Saturday, May 5, 2018

VMUG Singapore by VMware and HPE

If you are in Singapore, do remember to register for VMUG Singapore event sponsored by VMware and HPE.

Look for the event details here.

This is not going to be the usual evening session but going to start at 2pm coming Friday, 11th May. There will be several sessions on the updated release from VMware and HPE and a networking session, vBeer to interact with fellow professionals as well as a chance for you to find out more what VMware and HPE are cooking.

We will also have our special guest Don Sullivan, author of Virtualizing Oracle Databases on vSphere.

So don't look further, if you are in town, Join Us!

Tuesday, April 17, 2018

New in Software Defined Compute in vSphere 6.7

Today marks the release of the next iteration of vSphere. Most changes are the improvement of existing features and that includes what is embedded together with ESXi which is vSAN.

First, vCenter Appliance will support Single Sign On domain with embedded PSC with Hybrid Linked mode. During this release, support for the upgrade with older vCenter Server with External PSC will not be possible at release. External PSC setup is still supported. There is a Hybrid Linked Mode which will support on prem vCenter Server 6.7 with VMware Cloud on AWS vCenter Server 6.5. Lastly, this is also the last release support for vCenter Windows Server as mentioned in the last release.

There will be a backup tool and can be scheduled to help manage vCenter recovery process.
In terms of migration to vCSA, the migration tool allows asynchronize background process to reduce the amount of downtime.

The HTML5 Client (Clarity UI) has not feature priority up to 95%, up from version 6.5. You can now operate almost everything not limited to Content Library, Storage Policies, and vDS Topology Diagram to name a few. VM encryption also has more granular control to allow further customization. TLS 1.2 will be default used.

Update Manager is completely using Clarity UI.

For ESXi, the biggest change here is a new feature, "Quick Boot". This removes the need to reboot the server to the hardware boot screen but only reboot at the hypervisor level. This definitely save lots of time. Don't you hate the point to keep waiting for every single hardware device test to be done before you even reach the hypervisor or OS. To enjoy this, you need to be at least on 6.5 and upgrade to 6.7.

In terms of security, TPM is used to ensure hardware root trust with Secure Boot (in vSphere 6.5) validate boot loader and VMkernel. With the support of Windows 10 and Server 2016, VBS and Credential Guard is also supported. vTPM is also support for VM. However, do note that this requires the upgrade to the newer vHardware.

vSphere will also support Nvidia GRID for normal server VM. Suspend and resume is 
Instant clone is another big feature

One big enhancement is on EVC. From a per cluster level, you are now able to do it on a Per VM. That really make life really much easier if you do use EVC.

Check out the details here.

Update 19th Apr
Fault Tolerance now supports per VM 8vCPU and 128GB of memory. Check out https://configmax.vmware.com/home new site for configure maximum.

VVOLs now support SCSI-3 persistent reservations which can now support WSFC. Which also means you can leverage on vSphere Replication to replicate a WSFC VM without using RDM! Check it out.

What So New in vSAN 6.7

With the release announcement of vSphere 6.7 it comes with his in-kernel vSAN 6.7 upgraded together.

With the big move to HTML5 client (Clarity UI), vSAN 6.7 will support Clarity and with much of its functions and management done in Clarity. That definitely better than using vSphere Web Client.

Together with this release, a new assessment tool for HCI is introduced. This will work not just on vSphere but also Hyper-V and physical server. The best part is that this assessment tool is free.

The long awaited support for WFSC is not possible with iSCSI target. Bigger improvement on destaging and data placement and failure handling.

Check out the post here.

Tuesday, April 3, 2018

VMware vCenter Server Virtual Machine Name Character Limit

Recently I got asked how many characters can a VM name character support and any special character can be used?

Been doing vSphere since version 3.x, it has never encountered to me there was a limit in that space.

Having said that, there is a case where a customer would need this. Example, to have the VM name similar to the FQDN especially true in a multi-domain or tenant environment where VM name could be the same and only the domain or tenant is the differentiator.

So doing a quick check here is the below KBs that state the limit:

  • As of vCenter Server 4.1, the number of characters support is 80. KB
  • Display names for any objects e.g. VM Name, Datastore Name, etc. should not contain special characters like %, &, *, $, #, @, !, \, /, :, *, ?, ", <, >, |, ;, ' etc are contained in names of vSphere entities such as virtual machine name, cluster name, and datastore/folder/file name. However, '-' and '.' is apparently supported. KB

Here are the test results:


To be inline I did a check on Microsoft Active Directory DNS, 64 characters are the maximum allowed for a DNS name and 255 characters for a FQDN as stated here.



Tuesday, March 13, 2018

VMware vExpert 2018 Announcement

Just back from my company's Tech Summit and waiting for the announcement to be made.

The very next day an email came in and the announcement was made here. Did a quick check on the list of candidates, there was a total of 1525 who made it this year.

Congrats to everyone who made it this year.

Am glad to be part of this community for the 7th year running since I started paying forward this blog, discussion group, videos, etc.

For those who didn't make it or have not apply for it, do attempt it you never know when you are actually making your effort rewarded.


Update 19th Mar 2018
The number is still increasing to 1533 as there is some pending application that got approved.
You can follow the stats here with breakdown https://vexpert.vmware.com/directory/stats.

VMware License Key Error

Recently encounter valid license key but not accepted by the system. This was done on vRealize Operations as shown below. Was adding the license key for vRealize Operations for Horizon Adapter.


A license gotcha here, it seems that VMware has a fixed format for all the license key. It should come in 5 segments instead of 4, each with 5 digits.


Sometimes simple things like this might just slip our eyes.

Tuesday, February 27, 2018

VMware vCenter Editions

Recently a colleague hit into an issue with his setup on vCenter due to the expiry of license. A new license will be used however he is still hitting some problems. A quick check, he was using vCenter ROBO edition license and ESXi is running vSphere Enterprise Plus.

So here is to clarify the different editions of vCenter from VMware and the features available and limitation. Do note some features is dependent on the vSphere editions.

Refer to this KB for some of vSphere 6.x features comparison. I have also previously illustrated in vCenter 5.x here which basically stays the same other than new features in vCenter 6.x. For vCenter Desktop that would be another article here.


-->
vCenter Edition
Essential
Foundation
Standard
Availability
Bundled in Essential/Plus Kit
Sold separately. Manage up to 4 hosts (3 prior to 6.5 U1)
Sold separately.
Manage
vSphere Essential/ Plus
vSphere Standard and above
vSphere Standard and above
vCenter HA
NA
Yes
Yes
Enhanced Linked mode
NA
NA
Yes
vRealize Log Insight Lite
NA
NA
Yes
Fault Tolerance
No
Yes
Yes
Backup Restore
Yes
Yes
Yes
Appliance Migration Tool
Yes
Yes
Yes

Lastly, what happens to your vCenter when license expire? Check out my past post.


Update 6th Mar 2018
Update vCenter Foundation Edition and remove vCenter ROBO edition.

Tuesday, February 6, 2018

Horizon 7 with Nvidia GRID Setup Gotchas

Been setting up POC environment for customer and this time wrong got involve with using Nvidia GRID.

Encounter some setup steps that are missing from nVidia Deployment guide.
In fact, every single setup guide uses the nVidia K1 & K2 card as a reference and those cards have EOA.

Here will share with you if you are using any of the newer cards e.g. M60, M6, M10, etc.

Here are some resources you should refer to when setting GRID on Horizon 7.x.
  1. Register an account on nVidia to download the vibs for ESXi and nVidia License server and Nvidia Driver for Windows OS.
  2. Deploying Hardware-Accelerated Graphics with Horizon 7
  3. GIRD Virtual GPU
    I love to use this guide as a reference to what profile is available for each card type.
In a summary what needs to be done on the master image:
  1. Install VMware tools
  2. Install Horizon View Direct-Connect agent (you know why this needed later)
  3. Shutdown VM
  4. Edit VM settings, add shared PCI device, select your GRID profile
  5. Take a snapshot (in case you need to revert)
  6. Power up the VM
  7. Install Nvidia GRID drivers
  8. Reboot VM
  9. Use the IP and connect using Horizon Client (a bug due to Nvidia graphics driver in use, vSphere console no longer works)
Some of the Gotchas to watch out.
1. On ESXi 6.5 and above, remember to go to each ESXi server and under Configure, make sure the 2 things need to be in place:

Security Profile: X.Org Server service is started
Alternative you can run ESXi Shell or SSH with  > /etc/initi.d/xorg start

-->


Graphic: Change Shared to Shared Direct for both Host and Slot
Reference


2. If you are using the new Dell Gen 14 server, there is a bug stated in the release notes, page 9.

When running nvidia-smi you will receive the following error message "“failed to initialize NVML: unknown error”


Resolution
In the System BIOS Settings, Integrated Devices, Memory Mapped I/O Base, set to 12TB (default 56TB)


Lastly checking everything is in place:

ESXi Shell or SSH:

> nvidia-smi
This will return all the GPU found on the nVidia card on the server.

>dmesg | grep -i nvidia
This will show you if the driver on ESXi is loaded properly and successfully.

Friday, January 12, 2018

VMware Spectre and Meltdown Information

Recently the most talk about security measurement against the two discovered vulnerabilities has raised a lot of talks. This all started and revealed by Google Project Zero.

I have also recently shared advice from VMware support and KBs to our Singapore VMUG users during our event yesterday.

Below is a summary of questions and the approach you should be doing for patching your VMware environment.

Details on Spectre and Meltdown


Side Notes

  • ESXi is only affected by Spectre and all patches for ESXi 5.5. and above has been released. Removed due to retracting of code instructed by Intel. Check update below.
  • ESXi is NOT affected by Meltdown as it does not have untrusted user access.


FAQ

  1. We heard that the patches affect performance. Will these patches from VMware affect the performance of hypervisor?
    Patches from ESXi have no measurable performance impact. But guest level patching might have. Guest OS vendor is the right contact to comment on this. E.g. from Microsoft.
  2. Other than patching ESXi and OS is there other things to take note?VM hardware must be upgraded in order for the patches to work. Virtual Hardware Version 9 is a minimum requirement for Hypervisor-Assisted Guest Mitigation for branch target injection (CVE-2017-5715) due to MSR bit been exposed in this version. Hardware version 11 is best recommended as PCID on CPU is exposed in this version.
  3. I am running vCenter on Windows, do I need to patch vCenter?
    Yes, please download the latest patches together with ESXi for your vCenter. Follow the same upgrade process as per upgrading.
  4. How will VM that is running Windows XP, 2003, Windows 2000 and legacy OS be impacted?
    OS vendors should provide the patches. In this case, Microsoft does not provide the patches for legacy OS, there will be no solution.
  5. Do I need to install BIOS patch from server vendor if I have applied ESXi patches?
    Yes, it is best to apply server vendor BIOS patches if available as server vendor might provide additional components specific to their server hardware.
    Follow Server vendor BIOS update. ESXi patches has been retracted following Intel 's instruction.
  6. What if I have applied server BIOS patches do I still apply VMware ESXi patches?
    ESXi will only push microcode on the hardware if it is older.
    No more ESXi patches.
  7. I am using server custom ESXi ISO but it is not updated, can I apply the patches from VMware?
    Yes, you can apply these patches to custom ISO. Please check with your hardware vendors for any special change they might have.
    No more ESXi patches.
  8. How do I know if my CPU has an updated microcode from Intel?
    Please check https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr.

Refer to security advisories 

  1. https://www.vmware.com/security/advisories/VMSA-2018-0004.html supersede https://www.vmware.com/security/advisories/VMSA-2018-0002.html

Additional materials

Update 23rd Jan 2018
VMware has updated the response on this KB.
If you are running on ESXi 5.5, there is an update patch based on the Security Advisories.

Update 22nd Jan 2018
VMware has released some dashboard kit using vRealize Operations to help monitor performance after patches recommendations and manage BIOS patches here. If you are do not own vRealize Operations, you can use the evaluation for 60 days.

Update 15th Jan 2018

ESXi patches update has been retracted till further notice. Only vCenter update applies. Follow KB update.

Update 13th Jan 2018

Following Intel's update, please follow https://kb.vmware.com/s/article/52345 for Intel Haswell and Broadwell processors

 


VMUG Singapore by VMware and HPE

If you are in Singapore, do remember to register for VMUG Singapore event sponsored by VMware and HPE. Look for the event details here . ...