Category Archives: VMware

All vmware related posts

Exploring vSphere 6.7-Part-3: VUM What’s New And Feature Walkthrough Using HTML5 Client

By | 20/04/2018

With the release of vSphere 6.5, vSphere Update Manager (VUM) was inegrated with VCSA which made customers very happy as we no longer needed an additional windows server for installing VUM.  

With vSphere 6.7, VMware integraded few of the VUM funtionality in the new HTML5 client. Not all the features are available in HTML5 client and few features like VUM configuration changes, VMware tools upgrade etc can only be performed via vSphere Web Client (flash). read more

Exploring vSphere 6.7-Part-2-Installing and Configuring VCSA

By | 18/04/2018

In last post of this series we installed Esxi host and navigated around the HTML client to explor various options. In this post we will deploy VCSA host and will explore the new vSphere Client (HTML based).

Like Esxi host, installation of VCSA 6.7 has not much changed from previous version. Only the UI has become a slight better. I have outlined the steps in below slideshow.

Deploying VCSA

Once the Stage 1 of VCSA deployment completes, hit Continue to trigger the second stage of deployment to configure NTP settings and SSO domain configuration. read more

Exploring vSphere 6.7-Part-1-Installing and Configuring Esxi

By | 18/04/2018

vSphere 6.7 was announced by VMware just a day before their 20th foundaton day i.e yesterday. Although this release isn’t as feature-packed as the previous release, but still a lot of enhancements are introduced such as:

  • Instant clone API
  • Quick Boot of Esxi 
  • Per-VM EVC
  • VM Hardware version 14 introduced

I have not tested these features yet so I am not writing in detail about these. The best way to learn and test the new features introduced is to deploy stuffs in lab and start playing around and hence the first post of this series is dedicated to installing Esxi host.

This post will be covered in 2 parts where in first part I will demonstrate installation of Esxi host and in second part we will explore the vSphere Client (HTML based) to configure basic stuffs.  read more

Installing PowerShell/PowerCLI on RHEL 7

By | 21/03/2018

Today I was reading about influxDB and Grafana as I am planning to deploy it in my lab to monitor my vSphere infrastructure and while going through the installation/configuration steps, I stumbled on one step where we needed to have powercli installed on the box where grafana is installed.

Since I am planning to deploy the influxdb/grafana on my centos 7 box, I started looking for how to configure PowerCLI on top of unix variants. Read few articles and finally deployed it my lab.

PowerShell Core v6.0 was released few days ago by Microsoft with support for Windows, Linux, and MacOS. Around same time, VMware released PowerCLI 10.0 which is VMware’s “PowerShell-like” utility. PowerShell version for linux can be downloaded from here

In this post I will be demonstrating installation of both PowerShell and PowerCli Core on RHEL 7 system. If you’re interested in installing this on other variants of linux then please consult this article. PowerCli core can also be installed via docker

All right enough of theory. Lets jump into action and do the deployment. Here are the steps:

1: Add the PowerShell Core repository in YUM Server

[root@mgmt-grafana ~]# curl https://packages.microsoft.com/config/rhel/7/prod.repo | sudo tee /etc/yum.repos.d/microsoft.repo

2: Install PowerShell

[root@mgmt-grafana ~]# yum install powershell -y

3: Launch PowerShell session

[root@mgmt-grafana ~]# pwsh
PowerShell v6.0.2
Copyright (c) Microsoft Corporation. All rights reserved.
https://aka.ms/pscore6-docs
Type 'help' to get help.
PS /root>

4: Verify PowerShell Version

PS /root> $PSVersionTable.PSVersion
Major Minor Patch PreReleas BuildLabel
 eLabel
----- ----- ----- --------- ----------
6 0 2
PS /root>

5: Create trust for PSGallery

Since VMware PowerCLI has moved from being its own native installer to the PSGallery, the PSGallery needs to be “Trusted” before anything from it can be installed. To trust the PSGallery, entering the following command in the PowerShell session.

PS /root> Set-PSRepository -Name "PSGallery" -InstallationPolicy "Trusted" read more

Configuring vCenter SSO Federation in vCloud Director 8.20

By | 31/01/2018

There are 3 authentication methods that are supported by vCloud Director:

1: Local: These are the local users which are created at the time of installing vCD or creating any new organization.  If you have configured vCD with default configuration, then the first local account that is created is “administrator” user who is system admin for the vCD.

2: LDAP service: A LDAP service enables the organization to use their own LDAP servers for authentication. Users can then be imported into vCD from the configured LDAP. If you have a multi-tenant based vCD deployment, then each organization can use their own LDAP service for authentication. read more

DRS/SDRS Affinity & Anti-Affinity Rules

By | 23/01/2018

Although there are 1000 of articles written on this topic, purpose of writing this article is to cover few objectives of VCAP6-Deploy exam. When I published my VCAP6 study guide, few topics I left purposefully as I had planned to write them later when I get some time.

So in this post we will be discussing about DRS & SDRS affinity/anti-affinity rules. 

Affinity Rules – VM to VM

Affinity rules are used by DRS to keep 2 virtual machines always running together. Affinity rules are generally used to keep virtual machines toether which have dependency on each other. read more

VCAP6-DCV Deploy Study Guide

By | 29/12/2017

Section 1 – Create and Deploy vSphere 6.x Infrastructure Components

Objective 1.1 – Perform Advanced ESXi Host Configuration

Objective 1.2 – Deploy and Configure Core Management Infrastructure Components

Objective 1.3 – Deploy and Configure Update Manager Components

Objective 1.4 – Perform Advanced Virtual Machine Configurations

Section 2 – Deploy and Manage a vSphere 6.x Storage Infrastructure

Objective 2.1 – Implement Complex Storage Solutions

Objective 2.2 – Manage Complex Storage Solutions read more

Back To Basics: Migrating from vSS to vDS in vSphere 6

By | 29/12/2017

In this post we will see how to migrate from vSphere Standard Swith to vSphere Distributed Switch. Let’s get started.

Before performing any migration, make sure you have a vDS deployed and fully configured i.e portgroups created, uplinks created, appropriate uplinks placed in respective portgroups.

Here is a review of my environment.

1: I have a vDS created and different port groups for separation of duties. 

vssmg-1

2: Uplinks created and meaningfully named.

vssmg-2

3: Teaming and Failover configured. Each of the portgroup in my lab have only one active uplink. Rest of them I have placed in unused.  read more

VCAP6-DCV Deploy Objective 3.1

By | 28/12/2017

In this post we will cover following topics:

  • Create and manage vSS components according to a deployment plan:
    • VMkernel ports on standard switches
    • Advanced vSS settings
    Configure TCP/IP stack on a host Create a custom TCP/IP stack Configure and analyze vSS settings using command line tools

    Lets get started by going through each topic one by one.

                                              Create and Manage vSphere Standard Switch

    When Esxi is installed, a standard switch aka vSS is also created by default. Working mechanism of a standard switch is very similar to a physical switch in the sense that a standard switch works at layer 2, forwards frames to other switch ports based on the MAC address, and supports features such as VLANs and port channels.

    Esxi host physical NIC’s serves as uplinks to the standard switches and through these uplinks vSS communicate with the rest of the network. A vSS provide the network connectivity:

    • between virtual machines within the same ESXi host.
    • between virtual machines on different ESXi hosts.
    • between virtual and physical machines on the network.
    • for VMkernel access to networks for vMotion, iSCSI, NFS, or Fault Tolerance logging (and management on ESXi).

    How to create a vSS

    To create a new vSS, select an Esxi host from inventory and navigate to Manage > Networking > Virtual Switches and click on “Add host networking” icon.

    nw-3.PNG

    Select “Physical Network Adapter” to add uplinks to the vSS

    nw-4

    Select “New standard switch”

    nw-5

    Click on + button to add physical adapters to the new vSS.

    nw-6

    From the list of free adapters, select which adapter’s will be connected to the new vSS.

    nw-7

    Hit finish to complete the new vSS creation wizard.

    nw-8

    This is how the newly created vSS will looks like. 

    nw-9

                                                        VMkernel ports on Standard Switches

    To create a VMkernel portgroup, again click on Add host networking and select VMkernel Network adapter option.

    nw-10

    Select the newly created vSS.

    nw-11

    Provide a name for the VMkernel portgroup and enable the appropriate service to be associated with this portgroup. I created this portgroup for connecting iSCSI storage so I did not selected any service here.

    nw-12

    Supply the IP information and hit next.

    nw-13

    Hit finish after reviewing settings.

    nw-14

                                                         Configuring vSS Advance Settings

    Once a vSS has been created, you can configure the advanced settings by selecting an Esxi host and navigating to Manage > Networking > Virtual Switches > vSS > Edit Settings.  

    nw-16

    Following advance settings can be configured:

    A: MTU Settings: Default value is 1500. You can change this value to a higher value if you want to use jumbo frames in your environment. If you set any value greater than 1500, then you have to set the same at portgroup level as well.

    nw-17

    B: Security Policies: vSS supports following security policies:

    • Promiscuous mode: This is set to Reject by default. If its set to Accept then guest adapters in promiscuous mode will receive all frames passed on the virtual switch that are allowed under the VLAN
    • MAC address changes: This iset to Accept by default. In default mode Esxi host accepts request to change the effective MAC address to a different one.  When set to Reject, it blocks the Esxi host from accepting this request to change the MAC and the port that the VM used to send the request will be disabled until the effective MAC address matches the initial MAC address
    • Forged transmit: Set to Accept by default. In accept mode, Esxi host does not compare source and effective MAC address, to protect against MAC impersonation. When its set to Reject, it allwos the host to compare source MAC address from the guest VM to its effective MAC for its adapter, if they dont match the packets will be dropped

    nw-18

    C: Traffic Shaping : Traffic shaping is disabled by default. vSS can only traffic shape outgoing traffic from switch. For incoming traffic, we need to migrate from vSS to vDS.

    nw-19

    D: Teaming and Failover: I have written a detailed post on this topic in past so I am not covering it again.

    nw-20

                                                           Configure TCP/IP stack on a host

    By default 3 TCP/IP stacks are configured on an Esxi host : default, vMotion and Provisioning.  These can be viewed from web client by selecting Esxi host > Manage > Networking > TCP/IP Configuration

    nw-21.PNG

    Default TCP/IP stacks can be edited to change information like DNS settings, Default gateway and Congestion control algorithm.

                                                        Create a custom TCP/IP stack

    I wrote an article on this topic in past. Here is the excerpt of that

    With vSphere 6, a custom TCP/IP stack cannot be created in the Web Client interface and we have to rely on Esxi CLI for this. However once a custom stack has been created from command line, you can edit the properties of newly created stack from Web Client.

    To create a new TCP/IP stack, SSH to Esxi host and use below command:

    # esxcli network ip netstack add –N “Name_of_Stack”

    [root@esxi05:~] esxcli network ip netstack add -N "VR-Traffic"

    Once the custom stack is created, you can modify the properties by logging into Web Client and navigating to Esxi Host > Manage > Networking > TCP/IP configuration

    tcpip-1.PNG

    Once a stack is configured, you can associate this with a newly created VMkernel portgroup. You can’t edit any VMkernel portgroup that were created before creating a custom stack.

                                   Configure and analyze vSS settings using command line tools

    A vSS can be configured using the CLI. Esxcli network vswitch command is used to do the networking configuration of a vswitch (Standard or vDS). Some examples are listed as below:

    To list all Standard vSwitch present on the Esxi host

    # esxcli network vswitch standard list

    CLN-2

    Adding a new vSwitch to Esxi host

    # esxcli network vswitch standard add –v=vSwitch5

    Adding a new vswitch with specific number of ports

    # esxcli network vswitch standard add –v=vSwitch5 --ports=256

    Create a new portgroup in a standard vswitch

    The following command is used to create a new portgroup on a standard vSwitch

    # esxcli network vswitch standard portgroup add –p=”FT NW”  –v=vSwitch6

    Removing a portgroup from a vSwitch

    Below command will delete a portgroup from a standard vswitch

    # esxcli network vswitch standard portgroup remove –p=”FT NW”  –v=vSwitch1

    Configuring CDP on Standard switches

    Enable CDP on a vswitch

    # esxcli network vswitch standard set  –c= cdp mode –v=vSwitch name

    The accepted values for CDP is listen, advertise and both

    # esxcli network vswitch standard set –c=listen –v=vSwitch5

    To disable CDP on a vswitch

    # esxcli network vswitch standard set  –c=down –v=vSwitch5 read more

My VCAP6-DCA Deploy (3V0-623) Exam Experience

By | 26/12/2017

I haven’t blogged for quite a bit of time as I was busy in my VCAP6-Deploy exam and finally I passed my exam last saturday. There is a lot of things which I want to share about my exam experience and the things I learned during my preprations. 

I passed my VCP 6 exam back in june 2017 and since then a strong feeling about going for VCAP exam started darting every now and then in my mind. I have few certifications but none of them were advance level and this thought pumped me up for going for this exam. read more

How To Perform LUN Masking in vSphere 6

By | 09/12/2017

What is Lun Masking?

LUN masking is a way to control which LUNs to be made visible to Esxi host. If you have a storage array with multiple LUN’s and you want that an Esxi host should only be seeing a subset of LUN’s and not all, you can use lun masking technique.

Lun masking is totally opposite of lun zoning, where the storage array configuration determines which LUNs are visible to a host.

Last year I was doing a lab on vSphere Replication setup and wanted a subset of LUN’s from my openfiler appliance to be visible in my source site and remaining lun’s in my protected site. That was the first time when I felt need for masking the paths to storage array so that all my Esxi host from both sites, should not be seeing/mounting all the Lun’s which I created on my openfiler appliance.

Although I ended up doing the configuration change on openfiler side (same like zoning), but the idea remained always in my mind to use Lun masking someday. Lun masking is something which you do directly on individual Esxi host with the help of claimrules.

What commands do i need to achieve Lun masking?

1: Find LUN ID

Run command esxcli storage core device list to list all the lun’s that are currently mapped to Esxi host. In my lab all my lun’s are coming from openfiler, so lun name start with t10 and that’s why I grepped for this keyword. In production you will see lun names starting with naa….

[root@esxi04:~] esxcli storage core device list | grep -i t10 t10.F405E46494C45425645447059546D2E6256413D213E61776 Display Name: OPNFILER iSCSI Disk (t10.F405E46494C45425645447059546D2E6256413D213E61776) Devfs Path: /vmfs/devices/disks/t10.F405E46494C45425645447059546D2E6256413D213E61776 t10.F405E46494C45425C42417278795D203659363D22693E4A6 Display Name: OPNFILER iSCSI Disk (t10.F405E46494C45425C42417278795D203659363D22693E4A6) Devfs Path: /vmfs/devices/disks/t10.F405E46494C45425C42417278795D203659363D22693E4A6 read more

VCAP6-DCV Deploy Objective 2.3

By | 08/12/2017

Objective 2.3 of VCAP6-Deploy exam covers following topics

  • Analyze and resolve storage multi-pathing and failover issues
  • Troubleshoot storage device connectivity
  • Analyze and resolve Virtual SAN configuration issues
  • Troubleshoot iSCSI connectivity issues
  • Analyze and resolve NFS issues
  • Troubleshoot RDM issues

Lets discuss each topic one by one

                               Analyze and resolve storage multi-pathing and failover issues

There can be hundreds of reason for multipathing and failover issues and troubleshooting these issues comes with experience only. Issues with multipathing can be because of issues on storage side (SAN Switch, Fibre configuration etc)  or from vSphere side. In this post we will focus only on vSphere side troubleshooting.

In my lab I am using openfiler appliance for shared storage and my vSphere hosts are configured to use software iSCSI to reach to openfiler. Each host has 2 physical adapters mapped to two disting portgroups configured for iSCSI connection and both portgroups are complaint with iSCSI Port Binding settings

VMware KB-1027963 explains in great details about storage path failover sequence in vSphere. Messages about path failover are recorded in /var/log/vmkernel.log

Change multipathing policy and Enable/disable paths manually

Multipathing policies and path failover can be manually triggered via Web Client or Esxi shell

Changing the Multi-Pathing Policy: Select an Esxi host from the inventory and navigate to Manage > Storage > Storage Devices and select a device from list.

Go to properties tab and select Edit Multipathing

mp-1.PNG

Select one among Fixed/MRU and Round Robin and hit OK. To know more about these polices in detail, please refer this article

mp-2.PNG

Refresh Web Client to ensure policy change has took effect.

Enabled/Disable a Path : To enable/disable a path manually, go to paths tab instead of properties tab of selected storage device.

Select a path and if its Active then click on disable button. If a path is already disabled then Enable button will be highlighted. 

mp-3.PNG

Change MultiPathing Policy from Command Line

Connect Esxi host over SSH and login via root user and fire below command to change the multipathing policy

# esxcli storage nmp device set –d <naa_id_of_device>  -P <path_policy>

For example, to change the multipathing policy of LUN from MRU to Fixed, you need to run below command:

# esxcli storage nmp device set -d t10.F405E46494C45425645447059546D2E6256413D213E61776 -P VMW_PSP_FIXED

Note: Device identifier/naa_id  can be grabbed from both Web Client or via command: esxcli storage nmp device list

Disable a path via command line

To disable a path via CLI, run below command

# esxcli storage core path set --state=off --path=vmhba33:C0:T0:L0

and you will see a path going dead

mp-4.PNG

To enable the path again, run command:

# esxcli storage core path set --state=active --path=vmhba33:C0:T0:L0

In /var/log/vmkernel.log you will see following log entry for this event

2017-12-07T15:19:02.813Z cpu3:102867 opID=87ff36cf)vmw_psp_fixed: psp_fixedSelectPathToActivateInt:479: Changing active path from NONE to vmhba33:C0:T0:L0 for device "t10.F405E46494C45425645447059546D2E6256413D213E61776". read more

VCAP6-DCV Deploy Objective 3.4

By | 07/12/2017

Objective 3.4 of VCAP6-Deploy exam covers following topics

  • Perform a vDS Health Check for teaming, MTU, mismatches, etc.
  • Configure port groups to properly isolate network traffic
  • Use command line tools to troubleshoot and identify configuration issues
  • Use command line tools to troubleshoot and identify VLAN configurations
  • Use DCUI network tool to correct network connectivity issue

Lets discuss about these topics one by one.

                      Perform a vDS Health Check for teaming, MTU, mismatches, etc.

The network configuration for the vSphere infrastructure is a very cumbersome task and if the process is not automated then there are chances of configuration error. Typical network configuration includes tasks like configuring VLAN, Setting uplinks, NIC teaming, configuring VLAN etc. 

Now if anyone of the above configuratin is misconfigured, it can lead to host disconnection, VM traffic not traversing to destination, storage disconnection (if using iSCSI) or any other issues. read more

VCAP6-DCV Deploy Objective 7.3

By | 05/12/2017

Objective 7.3 of VCAP6-Deploy exam covers following topics:

  • Backup and restore distributed switch configurations

  • Backup and restore resource pool configurations

  • Export Virtual Machines to OVA/OVF format

  • Use a Host profile to recover an ESXi host configuration

Lets learn about these topics one by one

                                         Backup and restore distributed switch configurations   You can export vSphere distributed switch and distributed port group configurations to a file. The file preserves valid network configurations, enabling distribution of these configurations to other deployments. To export vSphere Distributed Switch configurations using the vSphere Web Client:   1: Browse to a distributed switch in the vSphere Web Client navigator and Right-click the distributed switch and click Settings > Export Configuration  vds-bkp-1.PNG 

2: Select the Export the distributed switch configuration or Export the distributed switch configuration and all port groups option. read more