How to Join a Mac to a Windows Domain

Tell me if this sounds familiar. You come into work one day and your boss calls you into his office and says he got a new laptop. You arrive at his office door and realize your boss bought a Mac. He wants to be able to access all the company files stored on your Windows domain from his new Mac. Or maybe the scenario is a bit different. Your company decides to create a new department for graphical design and marketing and all the designers use Macs.

So what do you do? Not to worry, you can join a Mac to your Windows domain and today I’m going to show you how it’s done. Let’s walk through joining Snow Leopard to a Windows Server 2008 domain.

Setting Network and User Options on a Mac

Windows domains rely on DNS for Active Directory to work correctly so the first thing we need to do is set a static DNS address on your Mac. We need to use the IP address of your Windows domain controller for this setting. From your dock open System Preferences or click the Apple in the top left corner and choose System Preferences. Now click Network to open your network settings.

Now you should be at your Network settings screen.

By default your network adapter is set to DHCP. Depending on the network connection you are going to use you will need to change this setting to Manually.

Keep in mind if you are setting a static address on your Mac and you take it to another network you might need to change this setting back to DHCP. I would suggest using the wired or Ethernet connection for your static address and use the wireless for DHCP. In this example I am setting a static address on the Ethernet connection.

My Windows domain controller has an IP address of 192.168.1.172 so I will put this in the DNS section. I’m setting my IP address to 192.168.1.171 for this example. Fill in your IP address, subnet, gateway, and DNS according to your network settings.

Click the back button to go back to System Preferences and choose Accounts

Click the Lock to make changes to these settings. Then click the Join button next to Network Account Server

Now click the Open Directory Utility button

You should now be at the Directory Utility; click the Lock to make changes. Then make sure Active Directory is checked, highlight it, and then click the Pencil to edit this setting.

Here you can enter your domain information and computer ID. For this example the domain ishq.test.us and the computer ID is Mac. The computer ID is the computer name that will show up in Active Directory once the Mac is joined to the domain.

Click the arrow to Show Advanced Options. This gives you 3 extra options you can configure. To keep it simple I usually leave these settings default except for the Administrative section. Click the Administrative button and enter the IP address or the FQDN of your domain controller in the Prefer this domain server section. For this example I used the IP address of my domain controller 192.168.1.172. You can also specify groups that are allowed administration privileges.

Now click the Bind button and you will be prompted for credentials. Enter your domain administrator username and password and click OK.

You should see it progress through steps 1-5 as you are authenticated and joined to the domain.

Now you should be joined to the domain and the Bind button changes to Unbind.

Click OK and then click Apply in the Directory Utility window. Then close the Directory Utility. Now you should be back at the Accounts window. Note the green dot and domain name next toNetwork account server.

Logging In with Windows Credentials on Your Mac

Now you should be able to login to the Mac with your Windows domain credentials. Log off the current user you are logged in with. When you get back to the login screen choose Other.

Now enter your Windows domain credentials.

That should get you logged into the computer with your domain credentials. So now what? How do you access the files on the server?

We will need to map drives to the shared folders on the server so you can access the files. FromFinder click Go then click Connect to Server. Since Mac uses SMB we need to use this syntax:smb://servername/share then click Connect.

Note that you will not be prompted for credentials to connect because we are logged in with our domain account. You can also connect to Windows shared folders with the same syntax and a username and password if your Mac is not joined to the domain.

Mac on Windows Domain: Is it Worth it?

Now I bet you’re wondering, is this worth it?

This process is not for the faint of heart and can get tricky depending on your environment. There can be issues with joining Macs to a .local domain and there can also be reverse DNS issues to be aware of. With these things in mind, there are definitely some things to consider before joining your Mac to a Windows domain.

Some may wonder what the benefits of joining s Mac to a Windows domain would bring. It mostly helps with accessing files on your Windows server without authenticating every time. It also helps with user account management and alleviates the need to have separate user accounts on the local Mac computer and on the Windows domain.

In my opinion, if you have a mobile Mac user with a laptop you probably wouldn’t join it to your domain, but would instead authenticate when needed. If you have Mac desktop computers and multiple users logging into them and using them daily, joining them to the domain is probably a better solution. Overall it’s up to you how you want to configure it but hopefully this gives you a good baseline to start with.

How to find Windows uptime?

The following article will help you to find the computer uptime

Instructions

Option 1:

    1.  Go to "Start" -> "Run".

    2.  Write "CMD" and press on "Enter" key.

    3.  Write the command "net statistics server" and press on "Enter" key.

    4.  The line that start with "Statistics since …" provides the time that the server was up from.

•   The command "net stats srv" can be used instead.

Pick Database - A "Basic" Explanation

Pick:

• Pick Database is since 1965 and produced by Don Nelson and Richard Pick

• Raining Data Corporation: merging Pick Systems® and Omnis Technology Corp.

Simple Model of Pick:

• TCL:  Terminal Control Language 
• PROC: Consist of TCL Commands,  like shell programming in Unix

• Editor / ED :  Raining Data  editor to create, maintain and delete virtually any element within the database.
• Database Manager:  Responsible for the management of all aspects of the files and interfaces directly to the operating system. It determines the file type (hashing method), space allocation, maintains file integrity via various utilities.

• INFO/ACCESS: Query Language : LIST , SORT , COUNT etc.

• LIST CUSTOMERS : lists items in a file. Item-Ids.
• LIST CUSTOMERS LAST-NAME STREET CITY STATE :  LAST-NAME, STREET, CITY and STATE are Attributes.
• SORT CUSTOMERS BY LAST-NAME

• Basic: BP: Procedure Language 
• MDS : Master Dictionary of the System.
• MD: Master Dictionary for each Account and Each file to define structure of the Account and File.
• File: Each File has Dictionary and Data Part to define structure of Attributes and Contain Data part.

• BASIC programs (source code) are created using the Editor processor.

ED{IT} file.name itemID

An example of creating and filing a BASIC program named COUNT:

• BASIC programs are compiled using the BASIC command from TCL.

BASIC file.name {item.list} {(options)}

 The BASIC  compiler stores the object code for a BASIC program in the dictionary of the same file as the source code, using the same item ID.

• Compiled BASIC programs can be run by issuing the RUN command at the TCL level.

RUN file.name itemID {(options)}

• Compiled BASIC programs can be cataloged into the current master dictionary with the CATALOG command. This allows the cataloged program name to be used as a command from the TCL level.

CATALOG file.name {item.list} {(option)}

• MultiValue Database (MVDB or MVDBMS) Structure: 

• Variable length files, items, and attributes
• Multi-value (and sub values) within attributes
•  Unlimited file and item size (up to the size of  the disk)
• Disk space is divided up into frames. 
• A frame is the basic I/O unit: 500 to 4,000 bytes depending on the implementation on OS.
• Hierarchical organizational structure with a SYSTEM file at the top. MDS file: defines all the ACCOUNTS on the database.
• Each ACCOUNT consists of 1 Master Dictionary, the MD.  The MD, like any other file, consists of items. These items contain all the verbs, file definitions, pointers to files in other accounts. This allows one to customize each account to be able to execute only those verbs and access/update only those files that are defined in its MD. Accounts are set up by the user and can be activity-specific (e.g. a SALES account, used by several people), or user-specific (e.g. MARY, used only by Mary), or in whatever other way suits one's needs. Accounts are collections of logically related files.
• A file definition basically specifies which frame number the file starts in (called the base frame id, or FID) and how many "groups" are assigned to it as primary file space, (called the "modulo"). On creation of the file, <modulo> number of contiguous frames are allocated, starting at the base.
• The system applies a hashing algorithm to each record key (item-id) as it writes it to that file to decide into which group to put it. When a frame in a group fills up with items, a new frame is automatically attached to it from anoverflow table which keeps track of unused frames. Thus a group always consists of at least one frame, but as time goes by and more items are added into the group, it can come to consist of many frames. Files that have many overflow frames become slow to access, but the modulo can be reassigned to provide for more groups, thus reducing the number of overflow frames. item-id "hashes" to a file.
• There is only one file type: Variable Length.
• Each file definition in the MD is actually a definition for the dictionary of the data file in question.
• With an attribute definition item it's possible to "translate", or retrieve, data from other files: Ref. Field concept: thus making the MVDB a relational database.
• Appropriate functions are provided as part of the system to convert a date from practically any external format.
• MVDBMS has been Y2K compliant.
• Numeric values should always be stored as integers, conversion functions are provided.
• Only one file structure available. It is known as a random access file structure because records physically reside in the file in random order.
• Pick System treats each item as a string of characters, there is no concept of "type" of fields.
• In the Pick System, all files and items are accessible. From the data files up to the system files, everything is available to the user/programmer, who can greatly enhance the functionality of the system.
• PICK/BASIC LANGUAGE:
• Allows multiple statements to be put on one physical line (attribute) provided that each statement is separated by a semicolon (;).
• Literal constants are any strings enclosed in single or double quotes, or between backslashes ( \ ). maximum item size of 32K.
• Variable: In PICK/BASIC, no concept of data type exists.
• There are two types of data used in Pick/BASIC: numeric and string.
• A variable can be a simple variable, an array element, a dynamic array element, or a substring.
• two types of arrays: dynamic arrays and dimensioned arrays.
• Dimensioned arrays: defined with the dim statement, specifies the name of the array and the number of elements in the array. and limited to two dimensions (rows and columns).
• A dynamic array is a string containing attribute marks, value marks, and/or subvalue marks which are used as field delimiters. All elements within dynamic arrays are separated by one of these delimiters. Dynamic arrays do not have a fixed size nor are they dimensioned. Subscripts in dynamic arrays are enclosed in angle brackets (<>). A dynamic array may be an element in a dimensioned array.
• Format String: justification, precision, scaling, and credit indication. The entire format string is enclosed in quotation marks. A format string literal can immediately follow the string it is to format.
• substring = string[m,n]. S is the string "ABCDEFG", then the current value of S[3,2] is the substring "CD".
• string[m,n] = substring. S above ("ABCDEFG") is to have characters 3 to 5 inclusive replaced by the string "123" the assignment S[3,3]="123". Result is "AB123FG".
• Statement Syntax:
• REM, or an asterisk
• (*), or an exclamation point (!) at the beginning of a program statement.
• REM THESE BASIC STATEMENTS
• ! DO NOT AFFECT
• * PROGRAM EXECUTION
• Spaces appearing in a program line (which are not part of a data item) are ignored.
• PROMPT ":" /* Default prompt character is a question mark.
• equ True to 1
• PRINT "PLEASE ENTER YOUR NAME " : /* Display on Terminal.
• PRINT (FORMAT) MASKING : an L for left-justified or R for right- justified, D for date justification,*  Fills output with asterisks, #  Fills output with blanks, %  Fills output with zeros.
• CRT @(0,23):@(-4):Function         Description
  @(-1)            Clears the screen.
  @(-3)            Clears from the current cursor position to the end of the screen.
  @(-4)            Clears from the current cursor position to the end of the current line.
  @(x,y)           Positions the cursor at column (horizontal axis) "x" on row (vertical axis) "y".
• : : CONCATENATION : FIRST.NAME : " " : LAST.NAME
• "MC":Mask Character:
• "MCT" conversion converts the first alphabetic character in each word of a string to its uppercase form
• The MCU code converts all of the alphabetic characters to uppercase.
•  The MCL code converts all of the alphabetic characters to lowercase.
•  The MCN code retrieves all the numeric characters from the string.
•  The MC/N code retrieves all the nonnumeric characters.
•  The MCA code retrieves all the alphabetic characters (upper- or lowercase) from the string
• The MC/A code retrieves all the non-alphabetic characters.
• MR conversion is used to convert numeric amounts to their internal equivalents.
• Internal
  format                  Conversion       Result
  123 Main Street            MCU           123 MAIN STREET
  123 MAIN STREET            MCL           123 main street
  123 MAIN STREET            MCN           123
  123 MAIN STREET            MCA           MAINSTREET
  123 MAIN STREET            MCT           123 Main Street
  SEAN O'BRIEN               MCT           Sean O'Brien
  MEAGAN MCDONALD            MCT           Meagan Mcdonald
• INPUT NAME /* Input from Key board and stored in NAME.
• IF NAME = "" OR NAME = "QUIT" THEN STOP /* IF Statement.
• SUBROUTINE MAILDEL(FILEDIR,FILENAME)
• RETURN
• Compiler Directives:$ is considered to be a compiler directive.$CHAIN $COMP $DEFINE $IFDEF $IFNDEF $INCLUDE $INSERT $OPTIONS UNDEFINE $TRUE $T $FALSE $F
•  $INCLUDE PGM.FDEF  ABORT.LOG.FDEF.
• $INSERT SPELLER.COMMON
• OPEN 'LETTER-HEADERS' TO F.LETTER.HEADERS ELSE STOP
• READ REC FROM FILE, I /* I is Item Id
• READU : With Lock
• WRITE REC2 TO FILE, "MGR.":I /* "MGR.":I is key
• WRITEU : With Lock
• openseq "DATA-CR","GLEEMSTRI.M" to CurrentMasterFile
• readseq MasterRec from CurrentMasterFile
• READV D3DIR FROM F.LETTER.HEADERS,"D3DIR",1 ELSE STOP 202,'D3DIR' :  reads variable from file specified by Item-Id and Attribute number.
• READU SERVER.REC FROM SERVER.FILE, SERVER.KEY LOCKED
• remove Suffix from Suffixs setting MoreSuffix
• delete VocFile, "QFILE".
• SELECT BCC /* selects all items from a file, The data selected is placed in an internal select-list, to be accessed by a subsequent READNEXT statement.
• clearselect
• readnext
• remove
• execute x
• CALL @HUSHIT(TRUE$)
• CHAIN 'LOGOUT'
• deffun Maxs(a, b)
• date()
• time()
• TIMEDATE() :  produces output in the form: 10:17:36 12 DEC 1997
• loop
• UNTIL
• repeat
• for
• next
• while
• BREAK OFF                   ; * DISABLE BREAK KEY. Disabling the break key prevents the operator from interrupting the program
   BREAK ON                                    ; * ENABLE BREAK KEY
• begin case
• case Idx eq DictRec<2>
• case 1
• end CASE
• continue
• LOCATE(CFILENAME,TEST;POS) /*CFILENAME is searched in TEST and Position is returned in POS if found or not.
• LOCATE(CFILENAME,TEST;POS) THEN
      CRT "WAITING ON BCC.FLG FILE TO BE DELETED"
       RQM 4
      END ELSE
           ACK = 1
  END
• RQM 4 /* suspends execution of a program for a specified number of seconds.
• exit
• EXECUTE "!rm -f ":FILEPATH CAPTURING TEST RETURNING ERRMSG /*Executes Unix command  rm and returns output in CAPTURING and Error code in TEST.EXECUTE command-expr [CAPTURING cvar] [RETURNING rvar] {optional.clauses
• DATA '/tmp/splitter.wrk' /*  stores the specified data for use by subsequent input requests.
• end
• stop
• GOTO 10 /Not a Line No but Numeric Label
• GOSUB 1000
• page
• printer on 
• printer off 
• printer close
• COMMON /DEVSYS/ VOC.FILE /* Common Sorage Allocation 
• ICONV(WORD,'S') /* Internal presentation conversion
• oconv(DATE(),"D2/") /* Output presentation conversion for output device
• convert "/" to "" in BatchDate
• STR(' ',3*(I-1)) /* Build a string of particular Char. of specified Len
• index(Field,@SM,1))
• NUM(RESPONSE)  /* String to Number conversion.
• SQRT(RESPONSE) /*Function 
• ALPHA(RESPONSE) /*Function
• LEN(RESPONSE) /* Function
• MOD(LENGTH,256)
• CHAR(((128 + LENGTH) - LOW))
• ABS(RESPONSE) /*Function
• COUNT(WORD.STRING," ") : determine the number of occurrences of a character, or a string of characters, within another string of characters.
• DCOUNT ("XXXXXXXXXX","XXX") :  behaves exactly like the COUNT function plus 1.
• TRIM(WORD.STRING) : all leading and trailing blanks are removed, and any occurrences of two or more spaces within the string are replaced by a single blank.
• RND(10) + 1 ; * GENERATE THE RANDOM NUMBER.
• REM(NUMERATOR,DENOMINATOR)/*returns the remainder of a numeric expression
• END /* Block of Statements by IF .. THEN ... END.
• EQUATE ATTRIBUTE.MARK TO CHAR(254) /*also used to assign constants
• SLEEP NAPTIME ; /*put a process "to sleep" for a certain period of time
• The CHAR function converts a decimal integer into its ASCII equivalent.
• The SEQ function is exactly the opposite of the CHAR function. produces the decimal equivalent of any ASCII character:
• The STR function is used to generate or print a string of characters of a predetermined length
• SPACE(15) /* creates spaces of 15 Characters.
• the MATCHES relational operator:checks data against a pattern, "N" for numeric, "A" for alphabetic and "X" for wildcards (any character).
• SOCIAL.SECURITY.NUMBER MATCHES "3N'-'2N'-'4N"
• TEST.DATE MATCHES "2N'-'2N'-'2N"
• ALPHA.STRING MATCHES "0A"
• "2N'-'2N'-'2N"            12-01-97: OK       12/01/97 : Not OK
  "1A2N1A3N"                A22T003: OK       A2T03 : Not OK
• ED BP EX.001 /* Editor invoked and Basic Program name EX.001 created.
•  .I<cr> /* Editor Command , Insert Lines.
• . FI /* Finish Insert , Editor Command.
• >BASIC BP EX.001<cr> /* Compile Program 
• >CATALOG BP EX.001<cr> /* Catalog the compiled Program.
• >EX.001<cr> /* Execute the Program.
•  

• Terminal Control Language (TCL):

• system-level command language with system-defined or user-defined statements that can be executed individually or sequentially.
• System-defined statements are called TCL verbs or commands.
• User-defined statements are: macros, menus, PROC's, and cataloged Pick/BASIC programs.
• The first word of a TCL statement must be either a system verb, macro, menu, PROC or cataloged Pick/BASIC program.
• TCL prompt ":" (colon) (or ">".
• TCL command stack facilities are provided
• .L : List most recent statements.
• .X: Executes last statement.
• TCL Command editing:
• CTRL+H: Back space.
• CTRL+X: Delete the command
• CTRL+W: Delete Word
• The "tcl-stack" file stores every TCL command.
• Access commands. Access is a system-level information retrieval language that allows users to query data bases without writing complex programs.
• an-ad hoc data query language.
• Complex data calculations and output formatting.
• The "ss" (spread sheet) connective allows printing out Access reports in spread-sheet format.
• Use of b-tree indexes has increased the speed and performance of Access.
• Spooler commands. These commands control how information is output to the printer.
• Proc: Consist of TCL Commands : JCL and Shell Programming
• PROC processor:
• PROCLIB is a file that contains Procs supplied with the system.
• LISTPROCS is a system Proc that lists all the Procs in file PROCLIB in dictionary format.
• SYSPROG account has additional Procs and programs stored in the SYSPROG-PL (SPL is a synonym for it)  file.
• Proc (initial capitalization) refers to a procedure
• Proc is to move data between input and output buffers, using arguments passed from the command line, user-prompted input, and stored data and commands to build a TCL statement.
• TCL or INFO/ACCESS statements called Procs.
• Primary input buffer
• Secondary input buffer
• Primary output buffer
• At any given time, one input buffer and one output buffer are active
• PROC Buffer. A buffer contains parameters which are delimited by spaces. A buffer pointer points to the current parameter.
• Secondary output buffer (also known as the STACK)
• TCL Processor
• PQ to identify it to the system as a Proc
• H command places the literal string in the output buffer
• A command copies user input to the output buffer.
• P command sends the contents of the output buffer to the TCL processor.
• O command displays a string of text on the user’s terminal screen.
• IP command reads the information entered by the user into the input buffer. It prompts for the input with a colon (:).
• GO 10 transfers control to the command line that is labelled 10
• X command terminates the Proc and returns control to the TCL processor
• IF command provides for conditional branching.
• C must be the first character on a comment line
• ()([DICT] filename proc-name): create Proc
• IT Command: Tape Input
• IH Command: replaces the current parameter in the input buffer with text
• +/- Commands: + (add) command adds an integer to the current parameter in the input buffer and the – (subtract) command subtracts an integer from this parameter.
• RI Command: Reset Input
• F Command Moves the active input buffer pointer forward to the next parameter.
• B Command Moves the active input buffer pointer backward one parameter.
• S Command The S (set) command moves the active input buffer pointer to a specific parameter.
• LIST CUSTOMERS WITH LAST-NAME = “JOHNSON” LAST-NAME FIRST-NAME STREET CITY STATE : Access Statement: List Customers with Last name as JOHNSON with other fields.
• SORT-ITEM MD WITH D/CODE = "PQ": INFO/ACCESS command: sorts and displays all items in the Master Dictionary whose first line is PQ.
• EDIT/ED Command : Editor of Raining Data
• ED [IT] [DICT] filename item-list [(options)]
• Option: D allows the file definition item to be edited.
• EDIT PROCLIB CUST-SORT /*Edit Proc item CUST-SORT from file PROCLIB
• EDIT BP CUST-ORDER /*Insert Mode creates the new item CUST-ORDER in file BP.
• ED DICT CLIENTS LNAME
• .I : Insert Mode
• .L: List next line.
• .F: Flip buffer
• .FI: Save to media
• .FS: Save and Exit
• .E: Exit with out save
• .R{n} Replace lines
• .R/X/Y: Replace X with Y.
• .G n : Goto line n.
• .DE4: Deletes 4 Lines from current line.
• .ME [n] / [item-ID] / [m] /*n lines are copied from m line.
• .ME [n] ([DICT] filename [item-ID]) [m]
• .X{F} Undo last replace, delete, insert
• create-file filename dict-modulo data-modulo
• Modulo is number of frames required for Items.
• Frames has to be prime numbers.
• create-file address 3 17 /* File address, 3 is Dictionary Modulo and 17 is Data modulo.
• Create the Attribute-Defining Items:
• ud addresses f.name /* Command File and Attribute. Requires Type, Width and Name. f.name is Attribute.
• U inventory ‘022-47-6391’ /* Enter data in File.
•  Update Processor, a full screen editor
• [u|up|update] file.reference item.id attribute.list {( options)}
• Ctrl xe: Exit Item without filing.
• Ctrl xf:  File the item, then exit it.
• create-index addresses a2:1/* Index on Attribute 2.
• clear-file
•  rename-file
• copy
• delete-file
• steal-file
• u addresses /* Data Entry in addresses File.
• D/Codes:
• A :Attribute-defining item
• C :Connective
• CC: Compiled FlashBASIC programs
• D :File-defining item (D-pointer)
• DC: Compiled FlashBASIC programs (obsolete)
• M :Macro
• ME:Menu
• N :Macro (nonstop)
• P :UP prestore item
• PQ: Proc
• Q: Q-pointer
• S :Substitute attribute-defining item
• V :Verb
• X :Suppress attribute-defining item

• D³ NT of Raining Data :  Database of the NT and Windows 2000 operating system 

• It's a full-featured, high-performance, multi-user/multi-value database that eases the pain of developing next-generation OLAP and OLTP applications for Internet, Intranet and n-tier client/server architectures.
• Easy adoption because all code from legacy Pick, licensed Pick variants and Pick-derivative systems are forward compatible.
  

Linux Virtual Machine Tuning Guide

Version 1.1

Linux tuning information is scattered among many hundreds of sites, each with a little bit of knowledge. Virtual machine tuning information is equally scattered about. This is my attempt at indexing all of it. This is Red Hat Enterprise Linux/CentOS Linux specific, but is likely to be directly applicable to many other Linux distributions. It also focuses on VMware vSphere 4. If you find an error or wish to contribute something I’ve missed please leave a comment. Thank you!

Links to sources are at the end of this document.

1. Align your guest OS partitions for the best storage performance.

Logical Block Addressing is a common addressing scheme for disks on PCs. However, under this scheme the master boot record causes partitions to start at a block that isn’t a power of 2. This isn’t a huge deal for individual disks, but for shared storage where a LUN is actually striped across many different disks a single read or write by the guest OS causes twice as much I/O on the storage array. The misaligned partition has blocks that straddle the stripes on the array, and instead of reading a single stripe the array has to read from, or write to, two stripes. This isn’t a big problem on one or two VMs, but when hundreds of VMs have misaligned I/O the effect is crippling.

Source: Multiple, including EMC & NetApp product documentation, some blog posts. NetApp also supplies tools, mbrscan & mbralign, to help you identify and fix these situations.

2. Install & use VMware Tools.

This should be obvious, but unfortunately a lot of sites don’t install the VMware Tools. These tools add drivers for the paravirtualized network and SCSI adapters, add graphics drivers, and also enable the graceful shutdown & reboot functionality from vCenter. Seriously, just install them.

Source: Common best practices, Performance Best Practices for VMware vSphere® 4.0.

3. Use paravirtualized hardware where possible.

VMware includes specialized hardware for network and SCSI adapters that can drive down CPU utilization and improve performance of individual VMs (and whole environments if they are widely used). It’s easy to use the VMXNET3 adapter, for instance, but there are a few caveats to using the VMware Paravirtual SCSI adapter, like not being able to use it for boot volumes. Regardless, if you can use it you should, because these settings improve performance.

Note that this isn’t the same as using VMI Paravirtualization. There are a lot of caveats to using that, and on any modern hardware with a Memory Management Unit that is virtualization-friendly you should leave VMI Paravirtualization off.

Source: Common best practices, Performance Best Practices for VMware vSphere® 4.0.

4. Don’t run anything you don’t need.

Again, seems obvious, but Linux distributions tend to install a lot of stuff that you’ll never use. By not installing it you save lots of disk space, at least. Furthermore, a lot of Linux distributions assume that if X Windows (X.org, KDE, GNOME, etc.) is installed you are using the machine as a desktop, and may install screensavers and other things that will sap your performance. As a general rule, if you don’t have a physical screen you don’t need a screensaver, so disable it or set it to blank & lock.

If you are comfortable running with a command line interface you can save a bunch of RAM and CPU cycles by booting into runlevel 3. Change the line in /etc/inittab that reads:

id:5:initdefault

to

id:3:initdefault

and on boot you will not get X Windows. You can always start it later by running ‘startx’ from the command line (but you’ll probably find that you can do everything you’d like from the command line).

Source: Common best practices, Performance Best Practices for VMware vSphere® 4.0.

5. Schedule jobs to not run simultaneously.

Linux distributions often have some common system maintenance tasks scheduled automatically, like log rotations, locate database updates, etc. These can be quite I/O intensive. Likewise, things like system monitoring tasks often are scheduled to run at the same time on all hosts (at 0, 15, 30, and 45 minutes after the hour, for example). If you can introduce a delay in these tasks that would help spread the load out.

One super simple trick I use in /etc/cron.daily/logrotate and /etc/cron.daily/mlocate.cron is to sleep for a random amount of time. The bash shell has $RANDOM, which generates a random number between 0 and 32767. For example, if you can wait up to 5 minutes to do these things try adding:

/bin/sleep $((RANDOM/109))

to the scripts (109 = 32767/300 seconds). I do this with log rotations, mlocate database updates, monitoring system scripts, backup jobs, and anything that runs at a common time, changing the divisor to meet whatever timeframe I need.

Source: Common best practices, plus some of my own code.

6. Follow VMware’s best practices for timekeeping.

First, use NTP and not the VMware Tools time synchronization to keep the system clock up to date. Second, use the recommended kernel parameters for the kernel and distribution you’re running. Third, run the newest kernel you can. For example, every update that comes out for Red Hat Enterprise Linux 5 has new virtualization optimizations in it. Getting timekeeping right is important, not just for accurate system time for logs and scheduling but because cryptographic operations rely on system time, too.

Check VMware KB article 1006427 for information on the kernel parameters and some suggestions for setting up NTP.

Source: KB 1006427, Timekeeping in VMware Virtual Machines

7. Set your disk scheduling algorithm to ‘noop’

The Linux kernel has different ways to schedule disk I/O, using schedulers like deadline, cfq, and noop. The ‘noop’ — No Op — scheduler does nothing to optimize disk I/O. So why is this a good thing? Because ESX is also doing I/O optimization and queuing! It’s better for a guest OS to just hand over all the I/O requests to the hypervisor to sort out than to try optimizing them itself and potentially defeating the more global optimizations.

You can change the kernel’s disk scheduler at boot time by appending:

elevator=noop

to the kernel parameters in /etc/grub.conf. If you need to do this to multiple VMs you might investigate the ‘grubby’ utility, which can programmatically alter /etc/grub.conf.

Source: myself, plus corroborating comments from VMware Communities participants.

8. Collect performance data from vSphere, not from the guest OS.

This is along the same lines as “don’t run anything you don’t need” but it deserves mention separately, because a lot of people are doing it. The Performance Best Practices document from VMware puts it well:

Timing numbers measured from within virtual machines can be inaccurate, especially when the processor is overcommitted… Measuring performance from with virtual machines can fail to take into account resources used by ESX for tasks it has offloaded from the guest operating system, as well as resources consumed by virtualization overhead.

If you can avoid polling the guest OS for performance data you gain performance by not having to do that work, plus you get more accurate data.

Source: Performance Best Practices for VMware vSphere® 4.0.

9. Don’t oversize your VMs, and configure them for hot-add.

A lot of software vendors specify that their products need 16 GB of RAM, or 4 CPUs, or some other generic amount of resources that may be a complete waste in your environment. Because you can see the actual RAM and CPU utilization easily within vCenter you can opt to undersize your VMs, and only allocate more resources when it’s shown that they need them. This improves performance, as it’s easier for ESX to schedule VMs with fewer CPUs, saves swap file disk space, RAM, and time during VMotions. Memory overcommit can help cope with overallocation, but it is better if you just don’t overallocate to start with.

You can enable the hot-add memory and CPU features in vCenter for your VMs, if you are running recent operating system releases. Need more memory? Just add it. Need another CPU? Just add it. VMware KB 1015501 has information on configuring the CPU hot-add features in Linux so the new CPU is automatically activated.

Source: myself, VMware KB 1015501.

10. Disable file system access time updates.

File systems keep track of when files are created, modified, and accessed. The operations to update the last accessed times become extra writes, which are expensive in terms of I/O. As such, if you don’t need to do them, don’t. This probably won’t gain you a lot of performance on an individual VM (IBM says 0 to 10% depending on the workload), but in aggregate across hundreds of VMs you will likely see improvements.

To disable access time updates add ‘noatime’ to the mount options in /etc/fstab. For example, this line:

/dev/Volume00/LogVol00  /     ext3    defaults        1 1

becomes

/dev/Volume00/LogVol00  /     ext3    defaults,noatime      1 1

It requires a remount of the file system to take effect, such as a reboot.

Tracking Down High IO Wait in Linux

Tracking down performance issues in large distributed systems is inherently complicated. Why is the application slow? Where is the bottleneck? In my experience, one of the more insidious culprits is known as high IO wait. A place where, in the words of Dr. Seuss, everyone is just waiting.

The first indication of a high IO wait issue is normally system load average. The load average is computed based on CPU utilization, and includes the number of processes using or waiting to use the CPU, and, importantly on Linux, process that are in uninterruptible sleep. The load average can be interpreted on a basic level as being a CPU core at full utilization has a system load average of one. So, for a quad-core machine, a system load average of 4 would mean that the machine had adequate resources to handle the work it needed to do, but just barely. On the same quad-core system, a load average of eight would mean that if the server had eight cores instead of four, it would have been able to handle the work, but it is now overloaded. Maybe.

If the system is showing high load average, but the CPU system and user utilization is low, it is time to start looking at IO wait. IO wait shows up in system load on Linux because one or more of the cores is busy waiting on something having to do with either disk, or network input or output to finish before it can continue. These processes can be found using ps aux and looking for processes with a state of “D”.

Finding processes waiting for IO is one thing, verifying that they are the cause of high IO wait is a separate task. For this, start out with iostat -x 1 which will show your physical storage devices and which ones are being used.

 [username@server~]$ iostat -x 1
 
 Device:         rrqm/s   wrqm/s   r/s   w/s   rsec/s   wsec/s avgrq-sz avgqu-sz   await  svctm  %util
 cciss/c0d0        0.08     5.94  1.28  2.75    17.34    69.52    21.60     0.11   26.82   4.12   1.66
 cciss/c0d0p1      0.00     0.00  0.00  0.00     0.00     0.00     5.30     0.00    8.76   5.98   0.00
 cciss/c0d0p2      0.00     0.00  0.00  0.00     0.00     0.00    58.45     0.00    7.79   3.21   0.00
 cciss/c0d0p3      0.08     5.94  1.28  2.75    17.34    69.52    21.60     0.11   26.82   4.12   1.66

From the output above, it is clear that the device /dev/cciss/c0d0p3 is waiting for far too long. However, we do not have that particular device mounted, it is actually an underlying device for LVM. If you are using LVM for your disk, and you should, the output of iostat might be a bit confusing. LVM uses the device mapper subsystem to map the filesystems that are mounted back to the physical devices, so iostat might show several device paths like /dev/dm–0 and /dev/dm–1. Since the output of df -h does not show the device mapper paths, and instead prints the LVM path, the easiest way to get the lvm devices is to add the -N flag to iostat.

 [username@server~]$ iostat -xN 1
 
 Device:         rrqm/s   wrqm/s   r/s   w/s   rsec/s   wsec/s avgrq-sz avgqu-sz   await  svctm  %util
 
 vg1-root          0.00     0.00  0.09  3.01     0.85    24.08     8.05     0.08   24.69   1.79   0.55
 vg1-home          0.00     0.00  0.05  1.46     0.97    11.69     8.36     0.03   19.89   3.76   0.57
 vg1-opt           0.00     0.00  0.03  1.56     0.46    12.48     8.12     0.05   29.89   3.53   0.56
 vg1-tmp           0.00     0.00  0.00  0.06     0.00     0.45     8.00     0.00   24.85   4.90   0.03
 vg1-usr           0.00     0.00  0.63  1.41     5.85    11.28     8.38     0.07   32.48   3.11   0.63
 vg1-var           0.00     0.00  0.55  1.19     9.21     9.54    10.74     0.04   24.10   4.24   0.74
 vg1-swaplv        0.00     0.00  0.00  0.00     0.00     0.00     8.00     0.00    3.98   1.88   0.00

Parts of the output from the iostat commands above was clipped for brevity. Each of the filesystems listed shows an unacceptable level of IO wait, seen in the tenth column labeled “await”. The /usr filesystem shows a bit higher wait time than the others, so lets start there. Running the command fuser -vm /opt will show us a list of processes accessing the filesystem, and the process owner.

 root@server:/root > fuser -vm /opt
 
                      USER        PID ACCESS COMMAND
 /opt:                db2fenc1   1067 ....m db2fmp
                      db2fenc1   1071 ....m db2fmp
                      db2fenc1   2560 ....m db2fmp
                      db2fenc1   5221 ....m db2fmp

I clipped the output again, for brevity, but for this server I am showing 112 DB2 processes running that are currently accessing /opt. Looks like we found our culprit. In this server, our database is configured to use the much faster SAN access, and only the operating system is supposed to be using the local disk. Seems like a call to the DBA is in order to see what can be done about this setup.

One last note about LVM and the device mapper. The output of iostat -xN will show your logical volumes, but it is worth knowing that the device mapper maps can also be seen by running ls -lrt /dev/mapper. The sixth column of the output corresponds to the DM- number shown in iostat and other device commands.

Sometimes there is nothing that can be done at the operating system or application layer, and there is no other option but to look into getting a faster disk. Luckily we are at a stage where fast disk access via SANs or SSD drives are going down in price. A final caveat, this example works sometimes for some things. As always, deep understanding of your environment including physical, virtual, and application layer architecture is the best tool for diagnosing problems. If there are other methods or ways that I could improve this workflow, I would love to hear about them in the comments.

How to Track Down/Find Cause of Linux high disk iowait

top - 09:34:12 up 2 days, 20:57,  2 users,  load average: 1.83, 1.99, 2.03
Tasks:  59 total,   2 running,  57 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.3%us,  0.0%sy,  0.0%ni,  0.0%id, 99.7%wa,  0.0%hi,  0.0%si,  0.0%s
That 99.7% wa is iowait, it means the server is waiting for a process to complete an IO operation or in plain English, there is a delay in reading and/or writing data to the hard drive.
Here are some ways to get an idea of what is going on (in RPM based Distros this package is called "sysstat") and contains the very helpful binary called "iostat".  There's another package I like called "dstat" that does a great job too.

Runiostat -d 5

(it refreshes the data every 5 seconds):

Device:            tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn
sda1              2.07         5.27        28.66    1309570    7120384
sda2              0.00         0.03         0.04       7496       8832

Device:            tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn
sda1             27.15         0.00       357.68          0       1792
sda2              0.00         0.00         0.00          0          0

What we're seeing is that the iowait must be caused primarily by blocks being written to /dev/sda1 which is mounted as / (my root filesystem).  So now we know the main cause is by an application constantly writing to the root partition, but we still don't know what process is directly responsible for this.

If you have a newer kernel it's often possible to view processes by io usage, you can test for this by running:

cat /proc/self/io

If the file is not found then you don't have io stats enabled in your kernel.  Then you can check a suspected process by running

cat /proc/13/io (replace the 13 with the PID you want to check).
read_bytes: 0
write_bytes: 0
cancelled_write_bytes: 0