[Home] [Forum]

A common complaint with ESXi is the transfer speed when trying to copy files to and from the ESXi host. To improve this some have enabled SSH to their hosts, but this is not supported by VMware. I decided to look at enabling http transfers to ESXi to see what sort of performance advantage that would bring. The advantage to this method is that it is supported, but the change should be made only after considering the security implications. If the management port of ESXi is on a secure management network, then the performance improvement may be well worth the configuration change.

This change involves modifying the file /etc/vmware/hostd/proxy.xml. This is a file that ESXi exposes for changes so you can download the file with vifs.pl from the RCLI (e.g. vifs.pl --server <ip/hostname> --get /host/proxy.xml proxy.xml). The below copy of proxy.xml is unedited and in most cases the web services are configured to redirect http requests to https. To allow http requests via the SDK which commands like vifs.pl use, you will need to change the httpsWithRedirect entry for service id 1 (i.e. proxy-sdk - highlighted in blue) to either httpOnly or httpAndHttps (options are case-sensitive). The fourth valid option is httpsOnly. If you change service id 0 (i.e. proxy-webserver - highlighted in green) you'll then be able to download host or datastore files via http with a web browser.

Note: changing all options to httpOnly will cause the VI client to be unable to connect directly to your host. It is possible to have the VI client connect initially on http by changing the protocolports entry to a value of http:80 in the file ..\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\VpxClient.exe.config. However the VI client will make subsequent connections on https and as of December 2008 it is not possible to make the client connect solely by http.

Once the file has been updated, it should be copied back to the host using the --put option of vifs.pl (e.g. vifs.pl --server <ip/hostname> --put /host/proxy.xml proxy.xml). You can also edit the via if you have console or SSH access. After the file has been copied to the host, you'll want to either restart the management agents at the DCUI or run the command /sbin/services.sh restart at the console or via SSH. A restart of the host is not required. As noted above, this is a supported change to ESXi and the change will be backed up into the host's configuration file (state.tgz) so it will survive a reboot of the host.

Once you have made the change, you can transfer file via http in the following method. With a web browser, go to http://<ip/hostname of ESXi>. Unlike the default configuration, you will not be redirected to an https connection. You can then click on the option to "Browse datastores in the host's inventory". You will then be able to download files to your PC via http. For transferring files via http for vifs.pl it is necessary to use the --protocol option. You'll want to enter the command in the following format: vifs.pl --server <ip/hostname> --get [datastore]/<folder>/filename local_filename --protocol http.

In my testing http transfers with a web browser improved by 10 - 15% while transfers via vifs.pl improved by 15 - 20%. With both http and https transfers, CPU load was about equal. If you have an opportunity to test this yourself, I would be interested in your results so please leave a comment below.

Sample /etc/vmware/hostd/proxy.xml file

<ConfigRoot>
<EndpointList>
<_length>7</_length>
<_type>vim.ProxyService.EndpointSpec[]</_type>
<e id="0">
<_type>vim.ProxyService.NamedPipeServiceSpec</_type>
<accessMode>httpsWithRedirect</accessMode>
<pipeName>/var/run/vmware/proxy-webserver</pipeName>
<serverNamespace>/</serverNamespace>
</e>
<e id="1">
<_type>vim.ProxyService.NamedPipeServiceSpec</_type>
<accessMode>httpsWithRedirect</accessMode>
<pipeName>/var/run/vmware/proxy-sdk</pipeName>
<serverNamespace>/sdk</serverNamespace>
</e>
<e id="2">
<_type>vim.ProxyService.LocalServiceSpec</_type>
<accessMode>httpsWithRedirect</accessMode>
<port>8080</port>
<serverNamespace>/ui</serverNamespace>
</e>
<e id="3">
<_type>vim.ProxyService.NamedPipeServiceSpec</_type>
<accessMode>httpsOnly</accessMode>
<pipeName>/var/run/vmware/proxy-vpxa</pipeName>
<serverNamespace>/vpxa</serverNamespace>
</e>
<e id="4">
<_type>vim.ProxyService.NamedPipeServiceSpec</_type>
<accessMode>httpsWithRedirect</accessMode>
<pipeName>/var/run/vmware/proxy-mob</pipeName>
<serverNamespace>/mob</serverNamespace>
</e>
<e id="5">
<_type>vim.ProxyService.LocalServiceSpec</_type>
<!-- Use this mode for "secure" deployment -->
<accessMode>httpsWithRedirect</accessMode>
<!-- Use this mode for "insecure" deployment -->
<!-- <accessMode>httpAndHttps</accessMode> -->
<port>8889</port>
<serverNamespace>/wsman</serverNamespace>
</e>
<!-- Needed because old versions of the VI client access
the clients.xml file over Http for upgrade -->
<e id="6">
<_type>vim.ProxyService.NamedPipeServiceSpec</_type>
<accessMode>httpAndHttps</accessMode>
<pipeName>/var/run/vmware/proxy-webserver</pipeName>
<serverNamespace>/client/clients.xml</serverNamespace>
</e>
</EndpointList>
</ConfigRoot>

 

INSERT YOUR COMMENT - IF YOU HAVE A QUESTION PLEASE USE THE FORUM

Name (required)

Website (optional)

Email address (required - will not be displayed)

Comment (required)

Please enter code

Copyright © 2011 - Dave Mishchenko