
    • Increase Memory – I allocated 2Gb
    • Add extra disk 25 Gb – can be same scsi adapter or separate.
    • Add extra disk 25 Gb – can be same scsi adapter or separate.
    • Close
    • Edit virtual machine
    • Add network device vmxnet3 and select right vlan
    • Power on.
    • Set IP
    • Set password
    • open putty session
    • open winscp session and copy the following three files to /tmp on your vma server
    • vmasplunk.sh
    • vmasplunk.zip
    • VMTools – of course if you get your vmtools you can copy that in, the scripts should pick it up
    • on your putty session enter

sudo -s

chmod a+x /tmp/vmasplunk.sh


  • Now sit back and watch the disks get setup and formated, vmtools-open removed and vmtools installed, splunk installed, conf files uploaded to spunk for views and searches
  • You will be asked to say Y to the license agreement, so space space space and then y, enter
  • Whilst in your putty sesssion enter “vifp addserver ESXHOST.FQDN –username root –password bunny” for each host you want to monitor
  • If you have a large number of hosts I suggest downloading this excel spreadsheet I created here
  • Then enter “vilogger enable –server ESXHOST.FQDN –numrotation 10 –maxfilesize 10 –collectionperiod 30” to start the logs flowing
  • Open your browser and enter the vma ip address or dns
  • logon with Admin and whackdiddy
  • Change the password
  • Click App in the top right corner and search
  • Then click dashboards and select “vSphere View”
  • The only thing left is to shutdown vma and change the scsi device to paravirtual and you are done.

The manual path

  1. Download vma from vmware
  2. Unzip with your weapon of choice, 7zip is my fav at the moment.
  3. Logon to your vcenter
  4. Choose a suitable location – if you are a junior admin or it is not your environment get permission!
  5. File, deploy OVF template
  6. Browse to the extracted folder from step 2 and select vMA**.ovf
  7. Next
  8. Next
  9. Accept – after reading of course
  10. Next
  11. Enter hostname
  12. Choose Folder
  13. Next
  14. Choose Resource Pool
  15. Next
  16. Choose Datastore
  17. Next
  18. Thick or Thin your call
  19. Next
  20. Choose network vlan
  21. Next
  22. Finish
  23. Upgrade hardware
  24. Edit virtual machine, Options, change Other Linux to Other 2.6x Linux (32-bit)
  25. Remove network
  26. Increase Memory – I allocated 2Gb
  27. Add extra disk 25 Gb – can be same scsi adapter or separate.
  28. Add extra disk 25 Gb – can be same scsi adapter or separate.
  29. Close
  30. Edit virtual machine
  31. Add network device vmxnet3 and select right vlan
  32. Power on.
  33. Set IP
  35. cp /etc/DIR_COLORS ~/.dir_colors
  36. Vi ~/.dir_colors
  37. #Change
  38. DIR 01;34 #directory
  39. #To
  40. DIR 01;33 #directory
  41. Logoff
  42. Logon
  43. Cd /
  44. ls
  45. # you should now see yellow directories and not dark bloody blue
  46. yum remove vm-
  47. Winscp linux vmtools from linux iso to vma03
  48. Tar -zxf VM
  49. Cd vmware-tools-distrib
  50. Answer defaults… enter enter enter
  51. Shutdown -h now
  52. Change SCSI controller to paravirtual
  53. Power on
  54. Fdisk -l
  55. Fdisk /dev/sdb
  56. N
  57. P
  58. 3
  59. Mkfs -t /dev/sdb1
  60. Mkdir /var/vmlogs
  61. Mount /dev/sdb1 /var/logs/vmware
  62. Vi /etc/init.d/fstab
  63. Add “/dev/sdb1 /var/vmlogs ext3 default 0 1”
  64. For each host you wish to monitor
  65. vifp addserver <hostname or ip of ESX/i server>
  66. For each host you wish to capture logs from
  67. Vilogger enable –server hostname or ip of ESX/i server –numrotation 10 –maxfilesize 10 –collectionperiod 10
  68. Edit vilogger for location of files.
  69. Vi /etc/vmware/vMA/vMA.conf
  70. Download the latest Splunk here. Make sure you pick the Linux distribution (32 bit)
  71. Copy the file to the vMA, I used WinSCP as I was using my Windows 7 machine.
  72. Get yourself a root bash prompt
  73. Sudo bash
  74. rpm -i splunk-xxxxx-.rpm
  75. /opt/splunk/bin/splunk start
  76. /opt/splunk/bin/splunk set web-port 80
  77. /opt/splunk/bin/splunk restart
  78. /opt/splunk/bin/splunk enable boot-start
  79. /opt/splunk/bin/splunk edit user admin -password whackdiddy -roles admin -auth admin:changeme
  80. open ie, firefox, chrome (your weapon of choice) http:\\ip-address or dns\
  81. Logon with admin and [passoword set at 40]
  82. Click on manager
  83. Data inputs
  84. Files and directories
  85. New
  86. Skip preview
  87. Enter path
  88. /var/vmlogs/vmware/*/hostd.log
  89. More settings
  90. Change Set Host to Segment in path
  91. Segment number = 4
  92. Whitelist = blank unless you choose not to specify hostd.log
  93. vma/ vma
  94. In the top right hand corner you will see App with a drop down arrow.
  95. Click the drop down and press search or on the left had side press search
  96. Paste this into the search bar
  97. error OR failed OR severe OR ( sourcetype=access_* ( 404 OR 500 OR 503 ) ) | timechart count by host usenull=f useother=f
  98. Click on the chart view (like mobile reception indicator on ya phone) and you should have a nice chart. Change the formating options to line combined connect.
  99. And we are done… Congratulations