Category Archives: VMware

Auto Connecting Devices to a VMware Workstation VM

As part of my latest homelab setup, I run my vCenter Server VM and Domain Controller VM on VMware Workstation Pro 16 and not on an ESXi host. This is mainly so I don’t have to fire up a noisy rack mount server when I only need my vCenter Server for something.

This did leave me with the problem of a lack of physical ports in my Windows PC to be able to bridge my VM’s with, so out came the trusty USB Ethernet adapter!

By default, this USB device is connected to the host machine. As I would always forget to connect this to my domain controller VM(which is the VM I bridged with this interface), I would end up having to reboot it once I had connected it as I would get all sorts of problems, including DNS issues.

To address this, there is a line that can be added to the vmx file of the VM to auto connect a specific device to a VM. It took me a while to find the information that was pertinent to specifically version 16 of VMware Workstation so I thought I would write a quick article on it.

Firstly, you need to grab the VID and PID values from the registry by looking through the devices in the following path, or searching if you have an idea on what its friendly name is:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB

Once you have these values, open up the VMX file of the VM you want to auto connect the device to in a text editor, making sure the VM is in a powered off state first.

Add the following line to the file, replacing the VID and PID values with the ones you located in the registry earlier.

usb_xhci.autoconnect.device0 = "vid:0bda pid:8152"

Now, power on the VM and you will see the device is automatically connected to the VM and not the Host!

I hope this has been useful. I aim to get some more blog posts up on my lab setup this year, so keep an eye out if you are looking for idea’s for your own home lab.

Thanks for reading!

Failed to Deploy OVF Package – vSphere Content Libraries

I recently came across an issue with creating subscribed VMware Content Libraries, and deploying templates from a Content Library.

An error similar to the one below, would be received when attempting to deploy a VM template or OVF from a Content Library, or an error related to connection issues when setting up a subscribed Content Library.

Failed to deploy OVF Package.  ThrowablePrxy.cause A general system error occurred: Transfer failed.

After some investigation, I came to see that vCenter was attempting to communicate with linked vCenter’s and hosts via the web proxy that was configured in the VAMI, when attempting to deploy an OVF from a Content Library or when trying to synchronise a library.

As I didn’t want this traffic going via the proxy as it is internal traffic, a support ticket was logged. It was advised to add proxy exceptions, or bypasses, to the proxy file located here on a vCenter Server Appliance:

/etc/sysconfig/proxy

As this information isn’t something I managed to find documented publicly and support couldn’t provide me with anything as they were using internal documentation to assist, I thought I would write a quick post on it to help anyone facing the same issue!

Note: Always test in a non production environment and contact official support channels!

To begin reviewing and editing this file, you will need to SSH to the VCSA using the below command using your SSH tooling of choice.

ssh root@vm-vcsa-01.smt-lab.local

Using the following cat command you can then view the file:

cat /etc/sysconfig/proxy

Here is what the default file looks like with the HTTP and HTTPS options set:

# Enable a generation of the proxy settings to the profile.
# This setting allows to turn the proxy on and off while
# preserving the particular proxy setup.
#
PROXY_ENABLED="no"

# Some programs (e.g. wget) support proxies, if set in
# the environment.
# Example: HTTP_PROXY="http://proxy.provider.de:3128/"
HTTP_PROXY="proxy.smt-lab.local"

# Example: HTTPS_PROXY="https://proxy.provider.de:3128/"
HTTPS_PROXY="proxy.smt-lab.local"

# Example: FTP_PROXY="http://proxy.provider.de:3128/"
FTP_PROXY=""

# Example: GOPHER_PROXY="http://proxy.provider.de:3128/"
GOPHER_PROXY=""

# Example: SOCKS_PROXY="socks://proxy.example.com:8080"
SOCKS_PROXY=""

# Example: SOCKS5_SERVER="office-proxy.example.com:8881"
SOCKS5_SERVER=""

# Example: NO_PROXY="www.me.de, do.main, localhost"
NO_PROXY="localhost, 127.0.0.1"

Take note of the section at the bottom, “NO_PROXY”. This is where we need to add the fqdn’s of any hosts and VCSA’s you wish to deploy to, or subscribe with. If however you don’t want to maintain this for each and every host, you can add a wild card:

.*.domain.name

Note the ‘.’ at the beginning!

For instance, in my lab I would add the following entry to the NO_PROXY list:

.*.smt-lab.local

To edit this we can use the VI editor (More info on using VI here.):

vi /etc/sysconfig/proxy

Edit the file to include the FQDN’s or a wildcard, based on your requirements.

# Example: NO_PROXY="www.me.de, do.main, localhost"
NO_PROXY="localhost, 127.0.0.1, .*.smt-lab.local"

I found a short period of time is needed for this to take effect. Or you can reboot the VCSA to speed things along.

Following this, you will then be able to deploy or subscribe without issue!

Hope this has been useful and thanks for reading!

Different Tools; Same Result – vSphere Distributed Port Groups

As technology moves forward, more and more ways to achieve your goal become available. Many people still rely on the good old trusty GUI to achieve their goal, I know I do at times. Is this because it’s quicker, more comfortable or familiar? Or perhaps because they don’t realise there are other options out there!?

This blog post will be one of many, where I highlight some of the options available for completing various technical tasks or configurations, in the hope it can provide additional options or tools for consideration.

To kick off, let’s take a look at a common example for a vSphere Administrator, creating Port Groups on a Distributed Switch.

vSphere Client

So let’s first look at the process via the GUI, in this case, the vSphere Client. I wont go into too much detail on the steps involved, as it is a well documented process, but the screenshots are below:

Repeat for the remaining Port Groups and you will be left with the finished article.

And there we have it, three Port Groups on a distributed Switch. Now, imagine doing this for 10’s or 100’s of Port Groups? It’s going to be slow and painful, so let’s look at some other options.

PowerShell

Firstly, PowerShell, specifically the VMware PowerCLI PowerShell module. Here is an example script that will create the same three Port Groups that we did using the GUI:

$vDSName = "vDS-Workload-Networks"
$Ports = "8"
$LoadBalancing = "LoadBalanceLoadBased" 
$ActiveUP = "Uplink 1", "Uplink 2"

$vdpgs = @(
    [pscustomobject]@{PG = 'dvPG-Guest-VM-1'; VLANID = '20'}
    [pscustomobject]@{PG = 'dvPG-Guest-VM-2'; VLANID = '21'}
    [pscustomobject]@{PG = 'dvPG-Secure-VM-1'; VLANID = '25'}
)

#Create Distributed Virtual Port Group.
ForEach ($vdpg in $vdpgs) {
    Get-VDSwitch -Name $vDSName | New-VDPortGroup -Name $VDPG.PG -VLanId $VDPG.VLANID -NumPorts $Ports
    #Set Load Balancing option
    Get-VDswitch -Name $vDSName | Get-VDPortgroup $VDPG.PG | Get-VDUplinkTeamingPolicy | Set-VDUplinkTeamingPolicy -LoadBalancingPolicy $LoadBalancing -ActiveUplinkPort $ActiveUP
}

So lets break down this code. Firstly we are defining some variables;

  • $vDSName – This is the name of an existing virtual distributed switch in which you will be creating your Port Groups.
  • $Ports – This defines the number of ports the Port Group will be initially configured with. (By default 128 ports are created, there is nothing wrong with using the default, see the note further down as to why I have specified 8.)
  • $LoadBalancing – This is the load balancing policy I wish to set for the Port Group. Available options are:LoadBalanceLoadBased, LoadBalanceIP, LoadBalanceSrcMac, LoadBalanceSrcId, ExplicitFailover. This can be adjusted as required.
  • $ActiveUP – This variable defines the uplinks you wish to set as active for the Port Group. (If you want to add standby uplinks, you could add this parameter in too)
  • $VDPGS – Finally, this is an array containing both the name and VLAN ID for each Port Group.

Now we have our input information in variables, we move onto the next two lines of code. These are within a ‘ForEach Loop’. This will take each entry within an array and run a block of code against it. In this case, each Port Group we wish to create.

So for each entry in the array, ‘Get-VDswitch -Name $vDSName‘ gets the existing Virtual Distributed Switch based on the variable and then pipes (‘|’) this into the command (New-VDPortGroup -Name $VDPG.PG -VLanId $VDPG.VLANID -NumPorts $Ports) to create the Port Group on the Distributed Switch, using the properties set for each line of the array.

Secondly, we get the Port Group we just created (Get-VDswitch -Name $vDSName | Get-VDPortgroup $VDPG.PG) and then ‘Get & Set’ the Teaming and Loadbalancing options (Get-VDUplinkTeamingPolicy | Set-VDUplinkTeamingPolicy -LoadBalancingPolicy $LoadBalancing -ActiveUplinkPort $ActiveUP), again ‘piping’ the results into the next command.

Below is the output from PowerShell after running the script above:

Name                           NumPorts PortBinding
----                           -------- -----------
dvPG-Guest-VM-1                8        Static

VDPortgroup                      : dvPG-Guest-VM-1
NotifySwitches                   : True
NotifySwitchesInherited          : True
LoadBalancingPolicy              : LoadBalanceLoadBased
LoadBalancingPolicyInherited     : False
FailoverDetectionPolicy          : LinkStatus
ActiveUplinkPort                 : {Uplink 1, Uplink 2}
StandbyUplinkPort                : {}
UplinkPortOrderInherited         : False
Failback                         : False
EnableFailback                   : True
FailbackInherited                : True
UnusedUplinkPort                 : {}
FailoverDetectionPolicyInherited : True
Uid                              : /VIServer=vsphere.local\administrator@vm-vcsa-01.smt-lab.local:443/VDPortgroupUplinkTeamingPolicy=cec49f0b7f124d0c9f37814392494a31/

dvPG-Guest-VM-2                8        Static

VDPortgroup                      : dvPG-Guest-VM-2
NotifySwitches                   : True
NotifySwitchesInherited          : True
LoadBalancingPolicy              : LoadBalanceLoadBased
LoadBalancingPolicyInherited     : False
FailoverDetectionPolicy          : LinkStatus
ActiveUplinkPort                 : {Uplink 1, Uplink 2}
StandbyUplinkPort                : {}
UplinkPortOrderInherited         : False
Failback                         : False
EnableFailback                   : True
FailbackInherited                : True
UnusedUplinkPort                 : {}
FailoverDetectionPolicyInherited : True
Uid                              : /VIServer=vsphere.local\administrator@vm-vcsa-01.smt-lab.local:443/VDPortgroupUplinkTeamingPolicy=e126093ed67f45a3b7c42874c5affc20/

dvPG-Secure-VM-1               8        Static

VDPortgroup                      : dvPG-Secure-VM-1
NotifySwitches                   : True
NotifySwitchesInherited          : True
LoadBalancingPolicy              : LoadBalanceLoadBased
LoadBalancingPolicyInherited     : False
FailoverDetectionPolicy          : LinkStatus
ActiveUplinkPort                 : {Uplink 1, Uplink 2}
StandbyUplinkPort                : {}
UplinkPortOrderInherited         : False
Failback                         : False
EnableFailback                   : True
FailbackInherited                : True
UnusedUplinkPort                 : {}
FailoverDetectionPolicyInherited : True
Uid                              : /VIServer=vsphere.local\administrator@vm-vcsa-01.smt-lab.local:443/VDPortgroupUplinkTeamingPolicy=b5f1889461584b1daf314379cd935f50/

Terraform

Now let’s take a look at using Terraform to achieve the same result. Terraform is an infrastructure and code tool used to manage infrastructure in the form of configuration files and state:

provider "vsphere" {
  vsphere_server = "vCenter Server FQDN"
  user           = "Domain\\Username"
  password       = "Password"
}
data "vsphere_datacenter" "datacenter" {
  name = "dc-smt-01"
}
data "vsphere_distributed_virtual_switch" "vds" {
  name          = "vDS-Workload-Networks"
  datacenter_id = data.vsphere_datacenter.datacenter.id
}
resource "vsphere_distributed_port_group" "pg20" {
  name                            = "dvPG-Guest-VM-1"
  distributed_virtual_switch_uuid = data.vsphere_distributed_virtual_switch.vds.id
  number_of_ports                 = 8
  vlan_id                         = 20
}
resource "vsphere_distributed_port_group" "pg21" {
  name                            = "dvPG-Guest-VM-2"
  distributed_virtual_switch_uuid = data.vsphere_distributed_virtual_switch.vds.id
  number_of_ports                 = 8
  vlan_id                         = 21
}
resource "vsphere_distributed_port_group" "pg25" {
  name                            = "dvPG-Secure-VM-1"
  distributed_virtual_switch_uuid = data.vsphere_distributed_virtual_switch.vds.id
  number_of_ports                 = 8
  vlan_id                         = 25
}

Lets break this down.

First we are specifying which terraform provider we want to use, this will be the vSphere provider in this case. We are then providing some parameters for Terraform to connect to your vCenter instance; VCSA FQDN and credentials.

We then have two ‘data’ blocks. These are used to get information about an existing resource, such as the Distributed Switch and the Datacenter it resides in. You could loosely consider this similar to populating variables in the PowerShell example.

Next we have three ‘resource’ blocks. Each block represents one of the three Port Groups we want to configure. It provides parameters for Name, number of ports and vlan ID for each, along with a reference to the Distributed Switch from the ‘data’ block.

Now when you run ‘terraform apply’ to apply for code, here is the output:

terraform apply  


Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # vsphere_distributed_port_group.pg20 will be created
  + resource "vsphere_distributed_port_group" "pg20" {
      + active_uplinks                    = (known after apply)
      + allow_forged_transmits            = (known after apply)
      + allow_mac_changes                 = (known after apply)
      + allow_promiscuous                 = (known after apply)
      + auto_expand                       = true
      + block_all_ports                   = (known after apply)
      + check_beacon                      = (known after apply)
      + config_version                    = (known after apply)
      + directpath_gen2_allowed           = (known after apply)
      + distributed_virtual_switch_uuid   = "50 33 5e 01 05 1e 32 66-ea f7 7c 42 ce fa f1 96"
      + egress_shaping_average_bandwidth  = (known after apply)
      + egress_shaping_burst_size         = (known after apply)
      + egress_shaping_enabled            = (known after apply)
      + egress_shaping_peak_bandwidth     = (known after apply)
      + failback                          = (known after apply)
      + id                                = (known after apply)
      + ingress_shaping_average_bandwidth = (known after apply)
      + ingress_shaping_burst_size        = (known after apply)
      + ingress_shaping_enabled           = (known after apply)
      + ingress_shaping_peak_bandwidth    = (known after apply)
      + key                               = (known after apply)
      + lacp_enabled                      = (known after apply)
      + lacp_mode                         = (known after apply)
      + name                              = "dvPG-Guest-VM-1"
      + netflow_enabled                   = (known after apply)
      + network_resource_pool_key         = "-1"
      + notify_switches                   = (known after apply)
      + number_of_ports                   = 8
      + port_private_secondary_vlan_id    = (known after apply)
      + standby_uplinks                   = (known after apply)
      + teaming_policy                    = (known after apply)
      + tx_uplink                         = (known after apply)
      + type                              = "earlyBinding"
      + vlan_id                           = 20

      + vlan_range {
          + max_vlan = (known after apply)
          + min_vlan = (known after apply)
        }
    }

  # vsphere_distributed_port_group.pg21 will be created
  + resource "vsphere_distributed_port_group" "pg21" {
      + active_uplinks                    = (known after apply)
      + allow_forged_transmits            = (known after apply)
      + allow_mac_changes                 = (known after apply)
      + allow_promiscuous                 = (known after apply)
      + auto_expand                       = true
      + block_all_ports                   = (known after apply)
      + check_beacon                      = (known after apply)
      + config_version                    = (known after apply)
      + directpath_gen2_allowed           = (known after apply)
      + distributed_virtual_switch_uuid   = "50 33 5e 01 05 1e 32 66-ea f7 7c 42 ce fa f1 96"
      + egress_shaping_average_bandwidth  = (known after apply)
      + egress_shaping_burst_size         = (known after apply)
      + egress_shaping_enabled            = (known after apply)
      + egress_shaping_peak_bandwidth     = (known after apply)
      + failback                          = (known after apply)
      + id                                = (known after apply)
      + ingress_shaping_average_bandwidth = (known after apply)
      + ingress_shaping_burst_size        = (known after apply)
      + ingress_shaping_enabled           = (known after apply)
      + ingress_shaping_peak_bandwidth    = (known after apply)
      + key                               = (known after apply)
      + lacp_enabled                      = (known after apply)
      + lacp_mode                         = (known after apply)
      + name                              = "dvPG-Guest-VM-2"
      + netflow_enabled                   = (known after apply)
      + network_resource_pool_key         = "-1"
      + notify_switches                   = (known after apply)
      + number_of_ports                   = 8
      + port_private_secondary_vlan_id    = (known after apply)
      + standby_uplinks                   = (known after apply)
      + teaming_policy                    = (known after apply)
      + tx_uplink                         = (known after apply)
      + type                              = "earlyBinding"
      + vlan_id                           = 21

      + vlan_range {
          + max_vlan = (known after apply)
          + min_vlan = (known after apply)
        }
    }

  # vsphere_distributed_port_group.pg25 will be created
  + resource "vsphere_distributed_port_group" "pg25" {
      + active_uplinks                    = (known after apply)
      + allow_forged_transmits            = (known after apply)
      + allow_mac_changes                 = (known after apply)
      + allow_promiscuous                 = (known after apply)
      + auto_expand                       = true
      + block_all_ports                   = (known after apply)
      + check_beacon                      = (known after apply)
      + config_version                    = (known after apply)
      + directpath_gen2_allowed           = (known after apply)
      + distributed_virtual_switch_uuid   = "50 33 5e 01 05 1e 32 66-ea f7 7c 42 ce fa f1 96"
      + egress_shaping_average_bandwidth  = (known after apply)
      + egress_shaping_burst_size         = (known after apply)
      + egress_shaping_enabled            = (known after apply)
      + egress_shaping_peak_bandwidth     = (known after apply)
      + failback                          = (known after apply)
      + id                                = (known after apply)
      + ingress_shaping_average_bandwidth = (known after apply)
      + ingress_shaping_burst_size        = (known after apply)
      + ingress_shaping_enabled           = (known after apply)
      + ingress_shaping_peak_bandwidth    = (known after apply)
      + key                               = (known after apply)
      + lacp_enabled                      = (known after apply)
      + lacp_mode                         = (known after apply)
      + name                              = "dvPG-Secure-VM-1"
      + netflow_enabled                   = (known after apply)
      + network_resource_pool_key         = "-1"
      + notify_switches                   = (known after apply)
      + number_of_ports                   = 8
      + port_private_secondary_vlan_id    = (known after apply)
      + standby_uplinks                   = (known after apply)
      + teaming_policy                    = (known after apply)
      + tx_uplink                         = (known after apply)
      + type                              = "earlyBinding"
      + vlan_id                           = 25

      + vlan_range {
          + max_vlan = (known after apply)
          + min_vlan = (known after apply)
        }
    }

Plan: 3 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

vsphere_distributed_port_group.pg20: Creating...
vsphere_distributed_port_group.pg21: Creating...
vsphere_distributed_port_group.pg25: Creating...
vsphere_distributed_port_group.pg25: Creation complete after 0s [id=dvportgroup-2669728]
vsphere_distributed_port_group.pg21: Creation complete after 0s [id=dvportgroup-2669730]
vsphere_distributed_port_group.pg20: Creation complete after 0s [id=dvportgroup-2669729]

Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

For more information on the vSphere provider from Terraform, check out this link.

You will have noticed that I have explicitly defined the number of ports in both the PowerShell and Terraform examples. This is purely to match up with the default value that is set when using the vSphere Client; 8. By default the port allocation automatically expands as required, so this is for consistency rather than anything else.

If you are someone who relies heavily on a GUI as part of your work, I hope this have given you some idea’s on how you can perhaps leverage other options, especially when looking to build or configure in bulk.

Thanks for reading!

NSX-T Manager Certificate Replacement

I decided it was time to add VMware NSX-T to my HomeLab. I had been putting it off for a while but I couldn’t avoid it any longer!

Once I had fired up my NSX Manager Nodes and Cluster (I am using version 3.1), I looked to installing certificates. I choose to use a single certificate for all 3 of the NSX managers and the cluster using Subject Alternative Names (SAN’s) to simplify the process and this means I don’t need to renew 4 certificates each time.

As this is a different process to other VMware products I have put together a quick run through on how to achieve this.

Firstly, we need to generate the CSR from one of the NSX Manager nodes using openssl. SSH to one of your nodes and run the following command to create a new file called ‘ssl.conf’:

vim ssl.conf

Then populate this file with the below text, changing the values to suit your environment. I have left my values in to help with reading the file. If you are using a single NSX manager in your lab, you can remove the lines for DNS.3, DNS.4, IP.3 and IP.4.

[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no

[ req_distinguished_name ]
countryName = GB
stateOrProvinceName = Labshire
localityName = Lab City
organizationName = SMT-Lab
organizationalUnitName = SMT-Lab
commonName = vm-nsx-00.smt-lab.local

[ req_ext ]
subjectAltName = @alt_names

[alt_names]
DNS.1 = vm-nsx-00.smt-lab.local
DNS.2 = vm-nsx-01.smt-lab.local
DNS.3 = vm-nsx-02.smt-lab.local
DNS.4 = vm-nsx-03.smt-lab.local
IP.1 = 10.200.15.34
IP.2 = 10.200.15.35
IP.3 = 10.200.15.36
IP.4 = 10.200.15.37

Now to generate the CSR, run the following, but replacing the files names to suit:

openssl req -out vm-nsx-00.smt-lab.local.csr -newkey rsa:2048 -nodes -keyout vm-nsx-00.smt-lab.local.key -config ssl.conf -sha256

This will generate 2 files in the current working directory. You will have your CSR and the private key. Using something like WinSCP, copy the files off the NSX manager to a location of your choice.

Head off to your CA and issue the certificate using the CSR.

Now you need to copy the root and issuing (if you have an issuing CA) certificate to certificate you just created. This will complete the chain. Also have the private key handy as you are going to need it.

We are now ready to import import the certificate. Head to System > Certificates > Import and select Import Certificate.

Give it a name, browse to the certificate file that now includes the certificate chain, followed by browsing the the private key file. Be sure to change the ‘Service Certificate’ slider to ‘No’ and then click Import.

Once imported you can select it and see that it includes the certificates in the chain.

Now to assign them! Firstly, click on the identifier next to the name and copy the value. This is what will be used to target the certificate in the next steps.

To validate and replace the certificates in NSX we need to use API’s. Using a tool like Postman, validate then replace the certificate on the NSX Manager Cluster by running the following as a GET request. Note you need to provide credentials for the NSX managers on the Authorization tab.

https://vm-nsx-00.smt-lab.local/api/v1/trust-management/certificates/82c80092-3571-40cd-8960-3189594ec0f1?action=validate 

The result of ‘”status” : “ok”‘ is what we are looking for here.

Now its confirmed valid, lets replace the certificate by running the following POST request:

https://vm-nsx-00.smt-lab.local/api/v1/cluster/api-certificate?action=set_cluster_certificate&certificate_id=82c80092-3571-40cd-8960-3189594ec0f1

Then its time to apply to all nodes by running each line below:

https://vm-nsx-01.smt-lab.local/api/v1/node/services/http?action=apply_certificate&certificate_id=a94b3600-696b-43bf-a2df-c1e8e2180c3a

https://vm-nsx-02.smt-lab.local/api/v1/node/services/http?action=apply_certificate&certificate_id=a94b3600-696b-43bf-a2df-c1e8e2180c3a

https://vm-nsx-03.smt-lab.local/api/v1/node/services/http?action=apply_certificate&certificate_id=a94b3600-696b-43bf-a2df-c1e8e2180c3a

And that completes the replacement. If you browse to either your cluster address or individual nodes, you will see your new certificate in place.

You can find the full VMWare documentation on this here.

Thanks for reading!

Sessions I’ll Be Attending at VMworld 2021

VMworld 2021 is right around the corner! This year we are again unable to attend in person due to COVID-19, however this still gives everyone the chance to attend as its an online event!

It is running from the 5th to the 7th October this year –

Like many, I have been marking various sessions as favourites in the catalog ready for when they can be booked. Here are a few that are on my list this year.

Firstly, Frank’s session on NUMA has been on my list for all 3 years I have been attending. For anyone who uses vSphere, this is a must.

60 Minutes of Non-Uniform Memory Access (NUMA) 3rd Edition [MCL1853]

Pass Type: General and Tech+ Passes
Session by: Frank Denneman
Description:

“Although we enrich the stack with multiple layers of abstraction, obtaining consistent performance boils down to understanding the fundamentals. This requires the admin and the architect to focus on individual host components again. In this session, we dive into the impact the Multi-chip Module (MCM) has on scheduler behavior and workload sizing. Learn the underlying configuration of a virtual machine and discover the connection between the General-Purpose Graphics Processing Unit (GPGPU) and the NUMA node. Determine how the cores-per-socket impact a virtual NUMA configuration. We will look at the impact of heterogeneous clusters on workload performance and how you can detect faux-wide virtual machine configurations. You will understand how your knowledge of NUMA concepts in your cluster can help the developer by aligning the Kubernetes nodes to the physical infrastructure with the help of VM Service.”


The next two are sessions are focused on performance. I’m personally always looking for ways to improve performance via configuration and tuning, but also ways to identify performance issues.

Extreme Performance Series: vSphere Advanced Performance Boot Camp [MCL2033]

Pass Type: Tech+ Pass Only
Session by: Mark Achtemichuk & Valentin Bondzio
Description:

“The VMware vSphere Advanced Performance Boot Camp provides the most advanced technical performance-oriented training available about vSphere performance design, tuning and troubleshooting. Hosted by VMware Certified Design Expert Mark Achtemichuk, we will cover a broad range of topics on all resource dimensions, including the VMware ESXi scheduler, memory management, storage and network optimization. The student will become empowered to identify the location of performance issues, diagnose their root cause, and remediate a wide variety of performance conundrums using the many techniques practiced by the most seasoned vSphere veterans and VMware internal experts. Armed with the knowledge provided in the class will allow you to confidently approach virtual performance and manage it successfully.”

Not got the Tech+ Pass? Here is an alternative session available on the General Pass – Extreme Performance Series: Performance Best Practices [MCL1635].

Deep Dive: VM Performance and Best Practices [VI2158]

Pass Type: Tech+ Pass Only
Session by: Jimmy Arias
Description:

“This session will provide a very detailed and technical explanation of the utilization of resources by VM, how to evaluate the performance indicators using ESXtop, and how to better architect and create solutions for performance issues.”


Having watched a couple of sessions this year by David Klee on performance tuning SQL on vSphere, this session was one of the first on my favourite list. Having supported SQL in some fashion my entire career, I am always looking to learn how to get the best performance possible.

Meet the Experts: Virtualizing Microsoft SQL Server on vSphere – Stories from the Trenches [MCL1318]

Pass Type: Tech+ Pass Only
Session by: Deji Akomolafe & David Klee
Description:

“Virtualizing Microsoft SQL Server (the most virtualized mission-critical application) on VMware vSphere has become the standard for SQL Server deployments around the world. As vSphere continues to be the target platform for most SQL Server workloads and, with vSphere now being available in all major public cloud infrastructures, it is a given that you will virtualize your SQL Server workloads. The degree to which you will achieve bare-metal performance is up to how well you align SQL Server with the underlying infrastructure. This session (based on more than two decades of field experience) presents the common pitfalls you need to avoid and those you need to embrace as you run (or plan) your SQL Server instances on premises or in one of the various hybrid cloud options based on vSphere available from AWS, Microsoft, Google, and more.”


Another topic I have really enjoyed getting involved in this year has been Infrastructure as Code (IaC), Packer & Terraform specifically. So this year, I was for sure going to have this session on my list.

Automation Showdown: Imperative vs Declarative [CODE2786]

Pass Type: General and Tech+ Passes
Session by: Luc Dekens & Kyle Ruddy
Description:

“The automation landscape has always been a source of rapid innovation. Historically, the languages, whether it’s Perl, Python, vRealize Orchestrator JavaScript, or PowerCLI, may have changed, but the imperative, step-by-step workflows you’ve learned and know have not. However, a new challenger has appeared. Declarative workflows upended the usual processes and even the languages all in the name of infrastructure as code. Human readable, plain text files can be interpreted by products like HashiCorp Terraform and RedHat Ansible to do the heavy lifting of the imperative process. The key is knowing when, how, and where to use each method within your VMware environment. Join Luc and Kyle for this session where they will discuss these different styles of automation, complete with practical examples that you can use in your own environment!”

If like me you like to see things in action, Kyle also has a Live Coding session – Live Coding: Terraforming Your vSphere Environment [CODE2755].

Both of theses session are available on the General Pass so no excuses to miss out on them!


Finally, a session on Azure VMware Solution (AVS). As I am currently studying for my Microsoft AZ-104 exam, I wanted to start exploring and learning about this offering. Perhaps you are already using Azure or O365 and want to begin looking into the options for extending your vSphere solution to the cloud? If so, this session is definitely worth looking at!

Azure VMware Solution: Deployment Deep Dive [MCL2036]

Pass Type: Tech+ Pass Only
Session by: Jeremiah Megie & Steve Pantol
Description:

“In this session, we will discuss planning and deployment of Azure VMware Solution beyond the quick start. We will cover planning for network addressing, connectivity, integrating into an existing Azure hub and spoke or virtual WAN deployment, configuring monitoring and management, and establishing governance controls.”


If you haven’t already, head over to the VMworld website and register for the event! All content can be found in the Content Catalog, so get browsing!

As always, thanks for reading!

Enabling VM Rightsizing in vRealize Operations Manager (vROPS)

One of the many great features of vRealize Operations Manager (vROPS) is the ability to identify and address over or under sized virtual machines.

I was asked a short while ago why the option to resize a VM was unavailable or ‘greyed out’ as you can see below.

This feature is something that you need to a enable for a connection or ‘Cloud Account’. In this instance, this is my connection with vCenter.

You can check this by heading to Administration, Cloud Accounts and then select the three ‘dots’ next to the connection you want to check, or enable it for.

When reviewing the connection configuration you can see that the enable ‘Operational Actions’ is not selected.

Go ahead and select it.

Now if you head back to the rightsizing section, you will see that you have the option to resize the VM’s (for the connection or Cloud account you have enabled it for). One thing to note, the account you have used for the credentials on this connection require the appropriate privileges to modify the VM’s!

Once you click resize, you can then confirm the suggested resizing and continue.

Hope you found this useful. Once again thank you for reading!

Upgrading Site Recovery Manager (SRM) 8.3.1 to 8.4

I recently started looking at prerequisites to a vSphere 7 upgrade, by reviewing any associated upgrades that might be needed. VMware Site Recovery Manager was one product that needed to be upgraded prior to this. I decided I would fire up a quick nested setup in my HomeLab to run through the process before hand and share the process!

This nested lab consists of two ESXi 6.7 nested hosts, two vCenter 6.7 VCSA’s and two SRM 8.3.1 appliances, with the VCSA’s and SRM appliances having custom CA certificates installed.

I made use of @lamw’s VirtuallyGhetto WilliamLam.com Nested ESXi Appliances for the host deployment via the subscribed content library he offers. (Super easy to deploy nested hosts quickly if you haven’t come across this before!)

Now on to the upgrade.

Firstly, make sure you have have sufficiently backed up your environment! Take a backup of your SRM configuration by using the Export/Import SRM Configuration Tool within SRM. Once you click export it will allow you to download the config backup to your local machine. Then take a snapshot the SRM appliances.

During the upgrade, SRM does not retain any advanced settings that you configured in the previous installation, so make sure you have made a note of any modified advanced settings such as timeouts etc before beginning.

Note: protection groups and recovery plans that are not in a valid state will not be preserved!

Other important checks before you begin –

Verify that there are no pending cleanup operations on recovery plans and that there are no configuration issues for the virtual machines that Site Recovery Manager protects.

  • All recovery plans are in the Ready state.
  • The protection status of all the protection groups is OK.
  • The protection status of all the individual virtual machines in the protection groups is OK.
  • The recovery status of all the protection groups is Ready.

Now, mount the SRM 8.4 ISO to the appliance you are going to upgrade first, and log into the SRM VAMI. Browse to the update section and edit the update source to be CD-ROM.

You will then get the option to install 8.4.

Providing you are in an appropriate window to take your SRM solution offline, have no recoveries in progress and have checked the list of important steps above, hit install and follow the prompts.

If you are upgrading other VMware products too make sure you visit this site to review the order for upgrading other components, such as vSphere Replication.

Once the upgrade is complete, log back into the SRM VAMI. You will see a prompt to reconfigure the connection to vCenter/PSC.

Hit the ‘RECONFIGURE’ button and follow the wizard to reconnect to your vCenter and PSC

Once complete, refresh your browser and log back in. You will now see your successfully upgraded SRM appliance running 8.4 and connected to your vCenter/PSC.

Sometimes clearing your browser cache is needed should you get oddities…

Now repeat the process for your partner SRM appliance.

Once complete, you should now have two upgrade SRM appliances!

From here you many need to update the Storage Replication Adapters (SRA) (if you are using array based replication). Check the VMware Compatibility Matrix – here.

You can find VMware’s official documentation here.

Thanks for reading!

Upgrade vRealize Operations Manager (vROPS) 7.5 to 8.4

Recently I tested a vRealize Operation Manager (vROPS) upgrade from version 7.5 to 8.4 ahead of a vCenter 7.0.2 upgrade and thought I would share the process.

Something worth noting with this upgrade. vROPS 7.5 is based on a SUSE Linux OS, 8.4 is Photon OS.

Before we install the 8.4 update, make sure you back up any customised content and install the vRealize Operations Manager Pre-Upgrade to 8.4.0 Assessment Tool! This will inform you of any content that is being removed that could affect your metrics/content and advise of any upgrade issues.

Make sure you download the correct upgrade assessment and upgrade .pak file. You will find options for 7.x to 8.4 and 8.x to 8.4.

From the vROPS admin console, head over to the Software Update section.

Upload the appropriate pre-upgrade assessment .PAK and complete the wizard.

Follow the rest of the wizard through to the end and click Install.

Now you can view the report by following the instructions detailed in this article. This will tell you what’s going to break… Make sure you extract all the ZIP files within the download, otherwise you just get a ‘Loading…’ message!

It looks something like this, although this is a blank setup for testing purposes.

Now its time to upload the actual update, in the same manner as the upgrade pre assessment.

Again, follow the rest of the wizard through to the end and click Install.

Should you hit a problem with the installer hanging on step 4 of 9, firstly make sure you are able to log into your root account via SSH. If not reset the password using this procedure. If you are still getting stuck after this, take a look at this article.

Once complete, you will be running vRealize Operations Manager 8.4!

Thanks for reading.

Enabling Native KMS in vSphere 7.0 Update 2

Some time back I wrote about setting up and enabling a HyTrust Key Management setup for vSphere to make use of VM and vSAN encryption. Following the release of vSphere 7.0 Update 2, VMware have introduced native key management capabilities! This is a great feature as you no longer require a potentially expensive separate key management solution to make use of vSphere’s encryption offerings.

Lets take a look at this new capability by heading over to the Key Providers menu on your vCenter object, and selecting ‘Add Native Key Provider’:

Give your provider a name:

It then needs backing up! There is an option to do this next to the ‘Add’ option, or in the flow graphic at the bottom:

It is recommended to protect this with a password, make sure you keep this safe along with the key itself, after it downloads when you hit ‘Back Up Key Provider’. You won’t be able to restore the provider without it should you have a need to. Without the provider, any VM’s or data encrypted with it will be lost.

Once its backed up and safely stored you will have an active KMS! You can choose to set it to default if you have more than one key provider if you wish. Any VM’s that are encrypted from the point of changing the default, will be with the new provider, any already encrypted VM’s will continue to be encrypted with the original key.

If you head over to vSAN services, you will now have your native key provider available and can enable Data-At-Rest encryption as well as Data-In-Transit encryption:

Likewise, if you edit the settings of a VM via the VM Options tab you will be able to enable VM encryption:

There you have it, a native Key Management capability, in built with vSphere 7.0 Update 2.

Thanks for reading!

Get, Set and Remove Perennial Reservations Using PowerShell Functions

Having recently had to do some work with RDM perennial reservations I looked into ways to make this less of a manual headache. There are plenty of examples out there for doing this, which I took as a basis to make a PowerShell function. If anything it was a great way to refresh my PowerShell skills and an opportunity to learn some new skills.

Note: Although this has been tested in my environment, please make sure you test it appropriately before running against a production environment!

Lets take a look…

Get-PerennialReservation

This function targets a vSphere cluster, gets all RDM disks that are connected to VM’s and then queries each host in the cluster to check if the disk/storage device is perennially reserved or not.

You can find the code here.

There are multiple ways to use it, whether that is by specifying the target cluster using the -Cluster parameter or by piping it from Get-Cluster. You can also specify a specific canonical name or a comma separated string of them, if you just want the status of a single/select disk(s) using the -CanonicalName parameter. There is also an Export flag to export the results to CSV, if you wish to make use of the data outside of PowerShell. You can get the full usage information by running the following command once you have loaded the function into your PowerShell session:

Get-Help Get-PerennialReservation -full

Here it is in action:

Get-PerennialReservation -Cluster smt-lab-cl-mn-01
Get-Cluster | Get-PerennialReservation
Get-PerennialReservation -Cluster smt-lab-cl-mn-01 -CanonicalName naa.60003ff44dc75adcacba077cf38ccc60
Get-PerennialReservation -Cluster smt-lab-cl-mn-01 -ExportPath C:\temp

Set-PerennialReservation

This function again targets a vSphere cluster, gets all RDM disks that are connected to VM’s and sets the IsPerenniallyReserved flag too ‘True’ on all hosts.

You can find the code here.

There are multiple ways to use it like the Get function; specifying the target cluster using the -Cluster paramater or by piping it from Get-Cluster. You can still specify a specific canonical name or a comma separated string of them, if you just want to set the flag of a single/select disk(s) using the -CanonicalName parameter. There is still an Export function that will provide you an output to CSV. You can get the full usage information by running the following command once you have loaded the function into your PowerShell session:

Get-Help Set-PerennialReservation -full

Here it is in action:

Set-PerennialReservation -Cluster smt-lab-cl-mn-01
Get-Cluster | Set-PerennialReservation
Set-PerennialReservation -Cluster smt-lab-cl-mn-01 -CanonicalName naa.60003ff44dc75adc87371e49e5b78222
Set-PerennialReservation -Cluster smt-lab-cl-mn-01 -ExportPath C:\Temp\

Remove-PerennialReservation

To complete the set there is a Remove function. This function again targets a vSphere cluster, but this time you need to pass in the canonical name you wish to set the IsPerenniallyReserved flag too ‘False’ for.

You can find the code here.

To use this one, you need to specify the target cluster using the -Cluster paramater and specify a specific canonical name or a comma separated string of them, using the -CanonicalName parameter. There is still an Export function that will provide you an output to CSV. You can get the full usage information by running the following command once you have loaded the function into your PowerShell session:

Get-Help Remove-PerennialReservation -full

Here it is in action:

Remove-PerennialReservation -Cluster smt-lab-cl-mn-01 -CanonicalName naa.60003ff44dc75adc87371e49e5b78222
Remove-PerennialReservation -Cluster smt-lab-cl-mn-01 -CanonicalName naa.60003ff44dc75adcacba077cf38ccc60, naa.60003ff44dc75adcadc3f2be374bf90a
Remove-PerennialReservation -Cluster smt-lab-cl-mn-01 -CanonicalName naa.60003ff44dc75adc87371e49e5b78222, naa.60003ff44dc75adcacba077cf38ccc60, naa.60003ff44dc75adcadc3f2be374bf90a -Exportpath C:\Temp\

I hope this is of use to folks out there. There may be some updates/improvements added in the future so keep an eye on my GitHub for any updates!

I aim to bundle these, and other functions into a module in the near future!

As always, thanks for reading!

« Older Entries