How To Use Linux for an ESXi iSCSI Server

Virtualizationreview | August 08, 2019

In a previous article, I showed you how to set up and use Ubuntu as a Network File System (NFS) server and use it to store virtual machines (VMs) from a vSphere environment. In this article, I'll go a step further and show you how to set up an iSCSI target on Ubuntuand how to connect ESXi to iSCSI, and then I'll give some of my final thoughts on using Linux as an iSCSI target. NFS shares files while iSCSI shares block devices, which means that that a filesystem will need to be put on the iSCSI target after it has been shared with another system. There are different reasons why people choose to use NFS or iSCSI for storage, and it would take a rather long article to discuss the advantages of one over the other. As a matter of principal, however, vSphere can use either NFS or iSCSI.

Spotlight

The CPU scheduler is an essential component of vSphere 5.x. All workloads running in a virtual machine must be scheduled for execution and the CPU scheduler handles this task with policies that maintain fairness, throughput, responsiveness, and scalability of CPU resources. This paper describes these policies, and this knowledge may be applied to performance troubleshooting or system tuning. This paper also includes the results of experiments on vSphere 5.1 that show the CPU scheduler maintains or exceeds its performance over previous versions of vSphere.

Spotlight

The CPU scheduler is an essential component of vSphere 5.x. All workloads running in a virtual machine must be scheduled for execution and the CPU scheduler handles this task with policies that maintain fairness, throughput, responsiveness, and scalability of CPU resources. This paper describes these policies, and this knowledge may be applied to performance troubleshooting or system tuning. This paper also includes the results of experiments on vSphere 5.1 that show the CPU scheduler maintains or exceeds its performance over previous versions of vSphere.

Related News

VIRTUAL DESKTOP STRATEGIES

Sophos Firewall Unleashes Xstream Power for Distributed and Enterprise Edge Computing

Sophos | November 22, 2022

Sophos, a global leader in innovating and delivering cybersecurity as a service, today introduced new Sophos Firewall capabilities to better meet the complex and demanding needs of distributed and enterprise edge computing. Sophos Firewall now delivers performance enhancements that accelerate encrypted traffic inspection, dynamic traffic routing for Internet Protocol version 6 (IPv6), added resiliency with software-defined wide area network (SD-WAN) load balancing and high-availability enhancements, and seamless integration with Microsoft Azure Active Directory. “One of the key benefits of the Xstream architecture and Flow Processors is that they are programmable. This means that while other firewalls get slower over time, we can increase performance, even when we add new features and capabilities, Our design ensures customers’ investment in Sophos Firewall is future-proofed and enables seamless transition to a cloud-enabled world. SD-WAN and Secure Access Service Edge (SASE) demand a more efficient platform, which is not only resilient but also makes day-to-day management easier and faster than ever.” Daniel Cole, vice president of network security product management at Sophos The effective and reliable assessment of network traffic is critical in protecting against threat actors, as evidenced in Sophos’ 2023 Threat Report that published today. Distributed offices, remote workforces, cloud workloads, custom-built legacy apps, and a growing reliance on global software-as-a-service providers create a configuration and risk management headache for network security managers. Sophos Firewall now provides the performance, protection and resiliency that distributed enterprises require, while simplifying the management of complex networks. Benefits include: Advanced performance and protection: A new high-performance dynamic routing engine and Xstream Transport Layer Security (TLS) FastPath acceleration improves encrypted traffic inspection while also adding headroom for traffic that requires deep-packet inspection; the asymmetric cryptographic capabilities within Xstream Flow Processors – included in every XGS Series appliance – enable TLS inspection on even the most demanding networks Added resiliency and peace of mind: New SD-WAN load balancing for performance and reliability in the event of an internet service providers’ (ISP) outage along with enhancements to high-availability clusters ensure maximum business continuity and uptime for mission critical networks Improved ease of management: Managing network security is easier than ever with new Microsoft Azure Active Directory integration for seamless administrator single sign-on and new host and service object search Sophos Firewall integrates with Sophos ZTNA (zero trust network access) under one unified management plane and is a key pillar of Sophos’ SASE strategy, providing a more simplified, scalable and secure solution over traditional remote-access virtual private networks (VPN). The network solution is also part of the Sophos Adaptive Cybersecurity Ecosystem, which integrates Sophos’ entire portfolio of products, services and Sophos X-Ops threat intelligence for faster and more contextual and synchronized detection, protection and response. Availability Sophos Firewall is available for immediate purchase exclusively through Sophos’ global channel of partners and Managed Service Providers (MSPs). It is easily managed in the cloud-native Sophos Central platform alongside other solutions, where users can oversee installations, respond to alerts and track licenses and upcoming renewal dates via a single, intuitive interface, or by Sophos Managed Detection and Response (MDR). What Analysts, Channel Partners and Customers Say “With their latest firewall release, Sophos has leveraged the flexibility of their Xstream architecture to deliver improvements in performance for VPN throughput and more efficient handling of TLS encrypted traffic, which is vitally important in today’s encrypted world,” said Christopher Rodriguez, research director of IDC’s Security & Trust practice. “They’ve also completed the build-out of their networking feature set to provide an integrated SD-WAN solution. Combined with other recent enhancements to their secure access portfolio like ZTNA as a Service, they’re positioning to provide the features and capabilities that larger distributed enterprise organizations demand, while also building out a SASE strategy that will appeal to organizations of all sizes.” “As a multinational technology consulting firm that’s relied on Sophos Firewall since it was first incepted, Seidor Networks intimately knows the offering is a must-have solution for protecting against malware and other unwanted network traffic,” said Sean Hancock, ISP manager at Seidor Networks. “Sophos is continuously innovating and adding new features that are industry best. This new version of Sophos Firewall raises the bar even higher with unrivaled network protection and performance; and when you pair Sophos Firewall with Sophos XDR, the results are truly next level as endpoints and firewalls share real-time threat intelligence for further improved network visibility and lateral movement control.” “The new Sophos Firewall software has multiple advantages for all of our customers,” said Marc Hurrelmann, chief executive officer at Midland IT. “Many of the features added have been designed to address the challenges that larger organizations are facing with implementing SD-WAN, optimizing performance, scaling their network, improving resiliency and up-time, and enhancing management efficiency. Smaller organizations will benefit from all the added value packed into Sophos Firewall with better performance, protection, networking, and management.” About Sophos Sophos is a worldwide leader and innovator of advanced cybersecurity solutions, including Managed Detection and Response (MDR) and incident response services and a broad portfolio of endpoint, network, email, and cloud security technologies that help organizations defeat cyberattacks. As one of the largest pure-play cybersecurity providers, Sophos defends more than 500,000 organizations and more than 100 million users globally from active adversaries, ransomware, phishing, malware, and more. Sophos’ services and products connect through its cloud-based Sophos Central management console and are powered by Sophos X-Ops, the company’s cross-domain threat intelligence unit. Sophos X-Ops intelligence optimizes the entire Sophos Adaptive Cybersecurity Ecosystem, which includes a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity and information technology vendors. Sophos provides cybersecurity-as-a-service to organizations needing fully-managed, turnkey security solutions. Customers can also manage their cybersecurity directly with Sophos’ security operations platform or use a hybrid approach by supplementing their in-house teams with Sophos’ services, including threat hunting and remediation. Sophos sells through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K.

Read More

VIRTUAL DESKTOP STRATEGIES

Fortinet’s Latest Next-Gen Firewall Helps Customers Achieve Sustainability Goals by Consuming 80% Less Power Than Rivals

Fortinet | November 08, 2022

Fortinet, a leader in broad, integrated, and automated cybersecurity solutions, today announced FortiGate 1000F, the latest series of next-generation firewalls (NGFW) from Fortinet to deliver higher performance—more than seven times faster firewall throughput—and lower power consumption—83 percent fewer watts per Gbps of firewall throughput—than competitive solutions. Performance is No Longer the Only Consideration as CIOs Focus on Sustainability In addition to being chartered to maintain a resilient and secure hybrid IT environment, most enterprises also have sustainability goals that they have to meet. This has added more pressure for CIOs and IT leaders as sustainability and cost control have become an important board-level line item. In fact, the Gartner® Top Strategic Technology Trends for 2023 Sustainable Technology report reveals that, “By 2025, 50% of CIOs will have performance metrics tied to the sustainability of the IT organization.”1 Delivering High-Performance, Environmentally Sustainable, and Consistent Security for the Data Center As the vendor that received the highest score for the Enterprise Data Center use case in the 2022 Gartner® Critical Capabilities for Network Firewalls report2, and a Leader in The Forrester Wave™: Enterprise Firewalls, Q4 2022 report, Fortinet is pleased to announce the FortiGate 1000F series, the latest NGFW for enterprise data centers. Supported by over 20 years of developing purpose-built security processing units (SPUs), FortiGate 1000F continues Fortinet’s legacy of delivering NGFWs that provide the scale, performance, and power savings to meet the security requirements of today's enterprise data centers. “Improving sustainability practices is a top-of-mind business concern for enterprises today, which is putting pressure on CIOs to reduce the carbon footprint of their IT infrastructure. Fortinet continues to meet our own sustainability goals and help our customers do the same through our dedication to improving the performance and energy efficiency of our products. The FortiGate 1000F series of next-generation firewalls, which delivers higher performance and lower power consumption compared to competitive solutions, is the latest example from Fortinet.” John Maddison, EVP of Products and CMO at Fortinet High-Performance Security Fortinet’s purpose-built SPUs enable FortiGate 1000F to deliver an average of 7.4x more firewall throughput to help enterprise security keep pace with the speed of today’s networks. FortiGate 1000F also offers nearly 7x higher IPsec VPN performance and 7x higher SSL inspection throughput than the industry average to ensure network blind spots are eliminated and enterprises have full visibility of clear-text and encrypted network flows without introducing bottlenecks. This is critical for high-performance data centers in order to defend mission-critical data and rapidly identify and stop threats before they infiltrate the network. Additionally, with threat protection performance that is 2x higher than the industry average, FortiGate 1000F processes critical AI/ML-powered security services such as IPS, Application Control, and Malware Protection faster than other offerings. As is true with Fortinet’s entire line of FortiGate NGFWs, FortiGate 1000F enables secure digital transformation by delivering advanced visibility and control over network traffic to support enterprises in building contextual, evolving network and security policies. Environmentally Sustainable Security FortiGate 1000F helps customers achieve their sustainability goals by requiring 83 percent fewer watts per Gbps of firewall throughput and requiring 86 percent fewer watts per Gbps of IPsec VPN throughput. FortiGate 1000F also requires less cooling than other solutions, generating only 15 percent of the BTU/h per Gbps of firewall throughput compared to competitive firewalls. Fortinet’s high-performance, low-power network firewalls mean that enterprises require fewer firewalls to accomplish their business needs, helping further reduce costs for space and cooling in the data center. Consistent Security FortiGate 1000F is powered by a single operating system, FortiOS, which provides unified security and management frameworks across all form factors and edges, supporting hybrid environments in a consistent and coordinated way. With FortiOS everywhere, customers benefit from broad visibility, seamless integration and interoperability between critical security elements, and granular control and automation. This includes Universal Zero Trust Network Access (ZTNA) with a built-in ZTNA application gateway, allowing explicit access to applications and enforcing customers' Zero Trust policies. Like all FortiGate next-generation firewalls, FortiGate 1000F includes a suite of FortiGuard AI-powered Security Services that are developed and continually enhanced by FortiGuard Labs. For advanced, real-time protection against known and unknown threats in the data center, customers can leverage AI-powered IPS and anti-virus, as well as the industry’s first in-line sandbox protection to stop malware and ransomware from ever entering the network. Enterprise data centers depend on these services to monitor and protect against file-based attack tactics, malware, lateral movement, ransomware, and credential-based attacks. FortiGate 1000F vs. Competitors Below is a comparison of the top firewalls on the market against the target performance numbers of the FortiGate 1000F series. Security Compute Rating is a benchmark (performance multiplier) that compares FortiGate performance metrics versus the industry average of competing products across various categories that fall within the same price band. Also included are power and heat metrics for competing products showcasing the energy efficiency of FortiGate 1000F versus competitive solutions. About Fortinet Fortinet makes possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere. This is why the world’s largest enterprises, service providers, and government organizations choose Fortinet to securely accelerate their digital journey. The Fortinet Security Fabric platform delivers broad, integrated, and automated protections across the entire digital attack surface, securing critical devices, data, applications, and connections from the data center to the cloud to the home office. Ranking #1 in the most security appliances shipped worldwide, more than 595,000 customers trust Fortinet to protect their businesses. And the Fortinet NSE Training Institute, an initiative of Fortinet’s Training Advancement Agenda (TAA), provides one of the largest and broadest training programs in the industry to make cyber training and new career opportunities available to everyone.

Read More

SERVER VIRTUALIZATION

The End-User Experience Must Be the Top Consideration When Implementing Virtual Desktop Infrastructure, Says Info-Tech Research Group

Info-Tech Research Group | November 04, 2022

Global IT research and advisory firm Info-Tech Research Group has released a new blueprint titled Considerations for a Move to Virtual Desktops. The industry resource was created to assist IT professionals in considering virtual desktop infrastructure (VDI) or desktop as a service (DaaS). These solutions can increase user satisfaction, reduce IT complexity, decrease management and storage costs, and maintain a secure and effective environment for both the end user and the business. Info-Tech's new research analyzes the user experience data that the IT industry tracks but often doesn't use or even consider. VDI or DaaS users expect the user experience to be at least equal to that provided by a physical desktop and typically do not concern themselves with the underlying infrastructure. If the experience is less, it means IT has failed in the considerations for VDI/DaaS. "If employees are the competitive edge and key differentiators for a business, Infrastructure & Operations (I&O) has a duty of care to ensure that the employees' digital experience enables and does not impede the value of that asset," John Annand, principal director at Info-Tech Research Group Hybrid work environments and the security concerns that come with them have accelerated the move to VDI and DaaS solutions, but implementation comes with its own unique set of challenges to consider when deciding which solution is best suited for the business. In addition to considering the user experience, IT must also ensure productivity standards throughout the process, both strategically and tactically. Common obstacles IT departments may encounter include complicated shared infrastructure, inadequate in-house training, or insufficient staff to execute migration or manage post-migration activities such as governance and retention policies and other security, compliance, legal, and data classification concerns. Info-Tech Research Group recommends that organizations define their end goals, frame solutions based on end-user workloads, and understand the pros and cons to decide which solutions will best meet business needs. The new data-backed blueprint offers self-evaluation tools and questions IT leaders can ask themselves in order to accomplish these steps: Define and build your value hypothesis/proposition\ What is the business case? Who is championing the investment? Identify the project management team and stakeholders. Set goals to be achieved based on value. Identify KPIs and metrics to measure success. Identify use cases and personas Identify possible user friction (e.g., emotional, cognitive, interaction). Understand current infrastructure shortcomings and capabilities (e.g., network, security posture and tolerance, staffing needs, qualified technicians, end-user devices, etc.). Articulate use cases into functional and non-functional requirements Separate must-haves and nice-to-haves. Categorize requirements into identifiable functionality capabilities. Review your outputs and identify "gotchas" using the MECE (mutually exclusive, collectively exhaustive) principle. Conducting a self-evaluation of the business and understanding the strengths and weaknesses of in-house technical skills and business requirements will assist IT leaders in making the right decision when it comes to VDI or DaaS solutions. About Info-Tech Research Group Info-Tech Research Group is one of the world's leading information technology research and advisory firms, proudly serving over 30,000 IT professionals. The company produces unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. For 25 years, Info-Tech has partnered closely with IT teams to provide them with everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations. Media professionals can register for unrestricted access to research across IT, HR, and software and over 200 IT and Industry analysts through the ITRG Media Insiders Program.

Read More