Tuesday, September 25, 2012

vSphere 5.1: vMotion with no Shared Storage

In vSphere 5.1, vMotion without shared storage was introduced.  Frank Denneman has mentioned here there is no named to this features though many has given names like Enhanced vMotion, etc.

Some have tried to perform this but realize even though they have upgraded to vSphere client 5.1, it still show greyed out and given a message to power off the VM.  This is because, in vSphere 5.1, all new features enhancement will only be found in the Web Client.  In such, the C# client will not have this option.

So using the Web Client, I was able to perform this vMotion in my home lab where I do not have any shared storage other than the local disk of each ESX servers or across two different clusters which have shared storage within there respective cluster.

Do note that you can only perform 2 concurrent vMotion without shared storage at one time, any additional will be queued.  Also the total of such vMotion adds to the total of concurrent vMotion (max of 8) and Storage vMotion (2 per host or 8 per data store).  So e.g. if 2 of such vMotion is conducted, then you are remain with 6 available vMotion or Storage vMotion.  Those that are in queue will be process on a first in first out basis.

Multi-nics are supported for vMotion.  This will help reduce the time especially when trying to use this new vMotion on a big size VM.

Here I have did a demo on this feature and how it got vMotioned without any interrupt.  In fact, I was surprised I do not even found a single ping drop.


A short note here.  In case you are wondering, you can also use this new vMotion without Shared Storage to perform a "Storage vMotion" for a power off VM to relocate its disk placement to another ESXi host.

Citrix XenServer 6.1 and Microsoft Hyper-V 3 has also Live Migration with no shared storage features.  For Citrix, you would need to use command and command console to monitor progress.  For Microsoft, there will be still some manual work like typing destination host name where a selection list can do that job.  Both do not support multi-nic migration.  Thinking about moving a 500GB or even 1TB size VM?

vSphere 5.1 Web Client: Installation

There are a few good resources on using the vCenter Web Client.  One of them contains the use of the whole web client interface which you can find here.

This KB states the requirements for the Web Client.
This blog shows you the installation of Web Client.

To access the web client the URL address would be as follows with the default port:
https://:(hostname or ip):9443/vsphere-client

Below is a video on a simple setup of the Web Client and installation.  Do note that the Web Client would require Adobe Flash to access via any of the web browsers namely Firefox, Internet Explorer and Chrome.


Features now available in Web Client but not on C# Client
  • vSphere Replication
  • vMotion with no shared storage
  • SR-IOV, BDPU, Port allocation to Elastic
  • Network Healthcheck
  • Backup and Rollback for vDS
  • Port mirroring (IPFX) and Netflow new enhancements for vDS (ESPAN, RSPAN)
I came across this blog post on the vDS enhancements on vSphere 5.1.  Do take a look.


17 Oct 2012
Update 1: Load balance using vCNS for vSphere Web Client
If you would like to load balance or even have a redundancy for your web client, you can refer to the setup mention here.

18th March 2013
Update 2: In case you need to register your older vCenter or add in any domains into SSO, log into the web client with the user name admin@System-Domain.

Monday, September 24, 2012

vCenter 5.1 Update Manager: Installation

After the installation of vCenter 5.1, you can then proceed with the Update Manager if yu do use it and its strongly you use it to scan and check for update and apply these updates or patches to your VMware environment.

Refer to the vCenter Update Manager documentation page.  Here you will find the installation guide and the requirements for the database rights requirement.  I am using MS SQL in my demo here.  For other database please refer to the installation document.  In short for MS SQL, you need either a sysadmin role or db_owner of the database for the upgrade or installation.  In a corporate environment, typically sysadmin role is not allowed that leads to only the db_owner.

Also the requirement for MSDB is need as sysadmin or dbo_owner during installation or upgrade only.


Create vCenter Update Manager database with the rights.  The revoke of dbo role for the vumuser is at the bottom of the script commented out.
===========================================
use [master]
go

CREATE DATABASE [VUMDB] ON PRIMARY

(NAME = N'vumdb', FILENAME = N'd:\VUMDB.mdf' , SIZE = 2000KB , FILEGROWTH = 10% )

LOG ON

(NAME = N'vumdb_log', FILENAME = 'd:\VUMDB.ldf' , SIZE = 1000KB , FILEGROWTH = 10%)

COLLATE SQL_Latin1_General_CP1_CI_AS
go

ALTER DATABASE [VUMDB] SET RECOVERY SIMPLE /*or FULL*/
go

use VUMDB
go

sp_addlogin @loginame=[vumuser], @passwd=N'P@ssw0rd', @defdb='VUMDB', @deflanguage='us_english'
go

ALTER LOGIN [vumuser] WITH CHECK_POLICY = OFF
go

CREATE USER [vumuser] for LOGIN [vumuser]
go

sp_addrolemember @rolename = 'db_owner', @membername = 'vumuser'
go



use MSDB
go

CREATE USER [vumuser] for LOGIN [vumuser]
go

sp_addrolemember @rolename = 'db_owner', @membername = 'vumuser'
go

/* remove vumuser from dbo role from MSDB
use MSDB
go

sp_droprolemember @rolename = 'db_owner', @membername = 'vumuser'
go
*/

===========================================

Sunday, September 23, 2012

vCenter 5.1 with SSO: Installation

To upgrade, you can refer to the Best Practice KB here.
If you have any problem hit installing SSO, you can refer to this KB
If you hit an error for vCenter installation after installing SSO, vCenter Inventory Service successfully, you may want to refer to this KB.
 


If you encounter an error during vCenter Installation and its show in vm_ssoreg.log
"java.lang.IllegalArgumentException: The local OS identity source is not registered with the SSO installation"
Resolution:
You might need to quit and rejoin your domain for the vCenter server if time on both the vCenter and Domain Controller is within not more than 5 minutes difference.

For a more detailed installation including certificates installation you may refer to this other blog.

To start with, I have make this guide simply easy for someone who have not done any vCenter installation before and using MS SQL for the database.

Here is a video on the installation and below are the detailed instructions and scripts.



To start with vCenter installation, the below is a overview.

Installation Start with SSO.
  1. Hostname enter IP or FQDN of the SSO Server
  2. Check User Manually Created Users
  3. Key in the two Users created in the SQL query for SSO
  4. Carry on with the installation

Next install vCenter Inventory Service
  1. Proceed with the installation and key in the SSO administrator user password
  2. Install the certificate with prompted

Lastly the vCenter
  1. Start the vCenter Installation
  2. Proceed with the wizard and point to the created database with the DSN created
  3. Remove VC_ADMIN role from vpxuser after installation

To implement the SSO function, 
  1. Create a database run query \Single Sign On\DBScripts\SSOServer\schema\mssql\rsaIMSLiteSQLSetupTablespaces.sql
  2. Go to the binary path \Single Sign On\DBScripts\SSOServer\schema\mssql\rsaIMSLiteMSSQLSetupUsers.sql to create the SSO database users: RSA_DBA, RSA_USER.  This is create separately as not to mixed with vCenter Database and user. 

Create SSO Database
================================================= 
CREATE DATABASE RSA ON PRIMARY(
    NAME='RSA_DATA',
    FILENAME='C:\CHANGE ME\RSA_DATA.mdf',
    SIZE=10MB,
    MAXSIZE=UNLIMITED,
    FILEGROWTH=10%),
FILEGROUP RSA_INDEX(
    NAME='RSA_INDEX',
    FILENAME='C:\CHANGE ME\RSA_INDEX.ndf',
    SIZE=10MB,
    MAXSIZE=UNLIMITED,
    FILEGROWTH=10%)
LOG ON(
    NAME='translog',
    FILENAME='C:\CHANGE ME\translog.ldf',
    SIZE=10MB,
    MAXSIZE=UNLIMITED,
    FILEGROWTH=10% )
GO

-- Set recommended perform settings on the database
EXEC SP_DBOPTION 'RSA', 'autoshrink', true
GO
EXEC SP_DBOPTION 'RSA', 'trunc. log on chkpt.', true
GO

CHECKPOINT
GO

=================================================


Create SSO Users
=================================================
USE MASTER
GO

CREATE LOGIN RSA_DBA WITH PASSWORD = '', DEFAULT_DATABASE = RSA
GO
CREATE LOGIN RSA_USER WITH PASSWORD = '', DEFAULT_DATABASE = RSA
GO

USE RSA
GO

ALTER AUTHORIZATION ON DATABASE::RSA TO [RSA_DBA]
GO

CREATE USER RSA_USER FOR LOGIN [RSA_USER]
GO

CHECKPOINT
GO

=================================================




Steps:
  1. Prepare DB for vCenter
    • Run the scripts
    • Create ODBC 64bit System DSN
    • Configure the MS SQL Server TCP/IP for JDBC: For IP address just check Active and TCP Dynamic Ports
    • All optional steps are left out except the below for those who wants to monitor the database
      • use master
        go
        grant VIEW SERVER STATE to login name go

Prepare vCenter 5.1 Database.  You can refer to the installation guide however I find it rather not clear for database noob.  However referring to the the vCenter Binary either ISO or zip file, :\vCenter-Server\dbschema\DB_and_schema_creation_scripts_MSSQL.txt which on the first half contains the script below, The Grey highlight is added by myself which by default the database is create with Full Recovery however I like to change to Simple.

For the Yellow and Orange Highlight, you can choose to use either one.  For some environment, the user cannot be granted a DBO rights in such a customize role is create in this case, VC_ADMIN, VC_USER.  Depend on your environment you choose which to run.


Create vCenter database and user
=================================================
use [master]
go

CREATE DATABASE [VCDB] ON PRIMARY
(NAME = N'vcdb', FILENAME = N'C:\VCDB.mdf' , SIZE = 2000KB , FILEGROWTH = 10% )

LOG ON
(NAME = N'vcdb_log', FILENAME = N'C:\VCDB.ldf' , SIZE = 1000KB , FILEGROWTH = 10%)

COLLATE SQL_Latin1_General_CP1_CI_AS
go


ALTER DATABASE [VCDB] SET RECOVERY SIMPLE /*or FULL*/
go


use VCDB
go

sp_addlogin @loginame=[vpxuser], @passwd=N'vpxuser', @defdb='VCDB', @deflanguage='us_english'
go

ALTER LOGIN [vpxuser] WITH CHECK_POLICY = OFF
go

CREATE USER [vpxuser] for LOGIN [vpxuser]
go

CREATE SCHEMA [VMW]
go

ALTER USER [vpxuser] WITH DEFAULT_SCHEMA =[VMW]
go

/*User should have DBO Privileges or VC_ADMIN_ROLE and VC_USER_ROLE database roles

sp_addrolemember @rolename = 'db_owner', @membername = 'vpxuser'
go

or
*/

if not exists (SELECT name FROM sysusers WHERE issqlrole=1 AND name = 'VC_ADMIN_ROLE')
CREATE ROLE VC_ADMIN_ROLE;
GRANT ALTER ON SCHEMA :: [VMW] to VC_ADMIN_ROLE;
GRANT REFERENCES ON SCHEMA :: [VMW] to VC_ADMIN_ROLE;
GRANT INSERT ON SCHEMA ::  [VMW] to VC_ADMIN_ROLE;

GRANT CREATE TABLE to VC_ADMIN_ROLE;
GRANT CREATE VIEW to VC_ADMIN_ROLE;
GRANT CREATE Procedure to VC_ADMIN_ROLE;

if not exists (SELECT name FROM sysusers WHERE issqlrole=1 AND name = 'VC_USER_ROLE')
CREATE ROLE VC_USER_ROLE
go
GRANT SELECT ON SCHEMA ::  [VMW] to VC_USER_ROLE
go
GRANT INSERT ON SCHEMA ::  [VMW] to VC_USER_ROLE
go
GRANT DELETE ON SCHEMA ::  [VMW] to VC_USER_ROLE
go
GRANT UPDATE ON SCHEMA ::  [VMW] to VC_USER_ROLE
go
GRANT EXECUTE ON SCHEMA :: [VMW] to VC_USER_ROLE
go

sp_addrolemember VC_ADMIN_ROLE , [vpxuser]
go

sp_addrolemember VC_USER_ROLE , [vpxuser]
go



use MSDB
go

CREATE USER [vpxuser] for LOGIN [vpxuser]
go

/*User should have DBO Privileges or VC_ADMIN_ROLE

sp_addrolemember @rolename = 'db_owner', @membername = 'vpxuser'
go

or
*/

if not exists (SELECT name FROM sysusers WHERE issqlrole=1 AND name = 'VC_ADMIN_ROLE')
CREATE ROLE VC_ADMIN_ROLE;

go
grant select on msdb.dbo.syscategories to VC_ADMIN_ROLE
go
grant select on msdb.dbo.sysjobsteps to VC_ADMIN_ROLE
go
GRANT SELECT ON msdb.dbo.sysjobs to VC_ADMIN_ROLE
GO
GRANT EXECUTE ON msdb.dbo.sp_add_job TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_delete_job TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_jobstep TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_update_job TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_jobserver TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_jobschedule TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_category TO VC_ADMIN_ROLE
go

sp_addrolemember VC_ADMIN_ROLE , [vpxuser]
go

=================================================


Remove VC_ADMIN_ROLE from vpxuser
=================================================
use VCDB
go

sp_droprolemember VC_ADMIN_ROLE , [vpxuser]
go

=================================================

Remove dbo role from MSDB 
================================================= 
use MSDB
go

sp_droprolemember @rolename = 'db_owner', @membername = 'vpxuser'
go

=================================================




Update 1: 25 Sept 2012
Another issues which you have during installation of vCenter.
Open C:\ProgramData\VMware\VMware VirtualCenter\SSL\rui.crt
Check whether the certificate is expired
If the certificate is expired rename the SSL folder and start with installation again
This will push new certificate and create a new SSL folder
 

Note:The hosts has to be reconnected to VC as the certificate's are renewed

Update 2: 18 March 2013
Those using the Windows vCenter and have SSO, Web Client all in the same machine as vCenter.  When performing reboot, sometimes the vCenter service may not be started.  Please take note of this as when using the Web Client, you might encounter unable to connect to one or more vCenter error message.  

Sunday, September 9, 2012

vSphere 5.1: Which edition considerations

With the release of new vSphere 5.1.  There are lots of new improvement that includes license change as well as features included in the lower editions of vSphere 5.1 which were only present in the higher editions in vSphere 5.0.

Below is a overview of features in vSphere 5.0 and 5.1
To keep things simple I will not be going through every features here but would like to bring attention just to those that are made available to the lower editions in vSphere 5.1.

Essential: No change.  Only the Hypervisor.
Essential Plus: Added vShield Endpoint, vSphere Replication, Hot Add.
Standard: Added those in Essential Plus and vShield Zones, Fault Tolerance, Storage vMotion.
Enterprise & Enterprise Plus: Almost similar.

Consideration 1
For Essential and Essential Plus, it still much more applicable to SMB or Remote offices whereby there is no need of the performance guarantee since typically such environment do not have much workloads.  The limitation still applies here where Essential kits are restricted to 6 processors or 3 hosts whichever is maximize first and comes with vCenter Essential where features like Linked mode is not present.

Consideration 2
With the added features to Standard Edition, does that means Enterprise would not be that significant?  Not entirely true.

With Standard edition and above you can match two types of vCenter namely foundation and standard.

vCenter foundation is very applicable to small and remote offices where the requirements does not exceed 3 hosts while vCenter standard does not have such limitation.  Also to note Linked mode is only available in vCenter Standard.

vSphere Standard edition would still be more suitable for environment with low workload though Storage vMotion and Fault Tolerance are added.  If you look closer, Standard edition does not contain Storage API for Array Integration (VAAI) and similarly it still does not have DRS/DPM.

Without Storage API, the host's resources will be used for storage activities for copy offload, write same offload and hardware assisted locking.  Without these, host's resources will be utilized to perform e.g. cloning where file level copying creating load on the host, a data store will be locked when a write by a host to the data store which means delay of storage tasks in such results in performance degrading.  Storage vMotion in short in Standard Edition is more applicable in scenario for putting a data store for maintenance use rather than towards daily operations.  It is also provided to compliment with "share nothing" vMotion function.

Without DRS, you would need to do manual auto load balancing.  With high number of workloads, not does this increase operations overheads but also decrease resource utilization as manual calculation would need to be done to find how workloads can be balanced.

Also there is no Storage Multipathing Policy (MPP) support for Standard.  With that, if this is understand correctly you will only be entitled to Native Multipathing (NMP) in vSphere.  In such, you will not be able to use vendor specific MPP e.g. EMC PowerPath as the vStorage APIs for MPP is not included for this edition.

If you decide to move to standard, your consolidation ratio may not be as high as what is possible on Enterprise edition and above.  With that in mind, do cater into your design on the additional physical resource requirements.  So spending less on licenses might results in spending more on hardware which the end result might just be more expensive.

Summary
So which editions would be suitable for you.  You can try out the VMware vSphere Purchase Advisor here.

With the additional features to Standard edition, it was more to enable the use of the required abilities irregardless of small or big environment.  However if the environment is big, then Enterprise and Enterprise Plus should be considered to maximize your resources and lower the operations overheads.

To find out more of vSphere 5.1 and their features descriptions, you can find here.  The descriptions are available on clicking the features however the editions recommended are still referring to vSphere 5.0 at the time of writing.

Sunday, September 2, 2012

vCloud Suite 5.1

As announced on the VMworld 2012 in San Francisco, the vCloud Suite is finally here and it has bundled lots of solutions into one package with different editions to serve different type of customers.  The new licensing will also be included by per processor for this suite bundling.  You may refer to the different editions for the vCloud bundle here.

Below are some of the breakdown and descriptions to all the components.

vSphere 5.1
The same robust and reliable hypervisor that comes with new features like vSphere Replication for replication on recovery purposes which will be available from Essential Plus edition onwards.  Of cos with more features added which I would not go into much details but a few great ones will be GPU sharing and increased of vCPU to 64 .  No more dependency of root account.  Enhanced vMotion able to do a vMotion and a Storage vMotion in just one step even VM on a local datastore.  Single Sign on feature integration with Web client.  The vSphere web client now contains more feature enhancement than the C# client.

Introducing the vSphere Data Protection which is joint development with EMC based on Avamar.  This will replace the Data Recovery vApp.

vCloud Director 5.1 (vCD)
With also DNS relay and rate limiting on the interfaces are some of the new features.  Snapshot on vApps is not possible.  Works with SSO on vCenter and support of VXLAN.

vCloud Networking and Security
Incorporated with the new vShield Edge which has now 10 interfaces increase from 2 and able to make that internal or external however you want that. The vShield name will be replaced.  vSphere 5.1 comes with vShield Endpoint.  This bundle replace current vShield bundle.

Site Recovery Manager 5.1 (SRM)
Now with Reprotect for vSphere Replication.  Only works with vCenter 5.1.  It now extends to work with vSphere Essential Plus.  vSphere Replications now provide application consistency for windows VMs.

Windows 2016 Core Licensing FAQ

A very busy month for me and also traveling to take a break from work. Finally to sit down and compose which got confused by many of my co-w...