Posted by: on June 4th, 2012 | Categories: Cisco, VMware | Tags: , , , , , ,

In this article I will show you how to benefit from using VLAN Tagging with ESX Virtual Switches. This will allow you to increase bandwidth on demand and allow you to run multiple VLANs on your server without installing extra NICs on your ESX.

Probably some of you have heard or used EtherChannels in your switching environment, EtherChannels allows you to combine 2 or more switch ports and upto 8 ports max per channel, and treat it as 1 logical port sharing the full bandwidth of all the physical ports assigned to that port channel, this also provides fault-tolerance and high-speed links between switches.

The good news is that this also can be done between a physical switch and an ESX virtual switch as well. In the following example, I will be using a Cisco 2960 Switch and ESXi 5.0. You may need to check with your switch vendor if your switch supports EtherChannel if you are using a Cisco, Port-Sharing if you are using eXtreme Summit switch or Link-Aggregation on Dell PowerConnect switches, different vendors call it different names, regardless what the vendor calls it, the most important is that the switch must support IEEE 802.3ad Standard, because that is the same standard that ESX speaks.

You can then create a VLAN Trunk from that Port Channel to carry multiple VLANs to your ESX server, in other words, you can have 10 VLANs running on just 2 ESX NICs without having a separate physical NIC for each VLAN. This also can be useful if you want to add more bandwidth to the channel by just assigning extra ports on each end point of the channel.

Step1. Configuring the Cisco Switch:

Assuming that my network have 3 VLANs already and they are configured on my Cisco 2950 Switch as shown below,  now we need to configure the EtherChannel, I will be using 2 ports Gig1/1 and Gig1/2 as the channel ports and then later on I will configure that EtherChannel as our VLAN Trunk – you may add more ports depending on how much bandwidth you need and how many NICs you have on you ESX server, but for the purpose of this demo, we will be using just 2 ports.

Note that on the Cisco 2950 switch you can have a maximum of 6 EtherChannels per switch, and on a Cisco Catalyst 3550 you can have upto 64 EtherChannels with 8 ports on each, so that means the more ESX servers you have the more advanced switch you will need as you have to create a new EtherChannel for each ESX server you have in you organization. but again, check with your vendor first.

SW01#show vlan brief
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gig1/1, Gig1/2
10   OFFICE                           active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
20   PRODUCTION                       active    Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
30   FINANCE                          active    Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24


a. Configuring your EtherChannel on the Switch:

When configuring your EtherChannel, you need to make sure that all the ports in the channel are configured as Full Duplex and Speed 1000 on both ends, whether the EtherChannel is running between 2 physical switches or if it’s a physical switch to ESX vSwitch, failing to do that will disable the channel. Also, each channel should be assigned a number from 1-6 (on Cisco 2950) or 1-64 on (Catalyst 3550) this is known as the ” channel group” and you must change its mode to “ON” (see example below) this is also known as a “static” mode on other vendors’ switches – this option will keep all the ports on the channel ON all the time on both ends, and this is the same protocol that ESX understands.

Note: DO NOT configure or enable LACP (Link Aggregation Control Protocol) as your channel protocol, ESX does NOT support LACP

SW01#config t
Enter configuration commands, one per line.  End with CNTL/Z.
SW01(config)#int range gig1/1-gig1/2
SW01(config-if-range)#speed 1000
SW01(config-if-range)#duplex full
SW01(config-if-range)#channel-group 1 mode on
SW01(config-if-range)# no shutdown

Verify the EtherChannel Configuration by running “show etherchannel port-channel” command. Note that each channel will be assigned a name starts with “Po” and in our case its “Po1” and the second channel will be Po2 and so on, but most importantly you need to look at the “Ports in the port-channel” section and make sure that you have included the correct ports in you port group.

SW01#show etherchannel port-channel
 Channel-group listing:

Group: 1
 Port-channels in the group:

Port-channel: Po1

Age of the Port-channel   = 00d:00h:35m:41s
Logical slot/port   = 2/1       Number of ports = 2
GC                  = 0x00000000      HotStandBy port = null
Port state          = Port-channel
Protocol            = PAGP
Port Security       = Disabled

Ports in the Port-channel:

Index   Load   Port     EC state        No of bits
 0     00     Gig1/1   On                 0
 0     00     Gig1/2   On                 0
Time since last port bundled:    00d:00h:29m:58s    Gig1/2


b. Configuring the Trunk on the Switch:

Use Po1 as the trunk that will carry all the VLANs traffic to the ESX vSwitch

SW01(config)#interface port-channel 1
SW01(config-if)#Description ESX_VLAN_TRUNK
SW01(config-if)#switchport mode trunk
SW01(config-if)#switchport trunk allowed vlan 10,20,30
SW01(config-if)#no shutdown

Verify your trunk configuration

SW01#show interfaces trunk
Port        Mode         Encapsulation  Status        Native vlan
Po1         on           802.1q         trunking      1

Port        Vlans allowed on trunk
Po1         10,20,30

Port        Vlans allowed and active in management domain
Po1         10,20,30

Port        Vlans in spanning tree forwarding state and not pruned
Po1         10,20,30

Don’t forget to save your configurations

Building configuration...

Step2. Configuring the ESX Server:

Now we are done configuring our physical switch, and we have connected our CAT6e cables from ports gig1/1 and gig1/2 on the switch to vmnic2 and vmnic3 on my ESX server, we just need few more steps to get this working, so lets do the fun part.

a. Launch your vSphere Client, select your server, and then click on the “Configuration” tab, click on “Networking

b. Create a new vSwitch by clicking “Add Networking …” from the top right corner of your screen and add any 2 available NICs, in my case I’ve selected vmnic2 and vmnic3, make sure to select the connection type as “Virtual Machine” when you create the new vSwitch.

c. on your new vSwitch1 click on “properties…” , select the “Ports” tab and then Click on the “Add” button

d. Now you need to add 3 new “Port Groups” that will represent your 3 VLANs, you can give them any name you want, but you have to assign the correct VLAN ID for each to match your Cisco switch VLAN configurations.

e. Your new vSwitch should look like this when you add the port groups and assign the VLAN IDs:


f.  Now on the vSwitch you must configure the ports speed and duplexing from your vSwitch Properties to match ports gig1/1-gig1/2 on the Cisco Switch. Under “Network Adapters“, Select each vmnic and Click “Edit


g.  In the last step we just matched the speed and duplexing between the physical switch ports and the ESX ports, but we still need to match the protocol or the standard (IEEE 802.3ad) in order for both end points to understand and communicate with each other.

From the vSwitch1 Properties, select vSwitch from the Ports tab, and then click Edit. Under the NIC Teaming tab change the Load Balancing to “Route Based on IP Hash

Route based on ip hash selects an uplink based on a hash of the source and destination IP addresses of each packet. For non-IP packets.

Step3. Assigning VMs to VLANs:

Now your Trunk should be working and both ends should understand and communicate with each other, so your next step is that you want to assign each VM in your ESX server to the VLAN that it belongs to in order to get each server to talk to the network.

a. Right-Click on each VM, then select “Edit Settings …

b. Select the network that will be connected to your Virtual NIC on your VM like shown below.

c. Ping each VLAN interface IP from a Virtual Machine that belongs to the same VLAN to verify that your EtherChannel is working as a Trunk and it can carry the VLAN traffic to the network.



Posted by: on March 13th, 2012 | Categories: Linux | Tags: , , ,

Having a time server in your organization can help you resolve a lot of network issues that you always wonder why is it happening. Linux provides you with a very cool and powerful NTP time server, plus its really easy to install and setup as well. you can pretty much sync all your network devices, routers, switches, windows PCs, Linux Servers and even iPhones with your Linux NTP Server. if you are one of those organizations who needs to follow compliancy standards like the PCI standard and you have to keep time-stamped security logs, then you must have a time server running in your network to make sure you are getting the correct time stamps in your logs.

In this article I will be showing you the easy steps to setup a new NTP server in your organization using CentOS or RHEL, they both work the same exact way.

1- Installing NTP:

Check first if NTPD service is installed, run the following command:

[root@myserver /]# rpm -qa ntp

if it’s not installed, then you need to install it using yum

[root@myserver /]# yum -y install ntp
[root@myserver/ ]# chkconfig ntpd on


2- Configuring NTP:

/etc/ntp.conf is the main NTP service configuration file. You can configure your server to run as a time server or you can configure it to run as a client machine that requests time updates from a time server from the same configuration file.

I. Configuring it as an NTP Client:

To configure a Linux machine to Sync with your local time server you need to add the the DNS name or the IP address of your NTP server into your ntp.conf file. Also, you want to restrict your server to only Sync with your local or or public Time Server.

a. In the ntp.conf file, add the following line(s) for every NTP server that you want to Sync your machine’s clock with, this basically tells your server not to receive any time updates except from that IP address

restrict mask nomodify notrap noquery
restrict mask nomodify notrap noquery

b. hash (#) any public NTP servers that you don’t want to Sync your server with, and add the DNS name(s) or the IP(s) of you own NTP Server(s), you may have more than one NTP server in your organization.


c. Now, after you are done from the modifications, save the config file, then stop the ntpd service from running

[root@myserver /]# service ntpd stop

d. first you manually need to Sync your server clock with the time server or one of them if you have more than 1 server in your organazation, then start the NTP service again – this is known as the initial Synchronization of your time.

[root@myserver /]# ntpdate
13 Mar 11:14:47 ntpdate[31064]: adjust time server offset -0.004156 sec
[root@myserver /]# service ntpd start
ntpd: Synchronizing with time server:                      [  OK  ]
Starting ntpd:                                             [  OK  ]

e. Verify that your server clock is now Syncing with your NTP server

[root@myserver /]# ntpq -p
 remote               refid           st  t when  poll  reach  delay  offset   jitter
 *   2  u    4   64    1     6.322  76957.6   0.000   2  u    3   64    1    23.764  76951.3   0.000


II. Configuring it as a NTP Server:

Time Servers are measured by how accurate their clock is, this unit of measurement in time servers is known as the “Stratum” – the lowest the Stratum is, the most accurate your server is. this rate can go a low as “st 1” and as high as “st 16”.

The only time that you can get a “Stratum 1” time server is that you have to actually buy an appliance known as the “Atomic Clock” or a “GPS Clock” and use it as a time server inside your organization, and they range from $2500 and upto $5000 depends on how many requests it can handle, usually you will find these devices in government organizations, research centers and universities, and there is a plenty of them opened for public use. You can find them listed under website.

When you configure it as an NTP server, you just need to point to an IP for a public Stratum 1 or 2 NTP Time Server, just select the best one for you from, try first to look for stratum 1 and if you are not lucky you should find Stratum 2 or 3 at least. if you can find any server near your location, then your only choice is to use the time server pools that comes built-in with your OS, for example, RHEL points to the following NTP server pools by default unless you disable them and use your own, so as other Linux distributions:


Next, you’ll have to define the networks from which your server will accept NTP requests. You do so with the “restrict” statement in /etc/ntp.conf file removing the “noquery” keyword to allow the network to query your NTP server

restrict mask nomodify notrap


If you are running your NTP behind a Firewall or if you have iptables running on the server, then you need to open UDP Port 123 for source and destination between your server and the server which you are synchronizing with.



Posted by: on January 8th, 2012 | Categories: Linux | Tags: ,

TFTP or Trivial File Transfer Protocol is way in which you can save the configurations of your network devices such as Routers, Switches and Firewalls over the network to a server. This can be very helpful if you have to role back your configurations, or in case of a network device failure that requires you to buy a new replacement for it. You can imagine how hard it is to insert all the configurations line by line from the back of your head, its impossible!

Having a TFTP server in your organization can save you a lot of time and effort and most importantly, it will decrease your downtime in some cases from days to just few minutes.

Today I will show step-by-step how to install and configure a TFTP Server using RedHat or CentOS Linux.

1- Check if you have the tftp-server installed first, usually tftp-server rpm package is not installed with the base or Linux default installation.

[root@myserver /]# rpm -q tftp-server
package tftp-server is not installed

2- If its not installed, then install it using yum.

[root@myserver /]# yum -y install tftp-server

3- Notice that during the installation it will also install the xinetd package. xinetd is the actual service that runs the TFTP, once its installed, then you need to enable the service to run and accept file transfers, you need to change the “disable” option =no in the /etc/xinetd.d/tftp file.

[root@myserver /]# nano /etc/xinetd.d/tftp

4- change the disable = no and then save the file.

In CentOS the files will be transferred under /var/lib/tftpboot/, however, in Redhat Linux it will be transferred under /tftpboot from the root

5- Now you’ve installed and configured the TFTP correctly, you need to start the xinetd service and make sure it starts at boot

[root@myserver /]# service xinetd start
Starting sshd:                                      [  OK  ]
[root@myserver /]# chkconfig xinetd on

6- TFTP does not create new files under /tftpboot if they do not exist, so you have to create a file for each network host manually and assign the right permissions so it can be over written every time you save your configurations from your device to the tftp.

[root@myserver /]# cd /var/lib/tftpboot
[root@myserver tftpboot]# touch router-hostname
[root@myserver tftpboot]# chmod 666 router-hostname

1- Its a good idea to name these files with the device hostname to avoid and confusion when it comes to restoring it.
2- name the file with hostname_mmddyy if you want to keep a new version each time you make changes on your configurations.

The following is an example that shows you how to save you configurations from a Cisco router to a TFTP server:

TORONTO-RTR01# copy running-config tftp
Address or name of remote host []?
Destination filename [running-confg]? TORONTO-RTR01
1030 bytes copied in 2.489 secs (395 bytes/sec)

Here is how to restore it from the tftp to your router:

TORNOTO-RTR01# copy tftp running-config
Address or name of remote host []?
Source filename []? TORONTO-RTR01
Destination filename [running-config]?
Accessing tftp://
Loading TORONTO-RTR01 from (via FastEthernet0/0): !
[OK - 1030 bytes]
1030 bytes copied in 9.612 secs (107 bytes/sec)

Note that every vendor have a different command syntax, please see the command reference manual provided by your device vendor.


Posted by: on January 1st, 2012 | Categories: Linux | Tags: , , , , ,

In this article I’m going to show you how to simply setup a central syslog server that will allow you to collect system logs from multiple Linux, Windows and Network Devices simultaneously.
I will be using the “rsyslog” service running on CentOS 6.x this also applies to RHLE 5.3.x. rsyslog is newer version of syslog and it’s a bit more sophisticated with many additional features.

I. System Requirements:

1. CentOS Linux x64/x86 version 5.7 or higher, CentOS 5.7 and up-to 6.1 supports rsyslog service, versions prior 5.7 supports only “syslog”. You may also use Redhat or any other Linux distribution that you are familiar with.

When you install the OS, just install the base components and make sure you have rsyslog and smb packages selected. You will need the smb later to share the /var/log folder so you can monitor it from your windows desktop using the Kiwi Log Viewer.

2. 1 GB RAM min and a dual core processor, this is good to collect syslogs from up to 25+ servers and network appliances, however, you need to add more memory if you have more servers, I recommend that you have 2 GB RAM.

3. Having 25 to 30 servers can generate about 2.5 to 3 GB of syslog data that will be stored on your hard drive every day, so you want to make sure that you have enough storage capacity that will sustain a full month of syslogs, but again, it depends on your organization policy. In the past, I used to zip and archive the data monthly on a DVD media and lock it up in a closed because my client had to retain the data for 7 years – so, it’s up to you to decide on the storage size depending on your organization needs. I recommend at least 100 GB.

II. Configuring rsyslog:

Now, after we had the server OS installed with the requirements I mentioned above, let’s get started with fun part and configure the rsyslog service.

There is just few simple modifications that you have to do in rsyslog.conf file and it will be running forever.

Login to your server with your root credentials over SSH and edit the /etc/rsyslog.conf file

[root@myserver /]# nano /etc/rsyslog.conf

You need to enable the following modules with in that file

#### MODULES #####

######### Provides UDP syslog reception ###################

 $UDPServerRun 514

Disable or remove all the log rules by adding # in the beginning of the line under the rules section in the configuration file

#### RULES ####
#kern.*                                                 /dev/console
#*.info;mail.none;authpriv.none;cron.none                /var/log/messages
#authpriv.*                                              /var/log/secure
#mail.*                                                  -/var/log/maillog
#cron.*                                                  /var/log/cron
#*.emerg                                                 *
#uucp,news.crit                                          /var/log/spooler
#local7.*                                                /var/log/boot.log

Add the following rule to log everything to syslogs.log file that we will be creating soon.

*.*                           /var/log/syslogs.log

Now, save the rsyslog.config and lets create the /var/log/syslogs.log file with the proper file permissions to dump all the logs in it.

[root@myserver /]# cd /var/log
[root@myserver log]# touch syslogs.log
[root@myserver log]# chown root:root syslogs.log
[root@myserver log]# chmod 755 syslogs.log
[root@myserver log]# service rsyslog restart
Stopping rsyslog                                                  [  OK  ]
Starting rsyslog                                                  [  OK  ]

III. Configuring the log file rotations:

You need to create a new log file every day; otherwise the syslogs.log file will grow in size and it will make it hard for you later to search for any information; therefore, you need to save a copy of that file for each day of the month and create a new file for the next day.

Linux OS allows you to automate the log file rotations using the logrotate command and by executing it through a scheduled cron job every 24 hrs.

To allow logrotate to rotate the syslogs.log file you need to add the following script to the end of your /etc/logrotate.conf file . In this example the file will rotate daily, and it will keep the history for 30 days plus it will keep the 30 days logs history in a different folder under /var/syslog, so feel free to modify that script the best way that works for you.

/var/log/syslogs.log {
rotate 30
/bin/kill -HUP `cat /var/run/ 2> /dev/null` 2> /dev/null || true
olddir /var/syslog

Note: Don’t forget to create a new folder called “syslog” under /var to archive the logs history

Now you want to execute that script once every 24 hrs. using a cron job that can be configured using the crontab –e command, crontab needs to know what editor to use, and in this example I will set the default editor to nano; otherwise, you can use vi.

[root@myserver /]# export EDITOR=nano
[root@myserver /]# crontab –e

Add the following line and save the file. This will force the logrotate script to run daily at 12:00 AM sharp.

@daily /usr/sbin/logrotate -f /etc/logrotate.conf    #Syslog Rotation

IV. Collecting logs from remote servers:

Now you have configured the rsyslog server and it ready to go, it’s time to configure the servers and the network devices to forward the logs to your syslog server.

1. Collecting logs from Windows x64/x86 clients:

Windows needs an agent installed on the server to forward the windows events to the syslog server, there is many commercial and open source agents available on the internet, I’m personally familiar with “Event to Syslog” it’s a free open source windows client and its available in x64/x86

This is how to install it:

– Download an unzip the package on your desktop

– Copy evtsys.dll and evtsys.exe under C:\Windows\System32

– Open you command line and enter the following command

C:\> cd Windows\System32
C:\Windows\System32> evtsys.exe  -i – h rsyslog-host-ip-address

– Start and set the “Eventlog to Syslog” windows service to run automatically.

– For more details read the documentation provided with the client.

NOTE: You need to run the cmd as an administrator before running any of the commands above otherwise it will fail to install correctly.

2. Collecting logs from Linux clients:

On Linux it’s much easier than windows; you just need to add the following line at the end of your /etc/rsyslog.conf

*.*   @rsyslog-host-ip-address

Then restart the rsyslog service

[root@myserver /]# service rsyslog restart

Once you restart the Evtsys or rsyslog your Syslog server will start collecting the logs, you can verify that by tailing the syslogs.log file

[root@myserver /]# tail –f /var/log/syslogs.log

Press Ctrl + C to go back to you command line prompt

V. Monitoring your Syslogs from your Windows client:

You now have finished all the hard work and your server is now collecting tons of information from all the remote clients, and you want to be sitting at your desktop monitoring what’s going on in your network. Doing so requires some sort of sharing the /var/log directory so you can open the logs form your windows desktop. To get windows to open a share in Linux you need to run SAMBA service, SAMBA acts as the common language that both operating systems understands.

Once you can read these shares from your windows machine, you can use the Kiwi Log Viewer to monitor the logs and see them running on your screen, Kiwi Log Viewer gives you a lot of options that you can use such as filtering and highlighting events.

1. Configuring SAMBA:

In our case we are going to configure SAMBA as a simple standalone server and not a domain member and we will be just sharing 2 directories the “/var/log” where the syslogs.log resides and the “/var/syslog/” where all the logs history ends up going to.

To configure SAMABA you need to enable some options in the /etc/samba/smb.conf

[root@myserver /]# nano /etc/samba/smb.conf

Under the global settings, set the following options:

#======================= Global Settings =====================

workgroup = MYGROUP
server string = Samba Server Version %v
security = share
passdb backend = tdbsam

Go to the end of your smb.conf where you can configure the shares and add the following options:

force user = root
comment = Syslogs
public = yes
guest only = yes
path = /var/log/

force user = root
comment = Syslogs Archived files
public = yes
guest only = yes
path = /var/syslog/

What we have done here above is that we created 2 shares, one called syslogs and it pointing to /var/log and the other is called archives and it points to /var/syslog

And as usual, don’t forget to restart the smb service in order for the new configurations to take effect

[root@myserver /]# service smb restart

Please refer to the SAMBA documentation for more details

2. Monitoring your Syslogs from your Windows Desktop with Kiwi Log Viewer :

– Download and install Kiwi Log Viewer on your Windows client, Kiwi Log Viewer can be downloaded from here

– Map your syslog server shares to your computer as drive “L:”

– Open the L: drive from your computer and you should be able to see two folders only “Syslog” and “Archives” – the same ones we shared using SAMBA

– Launch your Kiwi Log Viewer and open L:\Syslog\syslogs.log

– Use the Tailing button in your tool bar to see the logs running on your screen as the file gets updated.


If you experience any difficulties opening the shares or getting the remote servers forwarding the logs to the Syslog server correctly, then it must be 2 things:

1- You need to open udp port # 514 on your firewall.

2- Disable SELinux – Set the “SELINUX=Disabled” under “/etc/selinux/config” and reboot the server.


Posted by: on December 26th, 2011 | Categories: Linux | Tags: , ,

One of the most common mistakes that people do when they allow SSH access to a server over the public internet is that they allow direct root access to the server. Some small organizations choose to host their websites on single VPS in a cloud or maybe use that VPS for more other reasons and their hosting provider will only provide them SSH access.

Hackers will always try to access your server using “root” and keep trying random passwords, and sometimes they do get lucky because someone just used a dictionary password instead of a complex strong password.

Here is a simple way that will make it very challenging for a hacker to break into your SSH, it is simply doubling the layers of access to your server, this means that the user has to login using a user account that exist on the system first, and then switch to the root using “su -” to get root access, therefor, you’re making it impossible for this hacker to gain access into your server.

Here is how you do it:

1. Create a new user

[root@myserver /]# useradd mynewuser
[root@myserver /]# passwd mynewuser
[root@myserver /}# Changing password for user mynewuser.
New UNIX password:*********
Retype new UNIX password:**********
passwd: all authentication tokens updated successfully.

chose a complex password that looks something like that: X5jtnR$!68-?/1@

2. Now, you need to allow that user access to SSH and at the same time deny “root” access to SSH directly in the /etc/ssh/sshd_config file. in this example i will use “nano” editor, you may also use “vi” if you like, its up to you.

[root@myserver /]# nono /etc/ssh/sshd_config

3. Go to the very bottom of the sshd_config file, add the following 2 lines

DenyUsers root
AllowUsers mynewuser

if there is more than one user that will need access, then add them and just leave a space between each user.

4. Save the file, then restart the sshd service in order for the new configurations to take effect.

[root@myserevr /]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

5. Now log off your SSH and try to login with root, it should not allow you !

you have to login with the “mynewuser” account first then switch to root:

login as: mynewuser
password: ********
[mynewuser@myserver ]$ su -
password: **********
[root@myserver /]#




Posted by: on December 21st, 2011 | Categories: VMware, Windows | Tags: , ,

One of the simple ways to expand the size of your virtual machine vmdk drive is using the ESX or vSphere Service Console. I’ve personally used it with ESX 3.5 and up to vSphere 4.1 and today i’ll show you how easily this can be done !

Before you start anything i strongly recommend that you take a full backup of your VM  just in case.

Now, lets role our sleeves and get our hands dirty:

1- shutdown and power off the VM using the vSphere client
2- delete all the VM server snapshots if there is any.
3- from the local server or using SSH logon the Service Console with your root access.
4- cd to your vmdk file as the following:

[root@esx01 /]# cd /vmfs/datastore-name/vm-server-name/

5- using the vmkfstools command, specify the new vmdk size, lets say your current vmdk is 50 GB and you need to expand it to 70 GB, you enter the following command:

[root@esx01 vm-server-name]# vmkfstools -X 70G virtualdrive.vmdk

This doesn’t take time at all, its maybe 2 seconds or less, in fact, what you did here is just adding new unallocated free space to your hard drive and in the next step I’m going to show you how can you allocate all or some of that free space on your current disk or partition, but lets first verify that we have added an additional 20 GB and now our vmdk is a 70 GB.
Type the following command:

[root@esx01 vm-server-name]# ls -alh

Verify the size of your vmdk, and if every thing is ok, then log off the ESX Service Console and start your VM using the vSphere client.

6- in this article i’ll show you how to extend your hard drive on a Windows 2008 R2 VM and if you are doing this on a Linux VM, then expanding the size of the vmdk file will work up to step #5, however, claiming the free space is totally different in Linux and unfortunately its out of the scope of this article, but here is a hint: google “resize2fs” command.

a. Logon your Windows machine and launch the Server Manager, then select the Disk Management from the left pane

b. Select the disk with with the unallocated free space, and then right-click on it and choose Extend Volume…

c. add the additional space that you need or max it up if you want.

d. thats it, you’re done … you can now smile 🙂