Monday, December 31, 2012

Google Music Manager outside US

I am just happen to be one of those who just a die hard fan of Google and like to use this new tool.  Since I am outside US I am pretty out of luck.

Well many have shared to use proxy VPN to hide your location to US.  I did lots of search, tried lots of VPN clients and eventually the only one that works for me was Security Kiss.

Its very easy to use and just try out some of the available servers.  Just have to make sure its either US or UK and test it out with some website.  If it works, the server is working.  You might just need to play around to make sure.

Before you head to the Google Play Store to do your activation for the Google Music Manager, you would need to do something first which none of the site mention.  You need a US address.  Yes so you can use any of the delivery hub e.g. ComsGateway, Borderlinx, etc.

Next use the US address and add your billing address for Google Play Store in Google Wallet.  You can use your own Credit Card but make sure the billing address is in the States.

Next is to go to Google music via https://play.google.com/music/listen.  You will just have to agree to the agreement and you will be able to download the Google Music Player.  Once completed,  you are free to disconnect that VPN.

You will now be able to enjoy Google Music and upload your music online and access it anywhere anytime.

You will be also be able to access the free music in the Google Music Store.


PS.
Just in case you are into US TV shows, you can actually use this VPN to watch those shows.

Saturday, December 22, 2012

vCenter 5.x using Oracle 11.2.0.3 Patch 10 or later

vCenter Server 5.x does not function correctly when installed with Oracle 11.2.0.3 Patch 10 or later.
When creating a VM you receive the below error messsage:
"An internal error occurred in the vSphere Client.
Details: Object reference not set to an instance of an object."


This is an alert been raised to customer using Oracle 11.2.0.3 for their vCenter database not to upgrade Oracle patch 10 or later to avoid any issues.

If the customer has already upgraded and encountered this issue, the only option is to roll back to pre-patch backup versions of the database.

There is currently no resolution.  You can refer to the KB below.
http://kb.vmware.com/kb/2039874

Tuesday, December 18, 2012

Software License Deployment Rights

Having to work in a few vendors environment, I realize there are many things that customer are not aware when purchasing any software licenses.

I have experience or came across those customer that have presence in several countries to seek for quotation or pricing from the respective countries to compare which countries would provide a better cost saving in order to purchase from for their entire or if not a specific country usage.

There is nothing wrong with this however most of the software licenses pricing differ depending on countries in terms of taxes and rebates , etc.

However most customer are not aware, if you purchase a licenses from 'A' country and used it in 'B" country, you might end up violating licenses agreement without knowing it.  In terms of audit and compliance, this is in turn results in a violation.

Some companies have been caught and fined not knowing the reason behind.  Some software houses, do send auditors to check on companies randomly.  So what must be take note of?

From the above scenario, you would have to ensure your contract or agreement with the software vendor, should contain a "Global Deployment Rights".  This may be call something else for different software vendors.

Without the above rights in your agreement, customer are violating their agreement by buying from one country and using it in another.

In my personal opinion, it best to know your contract details clearly.  Often I see some mis-selling closing a deal and not informing customer that some sort of deployment rights is required if used outside the country where is it purchased but only answer 'Yes' it can be done.  Not knowing what the customer needs is also the reason sometimes.

Other outcome, imagine when you purchase license in 'A' country and use it in 'B' country.  When 'B' country encounter some issues and needed the personnel from 'B' country for assistance, due to the purchase wasn't in 'B' country, the personnel will have to direct this back to 'A' country.

Wouldn't the above cause you a hassle.  Try to see this this way if this two countries are of a different timezone.  This would be a real pain.

This does not just applies to any software in specific nor just software.  It can also happens to hardware or anything that often done via this method.

The next time doing a purchase other than specifying your intention, also make sure the agreement does cover it as well.

Friday, November 30, 2012

VMware vSphere ESX™ End of Availability

VMware has announced the end of availability (“EOA”) of VMware vSphere ESX hypervisor 4.x and VMware Management Assistant (“vMA”) versions 1 and 4, effective August 15, 2013.

Support will be as per support policy however the binary and license key for the above will no longer be available after the 15th August.

For users who are still requires the above, do remember to download and keep a copy.

Please refer to the announcement here.

For Support matrix refer here.  Click on Lifecycle Support Matrix.


Update 21st Feb 2013
Even after 15 Aug, you are still able to purchase vSphere and downgrade via the myVMware portal to vSphere 4 and use it to license the ESX 4.x.  EOA does not restrict user from downgrading. Downgrading to vSphere 4 will be disabled only when the product has End of Life (EOL).

Friday, November 23, 2012

VMware vCenter Multi-Hypervisor Manager 1.0

The release of the vCenter Multi-Hypervisor Manager allows vCenter 5.1 to be able to manage Hyper-V 2 servers based on Windows 2008 and Windows 2008 R2.

I decide to give it a try so I install a nested Hyper-V2 server and try to create a Windows XP VM it.  However I receive the following error:

Description:
The Virtual Machine Management Service failed to start the virtual machine '%machinename%' because one of the Hyper-V components is not running (Virtual machine ID %ID_of_the_virtual_machine%).


Apparently, I would need to add in this advanced setting to the vmx file which I can also use the web client to add that.

hypervisor.cpuid.v0 = "FALSE"

After adding that, my Hyper-V VM is able to start up.


Now let's head back to vCenter Multi-Hypervisor Manager.  This is a 1.0 release so do not expect too much on it.  This can be found in your normal vCenter download page.

Please note that this plug-in is only available for vCenter Standard edition.  vCenter Essential and Foundation editions are not available.  A vCenter 5.1 is required for this plug-in.

You can:
  • Add or remove a Hyper-V server
  • View all the VMs under it
  • Create a VM or edit its hardware
You cannot:
  • See the console of the VM, making it hard to do any installation
  • Only see summary cannot configure Hyper-V server

The release notes can be found here.
The documentation can be found here.
Installing MHM best practice can be found here.


After the installation, I did encounter some errors.

You would need a service account to start the service and you would need to enable this in the local policy or group policy whichever you choose for "Log on as a service".

The first time using the Multi-Hypervisor Manager, you would need to use the build-in local administrator to sign in to vSphere client.  Any other accounts do not have permission to access it and you will see the error below.

After logging into it, then can you specific and assign permission.  I have shown that in the video below.




Update 27 Nov 2012:
The account provided for the vCenter credential during the installation will be the initial administrator used to grant permission to other groups or users.

Friday, November 16, 2012

VMware Mirage FAQ

Recently did a presentation on VMware Mirage to one of my customer who have attended the vForum 2012 and like to explore.  Some questions were posted and like to share some of the ways you can compliment or work with your existing patch management which you might currently have in your environment.

You can find out more on VMware Mirage here.
Download a free trial here.


Question 1:
SCCM in place for patching endpoints.  Mirage can help in two use cases:
  1. Use Mirage to build the reference machine for base layer and deploy to all end points.  SCCM to push all other apps and patches.
  2. Use Mirage to build reference machine for base layer and deploy to all end points as standard.  Use SCCM to only patch the reference machine.  Use Mirage to create different layers for different layers required.
Now which to choose?  I would recommend option 2.  Here is why.  Using SCCM to patch the reference image and using Mirage to capture helps manage the different stage and you are able to revert this later without impact even if a patch fails and cause an endpoint malfunction.
Secondly, using Mirage to push out the change in the layer can save you on bandwidth as Mirage will do a check on the deltas and only send the deduplication data over.  So your network can stay screaming fast.

Option 1, is still viable however do note SCCM do not perform deduplication and once transmitted you are not able to revert if your endpoint were to fail due to any incompatibility which is resulted.


Question 2:
During a XP to Windows 7 migration, will my XP applications be port over?
Answer is No.

If you have downloaded the VMware Mirage binaries, there is a Use Cases document which states the below:
"Make sure that any applications that exist on your Windows XP end points (that you wish to migrate) have been installed on this Windows 7 machine. User-installed applications on the Windows XP machine will not be migrated over to Windows 7. All user data, however, will be."

Question 3:
Mirage uses USMT to perform the migration and in such, you will see the windows.old folder after the migration.  Will Mirage remove the folder?  The answer is no.  However you can use scripts to remove it.  This is not a functionality of Mirage but rather how USMT did the migration.  Deleting the folder also mean there is no way to perform a revert back.

"Mirage will never delete the windows.old folder. This is the responsibility of the user or IT Administrator (but can be scripted using the post-migration or post-Base Image update scripts)."

Question 4:
USMT be default does not save the wallpaper of the user when migration take place.  However you can still do that by adding in the below code to the MigUser.xml file in the x86 and amd64 folder in the USMT.

<!-- This component migrates wallpaper files -->
  <component type="Documents" context="System">
    <displayName>Move JPG and BMP</displayName>
    <role role="Data">
      <rules>
        <include>
          <objectSet>
            <pattern type="File"> %windir% [*.bmp]</pattern>
            <pattern type="File"> %windir%\web\wallpaper [*.jpg]</pattern>
            <pattern type="File"> %windir%\web\wallpaper [*.bmp]</pattern>
          </objectSet>
        </include>
      </rules>
    </role>
  </component>

Question 5:
How can Mirage save on bandwidth?
There are two ways Mirage do in the background before transmission of the changed block.
1. Local deduplication on file and block level is done at the endpoint.  During this period you may observer CPU and Memory utilization,
2. Data is then compressed before sending out.

With this two in place, the amount of data which actually get transmitted is very small.


I will update this post as more questions arises.





Saturday, November 3, 2012

vSphere 5.x: Errors installing ESXi 5.x

This is happening to many customers and it seems to be happening on several new models of servers typically most heard on IBM System x M4 series of servers and some Dell ones as well.

Did some internet searching however none gave much resolution but refer to resolution for white boxes.

These servers must be also be listed in VMware supported list of hardware here.

Below are the two common problems identified:

Problem 1

"Loading /imgpayld.tgz
Relocating the modules and starting the kernel..."
Resolution:
Make sure all firmware including BIOS is updated.  In this scenario, BIOS firmware was updated and installation was successful.  Seems like this was due to the UEFI used on IBM servers need to be updated.  Do find out from your respective vendor on the latest supported firmware.

Problem 2

"Loading /imgpayld.tgz
Multiboot could not setup the video subsystem.
Relocating the modules and starting the kernel..."
Resolution:
This is a strange error apparently, to solve this issue you would need to change the monitor/console display to one that support 1024 x 768 and your problem should be resolved.  It seems that ESXi 5.x require to output to at minimum resolution to install.  And I thought it was just plain text display.


Both problems were shared by our customers.  We learn this everyday however we need to share the experience to keep the communities growing.


Update 3 Nov 2012:
Mentioned Dell servers was instead some Dell Desktop which are not on HCL.  My apologies on this not stating this clearly.

Friday, October 26, 2012

vSphere 5.x: License Error and Upgrade

Decided to write a post on this as I receive just too times the questions from different customers due to the confusion.

Say if you are using a free edition of the vSphere Hypervisor or you are on any purhcased editions of vSphere, and you like to licensed it or upgrade to the next edition.  Now you have the new license key what do you do?

This is the most asked question:
1. Do I need to reinstall the ESXi server applying a new license key?
Answer is No.  You just need to either go to the Hypervisor via the vSphere client, select the host and on the right under the Configuration Tab and choose Licensed Features.  Click on Edit and enter your serial key.  Alternative if  you have a vCenter, just select Home>Administration>Licensing and choose Manage vSphere Licenses.  The features of the edition you have purchased or licensed will be activated and shown.



2. Can vSphere 5.0 serial keys work in vSphere 5.1?
Answer is Yes.  All vSphere 5.0 keys will still work in all vSphere 5.x.  This has been the same for vSphere 4.0 on vSphere 4.1.  The keys should work on all level build but not a version build change.

3. The serial key is valid but not working.
I have also encounter this problem on entering vSphere 5.x keys into a vSphere 5.1 either via vCenter or direct to the ESXi server, you receive this error.
Notice the Product: Unlicensed was displayed.  Apparently this is a valid license.  So what have gone wrong this case?

Many customer receive their license in soft copy via their email attached as PDF, often users copy and paste from the PDF files and this is the problem.

In PDF, sometimes '0' are converted to 'O', '1' are to '|'.  This will results in invalid of serial key.
The best thing to do here is copy and paste the serial key to a notepad in Windows or a text editor to see what characters are actually copied.  Second, change all the 'O' to '0'.  There are no 'O' in VMware serial keys they are all zeros.


Yet another operation problem solved.

Tuesday, October 16, 2012

Journey of Virtualization: Software Defined Datacenter

Recently I was asked by some customers who have not yet start virtualization.  They asked which technology should they choose?  Microsoft Hyper-V, VMware vSphere, Oracle VM, Citrix Zen or even Redhat KVM.

I would like to take this as a neutral perspective here.  Here I do not want to be bias against any technology but rather be open about it and to start at the base and looking towards the goals.

What is your reason that you are going to start virtualization?
Many wanted to do because they see people doing it and they believe it is cost saving.  Have you assess if this is really cost saving for yourself?  For one reason, if you are paying hosting of your server workload, would you really bother about if it is virtual or physical for the SLA you have paid for?

Once you have determine your reason on virtualization, next we talk about what do you want to achieve out of virtualization?
Many talk about TCO, ROI and really the cost savings.  Honestly all virtualization technology delivers the same so what so different.  All allows you to consolidate many to one physical box.

Next, after than the business benefits, what else are you looking for?
Most of them do not tell me much.  But one common reasons is efficiency.  They want to have ease of management.  This is crucial.  Why you might asked.  Simple, you do not want to start virtualization to benefit from it and end up more difficult to manage and you might just prefer the physical environment.  With complexity meaning service level been affected since it would not be so easy to do any recovery or troubleshooting so resulting in higher operation cost (OpEx) and with more people need to manage the environment.

After all this, we are all looking at something that can be cost effective, operation effective and ease of use which can drive you automation and not sacrificing or reversing what you have done in a physical environment.

It can make it as easy as treat it as if you are using a phone, and you need one app e.g. Angry bird.  You browse using your iPhone or Android phone to individual store, search for the app and download it.  Once payment is received or approved, the app started to download and install.  It is ready to use.

Imagine this if this is your datacenter, where your users get to choose what they need.  As long they pay for their requirements, the services in terms of workload and security, firewall, etc. will be provided.  Now imagine, your user get to provision their workload and once its ready, they are informed.  They start using their workload created.  This was all done by them.  No involvement of the infrastructure personnel who are busy managing the environment and running the day to day tasks and projects.

This is what we want and hope to have.  Is it really available?  The answer is yes.  It is and it can be achieved if these are all running and controlled by software.  This lead to the hot topic where Microsoft and VMware are calling Software Defined Datacenter (SDDC).

Imagine all your hardware, servers, storage, networks, security are all in your infrastructure.  However the definition of how it is assigned and who gets to use it etc are defined by software.  You scale whenever you want and need while the user just have to do is request and pay for their requirements as long the infrastructure can support this.

Now we know there is such a vision and solution.  Next we look at how this can value add to your environment?  First, it can save you on time to management what you are suppose to manage and leave the user to decide what they need on their own.  Secondly, we want integration.  Definitely we do not want something that needs multiple components and perform some complex integration that makes it even hard to manage which will defeat the first purpose.  Lastly, a framework you can work on and reach there.

Having said all the above,  take a deep thought.  Is this what you really want to do or is it just something too far away which you doubt would really happen.

Next if this is what you really wish to have, then look out for a solution that provide a framework for you to work on.  Not one that provides you with many components and ask you to piece all this together yourself.  That would be near impossible.

Lastly, the ability to manage this new environment.  The administrators are no longer just administrator.  They are looking at a data center where its gear towards a Cloud infrastructure where the characteristics are the same.  These administrators are moving towards Cloud Architect role where they see things in a higher perspective.  Not the the usual day by day operational administrators we used to see.

The mindset of our perspective need to change and embrace the new technology moving towards a new era.  We have to think of future and not stay just at the virtualization layer where features and functions are just comparison people or companies makes you to compare on.  We should be doing is looking at a longer and further journey of who and what can brings you there.


Thursday, October 4, 2012

vSphere 5.1: Error encounter adding host

I came across this incident which is really minor but can get you wasting time troubleshooting.  If you are currently running the free ESXi server and have also purchase a licensed copy, you may encounter this error when trying to add an ESXi host to the vCenter.

"The host is licensed with VMware vSphere Hypervisor. The license edition of vCenter Server does not support VMware vSphere 5 Hypervisor."



Let me explain this.

Prior to purchase a licensed vSphere edition, you would have entered the free license on the ESXi server to run a standalone ESXi server.  This license is also known as VMware vSphere 5 Hypervisor.  This is as show below.  It is limited to 32GB of physical memory with unlimited core or processor.



When adding this host to the vCenter, if you did not enter the vSphere license into the vCenter prior adding the free standalone ESXi server, you will NOT be prompted to change the license.

In this case, you will encounter the above error as the free VMware vSphere Hypervisor license is not allowed to be managed by a vCenter.  This is a hard restriction.

So what you should do after you have purchase a licensed copy of vSphere, you should first add the vSphere license into vCenter followed by adding the host.  During the Add Host wizard, you will be prompted to choose a license, this time you can select the licensed vSphere license as show below.


Yet another daily operations issue resolve!




Tuesday, September 25, 2012

vSphere 5.1: vMotion with no Shared Storage

In vSphere 5.1, vMotion without shared storage was introduced.  Frank Denneman has mentioned here there is no named to this features though many has given names like Enhanced vMotion, etc.

Some have tried to perform this but realize even though they have upgraded to vSphere client 5.1, it still show greyed out and given a message to power off the VM.  This is because, in vSphere 5.1, all new features enhancement will only be found in the Web Client.  In such, the C# client will not have this option.

So using the Web Client, I was able to perform this vMotion in my home lab where I do not have any shared storage other than the local disk of each ESX servers or across two different clusters which have shared storage within there respective cluster.

Do note that you can only perform 2 concurrent vMotion without shared storage at one time, any additional will be queued.  Also the total of such vMotion adds to the total of concurrent vMotion (max of 8) and Storage vMotion (2 per host or 8 per data store).  So e.g. if 2 of such vMotion is conducted, then you are remain with 6 available vMotion or Storage vMotion.  Those that are in queue will be process on a first in first out basis.

Multi-nics are supported for vMotion.  This will help reduce the time especially when trying to use this new vMotion on a big size VM.

Here I have did a demo on this feature and how it got vMotioned without any interrupt.  In fact, I was surprised I do not even found a single ping drop.


A short note here.  In case you are wondering, you can also use this new vMotion without Shared Storage to perform a "Storage vMotion" for a power off VM to relocate its disk placement to another ESXi host.

Citrix XenServer 6.1 and Microsoft Hyper-V 3 has also Live Migration with no shared storage features.  For Citrix, you would need to use command and command console to monitor progress.  For Microsoft, there will be still some manual work like typing destination host name where a selection list can do that job.  Both do not support multi-nic migration.  Thinking about moving a 500GB or even 1TB size VM?

vSphere 5.1 Web Client: Installation

There are a few good resources on using the vCenter Web Client.  One of them contains the use of the whole web client interface which you can find here.

This KB states the requirements for the Web Client.
This blog shows you the installation of Web Client.

To access the web client the URL address would be as follows with the default port:
https://:(hostname or ip):9443/vsphere-client

Below is a video on a simple setup of the Web Client and installation.  Do note that the Web Client would require Adobe Flash to access via any of the web browsers namely Firefox, Internet Explorer and Chrome.


Features now available in Web Client but not on C# Client
  • vSphere Replication
  • vMotion with no shared storage
  • SR-IOV, BDPU, Port allocation to Elastic
  • Network Healthcheck
  • Backup and Rollback for vDS
  • Port mirroring (IPFX) and Netflow new enhancements for vDS (ESPAN, RSPAN)
I came across this blog post on the vDS enhancements on vSphere 5.1.  Do take a look.


17 Oct 2012
Update 1: Load balance using vCNS for vSphere Web Client
If you would like to load balance or even have a redundancy for your web client, you can refer to the setup mention here.

18th March 2013
Update 2: In case you need to register your older vCenter or add in any domains into SSO, log into the web client with the user name admin@System-Domain.

Monday, September 24, 2012

vCenter 5.1 Update Manager: Installation

After the installation of vCenter 5.1, you can then proceed with the Update Manager if yu do use it and its strongly you use it to scan and check for update and apply these updates or patches to your VMware environment.

Refer to the vCenter Update Manager documentation page.  Here you will find the installation guide and the requirements for the database rights requirement.  I am using MS SQL in my demo here.  For other database please refer to the installation document.  In short for MS SQL, you need either a sysadmin role or db_owner of the database for the upgrade or installation.  In a corporate environment, typically sysadmin role is not allowed that leads to only the db_owner.

Also the requirement for MSDB is need as sysadmin or dbo_owner during installation or upgrade only.


Create vCenter Update Manager database with the rights.  The revoke of dbo role for the vumuser is at the bottom of the script commented out.
===========================================
use [master]
go

CREATE DATABASE [VUMDB] ON PRIMARY

(NAME = N'vumdb', FILENAME = N'd:\VUMDB.mdf' , SIZE = 2000KB , FILEGROWTH = 10% )

LOG ON

(NAME = N'vumdb_log', FILENAME = 'd:\VUMDB.ldf' , SIZE = 1000KB , FILEGROWTH = 10%)

COLLATE SQL_Latin1_General_CP1_CI_AS
go

ALTER DATABASE [VUMDB] SET RECOVERY SIMPLE /*or FULL*/
go

use VUMDB
go

sp_addlogin @loginame=[vumuser], @passwd=N'P@ssw0rd', @defdb='VUMDB', @deflanguage='us_english'
go

ALTER LOGIN [vumuser] WITH CHECK_POLICY = OFF
go

CREATE USER [vumuser] for LOGIN [vumuser]
go

sp_addrolemember @rolename = 'db_owner', @membername = 'vumuser'
go



use MSDB
go

CREATE USER [vumuser] for LOGIN [vumuser]
go

sp_addrolemember @rolename = 'db_owner', @membername = 'vumuser'
go

/* remove vumuser from dbo role from MSDB
use MSDB
go

sp_droprolemember @rolename = 'db_owner', @membername = 'vumuser'
go
*/

===========================================

Sunday, September 23, 2012

vCenter 5.1 with SSO: Installation

To upgrade, you can refer to the Best Practice KB here.
If you have any problem hit installing SSO, you can refer to this KB
If you hit an error for vCenter installation after installing SSO, vCenter Inventory Service successfully, you may want to refer to this KB.
 


If you encounter an error during vCenter Installation and its show in vm_ssoreg.log
"java.lang.IllegalArgumentException: The local OS identity source is not registered with the SSO installation"
Resolution:
You might need to quit and rejoin your domain for the vCenter server if time on both the vCenter and Domain Controller is within not more than 5 minutes difference.

For a more detailed installation including certificates installation you may refer to this other blog.

To start with, I have make this guide simply easy for someone who have not done any vCenter installation before and using MS SQL for the database.

Here is a video on the installation and below are the detailed instructions and scripts.



To start with vCenter installation, the below is a overview.

Installation Start with SSO.
  1. Hostname enter IP or FQDN of the SSO Server
  2. Check User Manually Created Users
  3. Key in the two Users created in the SQL query for SSO
  4. Carry on with the installation

Next install vCenter Inventory Service
  1. Proceed with the installation and key in the SSO administrator user password
  2. Install the certificate with prompted

Lastly the vCenter
  1. Start the vCenter Installation
  2. Proceed with the wizard and point to the created database with the DSN created
  3. Remove VC_ADMIN role from vpxuser after installation

To implement the SSO function, 
  1. Create a database run query \Single Sign On\DBScripts\SSOServer\schema\mssql\rsaIMSLiteSQLSetupTablespaces.sql
  2. Go to the binary path \Single Sign On\DBScripts\SSOServer\schema\mssql\rsaIMSLiteMSSQLSetupUsers.sql to create the SSO database users: RSA_DBA, RSA_USER.  This is create separately as not to mixed with vCenter Database and user. 

Create SSO Database
================================================= 
CREATE DATABASE RSA ON PRIMARY(
    NAME='RSA_DATA',
    FILENAME='C:\CHANGE ME\RSA_DATA.mdf',
    SIZE=10MB,
    MAXSIZE=UNLIMITED,
    FILEGROWTH=10%),
FILEGROUP RSA_INDEX(
    NAME='RSA_INDEX',
    FILENAME='C:\CHANGE ME\RSA_INDEX.ndf',
    SIZE=10MB,
    MAXSIZE=UNLIMITED,
    FILEGROWTH=10%)
LOG ON(
    NAME='translog',
    FILENAME='C:\CHANGE ME\translog.ldf',
    SIZE=10MB,
    MAXSIZE=UNLIMITED,
    FILEGROWTH=10% )
GO

-- Set recommended perform settings on the database
EXEC SP_DBOPTION 'RSA', 'autoshrink', true
GO
EXEC SP_DBOPTION 'RSA', 'trunc. log on chkpt.', true
GO

CHECKPOINT
GO

=================================================


Create SSO Users
=================================================
USE MASTER
GO

CREATE LOGIN RSA_DBA WITH PASSWORD = '', DEFAULT_DATABASE = RSA
GO
CREATE LOGIN RSA_USER WITH PASSWORD = '', DEFAULT_DATABASE = RSA
GO

USE RSA
GO

ALTER AUTHORIZATION ON DATABASE::RSA TO [RSA_DBA]
GO

CREATE USER RSA_USER FOR LOGIN [RSA_USER]
GO

CHECKPOINT
GO

=================================================




Steps:
  1. Prepare DB for vCenter
    • Run the scripts
    • Create ODBC 64bit System DSN
    • Configure the MS SQL Server TCP/IP for JDBC: For IP address just check Active and TCP Dynamic Ports
    • All optional steps are left out except the below for those who wants to monitor the database
      • use master
        go
        grant VIEW SERVER STATE to login name go

Prepare vCenter 5.1 Database.  You can refer to the installation guide however I find it rather not clear for database noob.  However referring to the the vCenter Binary either ISO or zip file, :\vCenter-Server\dbschema\DB_and_schema_creation_scripts_MSSQL.txt which on the first half contains the script below, The Grey highlight is added by myself which by default the database is create with Full Recovery however I like to change to Simple.

For the Yellow and Orange Highlight, you can choose to use either one.  For some environment, the user cannot be granted a DBO rights in such a customize role is create in this case, VC_ADMIN, VC_USER.  Depend on your environment you choose which to run.


Create vCenter database and user
=================================================
use [master]
go

CREATE DATABASE [VCDB] ON PRIMARY
(NAME = N'vcdb', FILENAME = N'C:\VCDB.mdf' , SIZE = 2000KB , FILEGROWTH = 10% )

LOG ON
(NAME = N'vcdb_log', FILENAME = N'C:\VCDB.ldf' , SIZE = 1000KB , FILEGROWTH = 10%)

COLLATE SQL_Latin1_General_CP1_CI_AS
go


ALTER DATABASE [VCDB] SET RECOVERY SIMPLE /*or FULL*/
go


use VCDB
go

sp_addlogin @loginame=[vpxuser], @passwd=N'vpxuser', @defdb='VCDB', @deflanguage='us_english'
go

ALTER LOGIN [vpxuser] WITH CHECK_POLICY = OFF
go

CREATE USER [vpxuser] for LOGIN [vpxuser]
go

CREATE SCHEMA [VMW]
go

ALTER USER [vpxuser] WITH DEFAULT_SCHEMA =[VMW]
go

/*User should have DBO Privileges or VC_ADMIN_ROLE and VC_USER_ROLE database roles

sp_addrolemember @rolename = 'db_owner', @membername = 'vpxuser'
go

or
*/

if not exists (SELECT name FROM sysusers WHERE issqlrole=1 AND name = 'VC_ADMIN_ROLE')
CREATE ROLE VC_ADMIN_ROLE;
GRANT ALTER ON SCHEMA :: [VMW] to VC_ADMIN_ROLE;
GRANT REFERENCES ON SCHEMA :: [VMW] to VC_ADMIN_ROLE;
GRANT INSERT ON SCHEMA ::  [VMW] to VC_ADMIN_ROLE;

GRANT CREATE TABLE to VC_ADMIN_ROLE;
GRANT CREATE VIEW to VC_ADMIN_ROLE;
GRANT CREATE Procedure to VC_ADMIN_ROLE;

if not exists (SELECT name FROM sysusers WHERE issqlrole=1 AND name = 'VC_USER_ROLE')
CREATE ROLE VC_USER_ROLE
go
GRANT SELECT ON SCHEMA ::  [VMW] to VC_USER_ROLE
go
GRANT INSERT ON SCHEMA ::  [VMW] to VC_USER_ROLE
go
GRANT DELETE ON SCHEMA ::  [VMW] to VC_USER_ROLE
go
GRANT UPDATE ON SCHEMA ::  [VMW] to VC_USER_ROLE
go
GRANT EXECUTE ON SCHEMA :: [VMW] to VC_USER_ROLE
go

sp_addrolemember VC_ADMIN_ROLE , [vpxuser]
go

sp_addrolemember VC_USER_ROLE , [vpxuser]
go



use MSDB
go

CREATE USER [vpxuser] for LOGIN [vpxuser]
go

/*User should have DBO Privileges or VC_ADMIN_ROLE

sp_addrolemember @rolename = 'db_owner', @membername = 'vpxuser'
go

or
*/

if not exists (SELECT name FROM sysusers WHERE issqlrole=1 AND name = 'VC_ADMIN_ROLE')
CREATE ROLE VC_ADMIN_ROLE;

go
grant select on msdb.dbo.syscategories to VC_ADMIN_ROLE
go
grant select on msdb.dbo.sysjobsteps to VC_ADMIN_ROLE
go
GRANT SELECT ON msdb.dbo.sysjobs to VC_ADMIN_ROLE
GO
GRANT EXECUTE ON msdb.dbo.sp_add_job TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_delete_job TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_jobstep TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_update_job TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_jobserver TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_jobschedule TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_category TO VC_ADMIN_ROLE
go

sp_addrolemember VC_ADMIN_ROLE , [vpxuser]
go

=================================================


Remove VC_ADMIN_ROLE from vpxuser
=================================================
use VCDB
go

sp_droprolemember VC_ADMIN_ROLE , [vpxuser]
go

=================================================

Remove dbo role from MSDB 
================================================= 
use MSDB
go

sp_droprolemember @rolename = 'db_owner', @membername = 'vpxuser'
go

=================================================




Update 1: 25 Sept 2012
Another issues which you have during installation of vCenter.
Open C:\ProgramData\VMware\VMware VirtualCenter\SSL\rui.crt
Check whether the certificate is expired
If the certificate is expired rename the SSL folder and start with installation again
This will push new certificate and create a new SSL folder
 

Note:The hosts has to be reconnected to VC as the certificate's are renewed

Update 2: 18 March 2013
Those using the Windows vCenter and have SSO, Web Client all in the same machine as vCenter.  When performing reboot, sometimes the vCenter service may not be started.  Please take note of this as when using the Web Client, you might encounter unable to connect to one or more vCenter error message.  

Sunday, September 9, 2012

vSphere 5.1: Which edition considerations

With the release of new vSphere 5.1.  There are lots of new improvement that includes license change as well as features included in the lower editions of vSphere 5.1 which were only present in the higher editions in vSphere 5.0.

Below is a overview of features in vSphere 5.0 and 5.1
To keep things simple I will not be going through every features here but would like to bring attention just to those that are made available to the lower editions in vSphere 5.1.

Essential: No change.  Only the Hypervisor.
Essential Plus: Added vShield Endpoint, vSphere Replication, Hot Add.
Standard: Added those in Essential Plus and vShield Zones, Fault Tolerance, Storage vMotion.
Enterprise & Enterprise Plus: Almost similar.

Consideration 1
For Essential and Essential Plus, it still much more applicable to SMB or Remote offices whereby there is no need of the performance guarantee since typically such environment do not have much workloads.  The limitation still applies here where Essential kits are restricted to 6 processors or 3 hosts whichever is maximize first and comes with vCenter Essential where features like Linked mode is not present.

Consideration 2
With the added features to Standard Edition, does that means Enterprise would not be that significant?  Not entirely true.

With Standard edition and above you can match two types of vCenter namely foundation and standard.

vCenter foundation is very applicable to small and remote offices where the requirements does not exceed 3 hosts while vCenter standard does not have such limitation.  Also to note Linked mode is only available in vCenter Standard.

vSphere Standard edition would still be more suitable for environment with low workload though Storage vMotion and Fault Tolerance are added.  If you look closer, Standard edition does not contain Storage API for Array Integration (VAAI) and similarly it still does not have DRS/DPM.

Without Storage API, the host's resources will be used for storage activities for copy offload, write same offload and hardware assisted locking.  Without these, host's resources will be utilized to perform e.g. cloning where file level copying creating load on the host, a data store will be locked when a write by a host to the data store which means delay of storage tasks in such results in performance degrading.  Storage vMotion in short in Standard Edition is more applicable in scenario for putting a data store for maintenance use rather than towards daily operations.  It is also provided to compliment with "share nothing" vMotion function.

Without DRS, you would need to do manual auto load balancing.  With high number of workloads, not does this increase operations overheads but also decrease resource utilization as manual calculation would need to be done to find how workloads can be balanced.

Also there is no Storage Multipathing Policy (MPP) support for Standard.  With that, if this is understand correctly you will only be entitled to Native Multipathing (NMP) in vSphere.  In such, you will not be able to use vendor specific MPP e.g. EMC PowerPath as the vStorage APIs for MPP is not included for this edition.

If you decide to move to standard, your consolidation ratio may not be as high as what is possible on Enterprise edition and above.  With that in mind, do cater into your design on the additional physical resource requirements.  So spending less on licenses might results in spending more on hardware which the end result might just be more expensive.

Summary
So which editions would be suitable for you.  You can try out the VMware vSphere Purchase Advisor here.

With the additional features to Standard edition, it was more to enable the use of the required abilities irregardless of small or big environment.  However if the environment is big, then Enterprise and Enterprise Plus should be considered to maximize your resources and lower the operations overheads.

To find out more of vSphere 5.1 and their features descriptions, you can find here.  The descriptions are available on clicking the features however the editions recommended are still referring to vSphere 5.0 at the time of writing.

Sunday, September 2, 2012

vCloud Suite 5.1

As announced on the VMworld 2012 in San Francisco, the vCloud Suite is finally here and it has bundled lots of solutions into one package with different editions to serve different type of customers.  The new licensing will also be included by per processor for this suite bundling.  You may refer to the different editions for the vCloud bundle here.

Below are some of the breakdown and descriptions to all the components.

vSphere 5.1
The same robust and reliable hypervisor that comes with new features like vSphere Replication for replication on recovery purposes which will be available from Essential Plus edition onwards.  Of cos with more features added which I would not go into much details but a few great ones will be GPU sharing and increased of vCPU to 64 .  No more dependency of root account.  Enhanced vMotion able to do a vMotion and a Storage vMotion in just one step even VM on a local datastore.  Single Sign on feature integration with Web client.  The vSphere web client now contains more feature enhancement than the C# client.

Introducing the vSphere Data Protection which is joint development with EMC based on Avamar.  This will replace the Data Recovery vApp.

vCloud Director 5.1 (vCD)
With also DNS relay and rate limiting on the interfaces are some of the new features.  Snapshot on vApps is not possible.  Works with SSO on vCenter and support of VXLAN.

vCloud Networking and Security
Incorporated with the new vShield Edge which has now 10 interfaces increase from 2 and able to make that internal or external however you want that. The vShield name will be replaced.  vSphere 5.1 comes with vShield Endpoint.  This bundle replace current vShield bundle.

Site Recovery Manager 5.1 (SRM)
Now with Reprotect for vSphere Replication.  Only works with vCenter 5.1.  It now extends to work with vSphere Essential Plus.  vSphere Replications now provide application consistency for windows VMs.

Tuesday, August 28, 2012

vSphere 5.1: Best Practices and Technical Papers

With the introduction of vSphere 5.1, there will be many concerns on the best practices that many are interested in.

I have listed the available technical papers that are in VMware site and will update them whenever there is new one updated for easy access and reference.

Best Practices
VMware vSphere 5.1 vMotion Architecture, Performance and Best Practices
VMware vCenter Server 5.1 Database Performance Improvements and Best Practices for Large-Scale Environments
Performance Best Practices for VMware vSphere 5.1


Technical Papers
VXLAN Performance Evaluation on VMware vSphere 5.1
Storage I/O Performance on VMware vSphere 5.1 over 16 Gigabit Fibre Channel
The CPU Scheduler in VMware vSphere 5.1
VXLAN Performance Evaluation on VMware vSphere 5.1

vSphere 5.1: What's New

With the introduction of vSphere 5.1.  There would be many questions on the new features and enhancements been made.  So here are the breakdown of all the new and enhancement documents.

What's New in vSphere 5.1
Introduction to VMware vSphere Data Protection
Introduction to VMware vSphere Replication
Introduction to VMware 5.1 - Performance
Introduction to VMware 5.1 - Storage
Introduction to VMware 5.1 - Platform
Introduction to VMware 5.1 - Networking

Hope these will give you a good idea on the changes.

As for the editions and add on,  the same editions that are in vSphere 5 are still here which includes Essential, Essential Plus, Standard, Enterprise and Enterprise Plus.

What has been added is Standard with Operations Management.  This edition adds in vCenter Operations Suite Advanced for active monitoring and capacity monitoring and vCenter Protect Standard for patching.  This edition is very useful for customer starting on a small virtualization project while still able to provide a good active monitoring tool and patching systems all in one package.  For the vCenter Operations Management Suite, it is still licensed by per pack of 25 VMs.  However for this vSphere edition, all VMs licensed in this suite will be protected and not restricted by the any number of VMs.  However this only applies to VMs that are hosted and licensed on vSphere Standard with Operations Management and no VMs on other licenses.

You will see what is available for all vSphere Editions from here.  Do ignore the entitlement portion as that is for kits purchase and customer are allowed only to purchase one kit per site to be used.

vSphere 5 & 5.1 Licensing

As of today's announcement, the new vSphere licensing for 5 and 5.1 will be by per processor licensing moving forward from 27th August 2012.  This eliminate the need of vRAM entitlement which was used in vSphere 5.0 last year.

This come effect for all new and existing customers on vSphere 5.0 while vSphere 5.1 is yet to be released for download.  The updated End User License Agreements (EULA) will replaces and supersede statement can be found here.

This change was decided due to the feedback and confusion created when vRAM entitlement was release last year in partners and users.  Though vRAM would benefit people with bigger environment, the core processor licensing was still easier for everyone.

You can read from the vSphere 5 Licensing white paper here.  You may also refer to all the resources of vSphere whether for 5.0 or 5.1 all at this place.

I have the table of the license entitlement between 4.1 and prior and the new change for 5.x below:


vSphere 4.1 and prior
vSphere 5.1
Licensing
CPU
CPU
Subscription and Support
CPU
CPU
Core per Proc
- 6 cores for Free ESXi, unlimited CPU
- 6 cores for Essential, Essential +, Standard and Enterprise
- 12 cores for Advanced, Enterprise +
Unlimited
Physical RAM capacity per host
- 256GB for Essential, Essential +, Standard, Advanced, Enterprise
- Unlimited for Enterprise Plus
- Unlimited for all licensed editions
 
- 32GB physical RAM limitation for *Free ESXi with no API support
*For ESXi 5.1 Free Edition, it has a hard limit of 32GB physical memory.  Server with more than 32GB physical memory will not be able to boot up.  No API support means there are no VAAI, VADP, etc. API support for the free edition.

 Number of vCPU per VM
vSphere 4.x Edition
vCPU Entitlement
vRAM Entitlement
Free ESXi
4
Unlimited
Essential
4
Unlimited
Essential Plus
4
Unlimited
Standard
4
Unlimited
Advanced
4
Unlimited
Enterprise
4
Unlimited
Enterprise Plus
8
Unlimited


Number of vCPU per VM
vSphere 5.1 and after Edition
vCPU Entitlement
vRAM Entitlement
Free ESXi
8
Unlimited
Essential
8
Unlimited
Essential Plus
8
Unlimited
Standard
8
Unlimited
Standard with Operation
Management Suite Advanced
8
Unlimited
Enterprise
32
(8 for vSphere 5.0)
Unlimited
Enterprise Plus
64
(32 for vSphere 5.0)
Unlimited


Typically most customers who have big servers with high number of physical memory and running Standard edition will end up with more licenses after the new change.  But little will change for those using Enterprise or even Enterprise Plus.

What about vRAM warnings?
So at GA for vSphere 5 and 5.1, there will be still vRAM entitlement soft enforcement warnings.  However due to the change in licensing, VMware have updated the Product Documentation to ignore all such warnings.  Also you will find an updated EULA here on exempting of vRAM.  The hard enforcement for Essential and Essentail Plus editions will be removed.

How can I remove the warnings I am finding them ignoring?
For Essential and Essential Plus customers to remove the hard enforcement, they will need to upgrade the vCenter for 5.0 Update 2 or vCenter 5.1 Update 1.  For the soft enforcement warning in other editions, the same applies.   Currently at time of writing I did not see any new updates for the vCenter.  So I believe this will come at a later stage perhaps in the next few months to come.

If I have vSphere 4.x Enterprise (limit to 6 cores per CPU), and I have a server with 2 CPU each with 8 cores, what will happen and how many licenses would I need?
Referring this to our Licensing policy here, If you have more cores than the licenses, you would need to top up the different for that CPU.  E.g. a 8 Cores CPU would requires 2 x vSphere 4.x Enterprise licenses as each vSphere 4.x Enterprise licenses only allows 6 cores per CPU.  In review to this, it is best to upgrade to vSphere 5.x where you are not limited by core per CPU.

Can I choose to have only license 6 cores and use only one license if I have a 8 cores CPU in vSphere 4.x?
Answer is no.  This is automated via vCenter and ESXi servers and due to the licensing, it will automatically use 2 x vSphere 4.x Enterprise for each CPU more than 6 cores.


Update 3rd Sept 2012
Added information on vCPU limit for vSphere 4.1 and 5.1

Update 4th Sept 2012
Added information on Free ESXi

Updated 4th Jan 2013
Added VMware Multi-Core Pricing & Licensing Policy.
vRAM licensing is no longer valid.  There is unlimited vRAM for vSphere 5.x.

Windows 2016 Core Licensing FAQ

A very busy month for me and also traveling to take a break from work. Finally to sit down and compose which got confused by many of my co-w...