Amazon Banner

Wednesday, September 2, 2015

What's New at VMworld 2015

With VMworld 2015 starting today, there will always be new announcement.  Here I am going to summarize what are the new stuff that will be release in a nutshell and detail some of them in later post.

vSphere 6.0 U1
- Tech preview of vSphere Web Client Update Manager
- able to migration embedded PSC to external PSC
- added vCloud Air web client to plugin

Virtual SAN (VSAN) 6.1
- stretch cluster in All-Flash VSAN
- 2 nodes ROBO office with witness in main site
- vSphere Replication to support 5 minutes RPO
 
vSphere with Operations Manager 6.1 (vSOM), vRealize Operations 6.1 (vR Ops), vRealize Operations Insight 6.1 (vROI)
vR Ops Standard Edition now comes with SDDC management packs which include VSAN, vCloud Ai, NSX
- New OS & Applications monitoring starting with 5 supported apps.  More to come.
- Tech preview: Workload Placement Engine (WLP) working with DRS

vCenter Site Recovery Manager 6.1
- Support of Metro cluster vMotion during planned downtime across different physical sites

EVO SDDC
- Previously named as EVO:RACK in tech preview
- 1/3 rack minimum

EVO:RAIL 2.0
-  available in 5 hardware profiles
- support up to 64 nodes with 16 appliances

vCloud Air Compliance (EAP-US)
- Realize visibility for continuous monitoring of compliance
- applicable for on premise and off premise services

Horizon 6.2
- Horizon for Linux vGPU and vSGA support on top of existing vDGA
- Support for Skype Business
- New AMD GPU support for vDGA
- All-Flash VSAN support
- Zero day support for Windows 10
- Announce of Project Enzo

VMware Identity Manager Advanced Edition
- Previously known as VMware Workspace
- Advanced added support on SSO with enrollment of mobile devices for use to access applications via iDM

Wednesday, August 26, 2015

vSphere 6 Hardening Guide Release

With the release of vSphere 6.0 in Mar, the hardening guide is finally announced release today.  There is some different approach via vSphere API which is used in this release to help audit or implement using the guide.

You can also bookmark this page for all the other version vSphere hardening guide.

Tuesday, August 25, 2015

vExpert 2015 Second Half Announcement

Here I like congrats all new vExpert 2015 with the second half results announced 1 week before VMworld 2015.  Results can be viewed here https://blogs.vmware.com/vmtn/2015/08/vexpert-2015-second-half-announcement-2.html.

If you are going to VMWorld this year, remember to grab all the freebies for vExpert as well as the meetup just for vExpert.

If you miss the application, look out for the application for vExpert 2016 likely end of this year.

Monday, August 17, 2015

Is VMware vCloud Suite Bundle Becoming Irrelevant?

Software Defined Data Center (SDDC) is a term often used to illustrate the light of abilities to management and monitor your one or multiple data centers whether it is a private, managed or public cloud environment or mixed of anything.  With the ability to also having a centralize platform and ability to automate certain daily operation tasks to create an agile and efficient IT infrastructture.  Instead of having different silos creating the same overheads that once appear when everything was in a physical infrastructure where each applications could still be using a specific hardware set.

In the past, VMware introduced the vCloud Suite to allows customer to build their own cloud.  However with the adoption of mutliple clouds, VMware came up with another bundle.

VMware introduced the vRealize Suite (vR Suite) in both Advanced and Enterprise last year and this comprises of vRealize Operations Suite, Log Insight, vRealize Automation and vRealize Business all in one bundle.

vRealize Suite can be add on top for customer who are on naked vSphere.  For customers on vSphere with Operations Management (vSOM) or vRealize Operations Insight (vROI), it becomes contradicting as it get duplicates of the vRealize Operations Suite from vSOM and vRealize Suite.  For customers who are on vROI or vSOM, the only upgrade path is to vCloud Suite bundle.

However vCloud does not comes with Log Insight which makes monitoring shortfall of Log analysis.  Moreover in the vCloud Suite Advanced and Enterprise, the vRealize Business Standard (which is available in these two bundles) is not able to extend to Public Cloud as it is a different software of it's own to vRealize Business Advanced/Enterprise.  In addition, in vCloud Suite Enterprise, it included Site Recovery Manager (SRM).  However not everyoneone would really need SRM to protect the whole infrastructure but perhaps a small subset.  In such, it makes more sense to purchase this ala cart just enough to cover whatever is protected by SRM.

To add on with the new vCloud Suite bundle, the removal of vCloud Director (vCD) and vCloud Networking and Security (vCNS), makes the whole vCloud Suite bundle less attractive and appear more expensive comparing to vRealize Suite.

On the other hand, vRealize Suite can be purchase with naked vSphere without having to upgrade their vSphere.  This allows customer to save the additional renewal they will incur on a higher upgrade of vSphere e.g. vSOM or vROI.

To start with vRealize Suite and implement everything in the Suite on Day 1 is nearly impossible.  Often many will start small.  This also make vRealize Suite less attractive as there isn't a gradually phase upgrade unlike customer moving to a vCloud Suite from vSOM to vROI before vCloud Suite.

With many enterprises embarking on public clouds or having multiple private clouds and wanting to automate and centralize platform of monitoring and management, vRealize Suite look more for the fit than vCloud Suite.

As VMworld is coming, let's wait and see what other bundling or improvement that could allows customers to adopt a possible approach into a Software Defined Data Center.

Monday, August 3, 2015

vSphere 6.0 Web Client Integration Plug-in Bug Fix

So the new vSphere 6.0 has release, what is great on one of the functionality is the web client.  It has always be crawling since it was introduced in vSphere 5.0.  In vSphere 6.0, it was promised with great performance improvement and it was great!

On day 0 daily operations activity, accessing the VM console is essential and often used.  When you launch the vSphere Web Client, you will be at the login page.  Below you will see the link to download the Client Integration Plug-in as shown below:


After installing, you will be able to access the VM console after logging in.  Upon login, you will see the screen below when a VM is selected:


Above you see the screenshot taken from Hands-on-Lab.  To access a VM console you will have selected the VM and on the right you will see the above.  Clicking on "Launch Console", will launch the VM console in a new tab\window of your browser.  However this link is invalid!  So how are you going to use the console?  You must be kidding me!

Now take a deep breath, the answer is simple just click on the Preview image of the console just above of the linked text.  This will open another tab\window so you can access the console.


So now you are in the console as show above, however you find your mouse is not that responsive when you click within the console or is it?  After figuring around, a discovery was found.  As shown above the area shaded in RED, this area has no mouse interaction.  This leave you with a small area to work in a console.  Which means you cannot access any portion shaded at the bottom and right that made up of two third of the whole screen!  Who on earth decided the use of such a console screen?

Now I know you will very piss off.  How on earth did this happen?  Are you stuck now?

The solution here is NOT to install the Client Integration Plug-in.  Instead head over to VMware Download page of vSphere, under Drivers & Tools section, you will see a VMware Remote Console.  Download and install this instead.

So the next time you access the VM console, just use the VMware Remote Console.  This time it will work nicely.

Why did VMware release two different console one as a Plug-in while one is a standalone console?  I have no idea.  But with the VMware Remote Console, you can copy a link to a VM Console and send to someone with VMware Remote Console installed to access it.  Provided they have the credential to the server and vCenter.

Now is to wait for the future release to have this fixed.  For now, at least you can access your VM console and carry on your daily operations activity!

Saturday, July 11, 2015

VMware vRealize Operations (vR Ops) Requirements

Decided to fill up the missing information which was not listed in the documentation of vRealize Operations neither was it stated anywhere by anyone in any blog post that I tried to Google around.

Was doing a vSphere Optimization Assessment (VOA) and wanted to advise customer on the resources required.  Other than the documentation from here or from the vR Ops Installation Guide, it does not state what was provided e.g. the different profile sizes of the vApp is suited for which type of environment other than running the deployment wizard.  This is not very helpful especially when you are doing planning and the only way to get that information is to deploy it.

Upon deploying, you will get to know the disk size that vR Ops will use.   Based on documentation, was 250GB however in the wizard it shows 1.4GB for thin provisioned and 266GB for thick provisioned.

 vSphere Client

 vSphere Web Client

There are four profile sizes of the vR Ops vApp namely: extra small, small, Medium, Large.  You will find the sizes resources requirements from the sources provided above. Each profile is suited for what type of environment is only found here in the wizard.

vR Ops vApp
Extra Small:below 2000 VMs (not supported for production usage but mainly for testing)
Small: not more than 2000 VMs
Medium: Between 2000 - 4000 VMs
Large: 4000 VMs and above

Remote Collector
Standard: small to medium (I am assuming it is referring to the profile size of the above)
Large: Large environment

 vSphere Client showing small vApp

 vSphere Web Client showing small vApp

Some Gotcha here.  During the deployment in the wizard, you will need to enter your networking settings.  On the vSphere Client, this was not an issue it was ver clear.  However on the vSphere Web Client, this is not that obvious.  You will need to expand out to see it.  If you did not take not you will miss this portion as shown below:

vSphere Web Client requires to expand to show network setting
 vSphere Web Client showing the network setting

Running out of Disk Space?
What if you run out of space for your vR Ops vApp?  The procedures of increasing the disk size is stated here.  It is fairly easy by just shutting down the vApp and expanding the vDisk 2 or adding a new vDisk and powering up and everything will be automatically detected.  That definitely make life easier without having to bother to configure later.

Network Ports
Some environment require vR Ops to be placed in another network no similar to vCenter.  This would require the need of opening some firewall ports which are all listed here.

 
Update 15th Jul 2015
Apparently there is a sizing guide in this KB but not updated as of 6.0.1.

Monday, June 29, 2015

VMware Horizon 6.1.1 Application Remoting over HTML5

With the announcement of Horizon 6.1.1 release, there are some new features added to Horizon solution.  Of the few, one of them is Application Remoting which now support over HTML5 browser.

I have that testing since Horizon 6.1 in a technical preview and was not able to show it.  With this release, it is now official so I shall go through some of the screenshot how this was done.

The setup is all similar is no complicated steps just an installation of an .exe binary on top of latest View 6.1 agent and the HTML access binary on the connection server.

After which you have the freedom of choice to use a Horizon Client or a HTML5 to access your desktop as well as Applications remoting.  The best part of this is there is no plugin needed for browser this not just keep the browser clean from any crashes which can be resulted as well as messing up browser performance and behaviour.

Using the Horizon Client this time, there are several improvement.  Remember when I mentioned in my previous post, this has better improvement.

Here I am using a mobile Horizon Client:

In the Horizon Client, you will see your recent application you access and desktops.  You can choose to connect to other servers from the Servers  tab.

Once logon, you will see all the desktop and applications available.

Once connected you will see a side bar available with all the applications and desktops.  You can scroll down the list if there are more beyond the screen.

Once you choose an application, you will see appear on the client.  Here you see I opened MS Paint and calculator.  The side bar can then be hidden for more viewable space.

 
You can open more than one instance of the same application and it will be there.  A long press on the application allows you to close it or just click on the cross icon on the application window.

On the HTML5 browser, this can be on mobile or on a laptop.  Here I have one with mobile Chrome browser.
 Login via the mobile browser.

 List of all the virtual desktop and applications I am entitled to.

 The left panel toolbar that show all the virtual desktops and applications I can open and active.

Here you see I have two calculator applications and one MS Paint.  Native Windows applications on an android mobile device.  (Though I feel this is rather small but would work great on a tablet for sure.)

On my laptop I am using Firefox, you will be presented with your desktops and applications.  This is utilizing the Blast protocol use on both the desktop and application.

Here you see after pointing the Connection server you get presented all the applications entitled.  You can also favourite the applications by clicking on the star so you do not have to search for it.  You can also present a Thinapp application as a Hosted App.


Upon clicking on the application, you will be presented with the below.  You can see I have open a MS Word and two MS Paint.  As MS Paint is the same, they are displayed under the same group on the taskbar on the left.  The task bar, just like on the mobile client can be hidden and call upon.


The the screenshots from mobile Horizon Client to the HTML5 mobile browser and desktop browser, the look and feel and way of maneuvering around  is rather similar.   This will be great for end users as they do not have to relearn a new interface for every different application or device used.

There are few questions arises.  What if you need to change password, typically this will have no impact on your desktop or applications.  As long you are in desktop or application either on HTML5 or Horizon Client, you can still change them via a Ctrl-Alt-Del option.

Hope this gives you a good picture of HTML app remoting.


Update 6th Jul 2015
Added HTML5 access via a mobile browser.

Wednesday, June 3, 2015

Unable to verify certificate for vCenter on Horizon View Connection Server

Recently during an outage of my host during to hardware issue in my home lab where my vCenter 6.0 sit on it, resulted some strange behaviour on my View Connection Server 6.1.  I encounter the below error message:

When I go to my Horizon View Dashboard, it looks fine.

When I try to remove the vCenter entry under the Server options and adding it back I end up with another error when trying to add the View Composer.
However this is not related to the strange behaviour above.  But rather this is due to my login did not contain a domain\username but instead of use just username.

Back to the strange behaviour.  It seems my connection to my vCenter via Connection Server has a sudden slowness and the certificate seems to be corrupted.  I tried to find a solution to replace the self-signed (in my case) certificate on my View Connection Server however in vain.  I tried removing the vCenter and re-adding it back, that does not help.

So I chanced upon some steps by our internal team and use it to resolve my problem and it works.

In summary, this is what was done.  First we backup the ADAM database and then we invalid the entry of the vCenter in View Connection Server.  Then we try to add the existing vCenter again.  So now we have two entry of the vCenter where oneis an invalid entry.  Taking from the valid entry certificate thumbprint, we overwrite the invalid ones and remove the latter vCenter entry.  Next revert back the entry to previous valid entry.

Here are the detailed steps that help me resolved my issues.


To manually regenerate data:

Note: Back up the ADAM database before proceeding. For more information, see Performing an end-to-end backup and restore for View Manager (1008046).
  1. Log in to the machine hosting your View Connection Server. If there is a cluster of View Connection Servers, this step can be done on any of the servers.
  2. Click Start > Run, type cmd, and click OK. The command prompt opens.
  3. Run this command, substituting a name for your back up file.

    vdmexport > ViewBackupFilename.ldf

  4. Connect to the ADAM database. For more information, see Connecting to the View ADAM Database (2012377).
  5. Expand OU=Properties > OU=VirtualCenter.
    Note the entry is is after expanding the OU=VirtualCenter.
  6. Document the first four characters of the vCenter Server entry, for example CN=f030. Right-click the vCenter Server entry and click Properties.
  7. Document these three values:

    • pae-NameValuePair. Note the entry here and then remove it.
    • pae-SVIURL. Note the entry and set to a value similar to https://OFFvComposer.domain.com:18443
    • pae-VCURL. Note the entry and set to a value similar to https://OFFvCenter.domain.com:443/sdk
  8. In the View Administrator portal, refresh the dashboard to confirm the name change you made.
    Do note that changes are reflected at two different location.
  9. In View Configuration > Servers > vCenter Server, add an entry for the proper
  10. Open the properties page for each vCenter Server entry.
  11. Manually copy these values from the new vCenter Server entry to the old vCenter Server entry:

    Note: Take a note of the entries before copying. When copying these values, copy and paste directly between properties sheets or copy to a plain text editor that does not add any formatting such as Windows Notepad.exe.

    • pae-SVISslCertThumbprint
    • pae-SVISslCertThumbprintAlgorithm
    • pae-SVIUserName
    • pae-SVIUserPassword
    • pae-VCSslCertThumbprint
    • pae-VCSslCertThumbprintAlgorithm
    • pae-VCUserName
    • pae-VCUserPassword
  12. Remove the new vCenter Server entry from the View Administrator webpage.
  13. Undo the three changes you made at the beginning of the process, including adding the UNIQUEID=XX value back into pae-NameValuePair and rename the pae-SVIURL and pae-VCURL.
  14. Reboot all Connection Servers in the replicated group.
  15. In the View Administrator webpage, refresh the Dashboard page again and confirm vCenter Server and Composer are both shown correctly and are now showing as green status.
  16. Proceed with testing provisioning and recomposing, as well as login functionality.



Thursday, May 14, 2015

What So New in vSphere 6?

With the announcement and also from the datasheet, it seems to be pretty lots of functionalities been added.  However there are some critical ones that are more appealing and wanting to see approvement or resolution to those who are already using since vSphere 4 and prior till today which are not make known to many.


Storage
There were many discussion over storage UNMAP via thin provisioning and many called it a "myth".  This was also discussed heavily in our Facebook VMUG - ASEAN group.  This was due to many changes since VMFS3 to till VMFS5.  Cody wrote a long history of what are the changes for those who have missed out here.

A KB was also release and this create some discussion VMFS3 with different block size would benefit thin provision so to speak before vSphere 5.0 Update 1.  Sadly after which, all UNMAP was not possible via GUI or automatically other than via command line or script.

I try to ask internally as well and luckily Cormac with his findings has listed all the answers on questions here.  Sadly we still cannot support Linux due to legacy SCSI version.  At least we are on the right track now to see at least Windows are supported.


Backup
VMware Data Protection (VDP) first introduced in vSphere 5.1 replacing VMware Data Recovery.   VDP is running a vApp version of EMC Avamar and first introduced with the normal edition and Advanced edition.  The Advanced edition (VDPA) has to be purchased and comes with three agents (SQL, Sharepoint, Exchange) and storage of deduped data up to 8TB instead of 2TB per appliance as on the normal edition.

With VDPA, customers were also able to purchase the per OS Instance license to backup their physical server as shown here.

With vSphere 6, VDPA is now known as VDP and provided free and no longer a purchase option.  So the next question that arise was can user used VDP in vSphere 6 to backup physical server via the agent?  The answer is Yes.  Is there a cost to this?  VDP is now free so the simple answer is yes it is free!  How good is that!


Locked Down
There are two different mode of Locked Down mode.
  • Normal Locked Down
  • Strict Locked Down
This is been explained here.  A KB on this is also provided.

Exception Users is also introduced.  Only users with administrative privileges added into Exception Users list will allow be able to access the DCUI in Normal Locked Down mode.  Other options is to add user into DCUI.Access in advanced option to have access to DCUI.

In Strict Locked Down, DCUI is disable, only when SSH or ESXi Shell is enabled, will users with administrative privileges in Exception Users able to access the ESXi server.  If not, a reinstall is required.


Network
NIOC version 2 and 3 coexist in vSphere 6.0 and what is the different is be recorded here.  The performance improvement white paper is also been produced.


vSphere Replication
Many might not be aware or not make aware the changes that has been done on vSphere Replication (vR).  There are actually enhancements been done on it but not publicly made known.  One of the major enhancement is compression.  This helps in reducing the amount of data to be replicated across and effectively save you on bandwidth.  Also mentioned here is the introduction of dedicated Network used for NFC instead of sharing with Management Network in the past.  Also the inclusion of Linux OS quiesce.  Also removing to the need of Full Sync whenever a Storage vMotion is triggered.  A White Paper just on vR is also provided here.


vNUMA
I have previously written an article on the new improvement on vNUMA here.  With this improvement, memory locality can be increased across NUMA nodes.

I will include more information here on things that are not really made known here as I get hold of it.  Hope this give you the beauty of this release.

Monday, May 11, 2015

vNUMA Improvement in vSphere 6

NUMA is always a very interesting topic when in design and operation in virtualization space.  We need to understand it so we can size a proper VM more effectively and efficiently for application to perform at its optimum.

To understand what is NUMA and how it works, a very good article to read will be from here.  Mathias has explained this in a very simple terms with good pictures that I do not have to reinvent.  How I wish I have this article back then.

Starting from ESX 3.5, NUMA was made aware to ESX servers.  Allowing for memory locality via a NUMA node concept.  This helps address memory locality performance.

In vSphere 4.1, wide-VM was introduce this was due to VM been allocating more vCPUs than the physical cores per CPU (larger than a NUMA node).  Check out Frank's post.

In vSphere 5.0, vNUMA was introduced to improve the performance of the CPU scheduling having VM to be exposed to the physical NUMA architecture.  Understanding how this works help to understand why in best practice we try not to placed different make of ESXi servers in the same cluster.  You can read more of it here.

With all these improvement on NUMA helps address memory locality issues.  How memory allocation works when using Memory Hot-Add since Memory Hot-add was not vNUMA aware.

With the release of vSphere 6, there are also improvement in NUMA in terms of memory.  One of which is Memory hot-add is now vNUMA aware.  However many wasn't aware how Memory was previously allocated.

Here I will illustrate with some diagram to help in understanding.

Let's start with what happen in prior with vSphere 6 when a VM is hot-added with memory.

Let's start with a VM with 3 GB of virtual memory configured.

When a additional 3 GB of memory is hot added to VM, memory will be allocated by placing to the first NUMA node follow by the next once memory is insufficient one after another in sequence.

In vSphere 6.0, Hot-Add memory is now more NUMA friendly.

Memory allocation is now balance evenly across all the NUMA nodes instead of all in one basket on the first NUMA node.  This helps in trying to access memory mostly from the lowest NUMA node and thus increase the chance of a local memory access.

We would wish that this could be smarter but of course we cannot predict where memory would be accessed from which NUMA node when a processes is running.

Hope this helps give you a better picture when doing sizing and enabling hot-add function.