May 23rd, 2018

ESXi 6.5 Enhancements

VMware ESXi is the leading hypervisor software choice for enterprises. At Packet we already support ESXi, however we have made major improvements. 

Root account lock-out:
VMware implemented this security feature in ESXI 6.0+. After a few failed login attempts the server will trigger a lockout. However, once locked out from the UI the user would also be unable to access via SSH. This has been resolved by adding ChallengeResponseAuthentication no in /etc/ssh/sshd_config

This can be removed and then SSH restarted to connect a node to vCenter, but we strongly recommend leaving it on after that to prevent lockouts from random SSH brute force scans.

Adding Private Networking:
Setting up an environment where two virtual machines can connect over a private network can be very useful. Especially when testing an application, or when you are required to have two virtual machines communicating with one another through a private network without interfering with the production and any other network traffic. 

ESXi installs now have private networking configured so you can communicate with other instances on your account without using public IP addresses. However, we still strongly recommend making a new isolated network within ESXi/vCenter upon which to launch VMs for internal communication as space on the private subnet is limited.

SOS Settings:
There was an issue with the ability to rescue from the console due to some  ESXi settings. You still cannot see boot message from the ESXi bootloader, but the serial console is enabled during the install, and re-enabled during a final reboot of the installed instance just after it is marked available. This requires a reboot, so the last step of the provisioning process is to reboot once more and it may be a few moments for the instance to respond. This is normal and expected behavior.

Lastly, we also laid the groundwork for eventually allowing the user to use Packet storage from ESXi by enabling the iSCSI adapter and setting the IQN for block storage attachment. 

Improved ESXi 6.5 support is available in all facilities on all plans except c2.xlarge (coming soon) and ARM. It is important to note that with this release Packet no longer supports older versions. It is recommended to follow VMware's steps to upgrade to 6.5 for any existing machine. 

Why better ESXi support matters:
A hypervisor allows one host computer to support multiple guest VMs by virtually sharing its resources, like memory and processing. Due to this ability hypervisors make it possible to use more of a system’s available resources, and provide greater IT mobility, the use of virtualization has seen enormous growth. 

There are several providers of hypervisor management software but VMware ESXi is the leading choice of enterprise type companies.

To learn more about how VMware ESXi works on Packet bare metal click here, and as always feel free to email us if you have any questions.