Support for VMware tools on PA-VM platforms and Panorama VM

Support for VMware tools on PA-VM platforms and Panorama VM

16817
Created On 09/25/18 17:15 PM - Last Modified 09/17/20 20:19 PM


Environment


  • Any PAN-OS.
  • VM based Palo Alto Firewalls and Panorama.

Resolution


What are VMware tools?

A package of binaries, scripts and drivers provided by VMware. When installed on a virtual appliance, VMware tools allow the VI admins additional management capabilities, such as access to management IP and resource utilization telemetry data through the vCenter Server.

 

Challenge

Enterprises use VMware-provided management tools, such as vCenter, to manage their Virtualized Infrastructure (VI).
VI admins of large enterprises mandate that all virtual appliances on ESXi expose these capabilities enabled by VMware Tools. Not having the VMware Tools on Panorama VM and VM‐Series impedes the ability to deploy in those environments.

 

Solution

Palo Alto Networks has added the ability to integrate VMware Tools on Panorama and PA-VM platforms.

 

Use cases

Regular maintenance of ESXi hosts

  • Virtual appliances need to be gracefully shut down and migrated to other ESXi hosts.
  • Using only the power options to force shutdown of the virtual appliances risks disk corruption.
  • We need to ensure when a shutdown is triggered from vCenter, we trap that and perform a graceful PAN‐OS shutdown.
  • Expose PAN‐OS version as the Guest OS version.

 

NSX environments
To create Security Groups in NSX Service Composer and write NSX distributed firewall rules, the administrators have to manually add the IP addresses since management IP addresses of Panorama and VM‐300 are not available through vCenter.


Utilization Monitoring

  • Administrators routinely collect and report on the disk utilization of virtual appliances.
  • In Panorama and PA-VM, Palo Alto Networks performs its own disk quota management on VMDKs, so this is not  useful information that an administrator can act upon, but since it is part of some customers’ standard operating procedures, absence of this ability makes adoption difficult.


Feature details

The heartbeat interval of VMware agent can be changed from the CLI:
> debug vm-agent set interval
<value> <0-120> Set heartbeat interval in seconds

 

If the value is set to zero, then heartbeats are disabled
Current interval can be checked as well:
Default value = 5 seconds

 

> debug vm-agent show interval
cfg.general.vm-heartbeat-interval: 5

 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClE3CAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language