Over the 6 months I have been working hard on designing and implementing our latest infrastructure refresh and migration to another datacenter. This was a big task, especially when we had to migrate customer servers with minimal downtime. However, there were many more challenges we faced, however with the right planning in the design, these were fairly well handled.
One of the challenges was that we were using Standard vSwitches in the old 5.5/5.1 environment due to some 3rd party applications back when the environment was 4.1 which caused issues when using a vDS.
As we were building a new vCenter we decided the best method was to automate adding all the VM port groups along with their VLANs and LAG into the DvSwitch.
One thing I’ve learnt from Alan Renouf is “The best script you will ever write is one that you stole from somebody’s website” which doesn’t mean steal it and claim it as your own, but if someone has a script that does exactly what you need, then use it, just make sure you give credit where credit is due.
It just so happened by luck that right around the time I was starting to think about the process, I saw a twitter post from Ben Liebowitz “PowerCLI Script to create a new vDS Portgroups” – Beauty, this was exactly what I was after (albeit some small changes to suit).
The next step was to get a script to match to do the initial export to CSV, after a quick google I came across a Luc Dekens script that he had written for someones request on the VMware Community Forums. It was pretty straight forward and only require some lines removed so that the CSV only had the columns required for the import. So once I had the scripts, it was down to testing the process on how to use them prior to prod.
Edit the Export vSwitch Configuration script from Luc Dekens
Run the script
Open the CSV (Make sure the columns names line up with the import script) **As we are exporting from a vSwitch and importing to vDS, we will need to manually add a new column to the exported CSV called numports and place the correct number of ports in each row (by default 8) . **Also remove any multiples of portgroups (e.g. if you have multiple hosts with the same Portgroups as these will be also in the csv)
Edit the Import script from Ben Liebowitz – Change the vDS name and LAG name to match your environment. – Update to the CSV path
Run the import script.
Confirm the ports have imported by looking at the vDS.
The process is simple, so let’s break this down into some of the areas you can edit .
In the export script, all you need to edit is the lines that control what information is exported to the CSV. Just remove the lines you do not require. for example I do not need the IP address, so I would remove the below line.
That’s it. Very straight forward set of scripts to run. I prefer to run these individually as there is the step in the middle with the csv file. Aside from that I would like to thank both Ben Liebowitz and Luc Dekens for their community support for sharing their scripts.
I’m starting to become a bit of a fan of VMware NSX and getting excited with all the new features that came out of VMworld 2017. I recently rebuilt my lab and one of the parts I need to install is, you guessed it, NSX. So I figured I would write a series of basic “Getting Started” guides. To start with, we will go through installing the NSX Manager, the brain of the solution. Now for the install, I just attached the NSX Manager Appliance to a vSwitch for the moment, but you will need to ensure that you have a Distributed Virtual Switch configured to utilise NSX as it is a required component. I will be installing NSX Manager 6.3.3 (The latest as of this post)
NSX is more than just networking, it is also part of the endpoint services that was previously vShield in the vCloud Networking and Security Suite (vCNS). Implementing NSX allows you to extend the feature set taking you to the next level of virtual networking.
I will be going over the install and configuration of some of the other components in the next few posts following this one.
Right click cluster and select “Deploy OVF Template” à Navigate to the NSX Manager OVF file à Accept the configuration
Accept the EULA
Input details for configuration
-Password – IPv4/IPv6 details – DNS – NTP – SSH – VMware Customer Experience Improvement Program
Accept all and deploy
Once deployed. Open up a web browser and navigate to the IP/hostname that you set for your NSX Manager.
Login with admin and the password you set for deployment.
Navigate to “General” and edit the time settings à set your timezone à Save and log off and back on again for settings to take affect
Navigate down to “NSX Management Service” àSelect Edit on “Lookup Service URL:” and enter your PSC FQDN. (Enter vCenter if using embedded PSC) Enter SSO username and password and click OK
Select edit on “vCenter Server” and enter your vCenter server address followed by vCenter Service account or SSO.
Once all lights are green, log off and log into vCenter with the account used to attached NSX to vCenter.
If you log in as another accout, you will not be able to see the Network and Security tab as you will not have been granted permission to it. (Note that my SSO is vSphere.local for this lab)
Log in as the account that You will see the Networking and Security section available in the Action menu, Home screen and the left hand Navigation menu. Select Network and Security -> click on NSX Managers -> select NSX Manager you wish to adjust -> Manage -> Users.
Click the green Plus sign -> Choose either to add a group or individual user (Suggest making an NSX Group to make control easier) -> Select the Level of Access and click OK.
Log off and log in as the user you jut granted permission to. (Note that I am using readysetvirtual.local for my lab domain and standard user)
I’ve been having this issue for a little while now, I hadn’t found any successful posts on how to allow the VMware Client integration plug-in to run on FireFox. This occur in my last lab environment and my current. Unfortunately, without this integration tool, OVF deployments and various other functions are unavailable in the WebClient.
Error Msg: “The VMware Client Integration Plugin has updated its SSL Certificate in FireFox.”
Since Firefox ver. 52, plugins have been disabled by default and started to behave differently. We found this out the hardware when some of our customers were starting to open their SaaS Citrix environment with HTML5 instead of the thick client.
To fix this, I found a KB article that outlines the solution. (KBA 2112076)
As you can see, the integration tool is currently installed and in Firefox 56 the message is displaying after log on to the WebClient.
Go ahead and uninstall the Integration Tool as you will need to reinstall it again.
Once installed, reinstall the VMware Client Integration Plug-in and launch FireFox. The Plugin should then popup once you access your venter WebClient login page. -> Select “Remember my choice for vmware-csd links” and click “Open Link”
Head over to a host and attempt an OVF deployment. A second pop will request for Access Control -> select “Allow” and untick “Always ask before allowing this site” (Unless security reasons)
You should now not see any error messages when you attempt an OVF deployment.
Two big announcements were made over the weekend just before VMworld. They were both inevitable, but it was just a question of “When?”. So that day has been set, not by a date, but by a timeline.
The announcements by VMware are that vCenter for Windows and the vSphere flash WebClient have now been dropped in the next version of vSphere.
Let’s start off with vCenter for Windows. If you couldn’t see this coming, then you may have been living under a rock for the last few vSphere releases. With the vCenter Server Appliance (VCSA) being first released as part of vSphere 5.5 and then being improved significantly by vSphere 6 and then on par and exceeding capabilities in vSphere 6.5, there was no way that VMware would over time continue working on vCenter on Windows. If you follow VMware’s trends on new product releases then you will note this is similar to the deprecation of the vSphere C# client that has not been updated since 5.5 as VMware pushed the WebClient. At the time, the WebClient did not boast all the features of the C# client and thus VMware were recommending to still use the C# client for Update Manger. This was then brought into the WebClient by vcenter 6.0 but update manager still required to be installed on a Windows server. Fast forward to the release of vSphere 6.5 and Update Manager has finally been implemented into VCSA. This was the final nail in the Windows vCenter coffin.
What are the benefits of using VCSA instead of windows? The biggest benefit is the licensing costs, eliminating the requirement for Windows OS to be installed. VCSA 5.5/6.0 previously ran on SLES11 and from 6.5 VCSA now runs on PhotonOS, a somewhat new OS platform designed and created by VMware, this drives down the costs as well as bring together tasks like updating and upgrades into a simple 1 step process (2 if you run external PSC). VMware is pushing PhotonOS out to their product suites with the latest having been the NSX Controllers in 6.3.3 (which according to VMware versioning is a minor update)
The final piece that has got my full support for VCSA is the deployment process, as a Mac user, to install the VCSA in 5.5 or 6.0 required a windows machine to run (or at least I was never able to find a way for it to from a Mac) – therefore this meant I need to stand up a windows VM first to run the installer from. Since the release of 6.5, VMware has simplified the process and has included a Mac and Linux deployment file. Aside from building a DC, there is no longer any requirements for a windows server in my environment.
The second announcement which I thought was an earlier than expected surprise was the vSphere flash WebClient being dropped from the next release bringing the new(ish) HTML5 client into the light as the one and only client for managing vSphere.
In vSphere 6.5, the HTML5 client is still only partially functional for vCenter however according to the article, VMware is aiming for 100% complete by the next version release. I suspect there will be further functionality added as new updates are released for vCenter. Personally think this is a little early as the HTML5 client hasn’t had a full functioning release alongside the flash client as it was when the webclient took over from the C# client. However, VMware are on a somewhat short timeline to remove the flash content as Adobe Flash ceases in 2020. I’ve been using the flash vSphere client religiously at home (as mentioned I’m using a Mac) and I have finally accepted it, however at work I still manage to use the C# client on my 5.5 environment.
Looking at the time between vSphere releases which is generally around 18months, this leaves VMware approx. 10 months to have HTML5 up to their 100% full functionality. It will be interesting to see.
Being half way through a large infrastructure migration, there have been some interesting issues turn up along the way which have then required updating to the design and deployment documentation. One of the steps that I need to perform is upgrade VM hardware compatibility and VMTools. This all seemed an easy enough task to complete, especially with Update Manager, that was until it came to doing the actual VMTools upgrade. Update Manager continued to fail on a large number of VMs. When the installation was manually ran, an error message “VMware Guest Introspection must be fully uninstalled before the installation can proceed.” would
What was interesting about this was that I had migrated away from a system that did not have NSX or Guest Introspection per se. The old environment was running traditional vShield and had moved to the new environment which was now running NSX Manager and Guest Introspection only.
After going through a couple of knowledge base articles around the subject, I went ahead and tried the removal of regkeys in VMware, this did not fix the problem; in fact it was a very simple fix.
In control panel –> Programs and Features -> select VMware vShield Endpoint.
Uninstall VMware vShield Endpoint.
Once complete you can successfully go ahead and upgrade VMTools.
Today I was fortunate to receive my copy of VMware vSphere 6.5 Host resources. I was quite excited to be ordering this book once it became available. I had been reading all the snippets that were popping up on twitter from @hostdeepdive and the information and whiteboard photos were really building up the excitement. This book is a collaboration between @FrankDenneman and @NHagoort – the combined intelligence and knowledge that these two have is far beyond where any book will take you, but in this particular book, they cram so much detail in that you will not want to put it down. If you want to get the best out of your infrastructure, and become a great architect and get the best for your customers/users, then this is the book you need to read.
I decided that I would read from the very first page and go through the book, just in the foreword by @KitColbert, VP & CTO of Cloud Platform Business Unit @ VMware, my mind was going places I hadn’t placed it before. Kit talks about how something as simple as typing a linux command and what occurs before the result can be a discussion that can last for hours. In the 4 and a half pages for the foreword, Kit breaks this down and for me, that got me thinking in a whole new light of detail that I would not usually have gone to. This has set me up to accept the challenge of the level of detail that has gone into this book.
I am only a few pages in, but I know for sure that this is going to be a ride worth taking and opening up for the level of detail that will be exposed.
I look forward to reading the rest of this great book and hope you may get the chance too!
Continuing on from my last post, I thought I would get in and talk about the Guest Introspection service before I roll back and redeploy my NSX lab.
In prior versions to vSphere 6.x, part of the VMware vCloud Networking and Security (vCNS) was vShield Endpoint that was installed onto each host to allow for agentless security products to interact with virtual machines through VMTools. This was a two component setup, you would first have the vShield Manager that was connected to your vCenter which then added an installation option on each host for vShield Endpoint. Once vShield Endpoint was installed and vShield Driver (Part of VMTools install), your antivirus/anti-malware software could then protect inside your virtual machines that have been set up.
Fast forward to vSphere 6.x and the release of NSX taking over the networking and security side of things for vSphere environments. vShield was partially removed in vSphere 6.0, but completely removed by vSphere 6.5. Replacing vShield is now the NSX Guest Introspection Service (GIS) that still gets deployed to each host, but the difference is instead of having a separate vShield manager, it is included with the NSX Manager.
The GIS is free (Depending on vCloud licensing you may need to double check with your reseller) with the default licensing that comes with NSX Manager. There is a default key that is automatically deployed with NSX Manager giving you this access.
To set up your Guest Introspection Services, follow the below steps:
IP Pool (If you do not have one configured, then you can set up during GIS deployment)
Open up your Network and Security Tab –> Click on Installation –> Select Service Deployments.
Click on the + sign –> Select Guest Introspection –> Choose when you want to deploy Now or Schedule –> click next.
Select your Datacenter and cluster you want to install your Guest Introspection to –> click next
Choose your storage device and network you want to –> Decide to use DHCP or IP Pool, click Change –> Select IP Pool and Click the + sign to create the Pool.
Confirm and click Finish.
The process will run through and migrate VMs between hosts if required. Once installed, your security software should detect the hosts and their current state and either require install a filter driver to the hosts and then the appliance (Third party components may vary between vendors).
This is a very straight forward service setup, but very powerful for the service it provides to your environment.
Thank you for reading. Please let a comment if you would like to.
I’ve been getting into a bit of NSX lately and have a new fondness for virtual networking of which previously I knew a little about NSX and its use cases, but I had not spent time with deploying it and making some use of it. That being said, I am not a networking guy, but after watching the latest vBrownBag 3 part NSX series with Tim Davis (@ALDTD), I think it’s becoming a new passion for me. See the Series here. Part 1 – Part 2 – Part 3 (TBU)
With all that, here’s my first NSX post on How to upgrade your NSX Manager.
I am currently running version 6.2.7, however last week NSX Ver. 6.3.2 was released and I thought I would take the opportunity to upgrade now before I rebuild my environment and deploy 6.3.2 direct.
Open up vSphere web client and select Networking and Security -> Select NSX Managers -> Then your NSX Manger -> Summary – to check the version
Download the latest upgrade bundle from my.vmware.com
Log on to your NSX manager via it’s management IP using admin user
Select upgrade from the home page (You will notice in the upgrade screen the version number currently running) -> Click the upgrade button -> Click Browse and search for your upgrade bundle -> Click Continue (This will upload the file)
Once the upload has complete, you will be present with a warning to create a backup of your NSX Manager before proceeding with the upgrade. You also receive the option to enable SSH and to join the VMware Customer Experience Improvement Program. -> Click Upgrade when ready
Once completed, click close and wait for your NSX Manger to restart.
Next log into vSphere webclient and select Network and Security -> installation. here you will see the NSX manager upgraded and the Controller Cluster saying “Upgrade Available” Select Upgrade available and let NSX do its thing.
Your controller node will go off and may say “Disconnected” – Just refresh the webclient.
Out of habit, I do a host force sync of services. I don’t have any other components set up at this stage as I had only got to setting up my transport zones, but make sure you run through and upgrade any other components you have deployed such as the Guest Introspection Service (New vShield) as well as any Edge services you have deployed.
Tip: You can go to the Network and Security Dashboard to see if there are any components that are out of date and require an upgrade. Click on the number to bring up more information.
Thank you for reading. Please leave a comment if you have anything to say, be it more information/Corrections/requests.
This year I had the opportunity to fly down to Melbourne for the VMUG UserCon. This was an amazing time to meet some of the superstars from Vmware and NetApp/SolidFire as well as meet some hiighly skilled people that I have only ever met online in either forums or twitter. The day was filled with all highs and no lows. I had the oppportunity to see the event come together before the day via the slack channel and first off I would like to point out that it was a difficult process this year as there had been some changes at VMUGHQ that put the guys from Sydney VMUG and Melbourne VMUG under some intense pressure, but they did an amazing pulling the event together and making it a really great day. I think these guys deserve a huge thank you for their efforts and a congratulations on a great day.
Lets start from the beginning of the event, A couple of days before the event I thought I might try my luck and just put a universal invite on twitter for meeting up for breakfast before the event started. I hesitated on the “tweet” button unsure of the response, thinking that only one or two people would join. Alas! Almost immediately there was a reply from one of the VMUG steering committee members keen to come along depending on the time (obviously due to requiring to be at the event early). After a couple of more hours, there were replies and a time was agreed upon. I was In awe by the response from a number of people who were willing to join me (Who I had not interacted with before online) This showed me immediately the community spirit amoungst like-minded VMWare/VMUG attendees. I was joined by the likes of Brett Johnson, Manny Sidhu, Brett Sinclair, Jeff Wong, Rebecca Fitzhugh, Boris Jelic, and a couple more. All these guys are superstars and was amazing to be around a very smart group of people. The night before I thought I would take a leap (I will expand on this in a further section below) and thought I would take a chance and invite some superstar presenters, again I hesitated for a few minutes before clicking on “Direct Message,” button and reached out to Alan Renouf and almost immediately received a “Send me the location and time” reponse. The thing we keep forgetting is that all of these people are just human like you and me, and we are a communityfrom far and wide. It was a great start to what was going to be a great day. Awesome conversations and full of laughter. My take-away from this is to take that step and reach out to the community, you might be surprised at the people who may just come and have a coffee with you.
Starting otf the event was registration followed by the introduction and farewell of Craig Waters and Andrew Dauncey who have stepped down from their VMUG leader roll in Melbourne and passing the baton on to Mark Ukotic and Tyson Then. After a Vmware update the first keynote superstar, none other Cheif technologist – Duncan Epping stepped onto the stage to speak about VSAN Use Cases, current features and what will be coming out in time. To start with, Duncan talked about storage, mentioning that data growth between 2010 and 2020 will be 50x and that today’s storage doesn’t always meet today’s requirements. Duncan moved on to talk about use cases for VSAN and spoke about how there are SDDCs on oil wells and on trains and the require for a hyperconverged platform to make a compact SDDC. Other use cases are larger organisations using VSAN for their management cluster.
VSAN is really simple to deploy with a couple of tick boxes, however to make VSAN work efficiently and to get the most out of it, one of the most important things you can do is set up Storage Based Policy Management, this allows VSAN to best select the right way to manage the storage and performance of the virtual machine. Specifying Fault domains is a great way to set up redundancy, you can set it up by rack or shelf, so if a rack burns down, there is still a copy of the data in another fault domain. In VSAN 6.5, there is now softwar checksums and disk scrubbing to help prevent data corruption, direct connection for 2 x VSAN nodes and ALL FLASH is now licnsed under the standard VSAN license.
Right after Duncan’s presentation, Amy Lewis – NetApp Solidfire, broght up a panel onstage to discuss Getting ahead in your career and being active in the community and online Social Media. The discussion started off about “are you in the right places to hear the right things?” discussing the use of twitter, slack and other social media to hear about the items relevent to you. Amy made a great point about reaching out and it cemented in me that event though I hesitated twice regarding breakfast, the overwhelming response I had is exactly what can be achieved just be taking that leap and reaching out to the big names.
Talking blogs, there was a lot of discussin around, finding what to blog about, how to find something to blog about and finding the time to blog. This is a challenge I have found for myself, it is easy for me to write a blog post like this, but when it comes to something technical, it is hard to decide whether or not anyone will read it, or if has already been convered before, however the overall response is, “Blog it regardless, someone might need it one day.”
The last point that was asked by an audience member was “How do you seprate yourself from person and business accounts” This is a hot topic, when you are posting on twitter, sometimes you may get carried away and this can reflect on your company, but it is about finding the balance. **The funny thing is, I want to make a sidenote, when I wrote this section, I was on the plane trip home, however, once I got back to Brisbane and in mobile data range, I was hitting up twitter to catch up and I replied to a post by Scott Lowe regarding his OS change over from OSX to Fedora, and as having changed to Fedora at the same time as Scott I made a comment about my experience. Later, I received a question from Scott asking if I would like to do a write for his series on my experience to which I replied that in the past I would have said I had nothing to contribute, but since hearing Amy Lewis yesterday, I reckon I could come up with something. And that’s it, finding something to write about and doing it, writing even if you don’t think you have something to write about. That request topped off my trip to the Melbourne VMUG, all because I wrote something to a superstar and they responded.
So Josh Atwell, what a presenter, apart from turning up a minute late, Josh was straight into it, telling everyone how it is, giving everyone to have a cry about IT. Now, DevOps is something I’ve been looking at getting into for a short while now and I thought I would give this session a go, and I was not disappointed. The way Josh presented was that even if you’re not in DevOps, you will be at the end of his presentation. Understanding what DevOps is.
“DevOps = Makes deploying code suck less.”
“DevOps exists for communication, collaboration and Integration”
The image on screen was a brick wall between Dev and Ops and a folder was being thrown over
With some images that pointed out the truth, Josh talked about “What is Ops good at?” He lists them as:
Learn Quickly when motivated.
Process what it takes to deliver
Good in a Crisis
Duct Tape Engineering
Emad Younis has been travelling the world presenting the Migrate2VCSA tool, however this presentation goes into more detail than that. Emad not only talks about the prerequisits and running the tool, but he also dives into the new features in VCSA 6.5. There are several dot points that Emad touches on regarding why the VCSA is a much better option than the Windows vCenter:
Quick and Easy to Provision – Straight from the ISO to hypervisor via web interface
Licensing – Do not require windows license
No DB maintenance – PostgreSQL is pretuned
Unified patching – Running on photon and not SLES as previous – no 3rd party updates
When using the Migration tool, you need to remember that if you currently have an embedded platform services controller then you can not migrate to an external and vice versa. The migration assistant runs all the checks across the system, if you have a VUM server connected, it will be detected and will advise you to remove from your vCenter before migrating. Ensure that your NTP and DNS (Forward and Reverse) are configured correctly and make sure you know your topology – custom configured ports are not supported.
Emad went on to talking about 6.5, the VCSA is now able to be deployed from any OS and there is no longer a requirement for the Client Integration Tool. The deployment is also split into 2 stages so that you can come back later if required and finish configuring the vCenter server. 6.5 now supports High Availability natively utilising a passive and witness VCSAs deployed on separate hosts. VUM is now integrated into the appliance making it easier to control the entire vCenter environment from a single-pane of glass. There is also a built in backup and restore feature.
Closing keynote for the day was with two legends of VMware who strive to promote automation and why you should to. William Lam and Alan Renouf started off with talking about a first for UserCons, setting up a mini SDDC, fully-automated from an USB stick. This was originally achieved in Sydney using an Intel NUC, however it did take longer than expected and the after party drinks started while they waited for it to finish. Thanks to Tai Ratcliff for lending his supermicro box for the demonstration. There was a section discussing how the process works and how you can set up the process yourself by using the kick start script for ESXi and the VCSA CLI Installer that is part of the VCSA iso. During the wait for the process to run, Alan and William spoke about automation with VMware, Alan spoke started the main part with the line “If you do it more than once, Automate it!.” This is very true as I have done some repetitive tasks in the past I should have automated, even though there was months between each one.
The next was actually a question I asked Alan at breakfast, I told Alan I hack and slash other code as I don’t know how to start coding an automation process. Alan describe the process on stage, he said “Write down the manual steps, once you have this, script each line individually and then add them all together.” It actually is that easy.
One of the popular lines to come out from Sydney, which turned into it’s own hashtag was,
“Never tell someone you’ve automated it – Claim the hard work”
After some more information regarding PowerCLI, new SDKs, and PowerCLICore, the SDDC automation process was completed. Alan took the opportunity to introduce the new API Explorer in vCenter 6.5 where you are able to navigate through a series of APIs and get snippets of script. Alan also introduced the new DCLI and interactive mode which is a new CLI that is easier to use and manage. There were a couple of hiccups as the automated SDDC hadn’t finished starting some services, but this was minor and allowed Duncan Epping to walk up on stage as a waiter and deliver beer to Alan and William while they finished their presentation.
Overall, this was the best UserCon I have been to (2nd UserCon in fact) and it was full of great information from some of the best in the IT industry worldwide. There were people I have spoken to on forums, twitter, and other internet areas but I had never met in person before that I finally got to meet and sit down and have a god chat with. The information I brought back with me will be getting put to use in the coming months at work and I also have grown that little bit more in the way I think and process my actions. From having people join me for breakfast, to people meeting me at the event and encouraging my growth in virtualization and in IT, I can definitely say there is a great community within VMUG (Especially Melbourne) that is willing to support one another.