Heartbleed Security Patches Fully Released

With the recent Heartbleed security issue on software which utilized the OpenSSL version 1.0.1.  As of 20th April 2014, VMware has release all Security Advisory of all affected producted as listed here.  Products that are utilizing OpenSSL below 1.0.1 are not affected as listed.

VMware has put in great effort to release all these security patches since the discovery announced on 14th April 2014 and release of the first patch on the day after.

The advice is to at least apply all security advisory as recommended at soonest to avoid any security breach.

Creating Nested ESXi in vSphere

Many of us always need to or want to do some testing for some solution using vSphere or preparing or some exams e.g. VCAP.  However sometimes you just didn't have enough resources or physical hosts.  Just like me I am running a home lab and would need 1 or 2 extra ESX servers if possible.

I find documents around the internet and some are not really updated.  So here I have consolidated to help you better.

Do note the places are slightly different for vSphere Client and the vSphere Web Client.  I have provided the screenshots for easy reference.

• First create a Virtual Machine (doesn't matter which OS you choose as you will not find any ESX server in the drop down list even if you choose Windows, Linux or Other).
• After creation, in vSphere Client, go to Edit Settings of the virtual machine.  Under Options tab, General Options change your OS.  Here you will find ESXi listed.
  For Web Client, please see screenshot below:

 vSphere Client

vSphere Web Client

• Next in vSphere Client, go to Advanced section>CPU/MMU Virtualization  and select Use Intel VT/AMD-V for instruction set virtualization and Intel EPT/AMD RVI for MMU virtualization.
  For vSphere Web Client, do note you would need to use at least virtual hardware version 9 to expose hardware asisted virutalization to the guest OS.  Refer to the screenshot below for the differences:

 vSphere Client

  vSphere Web Client (vHardware v8)

 vSphere Web Client (vHardware v9)

• Now you can start to install your ESX server.  If you encounter "Fatal error : 6 (Buffer too small)" (which I did after placing the ISO in the datastore), try mounting the ISO from other location.  I found someone also met the same issues.
• Make sure all the physical ESX servers Port Group which contains your "VM Network" (or another name you have for it" where you vESX is connecting to, change the Security Configuration for Promiscuous Mode from Reject to Accept.  Duncan has a detailed of the steps here for the vSphere Client.

For vSphere Web Client, refer to the screenshot below:

vSphere Client

vSphere Web Client

• Finally add the host to your cluster in vCenter.  Side note, if you have EVC turned on, you might have a problem adding the host into the cluster.  You can turn EVC off without doing any migration.
• Lastly if you want to better manage your ESX server using the VM power functions as well as moving the mouse in and out of console smoothly, you can install the VMware Tools for ESX server found here.

Hope the above is good and well for your understanding.

vCenter Operations Manager Packs

I often been asked and also have to refer internally what does vCenter Operations Manager (vC Ops) support in terms of plugin or adapters to what 3rd parties functions or software (in this case they are call packs).

During a search recently, I realize VMware Solution Exchange contains all these plugins or adapters and I thought I should just share this.  For vC Ops, you can go directly here.  You will be entitled to these adapters depending on the vC Ops editions you own.  For only Advanced and Enterprise would have some free adapters for use and is classified in the page.  For Advanced, other than Hyperic and AWS, most of the adapters are related to Storage performance metrics.

For Enterprise Edition, you will see more 3rd parties monitoring tools like SCOM, IBM Tivoli, TeamQuest, etc are available.  Also Enterprise Edition will be able to use Advanced adapters too.

A simple screenshot of the listed adapters below.  Head down to the page and discover what others adapters are available.

Got asked can MS SCOM monitor vSphere the other way around?  Why not check out Microsoft Store and see what is the focus area and you tell me if it can do that.  Guess you would have to use Google and find all the plugin provided by all other parties and manage that yourself.

vExpert 2014 Results Announced!

With April's Fool day in US, came the announcement of the results.  Of course this is not an April's Fool joke definitely.  Definitely the program team has put in much effort to release this results in just less than 2 months.

This year we have a great number of vExperts, a total of 754.  That is a great increased from last year 581.  This is indeed great news as we are seeing the communities has grown tremendously.

Of course if you missed out the application or just started in contributing in whichever ways in the VMware communities, you can still apply for vExpert 2014 every quarterly with the new initiative of vExpert 2014 program as I have previously mentioned here.  The application form is open all year round and results will be announced every quarterly.

Once again congrats to all existing and new vExpert to the group.  Hope to see more of you been awarded.


Update 16th April 2014
Once again there are many companies sponsoring and providing benefits for vExperts 2014.  I will do my best to update any new ones do check back.  Here I will list them as below:

vExpert Shirt from Tintri apply by 30th June 2014
http://www.tintri.com/congratulations-2014-vexperts-you-are-rock-stars

PuralSight
http://blog.pluralsight.com/2014-vexperts-mvps-free-training

HP StoreVirtual VSA NFR License (Only accessible by vExpert in vExpert Community)
https://communities.vmware.com/docs/DOC-26336

Many Software NFR consolidated by one
http://wojcieh.net/vmware-vexpert-2014-benefits/

What's New in Horizon Mirage 4.4

In my previous posts on Horizon Mirage,
Installation on MIrage 3.6
What's New in Horizon Mirage 4.2
What's New in Horizon Mirage 4.3

You would have find some of the things like e.g. leaving blank for SQL server entry if you are using the default instance name.

Also Best Practice to upgrade Horizon Mirage can be found in a KB here.

In Horizon Mirage 4.4, you will enter the SQL server name without the SQL instance name if you have use the default instance name e.g. MSSQLSERVER (in this case it's call unnamed instance not sure why).  This is required as shown during installation of Horizon Mirage Management Server and Horizon Mirage Server as shown below:

 
In Horizon Mirage there are a few changes.   The main new added is the Edge server.  Now instead of placing your Mirage Server in the DMZ and be compromise with security attacks or require a need of using VPN, now you have a Edge server to handle that piece just like what in Horizon View Security server does in DMZ having a secure gateway.

So if that portion of Edge server, it mean you would need SSL connection.  So for all IIS related via web access in the past prior to Horizon Mirage 4.4, we were using HTTP, however from Horizon Mirage 4.4 onwards, HTTPS is used.  This was also mentioned in the Release Notes.

During my upgrade completion, I was not able to load any of the web access namely:

• Web Access
  http:///Explorer (URL can be changed in the Horizon Mirage Server
• Admin Web Access
  http:///AdminExplorer (this is something new where administrator can search for any specific user/desktop)
• Web Manager(Dashboard used by Web Help Desk & Web Protection Manager role)
  http:///HorizonMirage/Dashboard

So if you refer to Horizon Mirage 4.4 Installation guide, page 24, Configure IIS for SSL Support (in my case I am using self sign), you will have the web access pages loaded successfully.

Horizon Mirage 4.4 also include the Backup and restore of Windows 8 and 8.1 in a Disaster Recovery scenario.

Lastly, the option to only manage the migration of endpoints to Windows 7 without having to centralize the endpoint first before a migration saving time and storage space is useful especially for provisioning of new endpoint devices.

That's all for Horizon Mirage 4.4.  I cannot wait for the full administration web interface without need of MMC as well a centralize dashboard management when use with Horizon View, without having a separate administration console.

vCenter Standard and Foundation Enforcement on vSphere Essentials and Essentials Plus

This brought to my attention thanks to my colleague, Tessa Davis.

Previously I mentioned on the different editions of vCenter here.  I did mentioned about the limitation of vCenter Standard and Foundation used to manage Essential and Essential is not possible due to End User Licensing Agreement (EULA).  However starting from vCenter 5.0 Update 1, this EULA enforcement is also a programmatic enforcement.  If you refer to vCenter 5.0 Update 1 release notes here, you will see the below:

vCenter now enforces restrictions on which vSphere editions can be managed by vCenter
With this feature, vCenter Standard and Foundation is disallowed from managing vSphere Essentials and Essentials Plus host editions. This is disallowed per the EULA already, but was not programmatically enforced until now. The exception to this rule is the ‘Essentials for ROBO’ edition. This is still allowed per the EULA and as per the programmatic enforcement. Furthermore, it is also enforced that vCenter Essentials can only manage Essentials and Essentials Plus hosts.

For users who violate EULA using a vCenter Standard to manage vSphere Essential or Essential Plus will no longer be able to do so with this programmatic enforce.

VMware Recertification Policy for VCP

Starting from today, 10th March 2014, the recertification policy takes into effect as stated here.  What this means from this policy, any VCP certification be it VCP-DV, VCP-DT or VCP-Cloud earned prior to 10th March 2013, would be affected by this policy.

What this means in short, anyone who has a VCP-x earned prior to 10th March 2013, will need to do another VCP-x or a VCAP certification by 10th March 2015 to be recertified.

This process is not a painful process as this encourage professionals to be up to date with their skills and validiate their knowledge.

Taking e.g. of myself, who did VCP-DV back in Oct 2012, by this year it would be almost 2 years.  If a professional like myself who earned the VCP but hardly apply this knowledge, it is as good as gone.  Doing another VCP will not just add more value to your credential but also illustrate your knowledge in this space.  For a professional who are in the field applying such knowledge, doing another VCP on another track or doing a VCAP of current track would in fact add further credibility to one self.

On one hand, we are trying to make sure that VMware professional are staying up to date with knowledge to ensure the value of VMware certified professionals.  I see many see this a hassle but do note with an aged certification on the market and people who achieved such certification without applying their knowledge after earning it, will dismay our creditability if they are not shown to have been staying up to date and proven of their knowledge in some ways.

Personally I felt this is a good move to update once knowledge and encouraging to move to another level of skills.  Of cause I do agree there are some cost involved taking such certification, just watch out for Partner Exchange or vForum in your region or other VMware events where promotion codes will be release to take advantage of.  You can also check back regularly from VMware Education Promotion site here.


Update 14th Mar 2014
Apparently this is going to benefit those who are on a older VCP e.g. VCP3.  This recertification has no prerequisisitcs.  As long you are a former VCP, you are allowed to take the latest VCP5 and be certified up to date without having to take up the fill certification workshop and exam all over again.  This is going to benefit a lot of VCP who are still at VCP3 who needs a 5 days course and VCP4 who would need at least a What's New course before taking the exam.

An Exclusive Event by SolidFire with a Token

There are many benefits for just been a VMware vExpert.  As previously posted on some of the benefits for vExpert 2013, here is another one provided by SolidFire.  SolidFire will be conducting a exclusive event for the vExpert community on a technical discussion and a demo of their product.

A little summary of SolidFire, they are a not a new player since started in 2009 which specialize in Scale-Out all flash array storage.  With support from big databases to VDI workloads as well as Cloud virtualization including VMware and Openstack.

While the vExpert 2014 is still in the midst of finalising, those who are vExpert 2013 will be able to register for this event using their registered email ID.  On top of that as a token of appreciation, all vExperts that register and attend the session will receive a free Google Chromecast Streaming Media Player.

So what are you waiting for, login using your ID here and register for the event here.

Detail of the event:

Title: Hypervisor & Storage QoS; Two great tastes that taste great together

Time: Thursday, April 17th at 9am PST - Invites will be send via email

Presenter: Adam Carter, Director of Product Management, SolidFire

Abstract: Implementing a storage QoS mechanism at the hypervisor, without similar enforcement at the storage level, does not completely address the challenges imposed in a multi-application infrastructure. In this deep dive with the vExpert community, the SolidFire team will discuss the key attributes of their scale-out block storage architecture that allow administrators to achieve volume-level QoS regardless of operating condition across their shared storage infrastructure. As part of this discussion, SolidFire will preview ongoing development efforts intended to create a tighter API-based integration between the hypervisor and storage systems through advanced SIOC integration and the VVOLs API program.

For those like me who is in Asia, the time will be somewhere near midnight.  Those in Singapore the time for this event will be on 18th April 12am.

VSAN Officially Announced!

Yes the official announcement for VSAN has been made.  I was not able to catch as it was 2am Singapore time.  However you can watch the launch recorded video here.  

You can read about the release notes here. Do note of a known error which some might encounter when enable VSAN without any disk group and after removal the error message remain persistent.  I admit many like myself so not read release notes.
Error Message:
"vsan datastore datastore1 in cluster **** in datacenter **** does not have capacity"

Cormac Hogan has also did a summary of the launched which is pretty lots of supported feature beyond what was release in beta.  E.g. from 8 nodes to 32 nodes and from 120,000 IOPS to 2 Million IOPS.  Vicardo has done upa nice table here on comparison.  David Hill has a very long table of limit for Public Beta here which I made some correction in my table below:

Description	Public Beta	GA
Minimum nodes	3	3
Minimum SSD	1	1
Minimum MD	1	1
Maximum number of disk stripes	12	12
Maximum number of failures tolerated	3	3
No of VSAN hosts per Cluster	8	32
Max number of IOPS	120,000	2,000,000
Max number of Parallel vMotion per VSAN cluster	8	8
Max number of Parallel SvMotion per VSAN cluster	2	2
Max number of VMs per host	100	100
Max number of VMs per (evenly distributed) VSAN cluster	800	3200 (2048 protected by HA)*
Max number of disk groups per host	5	5
Max number of hard disks per disk group	7	7
Max VSAN Size	1.1 PB	4.4 PB
Max components per node	3000	3000
Max size per component	255GB	255GB

*Duncan has a post on the HA limit per datastore mentioned of why 2048 VMs are protected here.

Note: You would need vSphere 5.5. Update 1 to use VSAN.

The VSAN sizing guide is also been release here.  During pubic beta the recommend sizing was 1:10 between SSD and MD.  On GA, based VSAN sizing guide, its now 10% of total utilized space.

The Register has also wrote on the launch with its view here.   Though the official GA where it is available for download would be on 10th Mar (US date), the pricelist is suppose to release next week but seems like there are lots of sources by The Register here.

VMware have also release the hardware compatibility list here with more vendors support other than Dell in the public beta only.

This will be very exciting moving forward.


Update 7th Mar 2014
Public Beta and GA table and sizing guide.

Update 10th Mar 2014
Refer to Section 1.4.5 page 8 of sizing guide.

• Use SD, USB, or hard disk devices as the installation media whenever ESXi hosts are configured with as much as 512GB memory. 
• Use a separate magnetic disk or solid-state disk as the installation device whenever ESXi hosts are configured with more than 512GB memory.

Update 12th Mar 2014

• VSAN What's New Technical White Paper here.
• VSAN Quick Monitoring and Reference Guide here.
• POC Guide for VSAN here.
• VSAN GA binary is now publicly available.  You can find it here with ESXi 5.5 Update 1 and vCenter 5.5 Update 1 as well as Horizon View 5.3.1 which is a maintenance update to support VSAN which would need vSphere 5.5. Update 1.

Update 13th Mar 2014

• Advanced setting requirement to all hosts for VSAN node exceeding 16.  Refer to KB2073930.  William Lum from VMware has document this why it is needed on his blog.
• VSAN Ready nodes will be ready in the next 30 days time as stated here. Currently you will only see Dell.  IBM, Cisco, Fujitsu and Supermicro will on board next.

Update 19th Mar 2014

• Added in release notes which a known error on VSAN commonly encountered.
• AHCI is currently not supported at GA though it was supported for a short period of time during the beta refresh. This was documented during the public beta here, which refer to a live document which was last updated after a beta refresh here, however AHCI is remove of support at GA build which you can check back at HCL site to be updated of support or wait for a release notes in next release.

vSphere Web Client Setup Quick Overview

Constantly even myself, we found difficult to setup the vSphere web client.  Often I always forgot what to do again and again from vSphere 5.0, 5.1 and now 5.5.  I decide to just document this down so that the web client can work as a breeze.
 
The first thing after setting up your vCenter 5.5, you would need to:

• Log into the web client using the SSO administrator:
• Change the password for the SSO administrator account (administrator@vsphere.local)
• Change the password expiry to from the default 90 days to your requirement (Note: '0' will not work although the message state so when you click on the textbox, instead do a 9999 if you require no expiry. Refer to KB)
• Add your domain into the Identity Sources under Administration>Single-Sign-On>Configuration

• Set it to Default Domain by clicking on the Global Icon
• Add your accounts or groups to be SSO administrator going to Administrators under Groups in Administration>Single-Sign-On>Users and Groups

•  Add permission for user or group to have access to vCenter by going to vCenter (your vCenter) > Manage > Permissions (Thanks to Lorenzo). Remember to assign the right role, default is No Acess. (Note DO NOT use Build-in Group, only Groups that are Build-in can be used.)

Hope this clarify for many like myself on setting this up for access and domain integration.

ASEAN VCAP & VCDX Bootcamp

Once again just like the past year, the VMware Education team has managed to organize a one day bootcamp for those who are planning or wanted to find out more on becoming a VCAP and VCDX.  This is a similar bootcamp that has been held several times in US and its really rare opportunity that this is conducted in ASEAN.

While this is a great move, this will be more applicable for those who are already a VCP.  As the number of vacancy is limited, I would encourage anyone who are a VCP and keen to pursue a VCAP or those who have VCAP and intend to give VCDX a shot to register now!

Here is the registration link.  Please be responsible and only register if you are able to attend as this is a rare opportunity and we will be having our VCDX#001, John Arrasjid to host this bootcamp.

Below is the respective countries in ASEAN where the bootcamp will be held:

11th Mar 2014  Malaysia (in collaboration with MDeC)
Information

13rd Mar 2014  Singapore
Information

17th Mar 2014 Vietnam
Information

I will be in the Singapore session and hope to see you there!