Ever had the situation that you wanted to add an ESX but it reported that it cannot get any license and you are sure there must still be VMware ESX licenses left? Well, it happened to my colleagues and me a number of times.
First thing you would do is check the licenses in Virtual Center. There you discover that all your ESX hosts are using 96 of the available 100 licenses. So why are those 4 remaining licenses not claimed by your new host?
Did you know that the license server just hands out licenses to any ESX host that makes a request? Because Virtual Center only reports the number of licenses the license server has in store and reports the number of licenses in use by ESX hosts managed by this Virtual Center, you cannot simply subtract the two and have the number of remaining licenses. It could be that an ESX host, that is not member of your Virtual Center is “stealing” licenses without you knowing.
If you want to find out who really is using all the licenses, you should logon to the License Manager server (probably also your Virtual Center server), start the “VMware License Server Tools”. Then go to the tab: “Server Status” and click “Perform Status Enquiry”. When you scroll down you get a list of all licenses issued per license type. Be sure to check with the correct license type.
Users of PROD_ESX_FULL:Â (Total of 152 licenses issued;Â Total of 142 licenses in use)
“PROD_ESX_FULL” v2005.05, vendor: VMWARELM
floating license
root esx001.yourdomain.com /dev/tty (v2005.05) (srv-lic01/27000 1801), start Wed 1/28 17:08, 4 licenses
root esx002.yourdomain.com /dev/tty (v2005.05) (srv-lic01/27000 2001), start Wed 1/28 17:08, 4 licenses
root esx003.yourdomain.com /dev/tty (v2005.05) (srv-lic01/27000 2101), start Wed 1/28 17:08, 2 licenses
root LAB001.yourdomain.com /dev/tty (v2005.05) (srv-lic01/27000 2201), start Wed 1/28 17:08, 4 licenses
etc, etc.
Can you protect your licenses from being stolen?
Well, lets first say that “stolen” is maybe a bit overdone, but I have been with two customers already, where one department was (accidently) using licenses from another department and they were not happy with it. But to be short, there is no mechanism in Virtual Center or in the License Server that gives you more control. What you can do is revert back to old school tricks, like blocking request other ESX hosts from talking with your license / virtual center server. But I doubt if that is what you realy want.
Isn’t it an option to block all requests to port 27000 except those made by your “allowed” ESX hosts.
At least it gives you some form of access control.
Yes, you’re correct that is an option. But it’s more of a band aid then a real solution. I bet that in 3-6 months time, your firewall rules aren’t up to date any more.
Incorrect firewall rules, no license. Think this is a self forcing firewall maintenance solution ;) But ok, it is a band aid, I give you that. Not perfect, but it works.
Is this KB helpful? http://kb.vmware.com/kb/1000955